AISC Privacy Policy

The American International School in Cyprus

Introduction

The American International School in Cyprus ("the School") is committed to the privacy and secure processing of the personal data it maintains for its clients, associates, and collaborators, in an open and transparent manner. The School also ensures the collection and processing of any personal data is fully compliant with the General Data Protection Regulation of the European Union (Regulation 2016/679, GDPR) and relevant Cyprus legislation (L. 125(I)/2018).

This Privacy Policy governs the collection, use, disclosure, transfer, and storage of personal data and helps all data subjects understand how the School processes their information. The document covers:

  1. Relevant Definitions
  2. Purpose of Processing Personal Information
  3. Lawful Basis for Processing
  4. Types of Personal Information Processed
  5. Processing Methods
  6. Use of Cookies
  7. Data Protection Measures
  8. Data Subject Rights
  9. Retention Period
  10. Changes to this Policy
  11. Contact Details

1. Relevant Definitions

  • Personal Data: Any information relating to an identified or identifiable individual.
  • Special Category Data: Sensitive data such as racial origin, political views, health details, etc.
  • Processing: Operations performed on personal data, whether automated or manual.
  • Data Controller: Entity determining the purposes and means of processing.
  • Data Processor: Entity processing data on behalf of the controller.
  • Third Party: Any person/entity other than the data subject, controller, or processor.
  • Consent: Clear, informed agreement by the data subject to process personal data.

2. Purpose of Processing Personal Information

Personal data is processed for:

  • Fulfilling contractual obligations
  • Based on consent
  • School’s legitimate interests
  • Legal compliance
  • Payment processing

Uses include:

  • Delivering educational services
  • Notifying changes to services
  • Enabling service interactivity
  • Customer support
  • Service improvement analysis
  • Usage monitoring
  • Technical issue management
  • Providing updates and offers

3. Lawful Basis for Processing

Processing is lawful under GDPR Article 6.1(a-f) when:

  • Consent is obtained
  • Necessary for contract performance
  • Legal obligation exists
  • Vital interests are protected
  • Task is carried out in the public interest
  • Legitimate interest is pursued (subject to override by data subject’s rights)

4. Types of Personal Information Processed

Data collected may include:

  • Name, DOB, ID/passport number
  • Contact details
  • Assessment results
  • Pupil characteristics (ethnicity, special needs)
  • Exclusion data
  • Medical information

Secure handling includes:

  • Storage of paper and electronic records
  • Access control via passwords
  • Off-site handling as per data-flow procedures
  • Device security obligations extend to personal devices used for school purposes

5. Processing Methods

Personal data is not shared without consent unless legally mandated. Employees access data strictly as needed. Legal data-sharing includes the Ministry of Education and other statutory bodies. Data is handled under strict confidentiality and technical safeguards.

6. Use of Cookies

The website uses only necessary cookies, essential for proper functionality and security. These cookies operate anonymously.

7. Data Protection Measures

The School applies physical, electronic, and procedural safeguards to protect data. Only authorized personnel may access data, and all staff receive training on GDPR compliance. Continuous improvement ensures policies remain updated.

8. Data Subject Rights

  • Access: Request access to your data via DSAR
  • Rectification: Request correction of inaccuracies
  • Erasure: Request deletion (conditions apply)
  • Objection: Object to processing in certain contexts
  • Restriction: Limit processing scope
  • Portability: Transfer data to another controller
  • Complaint: Lodge with a supervisory authority

To exercise rights, email: dpo@aisc.ac.cy with "Privacy Request" in the subject.

9. Retention Period

Data is kept only as long as necessary for its collection purpose or to satisfy legal obligations. Consent-based data is deleted upon consent withdrawal. Contact the Data Protection Officer for specifics.

10. Changes to this Policy

The Policy may be revised periodically. Updates are published on www.aisc.ac.cy, with major changes communicated directly when feasible.

11. Contact Details

Data Protection Officer
American International School in Cyprus
11 Kassos Street, PO Box 23847, 1086 Nicosia, Cyprus
Tel: +357 22 316345
Email: dpo@aisc.ac.cy

To lodge a complaint, you may also contact the Office of the Commissioner for Personal Data Protection at www.dataprotection.gov.cy.