fb_view

Mobile Main Navigation

Mobile Main Navigation

Header Holder (Sticky Header)

Header Top

Mobile Trigger

Quicklinks

Header Bottom

 
Unis Hanoi Logo

 

 

Landing Nav

Breadcrumb

Data Protection and Privacy Notice

Introduction

This Student, Families & Households Privacy Notice (“Notice”) sets out how United Nations International School Hanoi (“UNIS Hanoi”, “The School”, “we”, “our”, “us”) collects and uses students’, families and their households’ personal data before, during and after their relationship with us.

This Notice applies to all students, their families and households at UNIS Hanoi.  

Definitions

Applicant shall mean any person who has applied for studying at UNIS Hanoi.

Student means any past, present or future student of UNIS Hanoi.

Family or Household member shall mean any individual who is either a family member of a UNIS Hanoi past, present or future student e.g. parents, legal guardian, relative through blood or legal relationship or an individual who serves the family under an agreement akin to employment e.g. maid, driver etc. 

Student, Family or Household Personal Data means personal data pertaining to a prospective, current, or former student or a member of their family or household.

Personal Data means any information relating to an individual who can be identified from that information or from any other information we may hold. Personal Data can include names, identification numbers, addresses (including IP addresses), dates of birth, family details, financial or salary details, education background, job titles and images. It can also include an opinion about an individual, their actions or their behaviour as well as records pertaining to academics, disciplinary proceedings, references, exam scripts and exam marks.  Personal Data may be held on paper, in a computer or any other media whether it is owned by the organisation or a personal device.

Special Categories of Personal Data are more sensitive, and include information revealing an individual's racial or ethnic origin, political opinions and religious or philosophical beliefs. It will also include exact or live location data and data concerning health (physical and/or mental health),  data concerning a person’s sex life or sexual orientation, and genetic and biometric information where that data is used to uniquely identify a person. We will also treat data relating to criminal convictions or related proceedings in the same way as special categories of data. 

Processing means any activity which is performed on Personal Data or Special Category Data. It includes the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction of data.

SOR means School Operating Regulations (generally known as policies)

SOP means School Operating Procedures (generally known as standard operating procedures)

General Policy

In accordance with our Data Privacy and Protection SOR, we commit to ensuring the correct and lawful treatment of personal data in accordance with all applicable data protection laws e.g. Europe’s GDPR, United States’ COPPA, HIPAA and specifically with Viet Nam’s Personal Data Protection Law (PDPL).  We will only process personal data of students or members of their families and households if we have a lawful ground for processing such data.

We shall recognize and respect the personal data privacy rights of students, and members of their families or households and we shall protect the confidentiality and integrity of the personal data of students or members of their families and households that we obtain and maintain.  

We shall utilise the Students, Families & Households Privacy Notice to inform our students, and members of their families or households whenever we process their personal data, except as required or permitted by law. 

Personal data of students or members of their families and households shall be stored in accordance with our ‘Records and Information Management’ and ‘Records Retention’ SORs.

Notice and Consent

Except where otherwise permitted or required by law, we shall notify students, and members of their families or households before their personal data is collected through appropriate channels regarding the collection of such personal data.  Such notice shall include the purposes for which we are collecting the personal data, how we use such personal data, whom to contact in case a student, or member of their family or household have any concerns.  Moreover such notices will also include information about the rights of students, and members of their families or households with respect to their personal data. This document serves as the said notice..

While we strive to provide students, and members of their families or households with notice and opportunity to object to the processing of their personal data prior to processing, in limited certain circumstances where permitted/required by law, we may process personal data of students or members of their families and households without providing notice.  Such situations include where such processing would be in the vital interests of a student, or member of their family or household, safeguarding or where necessary to establish legal claims or defences.

Where a particular processing of personal data of students or members of their families and households is based on consent as the legal basis, students, and members of their families or households will be provided in the notice with the right to refuse such consent as well as information on how you can withdraw your consent at a later time.  In such circumstances, if a student, or member of their family or household decides not to provide us with certain personal data that we have requested, we may not be able to perform contracts between us and that student, or member of their family or household (such as admission to school or campus), or we may be prevented from complying with our legal obligations.

What Student, Families & Households Personal Data is Collected

We collect the following personal data from students, and members of their families or households:

  • Contact and person details info: name, address, email address, telephone number, date of birth, gender, pronouns, title, marital status, dependants, languages, hobbies and interests.
  • Emergency contact information for next of kin (name, address and telephone numbers).
  • Past academic record, exam transcripts, disciplinary records, qualifications, and references.
  • Parents’ or guardians’ employment and employer information.
  • Identity and Travel documentation including nationality, citizenship, birth certificates, identity card, passport and visa information.
  • Documentation pertaining to legal custody.
  • Household vehicle(s) identification details.
  • CCTV images or other surveillance data.
  • Computer network and electronic device usage data, including visits to our website and online portals/platforms.
  • Photographs and videos.

Furthermore, we may collect the following sensitive student or household personal data:

  • Religious beliefs for the purpose of accommodating religious holidays;
  • Race, ethnicity and gender for equal opportunities monitoring.
  • Physical or mental health information, including details of health checks and accompanying physician statements, vaccination status.
  • Health check results.

How is Student, Families & Households Personal Data Collected

We collect personal data of students, and members of their families through the admissions process, appointment bookings, social media and online platforms, surveys, school programme signups, Energise (school community’s use of gym, pool and other campus facilities) registration process, campus access and security registration process, or vehicle registration process, either directly from a student or from members of their families and households. We may sometimes collect additional information from third parties including previous schools attended by a student.
 
We may collect further personal data about students, and members of their families or households in the course of a student’s education at UNIS Hanoi.

How is Student, Families & Households Personal Data Used

We use personal data of students or members of their families and households for the following purposes:

  • giving you access to our online platforms as well as to the campus.
  • the selection and admission of students.
  • comply with legal and regulatory requirements.
  • provide education and enrichment to our students, including the administration and monitoring of our curriculum and other programmes.
  • monitor student academic progress and educational needs.
  • provide a safe and secure environment for students, staff, and visitors to the school including the use of CCTV.
  • operational management including the compilation of student records; the administration of invoices, fees and accounts; the management of The School property; the management of security and safety arrangements.
  • behaviour or other disciplinary procedures.
  • facilitating parents’ and/or guardians’ participation in School Community Organisation (SCO).
  • advancement including fundraising.
  • the promotion of our school and its events through our website[s] and social media, other online platforms, our prospectus and other publications and communications.
  • maintaining relationships with our alumni.
  • compliance with health and safety requirements.
  • to keep a record of historical and memorable events relevant to the maintenance of a historical record.
  • for the arrangement and management of domestic and international school trips that a student joins.
  • providing references.
  • maintaining and monitoring our information systems and networks, in accordance with other SORs and SOPs.
  • statistical and research purposes.

How is Sensitive Students, Families & Households Personal Data Used

We may process sensitive personal data of students or members of their families and households in the following limited circumstances, with your explicit written consent.

  • where we need to carry out our legal obligations or exercise rights in connection with your application for admission to study at The School.
  • when necessary to protect a student, or members of their families and households (or someone else’s) vital interests; and

We will use your sensitive personal data for the following purposes:

  • for making admissions and school programmes related decisions
  • for appropriate access to our online platforms 
  • in relation to leaves of absence, which may include sickness absence or family-related leave, to comply with employment and other laws;
  • in relation to your physical or mental health, or disability status, to ensure your health and safety at The School and to assess your fitness to education at The School. 
  • in relation to your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful student support services, and
  • in the course of responding to legal claims.

Methods of Data Processing

We process your personal data using both automated and manual methods to ensure accuracy and efficiency. Automated processing involves the use of software and algorithms to handle data collection, storage, and analysis. In various information and communication technology systems that school uses and onboards to fulfil or facilitate the business of the school e.g. School Management Information System, Learning Management System and other administrative or academic systems. Manual processing may be conducted by our authorized personnel to verify data accuracy and handle specific requests. We may also process your data in batches, in real-time. Some of our processing activities are carried out in the cloud. All processing activities are conducted in compliance with applicable laws and regulations, ensuring that your personal data is handled securely and confidentially. We implement robust technical and organizational measures to protect your data from unauthorized access, disclosure, alteration, or destruction (see Security section below).

Disclosures Of Students, Families & Households Personal Data

We may have to share personal data of students or members of their families and households with third parties where we have a legitimate interest in doing so.

Personal data of students or members of their families and households may only be disclosed to the following third parties or data processors:

  • Government ministries to fulfill any compliance or legal obligations.
  • Other schools student references.
  • Agencies or companies working with/for UNIS Hanoi to provide services for students education, service learning or other educational activities.
  • Travel and tour companies that provide travel, accommodation and other arrangements for school trips.
  • In various information and communication technology systems that school uses and onboards to fulfil or facilitate the business of the school.
  • Health and safety providers such as occupational health services, health insurance providers, and medical professionals for workplace safety and employee wellbeing.
  • Exam and assessment boards and companies, accreditation bodies, data analytics and dashboarding service providers.
  • Online payment service providers such as Paypal, Onepay etc.
  • Third party security services contractors that school uses for campus safety and security.
  • Bus service contractors that work with The School to provide transportation services.
  • Food, hospitality and entertainment services providers such as school canteen, restaurants, hotels, to provide food and beverage or school functions services on and occasionally off campus.

Data Subject Rights

Primarily under Viet Nam’s Personal Data Protection Law (PDPL) and generally under  applicable sections of other legal frameworks around the world concerning data privacy and protection e.g. in Europe's GDPR, students or members of their families and households have a number of rights regarding their personal data that we hold.

These rights are:

  1. To be informed: Data subjects have the right to be informed of the method, scope, location, and purposes of the collection, processing, and use of their personal information. Even in circumstances where personal data can be processed without the data subject's consent, the data subject still has the right to be informed. 
  2. Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  3. Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  4. Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see #5 below).
  5. Right to object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  6. The right to give or withdraw consent to the processing of your personal data. Personal data processing activities, which happen before consent is withdrawn, are legal and valid. Upon receiving a request to withdraw consent UNIS Hanoi shall notify you of any potential consequences and damage if you withdraw your consent.
  7. Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  8. Request the transfer of your personal information to another party.

To invoke any of these rights, contact our Data Protection officer at dpo@unishanoi.org. As permitted by law, we may refuse to comply with the request in certain circumstances.

Security

We employ reasonable and appropriate measures and controls to ensure that the employee personal data we maintain is secured against unauthorised access or disclosure, in line with The School’s Data Privacy and Protection SOR and applicable laws and regulations.  

In general, we protect employee personal data by, among other things:

  • Access Management policies on our information and communication technology systems including privileged access management applications, passwords, passkeys, MFAs (Multi Factor Authentication) and maintenance of access and permission matrices.
  • Encryption standards and protocols for network connectivity, data collection, transmission, storage and processing.
  • Firewall and endpoint protection on our network and school owned IT devices.
  • Lock and key management for access to storage locations on campus where personal and sensitive data is stored in hard copies.
  • Deploying electronic data destruction and sanitising equipment as well as paper shredders to dispose of electronic storage equipment and paperwork.

In accordance with our Data Breach SOR, we have procedures in place to respond to any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Potential Risks and Consequences

While we are committed to safeguarding your personal data through robust security measures, it is important to inform you of potential risks and undesirable consequences that may arise from data processing activities. These may include unauthorized access, data breaches, or misuse of your personal information, which could result in identity theft, financial loss, or harm to your reputation. We take these risks seriously and have implemented comprehensive measures to mitigate them. However, we encourage you to remain vigilant and report any suspicious activities to us immediately by emailing dpo@unishanoi.org. Should any significant changes to our data processing practices occur, we will notify you promptly and provide detailed information on the potential impact on your personal data.