The term “Personal Data” refers to any information which identifies you or can be used to identify a data subject when used in conjunction with other information.
The term “Data Subject” describes the person about whom the personal data is about.
The term “PDPL” describes Personal Data Protection Laws of the relevant country or jurisdiction.
The term “Data Controller” will be regarded as ALL International Education LLC or allinternationalschools.com .
The term “Data Protection Officer” or “DPO” refers to the assigned person in the company whose responsibility is to ensure processes and procedures are in compliance with PDPL.
The term “Process” describes how we collect, use, store or disclose personal data directly from the data subject concerned (or often in the case of students, from their parents). In some cases, we collect data from third parties (e.g. referees/references, schools) or from publicly available resources. When we process any personal data (sensitive/special category or otherwise), we do so in accordance with applicable law and regulations (including with respect to safeguarding or employment). Personal data held by the company is processed by appropriate members of staff for the purposes for which the data was provided.
ALL International Education LLC (hereafter referred to as “ALL” or “the company”) cares about the data privacy of all members of our community, staff, students, parents and schools. We therefore provide this data privacy notice to inform our policy in relation to the individual (“you” or “Data Subject”) in accordance with the PDPL.
The purpose of this data privacy notice is to provide detailed information about how we process personal data. The personal data we process takes different forms as described in item 5) of this document. For example, we use the data:
We take appropriate technical steps to ensure the security and integrity of personal data about individuals, including policies around use of technology, security appliances and devices, with authorized account management for users to access our company’s information system. Additionally, the company’s information systems can be managed and operated by third party cloud-based providers.
This data privacy notice applies to:
Please note that some of the web links on our platforms may lead to third party platforms. If you access these platforms your personal data will then be processed under the third party’s terms & condition policy. Please make sure that you have read those related data privacy notices when accessing such platforms.
This data privacy policy informs you of how we collect, use, store or disclose your personal data, what and why we collect, use, or disclose your personal data, how long we retain it, who we disclose it to, your rights, what steps we will take to make sure that your personal data stays private and secure, and how you can contact us regarding to questions that you may have about your data.
4.1. How we collect, use, or disclose your personal data
We process your personal data where it is necessary and there is a lawful basis for collecting or disclosing it. This includes where we collect, use, or disclose your personal data based on the legitimate grounds of our legal obligations, performance of a contract you have with us, our legitimate interests, performance under your consent and other lawful basis. Reasons for collecting, using, or disclosing are provided below:
4.1.1. Our legal obligation
We are regulated by laws, rules, regulations, and government regulatory authorities. To fulfill our legal and regulatory requirements with these authorities it is necessary to collect, use or disclose your personal data for the following purposes, which include but are not limited to:
a) Compliance with the PDPL and any amendment to the law thereafter;
b) Compliance with laws, including conducting identity verification, criminal background checks, other checks and screenings (including screening against publicly available database of regulatory authorities and/or official sanctions lists), and ongoing monitoring that may be required under any applicable laws;
c) Compliance with regulatory obligations and/or orders of authorized persons (e.g. orders by any court of competent jurisdiction or of governmental, supervisory or regulatory authorities or authorized officers).
4.1.2. Contract made by you with us
We will process personal data with the request and/or agreement made by you with us, for the following purposes, which include but not limited to:
4.1.3. Our legitimate interests
We rely on our legitimate interests by considering our benefits or third party’s benefits with your fundamental rights in personal data in which we will collect, use, or disclose for the following purposes, which include but are not limited to:
4.1.4. Your consent
Under PDPL, the rights belong to the individual to whom the data relates (”Data subject”). However, where consent is required as the lawful basis for processing personal data relating to students, we often rely on parental consent. Unless, given the nature of the processing in question, and the student’s age and level of understanding, it is more appropriate to use student consent. Parents should be aware that in such situations, they may not be consulted, depending on the interests of the child, the parent’s rights at law or under their contract, and considering all the relevant circumstances.
In general, we will assume that student consent is not required (and that other lawful bases are more appropriate, as described above) for ordinary disclosure of their personal data to their parents.
In certain cases, we may ask for your consent to collect, use or disclose your personal data to maximize your benefits and/or to enable us to provide services to fulfill your needs for the following purposes, which include but is not limited to:
4.1.5. Other lawful basis
Apart from the lawful basis mentioned above, we may collect, use, or disclose your personal data based on the following lawful basis:
If the personal data we collect from you is required to meet our legal obligations or to enter into an agreement with you, we may not be able to provide (or continue to provide) some or all the company’s products or services to you if you do not provide such personal data when requested.
The type of personal data, namely personal data, and sensitive personal data, in which we collect, use, or disclose, varies on the scope of products and/or services that you may have used or had an interest in. The type of personal data shall include but is not limited to:
# | Category | Example of personal data |
1 | Personal details | Given name, middle name, surname, nickname (if any), Gender, Date of birth, Age, Educational background, Nationality |
2 | Contact details | Mailing address, E-mail address, Phone number, Name of representatives or authorized persons acting on your behalf, Social media accounts |
3 | Identification and authentication details | ID card photo, Identification number, Passport information, Birth Certificate/Alien ID information, Driving license, Signatures |
4 | Employment details | Occupation, Employer’s details and workplace, Position, Salary/ income/ remuneration |
5 | Financial details and information about your relationship with us | Information about your Banking transactions |
6 | Geographic IT information and information about your device and software | Your GPS location, IP address, Computer Name, Hostname, MAC Address, Other IT Technical details that are uniquely identifying data |
7 | Investigation data | Data for due diligence checks |
8 | Survey research, marketing research information | Parents, Student, Health & Safety survey, Information and opinions expressed when participating in the company’s market research, Details of services you receive and your preferences |
9 | User login and subscription data | Login information for using the company’s website. Other applications used by the company. Other subscriptions used by the company. |
10 | Information concerning security | Video or Audio recordings, Visual images, Personal appearance |
11 | Sensitive Personal Data | Racial or Ethnic Origin, Political Opinions, Cult, Religious or Philosophical Beliefs, Sexual Behavior, Health Data, Disability, Trade Union Information, Genetic Data,Biometric Data, Child Safeguarding Records, Criminal Records |
12 | Other information | Records of correspondence and other communications between you and usInformation that you provide us through any other channels. Information about insurance policy and claim for your compensation. |
6. Sources of your personal data
Normally, we will collect your personal data directly from you, but sometimes we may get it from other sources, in such cases we will ensure the compliance with the PDPL. Personal data we collect from other sources may include but is not limited to:
7. Your rights
You can exercise your rights under the PDPL as specified below, through the channels prescribed by us at our contact details (see Section 14).
7.1 Right to access and obtain copy
You have the right to access and obtain a copy of your personal data held by us, unless we are entitled to reject your request under the law or a court order, or if such request will adversely affect the rights and freedoms of other individuals.
7.2 Right to rectification
You have the right to rectify your inaccurate personal data and to update incomplete personal data related to you.
7.3 Right to erasure
You have the right to request us to delete, destroy or anonymise your personal data, unless there are circumstances where we have the legal grounds to reject your request.
7.4 Right to restrict
You have the right to request us to restrict the use of your personal data under certain circumstances. For example, during the investigation of your request to rectify your personal data; or to object the collection, use or disclosure of your personal data, or you request to restrict the use of personal data instead of the deletion or destruction of personal data which is no longer necessary as you have necessity to retain it for the purposes of establishment, compliance, exercise of protection of legal claims.
7.5 Right to object
You have the right to object to the collection, use or disclosure of your personal data in case we proceed with legitimate interests’ basis or for the purpose of direct marketing, or for the purpose of scientific, historical or statistical research, unless we have legitimate grounds to reject your request. For example, we have compelling legitimate grounds to collect, use or disclose your personal data, or the collection, use or disclosure of your personal data is carried out for the establishment, compliance, or exercise of legal claims, or for the reason of our public interests.
7.6 Right to data portability
You have the right to receive your personal data in a format which is readable or commonly used by means of automatic tools or equipment and can be used or disclosed by automated means. Additionally, you have the right to request us to send or transfer your personal data to a third party, or to receive your personal data which we sent or transferred to a third party, unless it is impossible to do so because of the technical circumstances, or we are entitled to legally reject your request.
7.7 Right to withdraw consent
You have the right to withdraw your consent that has been given to us at any time pursuant to the methods and means prescribed by us unless the nature of consent does not allow such withdrawal. The withdrawal of consent will not affect the lawfulness of the collection, use, or disclosure of your personal data based on your consent before it was withdrawn. You can review and change your consent to use or disclose your personal data for marketing purposes through channels as specified in Section 14 below.
7.8 Right to lodge a complaint
You have the right to make a complaint to the competent authority where you believe that the collection, use and disclosure of your personal data is unlawful or non-compliant with the PDPL.
8. How we share your personal data
We may disclose your personal data to the following parties under the provisions of the PDPL:
9. International transfer of personal data
When it is necessary for us to send or transfer your personal data internationally, we will always exercise our best effort to have your personal data transferred to our reliable business partners, service providers or other recipients by the safest method to maintain and protect the security of your personal data, which includes the following circumstances:
10. Retention period of personal data
All personal data is securely stored in accordance with the PDPL requirements. We retain your personal data only for legitimate purposes, relying on one or more of the lawful bases as set out above, and only for so long as necessary for those purposes, or as required by law.
The period we keep your personal data will be linked to the prescription period or the period under the relevant laws and regulations (e.g. Accounting Laws, Tax Laws, Labor Laws and other laws to which we are subject both in the United States and in other countries).
11. Use of Cookies
We may collect and use cookies and similar technologies when you use our products and/or services. This includes when you use our websites, and other company applications. The collection of such cookies and similar technologies helps us recognise you, remember your preferences and customize how we provide our products and/or services to you. We may use cookies for several purposes. For example, enabling and operating basic functions, helping us understand how you interact with our websites or emails, or enabling us to improve your online experiences or our communications with you.
12. Use of personal data for original purposes
We are entitled to continue collecting and using your personal data, which has previously been collected by us before the enactment of the PDPL in relation to the collection, use and disclosure of personal data, in accordance with the original purposes.
13. Security
We endeavor to ensure the security of your personal data through our internal IT security measures and strict policy enforcement. The measures extend from data encryption to firewalls. We also require our staff and third-party contractors to follow our applicable IT security standards and policies and to exercise due care and measures when using, sending, or transferring your personal data.
14. How to contact us
If you wish to exercise any of your rights under the PDPL for which we are the data controller, please make your request by emailing our Data Protection Officer and follow-up with written request with your identification documents at the company as detailed below:
The Data Protection Officer
ALL International Education LLC
Wilmington, Delaware USA 19890
Telephone: +1 302 123 4567
Email: davidm@allinternationalschools.com
Please note that these rights are not absolute, and we may be entitled to or required additional personal identification as required by the company. We will respond to any such written requests as soon as is reasonably practicable and within statutory time limits.
15. Changes to this Data Privacy Notice
We will update this Data Privacy Notice from time to time. Any substantial changes that affect how we process your personal data will be displayed on our website and sent to you directly when deemed necessary.