Contact Admissions

+62 811 1000 7672 admissions@isj.id
Arrange a Tour
All Policies

Data Protection and Privacy Policy

AuthorDirector of Operations

1. Introduction

The International School of Jakarta is committed to protecting the privacy and personal data of pupils, parents, staff, governors, contractors, and visitors. This policy sets out how the School collects, uses, stores, and protects personal data in accordance with the principles of the UK General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Scope

This policy applies to all personal data processed by the School in any format, including paper records, electronic systems, images, audio, and video recordings.

3. Definitions

  • Personal Data: Any information relating to an identifiable individual.
  • Special Category Data: Personal data requiring higher protection (e.g. health, safeguarding, ethnicity).
  • Processing: Any operation performed on personal data, including collection, storage, use, sharing, or deletion.
  • Data Subject: The individual to whom the personal data relates.

4. Data Controller and Responsibility

The School acts as the Data Controller for personal data it processes.

  • Data Protection Lead (DPL): [ROLE / NAME]
  • Contact: [EMAIL ADDRESS]

All staff are responsible for handling personal data in line with this policy and associated procedures.

5. Lawful Basis for Processing

The School processes personal data under one or more of the following lawful bases:

  • Performance of a contract (e.g. provision of education)
  • Compliance with a legal obligation
  • Vital interests (e.g. safeguarding, medical emergencies)
  • Legitimate interests of the School
  • Consent (used where required and clearly documented)

6. Types of Data Collected

6.1 Pupils

  • Identification and contact details
  • Academic records and assessments
  • Attendance and behavioural records
  • Safeguarding and pastoral records
  • Medical and special educational needs information
  • Images and video recordings

6.2 Parents / Guardians

  • Contact and identification details
  • Financial and billing information
  • Communications with the School

6.3 Staff and Governors

  • Recruitment, employment, and payroll records
  • Qualifications and performance records
  • Background checks where required
  • Medical and absence records

7. How Data Is Used

Personal data is used to:

  • Provide education and support services
  • Safeguard pupils and staff
  • Meet legal, regulatory, and inspection requirements
  • Manage admissions, assessments, and reporting
  • Communicate with parents and the wider community
  • Ensure effective school administration

8. Data Sharing

The School may share personal data with:

  • Examination boards and accrediting bodies
  • Regulatory authorities
  • Medical professionals and safeguarding agencies
  • Service providers acting under contract to the School

Data is only shared where necessary and appropriate safeguards are in place.

9. International Data Transfers

Where personal data is transferred outside Indonesia or the UK/EEA, the School ensures appropriate safeguards are applied to protect the data.

10. Data Security

The School implements appropriate technical and organisational measures to protect personal data, including:

  • Access controls and password protection
  • Secure storage of paper records
  • Encryption and secure systems
  • Staff training on data protection
  • Clear procedures for data breaches

11. Data Retention

Personal data is retained only for as long as necessary to fulfil its purpose or meet legal requirements. The School maintains a data retention schedule and securely disposes of data when no longer required.

12. Rights of Individuals

Individuals have the right to:

  • Access their personal data
  • Request correction of inaccurate data
  • Request erasure of data (where applicable)
  • Restrict or object to processing
  • Withdraw consent (where consent is the lawful basis)

Requests should be submitted in writing to the Data Protection Lead. The School will respond without undue delay and in any event within one month of receipt of the request.

Where consent is required, it will be obtained clearly and recorded. Consent may be withdrawn at any time, subject to legal or safeguarding obligations.

14. Data Breaches

All data breaches or suspected breaches must be reported immediately to the Data Protection Lead. The School will investigate, take corrective action, and notify relevant authorities and individuals where required.

15. Training and Awareness

All staff receive data protection training on induction and regular refresher training thereafter.

16. Monitoring and Review

This policy is reviewed annually and following any significant data protection incident or change in legislation.

All Policies