Purpose of the Policy

The “Iqtidor International School” is committed to protecting the personal data of its students, parents, staff, and other stakeholders. This policy outlines the school’s approach to ensuring compliance with its General Data Protection Rules and local data protection laws in the Republic of Uzbekistan.

Scope of the Policy

This policy applies to all personal data collected, stored, and processed by the International Talent School, which includes (but is not limited to the following):

• Students
• Parents and guardians
• Stuff and teachers
• Third-party service providers

Key Terms

1. Personal Data: Any information relating to an identified or identifiable person (e.g., name, address, identification number, academic results).
2. Data Subject: Any person whose personal data is collected, stored, or processed.
3. Data Controller: The “Iqtidor International School”, responsible for determining the purpose and means of processing personal data.
4. Data Processor: Any third party that processes personal data on behalf of the “Iqtidor International School”.

Principles of Data Protection

The “Iqtidor International School” follows these principles when processing personal data:

1. Legality, Fairness, and Transparency: Personal data is processed lawfully, fairly, and transparently.
2. Purpose Limitation: Data is collected only for specified, legitimate, and lawful purposes.
3. Data Minimization: Only the minimum necessary data for the specified purpose is collected.
4. Accuracy: Personal data is accurate and regularly updated.
5. Storage Limitation: Data is not stored for longer than necessary.
6. Integrity and Confidentiality: Data is processed securely to prevent unauthorized access or loss.

Legal Grounds for Data Processing

Personal data is processed on one or more of the following legal grounds:

• Consent of the data subject or their guardian.
• Performance of a contract (e.g., student enrollment contract).
• Legal obligation (e.g., compliance with regulatory requirements).
• Protection of vital interests (e.g., health-related emergencies).
• Legitimate interests of the school, provided they do not override the rights and freedoms of the individual.

Rights of Data Subjects

Data subjects have the following rights under this policy:

1. Right of Access: Request access to personal data held by the school.
2. Right to Rectification: Request correction of inaccurate or incomplete data.
3. Right to Erasure: Request deletion of personal data under certain conditions.
4. Right to Restriction of Processing: Request restriction on the processing of data in certain situations.
5. Right to Data Portability: Request transfer of data to another organization.
6. Right to Object: Object to data processing for specific purposes.
7. Right to Lodge a Complaint: File a complaint with the relevant regulatory authority.

Security Measures for Data Protection

The “Iqtidor International School” implements the following security measures to protect personal data:

• Encryption and password protection for digital records.
• Secure storage and restricted access for physical documents.
• Regular training for staff on data protection principles.
• Regular audits to assess compliance with data protection policies.

Actions in the Event of a Data Breach

In the event of a data breach:

• The school will assess the incident and its impact immediately.
• Affected individuals and relevant authorities will be notified within 72 hours.
• Corrective measures will be taken to prevent future breaches.

Consent and Data Collection

• Where necessary, forms will be provided to obtain consent from parents, guardians, and staff.
• Data subjects can withdraw their consent at any time by contacting the HR department.

Third-Party Data Processors

Third-party data processors engaged by the “Iqtidor International School” must comply with:

• Applicable personal and local data protection laws.
• Sign a data processing agreement to ensure compliance with this policy.

Record Keeping

The school maintains records of its data processing activities, including:

• Types of collected data.
• Purposes and legal grounds for processing.
• Data retention periods.
• Security measures in place.

Consideration of Child Protection Requirements

The “Iqtidor International School” acknowledges the importance of child protection and prioritizes student safety and welfare in all data processing activities:

• Ensure that personal data related to children is processed legally and securely.
• Limit access to confidential information to authorized staff only.
• Screen all staff and contractors working with children.
• Report data breaches involving children’s personal information to parents/guardians and relevant authorities promptly.
• Implement training programs for staff to enhance their knowledge of data protection and child safety.

Contact Information

For any questions, concerns, or requests related to this policy, please contact the Data Protection Officer.

Approval

This policy was reviewed and approved by the “Iqtidoriy International School” on January 6, 2025.