Chapter 7: Data and Privacy

Education is increasingly dependent upon information and ICT. The amount of information, including personal data, is increasing due to developments such as personalised learning with ICT. It is important to protect information properly and to handle personal data securely and responsibly. Dependence upon ICT and personal data is accompanied by new vulnerabilities and risks. Proper regulation of information security and privacy (abbreviated to ISP) in an ISP policy is necessary in order to reduce the consequences of these risks to an acceptable level and to be able to optimally guarantee the progress of education and business operations.

The board of Stichting Rijnlands Lyceum is ultimately responsible for the security of data and privacy and has drawn up a privacy policy for all its schools. You can find this policy on its website (www.rijnlandslyceum.nl) under 'contact' and 'privacy'. It also states who the Data Protection Officer is and how you can contact this officer.

New technologies have become integral in today’s society, both within and beyond the school walls. The internet and other digital information and communication technologies are powerful tools, which open up new opportunities for everyone to learn and connect more effectively. These tools can also bring challenges, so it is important to ensure that information security and personal privacy is respected and to help ensure that community data and users are suitably protected. The school strives to ensure that school systems and users are protected from accidental or deliberate misuse of technology that could place them at risk. ISH expects all members of the community to communicate in a way that is aligned to the school’s Guiding Statements. Students are not allowed to be active on social media during lessons without appropriate permission. Staff are asked not to become ‘friends’ with students on social media accounts. The school provides primary students with technological devices needed for learning. Secondary students are required to bring their own, fit for purpose, devices. All students have age appropriate access to the school’s digital infrastructure. In return, the school expects children to adhere to Student Expectations for Responsible Use of Devices, while using the internet and other communication technologies at school for educational, personal and recreational purposes. This includes not using methods such as VPN’s or private browsing tools to attempt to circumvent the protections that the school has put in place.

The school needs to gather, process and store personal data in order to safely and effectively complete its primary task of educating and caring for children, as described in the Guiding Statements, and in accordance with Dutch laws. The school routinely collects personal information about students, parents/guardians, employees and at times third parties, to provide a safe, secure learning environment. Information is used to:

• Undertake and manage school admissions and enrolment.
• Approve school trips.
• Allow access to the campus and respond to emergency evacuations.
• Comply with child protection requirements.
• Support and enable student learning and the monitoring and reporting of progress.
• Provide support and care for emotional and psychological wellbeing.
• Protect the health of the students and staff.
• Make evidence-based educational decisions and inform planning and resource investment.
• Enable children to continue or progress their education at other educational organisations.
• Enable the development of a comprehensive picture of the workforce and how it is deployed.
• Inform recruitment and retention.
• Enable individuals to be paid.
• Support and develop employees in the performance of their duties.
• Meet statutory reporting requirements to local authorities as well as CIS and the IB.
• Help investigate any concerns or complaints.

Personal data is not kept for longer than is necessary to achieve the purpose for which it was collected. The school strives to protect people’s rights and privacy from the misuse of personal data and from the processing of incorrect data. It limits access to sensitive data and reminds people of the need for consent when sharing confidential information. There is a process in place that allows people to exercise their rights over personal data. Individuals have the right to execute an inspection of personal data and the right to request a correction to data that they consider to be inaccurate.

The School's Privacy Officer is the Director of Operations. The Privacy Officer is the linking pin to the Stichting Rijnlands Lyceum’s Data Protection Officer.