Data Protection Policy

Page 1

DATE January 2025

REVIEW DATE January 2026

Owner Director

Version Number: Ver04

Working Date:

Legal Sign-off by: N/A

Type of Policy: Exec

Authorised by Exec: 14/01/2025

Effective date of Policy: January 2025

Circulation: Internal, External

1 SCHOOL DATA PROTECTION POLICY

1.1 Jumeirah English Speaking School (‘JESS’ and/or the ‘School’) is required to adhere to the UAE Data Protection Laws with respect to all information or data held about students, employees and visitors.

1.2 JESS acknowledges the importance of data protection and recognises that individuals have rights in respect of their Personal Data that is being handled by JESS.

1.3 JESS collects and uses personal information about employees, students, parents and other individuals who come into contact with the School. During the course of the School’s business activities, JESS collects, stores and processes personal data.

1.4 This information is gathered in order to enable JESS to provide education and other associated functions. In addition, there may be a legal requirement to collect and use information to ensure that JESS complies with its statutory obligations.

2 PURPOSE AND SCOPE

2.1 This policy is intended to ensure that personal information is dealt with correctly and securely and in accordance with UAE Data Protection Laws

2.2 It will apply to all Personal Data that is being processed about current, past and prospective students (and their parents/guardians), current and past employees, suppliers and any third parties that JESS communicates with. The policy will apply regardless of the way the information is collected, used, recorded, stored and destroyed, and irrespective of whether it is held in paper files or electronically.

2.3 All employees involved with the collection, processing and disclosure of personal data will be aware of their duties and responsibilities by adhering to these guidelines. Failure to comply with this policy may lead to disciplinary action.

3 WHAT IS PERSONAL INFORMATION?

3.1 Personal information or data means any information relating to an individual who can be identified from that information or from any other information the School may hold. Personal Data can include names, identification numbers, addresses (including IP addresses), dates of birth, financial or salary details, education background, job titles and images. It can also include an opinion about an individual, their actions or their behaviour. Personal data may be held on paper, in a computer or any other media whether it is owned by the organisation or a personal device.

3.2 Special Categories of Personal Data are more sensitive and include information revealing an individual's racial or ethnic origin, political opinions, religious or philosophical beliefs. It will also include data concerning health (physical and/or mental health), a person’s gender, and genetic and biometric information where that data is used to uniquely identify a person. The School will also treat data relating to criminal convictions or related proceedings in the same way as special categories of data.

4 DATA PROTECTION PRINCIPLES

The School’s Data Protection Policy is guided by the following principles:

4.1 Personal Data shall be processed fairly and lawfully and in a transparent manner.

4.2 Personal Data shall be obtained only for one or more specified and lawful purposes.

4.3 Personal Data shall be adequate, relevant and not excessive.

4.4 Personal Data shall be accurate and where necessary, kept up to date.

4.5 Personal Data processed for any purpose shall not be kept for longer than is necessary for that purpose or those purposes.

4.6 Personal Data shall be kept secure i.e. protected by an appropriate degree of security.

5 GENERAL STATEMENT

JESS is committed to always maintaining the above principles, and will:

5.1 Inform individuals why the information is being collected when it is collected;

5.2 Inform individuals when their information is shared, and why and with whom it was shared;

5.3 Check the quality and the accuracy of the information it holds;

5.4 Ensure that information is not retained for longer than is necessary;

5.5 Ensure that when obsolete information is destroyed that it is done so appropriately and securely;

5.6 Ensure that clear and robust safeguards are in place to protect personal information from loss, theft and unauthorised disclosure, irrespective of the format in which it is recorded;

5.7 Share information with others only when it is legally appropriate to do so;

5.8 Set out procedures to ensure compliance with the duty to respond to requests for access to personal information, known as Subject Access Requests;

5.9 Ensure employees are aware of and understand the policies and procedures.

6 USE OF CCTV

6.1 JESS uses CCTV in accordance with the CCTV Policy to ensure any images collected and used are handled appropriately.

7 DATA PROTECTION OFFICER

7.1 JESS has employed a Data Protection Officer and this person will monitor observance of the principles above and will report annually to the Board of Governors.

8 COMPLAINTS

8.1 Complaints will be dealt with in accordance with the School’s Complaints Policy

9 CONTACTS

9.1 If you have any enquiries in relation to this policy, please contact the Data Protection Officer dataprotection@jess.sch.ae who will also act as the contact point for any subject access requests.

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.