Back

In This Section

Shaping the future of international education

Privacy Policy

The Council of International Schools (CIS) collects a variety of data about institutions and individuals in line with our mission to shape the future of international education, and we carefully consider what information is necessary to achieve this aim. We respect your privacy and have implemented technology and procedures with the objective of protecting your data from unauthorized access and improper use. If you have questions about this policy, email us at info@cois.org.

The purpose of this privacy policy is to provide detailed information about how we process personal data.

Our privacy policy should be read in conjunction with our other policies and terms and conditions that make reference to personal data, including the terms and conditions for membership, international accreditation, and event participation.

If you consider your personal data is not being used appropriately in accordance with this policy, you may contact us at info@cois.org. Additionally, you are entitled to lodge a complaint with the Autoriteit Persoonsgegevens by using the contact details listed on their website.

We will update this privacy policy from time to time. Any substantial changes that affect how we process your personal data will be notified on our website and to you directly, as far as practicable.

This policy covers the following topics:

 

What information does CIS collect?

We collect a variety of data on an institutional and individual level to provide you with services and information. The type of data we collect about you depends on the way you interact with us.

We process personal data about visitors to our website, current, and past; staff, volunteers and contractors; members and their employees, students, parents and alumni; event attendees; and other individuals connected with or visiting our office.

The personal data we process takes different forms. Examples include:

  • names, addresses, telephone numbers, e-mail addresses, emergency contact information;
  • IP addresses, location data, and website statistics and analytics; 
  • website cookies;
  • date of birth, gender, and nationality;
  • qualifications and training records;
  • criminal background checks;
  • CVs
  • survey responses;
  • images, audio and video recordings;
  • financial information and identification documents;
  • current and former staff and volunteer data, including recruitment, training, performance management, payroll, and other HR information, including personal identification documentation.

From time to time we also need to process personal data that is designated as “sensitive” or “special category personal data” in order to facilitate our operations, services and activities. Such data includes personal data regarding a data subject concerning:

  • health;
  • information relating to safeguarding and child protection/welfare;
  • criminal records and background checks; or
  • race/ethnicity.

 

How does CIS obtain your information?

We collect most of the personal data we process directly from the data subject concerned. In some cases, we collect data from third parties (for example, referees) or from publicly-available resources.

We also collect data about you when:

  • you participate and provide information as part of our membership or accreditation services;
  • you have registered to attend (or have attended) one of our events;
  • you visit our website;
  • you participate in our surveys;
  • you have expressed an interest in working for, or with, us; or
  • you are employed or contracted by us or an organization with whom we have a business relationship.

 

Purposes for which CIS processes personal data

Accreditation Volunteer Evaluators

We collect information to review and assess your qualifications to participate in our accreditation process as an evaluator in a school. For instance: your areas of expertise, previous accreditation experience, employment history, education history, professional development courses, and criminal background checks. We continue to collect personal data during your relationship with CIS to manage our relationship and provide training and support.

Affiliated Consultants

We collect information to review and assess your eligibility to participate in our Affiliated Consultancy programme and to manage our relationship if/when you are accepted as an Affiliated Consultant. For instance: your name, email address, physical address, CV, background checks, liability insurance, and referee details.

CIS Staff

We collect personal data to manage your engagement with CIS. This includes: recruiting staff and engaging contractors; paying fees; administering payroll, pensions and sick leave; reviewing and appraising staff performance; obtaining criminal records and background checks; conducting grievance, capability or disciplinary procedures; providing references; and maintaining appropriate human resources records for current and former staff.

Event Attendees

We collect personal data to enable your participation in CIS-hosted events and to ensure the safety and accessibility of your attendance for in-person events.

Public Website (www.cois.org)

We use cookies to learn more about the way you interact with our content and to help us to improve your experience when visiting our website. Cookies remember the type of browser you use and which additional browser software you have installed. They also remember your preferences, such as language and region, which become your default settings when you revisit the website. Some of the cookies we use are session cookies which last only until you close your browser; others are persistent cookies which are stored on your computer.

We will not use cookies to collect personally-identifiable information about you. However, you can choose to reject or block the cookies set by CIS or the websites of any of our third-party suppliers by changing your browser settings. Note that most browsers automatically accept cookies, so if you do not wish cookies to be used, you may need to actively delete or block the cookies.

Some of the functions within our website link to third-party suppliers (for example, when you visit a page with videos embedded from or links to YouTube). These videos or links (and any other content from third-party suppliers) may contain third-party cookies. You can consult the policies of these third-party websites for information regarding their use of cookies.

School, University and Supporting Member Contacts

We collect basic data such as name, email and institutional affiliation from staff employed by member schools and universities and other supporting members to maintain and manage your membership.

Schools and Universities

We collect self-reported institution-level data from member schools and universities through the CIS Portals.

Students

We collect student data through event registration (for example, for university fairs and recruitment tours) and online forms to connect high school students with universities. For instance: graduation date and student interests such as degree programmes, majors and locations.

Survey Participants

We administer a variety of surveys that collect a wide range of data from school and university staff, students, parents, board members and alumni for research purposes. Some surveys collect personally-identifiable information while others only collect demographic data. Student surveys are administered with explicit permission from schools. Each CIS survey includes a statement indicating how data will be processed and shared. 
 

What is CIS’s legal basis for processing your personal data?

We may process your personal data for the above purposes based on one or more of the following legal bases:

  • We have an individual’s consent to do so. You can withdraw your consent at any time by emailing info@cois.org.
  • It is necessary for the performance of a contract (for example, an employment contract with a member of staff).
  • It is necessary for our compliance with our legal obligations. In this respect, we may use personal data to exercise or perform any right or obligation conferred or imposed by law in connection with employment and/or for the prevention and detection of crime, and in order to assist with investigations (including criminal investigations) carried out by the police and other competent authorities.
  • It is necessary for our or a third party’s legitimate interests. These “legitimate interests” include our interests in providing high-quality services, fostering relationships with those in the member community, and our interests in managing and operating CIS to the best of our abilities. 
  • It is necessary to protect an individual’s vital interests (in certain limited circumstances, for example, where an individual has a life-threatening accident or illness while performing their work for CIS or attending a CIS event and we have to process that individual’s personal data in order to ensure they receive prompt and appropriate medical attention).
  • It is necessary for the establishment, exercise or defence of legal claims.
  • It is necessary for reasons of substantial public interest, including safeguarding purposes.
  • It is necessary for medical purposes, including medical diagnosis and the provision of health care or treatment for students, managing related health care systems, and/or for assessing the working capacity of staff.
  • It is necessary for archiving, research or statistical purposes.

 

How does CIS use and share your information?

Whenever we use (or “process”) any personal data (sensitive/special category or otherwise), we do so in accordance with applicable laws and regulations (including with respect to safeguarding or employment). Personal data held by us is processed by appropriate members of staff for the purposes for which the data was provided.

We will follow the terms of this privacy policy. Your personally-identifiable information will not be disclosed without your permission unless we are legally entitled or required to do so, such as by a legal process or to prevent fraud or another crime or if we believe that such action is necessary to protect and/or defend our rights, property or personal safety and/or those of our users/members or other individuals. We do not sell information to third parties.

Accreditation

Schools complete accreditation reports and provide evidence to demonstrate alignment with CIS accreditation standards. To evaluate schools and make accreditation decisions, we assess this information and share it with volunteer evaluators assigned to a school. The CIS membership directory specifies whether a school is accredited by CIS but does not provide any information related to an accreditation decision.

We use data submitted by accreditation evaluator applicants to determine their suitability to participate in our accreditation process as an evaluator in a school and to place approved evaluators on accreditation teams based on qualifications, expertise and geographic location.

Affiliated Consultants list

Your contact details, bio and information about your areas of expertise are shared on our website to help potential schools, students and families connect with you to request your services.

CIS Community Portals

To access the CIS portals, our technology platform uses your email address to grant access. The data is stored in Salesforce and Microsoft platforms which are both hosted on servers in the EU. If your organization uses Microsoft technology, a trust relationship will be established with our systems. In this case your organization's identity provider is consulted based on your email address to provide access. In all other situations, your email address is used to send you a personally generated login code.

Communications

We send regular communications to inform you of services available as part of your membership, and to conduct CIS association business as noted in the membership agreement. You can manage your email preferences to opt in and out of specific communications according to your interests. This option can be found at the end of each communication under Manage your preferences.

Contact Lists

Contact information for members is shared through the CIS School and University Portals so members can network.

Events

We may use an event app or share materials to promote networking at our events. If you are registered to attend an event, your name, email and school will be shared with other participants attending the event.

Membership

Schools complete membership reports and provide documentation to demonstrate alignment with CIS membership standards. To review eligibility and make membership decisions, we assess this information and share it with the membership advisors assigned to the school. The CIS membership directory specifies whether a school is a CIS member but does not provide any information related to membership review outcomes.

Public Membership Directory

Some institution-level data about your school or university is shared through the CIS public membership directory. The primary purpose of the membership directory is to help potential students and families identify CIS member schools and universities they may be interested in attending. Additionally, individuals seeking new employment opportunities may use this directory to learn more about your institution.

Research and Development

Institution-level data about your school or university can be viewed and edited by anyone employed at your institution who has access to the CIS School or University Portals. The data you provide about your school or university is used to create data dashboards, which are available to member institutions through the CIS Portal. These dashboards can be used by leaders to identify trends and set benchmarks. Research and development staff also review accreditation reports and a variety of CIS surveys to identify trends.

Students

We collect student data through event registration (for example, for university fairs and recruitment tours) and online forms to connect high school students with universities. If you have opted in to the University Connection Registry, CIS member universities will have access to your personal data and may contact you regarding global study options.

Supporting Members List

Your contact details and some institution-level data about your organization are shared on our website. The primary purpose of the Supporting Members list is to help individuals learning about the work of CIS to learn more about the organizations we collaborate with.
 

 

How does CIS store and secure information?

We have implemented technology and policies with the objective of protecting your data from unauthorized access and improper use and will update these measures as new technology becomes available.

We work with several data processors to deliver services to members. These processors include, but are not limited to, customer data management, event registration, online reporting and payment processors. For each data processor, we carefully review and monitor the vendor’s privacy policy and data security measures to ensure they uphold our high standards. These data processors will not use your personal information for any purpose other than what we have agreed with them. Sharing data with these parties is always subject to contractual assurances that personal data will be kept securely and only in accordance with our specific directions. We do not transfer personal data you have provided unless we are satisfied that the personal data will be afforded an equivalent level of protection.

Data we collect will (occasionally) be transferred to selected third parties, which may be located outside of the EU as part of the services offered to you. For example, some of our servers and service providers are in a country outside of the EU.

CIS is a non-governmental membership association (NGO) that engages in activities worldwide. CIS staff, affiliates or contractors may access, store or process personal data you submit to us in countries that do not afford a level of data protection equivalent to the EU. By submitting personal data to us you irrevocably agree to the export of your data to such countries.

 

How can you access and control your information?

Accreditation

Basic information about a school’s accreditation cycle can be accessed through the CIS School Portal. If you are a Head of School and would like to request historical accreditation outcomes, email accreditation@cois.org.

Accreditation Volunteer Evaluators

You can access, review and update your personal information by logging in to the password-protected CIS Educator Portal and editing “My Portfolio”.

Affiliated Consultants

If you are an Affiliated Consultant and would like to update your information published on our website, email info@cois.org.

School and University Contacts

If you are employed by a CIS member school or university, we use our password-protected community portals to provide access to your individual data. You can login to the CIS Portal to update your information.

You can access and edit most of your information through the CIS Portals by clicking on your name in the top-right corner and then “My Profile” and “My Settings”. If you are no longer representing your school or university and would like us to delete some or all the personal information we have about you, email info@cois.org.

Students

If you would like to opt out of the University Connection Registry or modify information that you previously submitted, email highereducation@cois.org.

Supporting Member Contacts

If you would like to update your contact details or information about your organization, or if you are no longer representing the organization and would like us to delete some or all the personal information we have about you, email info@cois.org.

Your GDPR Rights

Information about the European General Data Protection Regulation (GDPR) can be found here. GDPR outlines six rights for individuals in relation to their data. If you would like to exercise one of these rights, the actions you can take are listed below.

We will respond to all requests within 30 days, however it may take longer to fulfil your request. If you are unsatisfied with how we handle your request, you can contact your local data authority.

  • Right to Access: You can obtain access to and copies of the personal data that we hold about you (subject to legal exceptions). You can access most of the data we have about you through the CIS Portals.
  • Right to Rectification: We strive to keep records accurate. If you would like to modify an inaccurate record, in most cases you can edit the data yourself through the CIS Portals. 
  • Right to Data Portability: You can receive from us the personal data we hold about you which you have provided to us in a reasonable format specified by you, including for the purpose of your transmitting that personal data to another data controller.
  • Right to Object: You can object to our processing your data in certain circumstances. 
  • Right to Restrict Use: You can request that we restrict the processing of your data in certain circumstances. 
  • Right to Erasure: You can request that we delete your data in some circumstances. 
  • Right to Withdraw your Consent: Where our processing is based on your consent, you may withdraw that consent without affecting the lawfulness of our processing based on consent before its withdrawal.
  • Right Not to be Subject to Decisions made solely by Automated Means: You can object to decisions made about you by automated means (without any human intervention), or to profiling by automated means.

If you would like to exercise any of your rights under the data protection law for which we are the data controller, please make your request by emailing us at info@cois.org.

Please note that these rights are not absolute, and we may be entitled or required to refuse requests where exceptions or exemptions apply.
We will respond to any such written requests as soon as is reasonably practicable and, in any case, within statutory time limits.

We try to ensure that all personal data held in relation to an individual is as up-to-date and accurate as possible. Please notify info@cois.org of any significant changes to important information, such as contact details, held about you. 

 

How long does CIS keep data?

Retention periods vary depending on the category of data. Our policy is to keep data for as long as necessary to fulfil the originally intended purpose.

 

Other important information

School Visits

During a school visit, we respect and adhere to local school policies including those related to data protection, including the distribution, use and storage of data, the rights of the individual, safeguarding and child protection, as well as statutory governmental policies and practices.

Changes to Privacy Policy

From time to time, we may make changes to this privacy policy. If we make any substantial changes to this privacy policy and the way in which we use your personal data, we will post the changes on this page and will do our best to notify you of any significant changes. Check our privacy policy on a regular basis.