Imprint / Impressum and Privacy Notice

International School of Stuttgart e.V.
Sigmaringer Str. 257, 70597 Stuttgart, Germany

Phone: +49-711-7696000
Email: iss@issev.de

Register Court / Registereintrag:
Registergericht: Amtsgericht Stuttgart
Registernummer: VR 4222

Information Rights Policy

Introduction

International School of Stuttgart e.V. (the school in further text) complies with the relevant European and national data protection regulations. This privacy notice explains how we use personal information, who we share it with and the ways in which we protect and account for the protections to privacy. This notice applies to all personal data collected for and on behalf of the school. This pertains to information collected in analogue (forms, documents, in writing) and through technological means such as information systems and email.

From time to time, we will make you aware when we require additional personal information for processing through a separate specific privacy notice.

Legal Basis for processing of personal data by ISS

Personal data will be collected, processed and stored for the purpose of the enrolment and education of students or the execution of contracts and agreements with the School.

We do so under the lawful basis that the processing is necessary for the performance of a contract in which you as the data subject is entering or has entered into (Art. 6 (1) a) GDPR). In some circumstances we may have to process data for other purposes that are not necessary for the performance of the contract but are within the lawful basis of Art. 6 (1) b)-f) of the GDPR. In such cases, the processing may be based upon

  • our legitimate interests, such as providing a safe learning environment, maintaining the ISS community, fundraising, etc.,
  • on the protection of you or your children’s vital interests,
  • on the compliance with our legal obligations and/or
  • on the consent you or your children may have provided to us.

What personal data we collect

We collect and use personal information to carry out the education services as prescribed below. We do so under a lawful basis, as prescribed by the associated Regulations. In some circumstances we may be required to share your personal data for legal statutory purposes or under legitimate interest.

The categories of personal information that we collect, hold and may share include:

  • personal information (such as name, date of birth, contact details, Passport)
  • special categories of data (such as health)
  • other relevant categories for the performance of our services (such as educational data, assessment, relevant medical information, special educational needs information, exclusions / behavioural information and psychological reports and assessments)
  • attendance information (such as sessions attended, number of absences and absence reasons)
  • logging and audit in the use of IT systems and education technology apps, applications and cloud-based systems
  • photographs, audio and videos taken by staff and students throughout the school year to record and share everyday life at ISS. Your child may be identifiable in these photographs. (See the ISS Photo Policy)
  • photographs taken for identification purposes e.g. ID cards. 

How we use personal data

We use the information you provide in the following ways:

  • to undertake and manage the school admissions and enrolment
  • to support and enable the academic, pastoral and personal objectives of children, including the monitoring and reporting of progress
  • to support direct and accurate communication
  • for approved school trips including transportation and lodging
  • to provide our educational services
  • to build and maintain the ISS community, including through fundraising
  • to ensure the safety and security of students and staff including camera surveillance
  • to provide a safe learning environment
  • to comply with child protection requirements
  • to provide support and care for emotional and psychological wellbeing (pastoral and counselling)
  • to protect the health of the students and staff we serve
  • to provide a tailored learning environment and make evidence based education decisions for the children we serve
  • to enable the children we serve to continue their education at other educational organizations
  • to enable the development of a comprehensive picture of the workforce and how it is deployed
  • for financial planning to help in the future planning and resource investment purposes
  • for meet our statutory reporting requirements to the Statistisches Bundesamt, Jugendamt and other authorities
  • to help investigate any concerns or complaints you may have

Collecting data with consent

Whilst the majority of student information you provide to us is required for the performance of a contract or by law, some of it is provided to us on a voluntary basis.

In order to comply with data protection law, we will inform you when we require consent to process your information. Where consent is provided you or your child are free to withdraw consent at any time. You can contact our Data Protection Officer (contact details below) if you or your child wish to withdraw consent.

Retention and storage of personal data

ISS will retain Personal Data for as long as required by law. The school recognizes that by efficiently managing it’s records it will be able to comply with legal and regulatory obligations.

All student and parent records will be kept secure at all times. Paper and electronic records will have appropriate security measures in place. This will ensure that confidentiality is maintained for student and parent records while enabling information to be shared lawfully and appropriately.

Subject to appropriate safeguards, ISS may keep some information during a longer period if needed  for statistical purpose. Such information will be anonymized where reasonable. More information on data retention periods can be requested from the DPO.

Security

Whilst we store and use your personal data, we will ensure the appropriate security of said personal data including transfer to countries outside of the EEU, protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

Who do we share student information with

Your personal data is shared internally within ISS for the purposes of delivering the services required. For the purposes described above, ISS may need to share your personal data externally with certain recipients as well as with third parties processing your data on behalf of ISS. More specifically, this includes the following categories of recipients:

  • Governmental, local and educational authorities
  • Providers of information systems that are necessary for School to deliver the admissions, administration, teaching and learning, pastoral development, medical and child protection services
  • Third parties for school trips / outings
  • Parent volunteer organizations, other schools, colleges or universities

Processing and transfers to third countries

Personal information may be transferred to organizations outside the EU for the purposes of student application for college or university. Various teaching and learning applications are also used that are based outside the EEA / EU. Information on these and the protections afforded by these data processors can be requested from the Data Protection Officer (contact details below).

Automated Profiling

The school’s does not use any tools that provide automated profiling of students and/or parents.

IT Systems

For the purposes of IT hosting and maintenance all school information including personal data is located on servers within the school, or within hosted servers provided by our service providers. No third parties have access to your personal data unless the law allows them to do so. Where the law allows and information is shared with third parties, we ensure they have the same protections in place as we do. We cannot deliver our education services without processing the data we collect and share.

In following the principles of Article 32 – Security of Processing of the GDPR, we have in place proportionate organizational and technical measures to protect your personal information. More information on these can be requested via the Data Protection Officer (contact details below).

Requesting access to your personal data

Under data protection legislation, anyone has the right to request access to information about them that we hold. To make a request for your personal information, contact the Data Protection Officer and or see our Information Rights Policy.

 You also have certain additional rights to:

  • be informed of how we are processing your personal information – this Privacy Notice serves to explain this you but do get in touch if you have any questions;
  • have your data corrected if it is inaccurate or incomplete;
  • have your information erased (the right to be forgotten) in certain circumstances – e.g. where it is no longer needed by us the purpose for which it was collected, or you have withdrawn your consent;
  • restrict the use of your data in certain circumstances e.g. where you have told us the data is inaccurate and we are in the process of checking this. In such circumstances we will continue to store your data but will not process it further until we have checked and confirmed whether the data is inaccurate;
  • to object to the processing of your data in certain circumstances – e.g. you may object to processing of your data for direct marketing purposes.
  • to object to decisions being taken by automated means or for it to be reviewed by manual intervention.
  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • prevent processing for the purpose of direct marketing
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • claim compensation for damages caused by a breach of the Data Protection regulations

If you have any concerns about the way we are collecting or using your personal data, you should raise your concern with us in the first instance.

You can also directly contact the Supervisory Authority in Stuttgart, BW, Germany and which is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg

Contact​
Postanschrift: Postfach 10 29 32, 70025, Stuttgart
Telefon 0711 / 61 55 41 – 0
Montags bis freitags in der Zeit von 9 bis 12 Uhr und montags bis donnerstags zusätzlich in der Zeit von 14 bis 15:30 Uhr.
E-Mail: poststelle@lfdi.bwl.de
Website: https://www.baden-wuerttemberg.datenschutz.de

If you would like to discuss anything in this privacy notice, please contact:Data Protection OfficerDPO@issev.de

Website

Cookies

We may use cookies on our website. For more information on how we may use cookies on our website, please see our cookie policy. Other web platforms utilized within the ISS community will have their own publicized policies concerning cookie usage.

Server Log Data
Our website provider and other portal services may collect and save server log data, which your browser automatically provides to us.

CCTV

We utilize information from the CCTV to ensure the safety and security of students and staff. We do not retain CCTV images.