1. Introduction
1.1. Fountain Schools (“the School”) is committed to protecting the privacy and personal data of our students, staff, parents, and other stakeholders. This policy outlines how we collect, use, disclose, and safeguard your information in compliance with the Kenyan Data Protection Act, 2019.
2. Information We Collect
2.1. Student Data:
- Personal Information: Name, date of birth, gender, nationality, home address, contact information, emergency contact details, medical information (allergies, health conditions), photos, videos.
- Academic Information: Grades, attendance records, assessments, special education needs, disciplinary records.
2.2. Staff Data:
- Personal Information: Name, date of birth, contact information, emergency contact details, next of kin, qualifications, employment history, payroll information, performance reviews.
2.3. Parent/Guardian Data:
- Personal Information: Name, contact information, relationship to student.
2.4. Other Stakeholder Data:
- Personal Information: Name, contact information of alumni, donors, vendors, visitors.
3. How We Use Your Information
3.1. Primary Purposes (with consent):
- Student Education and Support: Providing education, tracking progress, communicating with parents, managing health and safety, organizing extracurricular activities.
- Staff Management: Administering contracts, payroll, benefits, performance evaluations, professional development.
- School Administration: Managing admissions, finances, fundraising, alumni relations, marketing, research.
3.2. Secondary Purposes (where legitimate interests exist):
- Security: Protecting students, staff, and property, monitoring CCTV footage.
- Legal Compliance: Fulfilling legal obligations, reporting to authorities (e.g., child protection concerns).
4. Disclosure of Your Information
4.1. We may share your information with:
- Authorized School Personnel: Teachers, administrators, support staff, school counselors, on a need-to-know basis.
- Third-Party Service Providers: Carefully selected vendors who provide services on our behalf (e.g., IT, transportation, catering) under strict data processing agreements.
- Government Authorities: When required by law or to protect the rights, safety, or well-being of individuals.
5. Your Rights
5.1. You have the right to:
- Access: Request a copy of your personal data held by the School.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your data in certain circumstances.
- Restriction of Processing: Limit how your data is used.
- Object: To processing for direct marketing or based on legitimate interests.
6. Data Security
6.1. We implement appropriate technical and organizational measures to protect your data, including:
- Access Controls: Limiting access to authorized personnel.
- Data Encryption: Protecting sensitive information.
- Regular Backups: Ensuring data recovery in case of loss.
- Staff Training: Educating staff on data protection practices.
7. Retention of Your Information
7.1. We retain your information only for as long as necessary to fulfill the purposes for which it was collected and as required by law.
8. Data Protection Officer
8.1. We have appointed a Data Protection Officer to oversee our data protection practices. You can contact them at: 0717 296520
9. Changes to This Policy
9.1. We may update this policy from time to time. We will notify you of any material changes by posting the updated policy on our website and informing relevant stakeholders.
10. Complaints
10.1. If you have any concerns about our data protection practices, please contact our Data Protection Officer. You also have the right to complain with the Office of the Data Protection Commissioner.