Skip To Main Content

Privacy Policy

KIS DATA PROTECTION & PRIVACY POLICY

Policy Statement

KIS International School, in its commitment to 'Inspiring Individuals' and nurturing a caring, inclusive community, recognizes the importance of privacy and data protection. Our Data Protection and Privacy Policy ensures that personal data is handled in a manner that respects individual rights and fosters trust, aligning with our mission to develop knowledgeable, ethical, and globally-minded students and according to the law of Personal Data Protection Act (PDPA).

Rationale

The rationale behind this policy is twofold: firstly, to safeguard the personal information of our school community members, thus supporting our core value of creating a caring and inclusive environment. Secondly, it serves to uphold ethical standards in data handling, resonating with our mission to cultivate responsible global citizens. This policy encompasses all aspects of data management within our school, from collection to storage and usage, ensuring compliance with legal standards while fostering an environment where students and staff feel secure and respected.

Practices and Procedures

Definitions

  • Personal Data: Any data that relates to an identified or identifiable individual.
  • Data Controller: The person or organization that determines the purposes and means of processing personal data.
  • Data Processor: The person or organization that processes personal data on behalf of the data controller.
  • Data Subject: The individual to whom the personal data relates.

Categories of Data

Personal data is collected and processed to support educational, operational, and legal requirements. The following categories outline the key types of data handled:

  • Student Data: Identifying information, academic records, health and safeguarding data, disciplinary records, extracurricular participation, financial information (if applicable), biometric and access control data, CCTV footage, IT system usage, media and marketing data, and legal compliance records.
  • Staff Data: Identifying information, employment and payroll records, professional qualifications, background checks, health and safeguarding data, biometric and access control data, CCTV footage, IT system usage, media and marketing data, and legal compliance records.
  • Visitor Data: Identifying information, access logs, CCTV footage, IT system usage, media and marketing data, and legal compliance records.
    Third-Party Data: Identifying information of external service providers, background checks, financial transactions, IT system access, and legal compliance records.
  • Parental & Guardian Data: Identifying information, contact details, financial transactions (e.g., tuition payments), emergency contacts, CCTV footage, IT system usage, media and marketing data, and legal guardianship records. 
    Alumni & Former Student Data: Contact details, career updates, engagement with school networks, historical records, and media and marketing data.

Why the School Needs to Collect Data

KIS International School collects personal data based on the following lawful bases under the PDPA:

  • Educate and support students (Contractual Necessity, Legitimate Interest): Enrollment, academic records, pastoral care, extracurricular activities, and managing special needs.
  • Manage staff employment (Contractual Necessity, Legal Obligation, Legitimate Interest): Hiring, payroll, performance evaluations, disciplinary records, background checks, and professional development.
  • Ensure safety and security (Legitimate Interest, Legal Obligation, Vital Interest): CCTV surveillance, attendance tracking, access control, and emergency response.
  • Comply with legal and regulatory requirements (Legal Obligation): Government reporting, tax/audit records, and health & safety regulations.
    Inform parents and guardians (Legitimate Interest, Consent): Newsletters, event notifications, academic reports, and student updates.
  • Seek feedback and improve services (Legitimate Interest, Consent): Surveys, focus groups, and parent-teacher conferences.
  • Promote the school (Consent, Legitimate Interest): Sharing school event photos/videos on websites, social media, and marketing materials.

How Data is Used at Our School

Personal data at KIS International School is used for the following purposes:

  • To support student learning and well-being: This includes collaboration between teachers, counselors, school staff, and third-party providers of educational technology, support services, and special education programs.
  • To manage staff employment: Human resource, payroll, school staff, and third-party providers for background checks, payroll, and development.
  • To ensure the safety and security of students, staff, and visitors: CCTV, visitor data, access control, IT systems data, and law enforcement collaboration.
  • To comply with legal and regulatory requirements: This includes sharing personal data with government agencies as required by law.
  • To inform the community: Newsletters, events, progress reports, and individual updates as well as third-party communication providers.
  • To gather feedback: Surveys, focus groups, conferences, and third-party tools.
  • To promote the organization and its activities: This includes sharing photos and videos of events on the website, social media channels, and marketing.

Third-Party Data Sharing & International Transfers

KIS International School may share personal data within its network of affiliated entities, including educational institutions, training centers, and specialized service providers, to support operations, enhance services, and comply with applicable regulations. Additionally, personal data may be shared with carefully selected third parties, including government agencies, service providers, and security or emergency response organizations.

Personal data may be transferred outside Thailand for necessary operations, including cloud storage, IT services, and collaborations with international partners. KIS ensures that all internal and external data transfers comply with PDPA regulations, using contracts and security safeguards to protect data in transit and storage.

Data Retention

Personal data is retained only as long as necessary for educational and operational purposes, in line with legal requirements. Data is regularly reviewed for relevance and securely deleted or anonymized when no longer needed.

If a data breach occurs, KIS International School will investigate, notify affected individuals and authorities as required, and take corrective action.

Data Protection Officer

KIS International School has a Data Protection Officer (DPO) responsible for overseeing PDPA compliance, handling Data Subject Access Requests (DSAR), and conducting Data Protection Impact Assessments (DPIA).

Under the PDPA, individuals have the right to access, correct, or request the deletion of their personal data, as well as object to or restrict certain types of data processing. They may also withdraw consent where applicable.

To exercise these rights or for any data protection concerns, contact the DPO at dataprotection@kis.ac.th.

Appendix

Non-Disclosure Agreement Protocol
PDPA Consent Form

Adopted: June 2021
Reviewed: January 2024, March 2025