Privacy statement
Orientation regarding requirements of the Personal Requirement Act
Table of Contents
Principles
Privacy Statement for Students, Guardians and Staff Members at Tromsø International School:
Tromsø International School and the municipality register, process and store information about students, guardians and staff members for the purpose of delivering education in line with the Norwegian law, the framework of the International Baccalaureate as well as the purpose of following laws regarding employment.
Students, Guardians and Staff Members will be referred to as ‘the registered’.
The processing is regulated through the following laws: the Personal Information Act (personopplysningsloven), Archives Act (arkivloven), the Public Administration Act (forvaltningsloven), the Education Act (opplæringsloven), the Publicity Act (offentlighetsloven) and the Working Environment Act (arbeidsmiljøloven).
This document does not replace the contract made by students and staff members regarding the use of digital equipment and the school network. The user contract defines the responsibility of the student/staff member to hinder loss or misusage of data, central in this is username and password security.
Consent: Tromsø International School is required by law to store certain personal data (The Education Act §3-39). Consent is thus not required, but any registered party is to be informed of the data that is registered by the school. This document fulfils this purpose.
The student/guardians are asked for consent regarding storage of personal data such as photographs, surveys and other data that is not required by law.
The student/guardians are asked for consent regarding sharing photos on Social Media (Faccebook, Instagram, LinkedIn). This is done through a Student Information paper form that is signed before the student start at the school.
Insight: The right to insight is regulated by the Personal Information Act § 18. The registered – in this case a person that is or has been a student at Tromsø International School – has the right to insight into their own data, as a general rule.
Depending on circumstances, guardians or others with the equivalent function, may ask for insight on behalf of their own children. This can be requested by eighter contacting the school via telephone, or to send an email requesting a meeting.
Contradiction: The registered have the right to contradict data collected about them by either contacting the school via telephone, or to send an email requesting a meeting. The registered may contradict the information in accordance to, and with the limitations that apply in the laws reffered above.
Deletion: The registered will have the right to delete data collected about them by either contacting the school via telephone, or to send an email requesting a meeting. The registered may ask for deletion in accordance to, and with the limitations that apply in the laws reffered above.
Discrimination: The registered have the right to be free from discrimination, and may report discrimination by:
Contacting the school via telephone
Asking the school for a meeting
Reporting to fylkesmannen in accordance with the Education Act §9a.
Reporting to Human Relations or Union in accordance with the Working Environment Act §- 2A.
Measures will be taken by the school depending on the individual case.
Platforms where data will be stored by the school:
IST skoleadministrasjon (SAS)
IST/SAS is an administrative tool for registration of students, planning, administration/execution of exams and diplomas.
Purpose:
To fulfill requirements given in the Educational Act §2
IST/SAS is used for:
IST is used to register information regarding the studens`s contact information, grades and absence.
Personal data processed:
- Full name
- ID number
- Address
- Guardian`s name, address, phone number, e-mail
- Education progress
- School affiliation
- School class affiliation and home room teacher
- Subject and education groups with teacher
- Absence
- Grades, including notes (MYP)
- Exam results (MYP)
IST/SAS includes data regarding the school employees, the student`s guardians and the guardian`s partners.
IST/SAS receives quarterly updates from the Population Register with updated address information on the registered.
IST/SAS functions as a base for data export to other systems like FEIDE and the Directory of Education`s base for national tests and exams.
Access to IST/SAS is limited to the school`s leader group and administration, as well as the municipality`s employees that are handling operations and maintenance of the system.
Felles Elektroniske Identitet (FEIDE) - Uniform Electronic Identity
Feide is a service for uniform identity management in the Norwegian education sector. Secure identification of students and teachers is necessary to provide correct access to digital resources and services.
Purpose:
To fulfill requirements given in the Educational Act §2
What FEIDE is used for:
The majority of learning resources and programs used by the students have FEIDE login. An overview of all resources and programs can by found by logging into Feide innsyn . This overview also specifies which information is exchanged between organisations and services.
Toddle:
Toddle is a Learning Management System (LMS) used by the PYP, and intended to be used by the MYP over time.
Purpose:
To fulfill requirements given in the Educational Act §2
To fulfill requirements given by the International Baccaleareate (IB) connected to collaboration, planning, student portofolios, evidencing, scheduling. assessment and reflections.
Toddle is used for:
Planning
Collaboration
Absence and absence statisics
Digital portfolios containing student work, both individual and group work such as:
Written work
Audio recordings*
Video recordings*
Photos of work done at school*
Assessments and grades
Weekly schedules
Calendar
Common messages from the school to the registered
Students and Guardians are asked for consent by admission, and will always have the possibility to ask for other ways of handing in the work.
Personal data processed:
Email-adresses (guardians, staff members and students)
Name and surname (guardians, staff members and students)
Relation (administrator, teacher, student, guardian)
Student work
Grades
Assessments
Absence
Toddle will not be used to process sensitive personal data as described in the Personal Information Act,article 9.
Students and Guardians will have the possibility to download personal data by contacting the school.
Data registered by staff members such as planning documents, templates, reflections and similar is the property of the school and will not be deleted. This data will not contain personal information about students or guardians.
The registered will use their personal accounts connected to Office 365 to log into Toddle, and will have access to their personal OneDrive through Toddle. See description below for Office 365 and Teams.
Office365 / Teams
Communication and collaboration between teachers, between students and between students and teachers.
Purpose: To fulfill requirements given in the Educational Act §2
Office 365 is used for Internal Documents connected to:
Planning
Templates
Teaching / giving assignments
Assessments
Collaborative documents between teachers, between students and between student and teachers.
Scheduling and organizing
Proffesional development
School development work
Policies
Student files:
Assessments and academic progression
Behavior notes in MYP that may affect the grade
Minutes from meetings
Presentations from Student Led Conferences
Drafts for websites etc
Email*
Email to external adresses outside of the organization will not contain sensitive personal data.
Teams is used for collaboration between teachers, between students and between students and teachers.
Collaboration connected to daily tasks and organization
Scheduling
Groupings and responsibilities
School Counsil
Quick messages
Collaboration meetings between teachers via video/audio
Sharing and discussing internal documents from Office 365*
Student work/office 365 will not be shared via teams.
Personal Data processed:
Name and surname (students, staff members)
Email adresses (students, staff members, external emails(through correspondance)
Assessments
Behavior statistics (MYP)
Minutes from meetings (academics and well-being)
Neither Office 365 nor Teams will be used to process sensitive personal data as described in the Personal Information Act,article 9. Minutes from meetings containing such information is stored in SAMPRO ( see below).
SAMPRO
SAMPRO will be used to process sensitive personal data as described in the Personal Information Act,article 9, specifically connected to physical and mental health.
Purpose:
To fulfill requirements given in the Educational Act §5
To fulfill requirements given by the Educational Act §9-a
SAMPRO is used for:
Individualized Education Programmes
Expert Reports
Communication between students, guardians, school and experts (BUP, barnehabilitering, PPT etc)
9a cases and documentation
Personal Data Processed:
Email-adresses (guardians, staff members, experts and students)
Name and surname (guardians, staff members, experts and students)
Relation (administrator, teacher, student, guardian, expert)
Health information (diagnosis, allergies etc)
Mental Health information (well-being, school refusal, bullying etc)
Behaviour and serious incidences
Academic progress and targets
Vigo
Vigo is a national and public administrative tool for applying to for upper secondary school in Norway.
Purpose:
To fulfill requirements given in the Educational Act §3
Vigo is used for:
Vigo is the national portal for applying for upper secondary school and for placements in companies.
Personal Data processed:
Applications
ID number
Full name
Phone number
Address
Grades from elementary school
Information about grades and absences is made available to the school to which the student is admitted. When a student starts upper secondary education, information is stored about which program areas and subjects they follow, grades and absences.
If an applicant applies for training in a company, information about grades and absences is made available to relevant training companies.
The county municipality is responsible for reporting data on upper secondary education to central authorities.
The Statens Lånekasse for education uses the student’s telephone number to send out information about the right to a scholarship when admission is confirmed.
Login to Vigo requires 2FA login behind ID-porten/MinID.
AVONOVA
Purpose:
- To fulfill requirements given in the Educational Act 14
- To fulfill requirements given in the Working Environment Act § 2
- To fulfill requirements given in the Working Environment Act § 10
Avonova is used for:
- HR
- Absence registrations for empoyees
- Hour registration
Personal (employees) data that is processed:
- Full name
- Address
- Phone number
- ID number
- Children
- Next of kin
- Employee journal (CV, letters of recommendation etc)
Each employee can access their own personal data.
Data concering all employees is available for the school administration users by login.
The school has a yearly routine for deletion of employees that have left.
POWEROFFICE
Purpose:
To fulfill requirements given in the Working Environment Act § 2
To fulfill requirements given in the Working Environment Act § 10
To fulfill requirements given in the Working Environment Act § 14
To fulfill requirements given in the Private School Act §2
To fulfill requirements given in the Accounting Act §3
POWEROFFICE is used for:
HR
Salary
Expenses
Accounting
Invoicing
Personal (employees and paying parents) data that is processed:
Full name
Address
Account number
Phone number
ID number
Data is available for the school administration users by login and 2FA authetication.
The school has a yearly routine for deletion of employees that have left.
Transferring data to a third party
The municipality does not pass on personal data to third parties for commercial use. During the education period and after completion of primary school education, information about students is transferred to the following registers. Examples are PAS/PGS (exam implementation), VIGO/National diploma database and SSB.
Logging activity
In accordance with §§ 2-8, 2-14 and 7-11 of the Personal Data Regulations, as well as § 8 f of the Personal Data Act, user activities are logged.
All connections and attempts to connect to the network and computer systems are recorded. Furthermore, all connections to websites, servers etc. are registered. All subject systems have general security logs activated. This also includes transaction logs, where applicable. Activity logs are only available to administrators, and are only used for administration of the systems. The logs are not used for general monitoring or follow-up of individual users’ activities.
Data storage after ended education period
With regard to data storage after ended education period, this is covered by the National Archivist regulation § 7-28 point 3 (e and f):
(3) Elementary education
e. For all students, the following documentation is kept:
Which students have attended which school, including absences.
Final assessment, including position grade and exam grade.
In case of exemption from assessment with a grade, other documentation of the training must be preserved.
f. In the case of individual students, the following documentation is kept:
Matters about rights and duties related to the content and organization of the training, cf. the Training Act chapter 2 and the training regulations chapter 1.
Matters about special educational support and special education, including investigations, individual decisions and individual education plans with assessment.
Matters about the physical and psychosocial school environment.
Damage report.
Data controller and users
The person responsible for the processing of personal data is the Head of School.
The practical tasks of the data controller have been added to delegation.
User administration for Tromsø International School is the Leader group.
The aforementioned users can respond to an application for access.