The United Nations International School of Hanoi Data Privacy and Processing
At UNIS Hanoi we are committed to compliance with Vietnamese privacy laws and international standards. This includes respecting your privacy and protecting your personal data. This privacy notice describes how we collect and use (or "process") your information.
What is personal data?
The term ‘personal data’ refers to any information which identifies you or can be used to identify a data subject when used in conjunction with other information.
The term ‘data subject’ describes the person about whom the personal data is about.
Personal data we collect
We process personal data about visitors to our website; prospective, current and past: students and their parents; staff and contractors; donors and volunteers; and other individuals connected with or visiting our school.
The personal data we process takes different forms.
● names, addresses, telephone numbers, e-mail addresses, emergency contact information
● IP addresses, location data, and website statistics and analytics
● students' date of birth, nationality, family details
● admissions, academic, disciplinary and other education related records, references, examination scripts and marks
● parents’ employment data
● images, audio and video recordings
● financial information and identification documents (e.g. for financial aid assessment or for fundraising)
● employee and former employee data including recruitment, training, performance management, payroll, and other HR information.
As a school, from time to time we also need to process personal data which is designated as “sensitive” or “special category personal data” in order to facilitate our school operations and activities. Such data includes personal data regarding a data subject concerning:
● biometric data (e.g. fingerprints)
● information relating to safeguarding and child protection/welfare
● political or religious views
● criminal records.
In the course of school business, we share personal data (including special category personal data where appropriate) with third parties such as examination boards, the school’s Health Centre, the school’s professional advisors and relevant authorities. We may also be required to share your personal data with other organisations for legal or statutory purposes, or where we have your consent to do soo.
We may also share data with the School Community Organisation in order to facilitate parental participation. Moreover, some of our systems are managed or operated by third parties (e.g. hosted databases, school website, school calendar, school post and my school portal or cloud storage providers).
How do we obtain your information?
We collect most of the personal data we process directly from the person concerned (‘the data subject’) or often in the case of students, from their parents. In some cases, we collect data from third parties (for example, referees/references, and previous schools) or from publicly available resources.
We also collect data about you when:
● you have expressed an interest in having a student attend our school
● you have registered to attend (or have attended) one of our events
● you visit our website
● you sign up to receive email, our newsletter and/or prospectus
● you have expressed an interest in working for, or with, us
● you are employed by us or an organisation with whom we have a business relationship.
How do we use your personal data?
To support our operation as an international school, we process personal data as follows (but not restricted to):
● the selection and admission of students
● comply with legal and regulatory requirements
● provide education and enrichment to our students, including the administration of our curriculum, monitoring student academic progress and educational needs
● provide a safe and secure environment for students, staff, and visitors to the school
● operational management including the compilation of student records; the administration of invoices, fees and accounts; the management of school property; the management of security and safety arrangements
● the use of CCTV and monitoring of the school’s IT and communications systems in accordance with our Responsible Use Policy
● staff employment administration including the recruitment of staff/engagement of contractors; administration of payroll, pensions and sick leave; review and appraisal of staff performance; conduct of any grievance, capability or disciplinary procedures; and the maintenance of appropriate human resources records for current and former staff; and providing references;
● advancement including fundraising
● analyzing website traffic, demographics and behaviour through the use of analytical tools and cookies;
● the promotion of our school through our website[s], our prospectus and other publications and communications (including through our social media accounts)
● maintaining relationships with our alumni and former employees
● to keep a record of historical and memorable events relevant to the maintenance of a historical record.
Data Subject Rights
Data Subjects have a number of rights regarding our use of their Personal Data, some of which are subject to conditions. All requests will be dealt with by our Data Protection Officer or our Data Protection Coordinator by contacting them at email@example.com:
● Right of access (commonly referred to as a subject access request): This gives individuals the right to ask us about the Personal Data we use about them. This can include what we use it for, who we share it with, how long we store it and where we have obtained it from. Individuals can also ask for a copy of their personal data.
● Right to rectification: This gives individuals the right to ask for inaccurate Personal Data to be corrected or for incomplete Personal Data to be completed.
● Right to erasure (‘right to be forgotten’): This gives individuals the right to ask for their Personal Data to be erased but the obligation for us to erase Personal Data only applies in certain circumstances.
● Right to object: This gives individuals the right to ask us not to use their Personal Data. This will include the use of their data for direct marketing, or where automated decisions have been made about them.
● Rights in relation to automated individual decision-making, including profiling: This gives individuals the right to object to decisions being made about them solely by automated means (without any human involvement) and to profiling (where automated processing is used to evaluate certain things about the individual).