Saigon South International School Data Privacy and Processing
At Saigon South International School we are committed to compliance with Vietnamese privacy laws and international standards. This includes respecting your privacy and protecting your personal data. This privacy notice describes how we collect and use (or "process") your information.
What is personal data?
Personal Data means any information relating to an individual who can be identified from that information or from any other information we may hold. Personal Data may be held on paper, in a computer or any other media whether it is owned by the organization or a personal device.
Personal data means any information that is expressed in the form of symbol, text, digit, image, sound or in similar forms in an electronic environment that is associated with a particular natural person or helps identify a particular natural person. Personal data includes basic personal data and sensitive personal data.
Personally identifiable information means any information that is formed from the activities of an individual and, when used with other maintained data and information, can identify such a particular natural person.
The term ‘data subject’ describes the person about whom the personal data is about.
Personal data we collect
We process personal data about visitors to our website; prospective, current, and past: students and their parents; staff and contractors; donors and volunteers; and other individuals connected with or visiting our school.
The personal data we process takes different forms.
Examples include:
● names, addresses, telephone numbers, e-mail addresses, emergency contact information
● IP addresses, location data, and website statistics and analytics
● students' date of birth, nationality, family details
● admissions, academic, disciplinary and other education related records, references,
examination scripts and marks
● parents’ employment data
● images, audio, and video recordings
● financial information and identification documents (e.g., for financial aid assessment or for
fundraising)
● employee and former employee data including recruitment, training, performance management, payroll, and other HR information.
As a school, occasionally, we also need to process personal data which is designated as “sensitive” or “special category personal data” to facilitate our school operations and activities. Such data includes personal information regarding a data subject concerning:
● health
● special education needs
● information relating to safeguarding and child protection/welfare
● criminal records.
In the course of school business, we share personal data (including special category personal data where appropriate) with third parties such as examination boards, the school’s Health Office , the school’s professional advisors and relevant authorities. We may also be required to share your personal data with other organizations for legal or statutory purposes, or where we have your consent to do so.
We may also share data with the School Community Organization to facilitate parental participation. Moreover, some of our systems are managed or operated by third parties (e.g., hosted databases, school website, school calendar, school post and my school portal or cloud storage providers).
How do we obtain your information?
We collect most of the personal data we process directly from the person concerned (‘the data subject’) or, often in the case of students, from their parents. In some cases, we collect data from third parties (for example, referees/references, and previous schools) or from publicly available resources.
We also collect data about you when:
● you have expressed an interest in having a student attend our school
● you have registered to attend (or have attended) one of our events
● you visit our website
● you sign up to receive email, our newsletter and/or prospectus
● you have expressed an interest in working for, or with, us
● you are employed by us or an organization with whom we have a business relationship.
How do we use your personal data?
To support our operation as an international school, we process personal data as follows (but not restricted to):
● the selection and admission of students
● comply with legal and regulatory requirements
● provide education and enrichment to our students, including the administration of our curriculum, monitoring student academic progress and educational needs
● provide a safe and secure environment for students, staff, and visitors to the school
● operational management including the compilation of student records; the administration of invoices, fees, and accounts; the management of school property; the management of security and safety arrangements
● the use of CCTV and monitoring of the school’s IT and communications systems in accordance with our Acceptable Use Policy
● staff employment administration including the recruitment of staff/engagement of contractors; administration of payroll, pensions, and sick leave; review and appraisal of staff performance; conduct of any grievance, capability or disciplinary procedures; and the maintenance of appropriate human resources records for current and former staff; and providing references;
● advancement, including fundraising
● analyzing website traffic, demographics, and behavior through the use of analytical tools and cookies;
● the promotion of our school through our website[s], our prospectus and other publications and communications (including through our social media accounts)
● maintaining relationships with our alumni and former employees
● to keep a record of historical and memorable events relevant to the maintenance of a historical record.
Data Subject Rights
Data Subjects have a number of rights regarding our use of their Personal Data, some of which are subject to conditions. All requests will be dealt with by our Data Protection Office by contacting them at ssis-dpt@ssis.edu.vn :
● Right to be informed
○ Data subjects shall be made aware of any operation of processing of their personal data, unless otherwise provided by law.
● Right to consent
○ Data subjects may or may not consent to the processing of their personal data, unless otherwise provided by Article 17: Personal data processing without requiring the consent of the data subject of Decree No. 13/2023/ND-CP; relating to emergency,legal requirements, state authority, contractual obligations and state agencies.
● Right of access
○ This gives individuals the right to ask us about the Personal Data we use about them. This can include what we use it for, who we share it with, how long we store it and where we have obtained it from. Individuals can also ask to view a copy of their personal data.
● Right to withdraw consent
○ Data subjects may withdraw their consents, unless otherwise provided by law.
● Right to delete data
○ This gives individuals the right to ask for their Personal Data to be erased, but the obligation for us to erase Personal Data only applies in certain circumstances.
● Right to restrict data processing
○ Data subjects may request to limit the processing of their personal data, unless otherwise provided by the law. The restriction of data processing shall be initiated within 72 hours after the request of the data subjects for all the personal data requested for restriction of data processing by the data subject, unless otherwise provided by law.
● Right to provision of data
○ Data subjects may request the Data Protection Office to provide them with their own personal data, unless otherwise provided by law.
● Right to object to data processing
○ Data subjects may object to the processing of their personal data by the Personal Data Controller or Personal Data Controller and Processor to prevent or limit the disclosure of their personal data. They may also object to the use of their personal data for advertising or marketing purposes, unless otherwise provided by law.
○ The Personal Data Controller and Personal Data Controller and Processor shall implement the request of the Data Subject within 72 hours after receiving such, unless otherwise provided by law.
● Right to complain, denounce and/or initiate lawsuits
○ Data subjects may complain, denounce or initiate lawsuits in accordance with the law.
● Right to claim damages
○ Data subjects are entitled to claim damages in accordance with the law upon violation of the regulations on personal data protection, unless otherwise agreed by the parties or prescribed by law.
Consent of the Data Subject
Data Subjects have a number of rights regarding consent of their Personal Data, some of which are subject to conditions.
● The consent of the data subject shall apply to all activities in the personal data processing, unless otherwise provided by law.
● The consent of the data subject shall only be valid when the data subject volunteers and fully knows the following:
○ a) Type of personal data to be processed;
○ b) Purpose(s) of the personal data processing;
○ c) Organizations and/or individuals entitled to the personal data processing; d)
Rights and obligations of data subjects
● The consent of the data subject shall be clearly and specifically expressed by written instrument, by voice, by ticking the consent box, by text message, by selecting technical settings, or by another action that demonstrates the same.
● The consent shall be made for a single purpose. Upon multiple purposes, the Personal Data Controller and Personal Data Controller and Processor shall list the purposes for the data subjects to give consent to one or more of the stated purposes.
● The consent of the data subject shall be expressed in a format that can be printed and/or reproduced in writing, including in electronic or verifiable formats.
● The data subjects’ silence or non-response shall not be regarded as their consent.
● The data subjects may give a partial or conditional consent. However, SSIS reserves the right to withhold processing students’ and employees’ applications if partial consent restricts SSIS from fully administering the application.
● Regarding the processing of sensitive personal data, the data subjects shall be informed that the data to be processed is sensitive personal data.
● The consent of the data subject shall be valid until otherwise decided by the data subjects or as requested in writing by a competent state authority, i.e., Ministry of Public Security.
● In the event of a dispute, the Personal Data Controller and/or the Personal Data Controller and Processor shall be responsible for demonstrating the consent of the data subject.
● Utilizing authorization under the Civil Code, an organization and/or individual may act on behalf of a data subject to carry out procedures in relation to processing of the personal data of the data subject with the Personal Data Controller or the Personal Data Controller and Processor in case the data subject has acknowledged and given consent thereto as prescribed above, unless otherwise provided by law.
Withdrawal of Consent
● The withdrawal of consent does not affect the legality of the data processing to which the consent was given prior to the withdrawal.
● The withdrawal of consent shall be expressed in a format that can be printed and/orreproduced in writing, including in electronic or verifiable formats.
● Upon receipt of the data subject’s request for withdrawal of consent, the Personal Data Controller and/or the Personal Data Controller and Processor shall notify the data subject of possible consequences and damage upon withdrawal of consent.
● Following the review of the withdrawal of consent, the Data controller, Data processor, Data controller and processor, and the Third Party must cease and request relevant organizations and/or individuals to cease the processing of the data to which the consent has been withdrawn by the data subject.
How do we retain and store your personal data?
All personal data is securely stored in accordance with legal requirements. We retain personal data only for legitimate purposes, relying on one or more of the lawful bases as set out above, and only for so long as necessary for those purposes, or as required by law.
Contact us
If you have questions, requests or issues, please let us know how we can help. Our Data Protection Office can be reached at ssis-dpt@ssis.edu.vn.
Controller Details
Saigon South International School
78 Nguyễn Đức Cảnh, Tân Phong, Quận 7, Thành phố Hồ Chí Minh 700000