Data Protection & Privacy Policy
This Data Protection and Privacy notice sets out how the Jakarta Intercultural School (”JIS”, “school”, “we”, “our”, “us”) processes the personal data of all individuals, i.e. students, parents, employees, visitors and anyone else, whose data we collect and use.
As a school located in Indonesia, we are subject to the regulations of Indonesian Law No. 27 of 2022 on Personal Data Protection (“Indonesian PDPL”) and any other applicable legal requirement. We are committed to maintaining your trust by safeguarding your personal data in compliance with the Indonesian PDPL.
This Privacy Notice explains how we collect, use, disclose, store and protect your personal data. If you have any queries relating to this notice, please contact our Data Protection Officer (“DPO”) at privacy@jisedu.or.id.
- What data do we collect about you, for what purpose, and on what ground we process it
- Disclosure of Your Personal Data
- International Transfers
- Protecting Your Personal Data
- Data Retention and Disposal
- Your Legal Rights
- Further Information
- Changes to This Notice
What data do we collect about you, for what purpose, and on what ground we process it
What data do we collect about you, for what purpose and on what ground we process it
We may process the following categories of personal data about you:
Communication Data and School Records includes any communication received or sent by us whether via our website, newsletters, telephone messages, emails, messaging apps, social media channels, or any other means. It also encompasses historical archival data and may include photos and videos. We process this data for the purposes of communicating with people, for internal record keeping, and for the operational management and administration of the school. Our lawful basis for this processing is our legitimate interests or consent which are to maintain communication records and to enable school business, teaching, and general operations. Additionally, we may retain records to meet legal disclosure requirements or to establish, pursue, or defend legal claims where necessary.
School Business Data includes any information related the financial and operational information that is collected and managed. These data are essential for effective decision-making, resource allocation, and compliance with regulations, such as financial, operational, human resources and student data.
This includes information related to parents and children who attend or join our various school activities. This may include a directory of personal details such as contact information (phone numbers, email addresses, or messaging app IDs), family relations, and financial data related to purchases and fees. We process this data for school administrative needs, to enable the school family to be supported, and for the maintenance of accurate member/visitor records. We may also maintain a record of fees paid and goods and services purchased and keep records of such transactions for financial or taxation purposes. In cases where identification and/or verification is necessary, we may also process identification records to ensure the correct identity of individuals for data disclosure purposes. Our lawful basis for this processing are legitimate interests and the performance of a contract and/or taking steps to enter into such a contract.
This also includes information related to current, former and prospective employees who have worked here, are currently working here, or may apply in the future. These may include a directory of personal details such as contact information (phone numbers, email addresses, or messaging app IDs), family relations, financial data, professional profile, education records, references and background checks provided in the course of the job application or as an employee. Where identification and/or verification is necessary, we may also process identification records to ensure the correct identity of individuals for verification and/or data disclosure purposes. Our lawful basis for this processing are legitimate interests, compliance with regulations, and the performance of a contract and/or taking steps to enter into such a contract.
Teaching and Learning Data includes the body of information relating to the academic provision and performance of students and alumni. It includes all data relating to a student’s academic journey from enrolment to graduation. Parental data is included together with reports, assessments, results, disciplinary or behavioural data, education records, references, and feedback from teachers and support staff. Our lawful basis for this processing are compliance with legal obligations for academic provision and performance of students and alumni to the Ministry of Education, legitimate interests, and the performance of a contract.
CCTV Data We use CCTV cameras to record video surveillance at our premises to maintain a secure and safe environment. These cameras record only the entrance and exterior areas of the school and data is held for 30 – 120 days before being deleted. No audio is recorded. Our lawful ground for this processing is our legitimate interests for providing a safe and secure facility.
Fundraising Data includes data about individuals past donations and their preferences in receiving information from us about school events and donation possibilities. We process this data to raise money and to help advance our commitment to our aims and principles. Our lawful ground for processing past donations is legitimate interests and for messaging preferences is consent (people may withdraw consent at any time).
Cookies and Technical Website Data includes our use of cookies and related technologies as well as information about individual’s use of our website such as IP addresses. We process this data to maintain and analyse the use of our website and to help ensure we are delivering useful information. Our lawful ground for the use of cookies in consent while other website data is gathered for our legitimate interests in enabling us to properly administer our website.
Personal Data of a Specific Nature
As a school, we also collect the following types of Personal Data of a Specific Nature or “Sensitive” Personal Data:
- Information relating to special educational needs and health information. This is to provision support for individuals for the purposes of health or social care and to meet our contractual and legal obligations.
- Information related to criminal records. This is processed for the purposes of pre-employment checks to meet legal obligations.
- Information relating to children’s data is processed prior to and in the course of providing educational and operational programs of the school to meet legal, contractual obligations, and legitimate interests’ obligations.
- Information relating to safeguarding and child protection to meet legal obligations.
- Information relating to personal financial data. This is processed for the purposes of pre-employment checks and payroll, pre-enrolment checks and associated payments of school and related fees, and application for financial assistance to meet legal, contractual and legitimate interests’ obligations.
Disclosure of Your Personal Data
Disclosure of Your Personal Data
We may share your personal data with the parties set out below:
- Other schools within our network or with whom we share a close relationship, where we participate together in joint or associated activities.
- Healthcare, welfare, and safeguarding professional as appropriate (e.g. to family doctors, social services)
- Service providers who provide IT and system administration services.
- Professional advisers including counsellors, lawyers, bankers, auditors and insurers.
- Public authorities that require data e.g. for taxation, safeguarding or educational reporting to Government education departments.
- Third parties such as organisations providing hospitality, catering, facilities or event organisation with whom we partner to provide school events, activities and other services.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions, governed by contracts or other legally binding agreements.
International Transfers
International Transfers
We may transfer your personal data outside Indonesia such as when we use an IT cloud service provider for hosting data. Where such transfers are restricted transfers under the Indonesian PDPL and/or any other applicable legal requirement, we will ensure that safeguards are in place are at least equal to or higher than the requirements under the Indonesia PDPL to protect your personal data. As such:
- We may transfer your personal data to countries where the receiving Controller or Processor resides has a level of personal data protection equal to or higher than that regulated under the Indonesian PDPL; or
- We may use specific contracts, codes of conduct or certification mechanisms approved by the Indonesia Data Protection Authority, if applicable, which give personal data appropriate protection.
- If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
Protecting Your Personal Data
Protecting Your Personal Data
We are committed to ensuring that your personal data is secure. We have put in place appropriate technical security measures (such as data encryption, firewalls and secure network protocols) to safeguard and prevent your personal data that we process from accidental loss; use; destruction; unauthorised alteration/ modification, access, disclosure; or similar risks.
We have also established reasonable and appropriate organisational safeguards to maintain the confidentiality and integrity of your personal data and will only allow access to or disclose your information with authorised personnel on a ‘need to know’ basis.
As we strive to protect your personal information, it's important to be aware that no internet transmission or electronic storage is completely secure. We prioritize protecting your information with regular reviews and updates of our security protocols.
We have established procedures in place to deal with any suspected personal data breaches. If, despite all our efforts, a data breach does occur, we will promptly take all necessary steps to minimize the damage and will notify you and the relevant regulators without undue delay if we are legally required to.
Data Retention and Disposal
Data Retention and Disposal
We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When determining retention periods, we consider the nature, volume, sensitivity, and potential risk of harm associated with the data, as well as the processing purposes and our ongoing and expected practices. We strive to minimize the data we collect and retain and will regularly review retention periods to ensure they remain appropriate.
Once the retention period has expired, we will securely dispose of or destroy documents containing your personal data using appropriate and secure methods.
Your Legal Rights
Your Legal Rights
Under the Indonesian Law No. 27 of 2022 on Personal Data Protection, you have the following rights in relation to your personal data:
- Obtain information about the identity of the parties requesting the Personal Data, the basis of legal interests, the purpose of the request and use of personal data, and the accountability of the party requesting personal data.
- Access and obtain a copy of the Personal Data that we hold about you.
- Amend, update, or rectify errors and inaccuracies in their personal data that we hold about you.
- Require us to end the processing, delete, and/or destroy Personal Data that we hold about you in certain circumstances
- Require us to delay, limit, or restrict the processing of your personal data in certain circumstances
- Withdraw consent, where the Processing of the Personal Data given to the Controller is based on your consent. This will not affect the lawfulness of our processing activities based on consent before the withdrawal.
- Obtain Personal Data held by the Controller in a format that is commonly used or compatible with electronic systems.
- Object to automated decision-making, including profiling, that has legal consequences or significantly impacts you.
If you wish to exercise any of the rights set out above, please contact the Data Protection Officer (DPO) at privacy@jisedu.or.id.
Please note that as these rights are not absolute, where exceptions or exemptions apply, we may have legal grounds to decline certain requests.
You will not be required to pay a fee to access your personal data or exercise any of your other rights. However, if there are costs involved in processing your request, a reasonable fee may apply. In cases where your request is clearly unfounded, repetitive, or excessive, we reserve the right to either charge a fee or refuse to comply with your request under such circumstances. Where a fee may apply, we will also seek your consent prior to proceeding.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We strive to respond to all legitimate requests promptly and within statutory time limits. Occasionally it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you.
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Indonesia Data Protection Authority . We would be grateful if you could contact us first if you do have any complaints, allowing us the opportunity to resolve the issue for you.
Further Information
Further Information
If you have any inquiries or concerns about this Data Protection and Privacy Notice, our data practices, or the processing of your personal data by JIS, please contact us at:
The Data Protection Officer (DPO) at
Email: privacy@jisedu.or.id.
Address: Cilandak Campus: Jl. Terogong Raya No.33, Cilandak Bar., Kec. Cilandak, Kota Jakarta Selatan, Daerah Khusus Ibukota Jakarta 12430, Indonesia.