Personnal Data Protection Policy
Purpose of this policy
The purpose of this document is to inform of Lycée Français de Singapour policies on data collection, usage, disclosure, processing and protection, which are subject to the Singapore Personal Data Protection Act 2012 (“PDPA”). This Act recognises both the rights of individuals to protect their personal data, including rights of access and correction, and the needs of organisations to collect, use or disclose personal data for legitimate and reasonable purposes.
The PDPA takes into account the following concepts:
Data Collected and Purpose
Lycée Français de Singapour is collecting and may use student’s personal data (such as name, date of birth, photos, educational background, medical records) for the following purposes (list below not exhaustive):
- Regulatory Compliance (i.e. Compliance with the Singapore Ministry of Education, Agence pour l’Enseignement Français à l’Etranger (AEFE), Immigration and Check point authority (ICA), filing and other statutory filing, and Taxation etc.),
- Scheduling of courses and publishing students’ results,
- General Administration/Operations (i.e. Project management, Work-related/teaching-related communication),
- Educational Background (i.e. Awards/recognition certifications received, Educational attainment, and Schools attended),
- Student Registration (New enrollment, withdrawal/cancellation),
- Communication with parents and guardians (teacher’s emails, University guidance Department and crisis communication),
- School trips (i.e. Planning & logistics, Medical requirements, Dietary requirements, Registration),
- Registration for ECA (Extra-curriculum activities) events,
- Medical needs (i.e. allergies),
- Registration for Transit Link,
- Insurance coverage,
- Alumni services,
- Disclosure to requesting third parties schools for evaluative purposes in dealing with admission suitability.
Lycée Français de Singapour is collecting and may use students’ family members/guardians’ personal data (such as name, date of birth, e-mail, phone, bank particulars) for the following purposes (list below not exhaustive):
- Communication with parents and guardians (teachers, School management and University guidance Department administration),
- Medical needs, in case of emergency (i.e. to contact relatives in case of accidents and major risks),
- School trips (i.e. Planning and logistics, Medical requirements, Dietary requirements, Registration),
- Fundraising for School purposes,
- Billing and fee payment processing (i.e., Billing of school fees, Final settlement and payment history, Fee payment processing).
Subject to express consent in the “Legal Authorisations” form, Lycée may:
- Give parent’s email address to the Parents Committee and Parent Representatives
- Use student’s personal data (name, picture(s), film etc..) exclusively for non-commercial purposes, including:
- Internal uses: school reports, flyer, poster, school’s picture, yearbook, pedagogical projects etc…;
- External uses: Agency for French Education Abroad’s website and social media, School’s website and social media, documents presenting the School etc…
For the purpose of school students in grades up to and including “Terminale”, parental consent is sufficient.
Lycée Français de Singapour will collect and use personal data about students and students’ parents/guardians in accordance with Personal Data Protection Act (2012). Consent to the School using such data as set out above can be given in the Student Contract and Legal Authorisation Form.
Where a person has made a free decision to opt in to a situation or process where the collection or use of personal data can be reasonably expected, then implied permission can be assumed. This includes:
- Student Admissions Applications
- CCTV on campus
- Events organised by the School
Management and Care of Personal Data
Protection of Personal Data
Lycée Français de Singapour undertakes to:
- Implement appropriate security measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular when the processing of data involves the transmission or storage on or within a network; and
- Notify data subjects about any accidental or unauthorised access of their data that may lead to damage or harm.
Right of Access, Correction and withdrawal
Individuals have a right to see the data held about them (subject to the exemptions listed below) and to request for data to be corrected if it is incorrect. Parents will be provided access to data held about their children whilst they are students at the School within the limitations of this policy.
Thanks to Parents’ portal Eduka, parents have unlimited access to their or their children’s data. Correction or withdrawal is possible at any time if needed.
The Legal Authorisation Form is submitted to parents on a yearly basis via Parents’ portal Eduka. It is always possible to change the answers provided to this form.
Exemptions to Right of Access The PDPA does not provide the right of access to any and all information held by an organisation. Therefore Lycée Français de Singapour retains the right to refuse access to:
- Opinion data kept for evaluative purposes
- Examination papers or the results of examinations
- Confidential references written to support a student's application to other educational institutions or courses
- Data or material that would provide personal data about other individuals in contravention of this policy or the PDPA.
Data Retention & Removal
Lycée Français de Singapour shall take reasonable effort to destroy or anonymize documents containing Personal Data as soon as it is reasonable to assume that:
- The purpose for which the Data was collected is no longer being served by retention of the Data; and
- Retention is no longer necessary for legal or business purposes.
Sharing Data with Third Parties
Personal Data may be disclosed by Lycée Français de Singapour to its third party service providers or agents in Singapore (such as travel agents, insurance companies and data hosting companies) for one or more of the Purposes. Personal Data may also be disclosed to some schools outside of Singapore or to the French Ministry of Education or any other institution under its responsibility which may be located outside of Singapore, for one or more of the Purposes.
The School will only share data for the purposes of eliciting a necessary service from these third party organisations and not for commercial gain.
Lycée Français de Singapour signs contracts to ensure that the organisation is using the data purely for the intended purpose of providing the required service and that it is taking appropriate precautions to safeguard the data.
In some instances, for example for online services, explicit signed contracts do not exist. In these instances the School will ensure that the terms & conditions of the service include clauses that:
- Lycée remains the owner of the data.
- The service provider is not entitled to use any data held on its service for any purpose other than to provide the required service.
- The service provider is taking reasonable precautions to ensure the security of the data.
- Once the School terminates its agreement with the service provider, that any and all data held will be deleted and not used for any other purpose.