Rosslyn Academy Privacy Statement

Rosslyn Academy is a distinguished Christian international school located in Nairobi, Kenya, offering an outstanding American-based curriculum from Pre-K to Grade 12. Founded in 1947, Rosslyn has grown into a vibrant, multicultural community, bringing together students and families from over 50 nationalities who are united by shared values of integrity, compassion, and a commitment to academic excellence.

At Rosslyn, we believe in nurturing each student’s unique potential by fostering a holistic learning environment that combines rigorous academics, diverse extracurricular programs, and character formation rooted in Christian values. Our mission is to inspire and equip students to be lifelong learners and servant leaders who are well-prepared to make a positive impact on the world. Through small class sizes, a low student-teacher ratio, and a dedicated team of highly qualified educators, we strive to provide personalized support to help each student grow academically, emotionally, socially, and spiritually.

Our campus offers modern, well-equipped facilities that enhance learning in the arts, sciences, and sports, preparing students for the challenges of the future. With a strong emphasis on critical thinking, creativity, and global citizenship, Rosslyn graduates are accepted into leading universities worldwide and go on to make meaningful contributions across various fields.

At the heart of Rosslyn is our commitment to community, faith, and excellence in education. We invite you to learn more about our programs, values, and vibrant community that makes Rosslyn Academy a truly exceptional place for students to learn and grow.

Our contact details 

Name: Rosslyn Academy
Address: P.O Box 14146-00800, Nairobi, Kenya
Phone Number: (+254) 020 8893090
E-mail: info@rosslynacademy.com

Rosslyn Academy currently collects and processes the following information:

1. Identification and Contact Information
   • Personal Information: Name, Date of Birth/Age, Gender, Citizenship, Birth City/Country, Nationality, Marital Status, Religion, Church Affiliation.
   • Contact Details: Current Address (PO Box/Street, City, Country, Zip Code), Physical (Home) Address, Phone Number, Email Address.
   • Parent/Guardian Details: Name, Employer, Occupation, Phone Number, Email Address.
   • Emergency Contact Information: Emergency Contact Name, Phone Number, Relationship.
      
2. Government-Generated Information
   • Identification Documents: National ID or Passport, Birth Certificate, NHIF and NSSF Numbers, National Council for Persons with Disability Number, Visa Type.
      
3. General Information
   • Demographic Details: Language Spoken at Home, Social/Behavioral/Emotional Functioning, Profession, Dependents’ Details.
   • Visit Details: Purpose, Host (Person Being Visited), Date and Time.
      
4. Educational Information
   • Academic History: Previous School(s), Transcripts, Report Cards.
   • Current Academic Details: Class/Grade, Student GPA.
   • Support Documentation: Learning Support, Behavioral Reports (if needed).
      
5. Employment Information
   • Professional Background: Employment History, Education Background, Professional Memberships, Employer Name, Profession.
      
6. Medical Information
   • Health Details: Current Health Status, Previous Ailments, Hospital Admission History, Medical Procedures, Disability Information.
   • Psychological Assessments: Learning Disabilities, Psychiatric Diagnosis, Mental Health Reports.
   • Personal Habits: Smoking, Alcohol Use.
   • Medical Records: Prescriptions, Allergies (medication, food, insect, environmental), Vaccination, Medical Insurance.
      
7. Financial Information
   • Financial Records: Bank Account, Investments, Credit Reference Information.
      
8. Audio-Visual Information: 
   • Media: Photographs, Videos, Recordings.
      
9. Information Relating to Specific Product Offerings
   • Feedback and Recommendations: Teacher Recommendation Form, Parent Essay, School Administration Feedback, Student Feedback.
   • Academic Offers: Scholarship Offers, University Applications (Acceptances, Rejections, Attendance).
   • Additional Personal Assets: Property Information (Cars, Houses, Household Items, Business, Shareholding).

We use Personal Information to carry out our business activities.  The purposes for which we use your Personal Information will differ based on our relationship (eg, Prospective Parents, Prospective Students, Current Parents, Current Students), including the type of communication between us and the services we provide. Personal Information will be used for different purposes if you are a (Prospective Parent or Student,etc). 

Most of the personal information we process is provided to us directly by you from sources such as;

• Application forms, proposal forms, claim forms and other forms that you may complete.
• Software applications (apps) are made available to you by us.
• Our website (www.rosslynacademy.org)
• Meetings, telephone conversations, and other forms of communication.
• Our service providers such as Open Apply, MAP Assessment Testing, Occupational therapists, Speech-Language Therapists, Educational Assessors, etc.
• Evaluation reports from outside specialists, provided at the parent’s consent

We use Personal Information for different purposes depending on our relationship with you

The main purposes are to:

1. Admissions and Enrollment Management
   • Student Fit and Readiness: Ensure robust admissions to assess student compatibility and readiness (MAP testing, previous school recommendations).
   • Learning Support Needs: Determine the suitability of learning support services, space availability, and necessary accommodations for prospective students.
   • Personal and Educational Data Review: Use data analysis to guide admissions in line with policies and handle feedback and complaints.
      
2. Academic and Career Support
   • Academic Assistance: Provide in-class and additional academic support, one-on-one or in small groups, for students with identified needs.
   • Educational Assessments and Plans: Conduct assessments and develop educational goals for students, including post-secondary planning.
   • College Application Guidance: Support the college application process, including gathering documents, submitting applications, and aligning interests with university programs.
   • Career and Experience Opportunities: Guide students in finding internships, job shadowing, and work experience aligned with career aspirations.
      
3. Student Well-being and Support Services
   • Medical and Health Services: Provide health assessments, manage ailments/injuries, and maintain quality medical services.
   • Counselling and Guidance: Offer personal and academic counselling to address individual challenges and enhance emotional and spiritual support.
   • Spiritual Life Programs: Engage students, parents, and staff in spiritual care and development activities.
      
4. Safety, Security, and Transportation
   • Security Services: Ensure student safety by investigating and preventing crime and maintaining secure campus conditions.
   • Transportation Management: Organize bus routes and assess transportation needs to ensure safe and efficient transit.
      
5. Financial and Administrative Services
   • Financial Processes: Handle fee billing and payments and ensure financial integrity through fraud detection and prevention.
   • Procurement and Vendor Management: Oversee procurement processes for goods and services, ensuring effective vendor management.
   • Regulatory Compliance: Fulfill reporting and compliance requirements with regulatory bodies, such as the Office of the Data Protection Commissioner.
      
6. Feedback, Queries, and Information Requests
   • Complaint and Feedback Management: Handle feedback, complaints, and queries efficiently to improve service quality.
   • Data Requests and Privacy Rights: Manage data access, correction requests, and rights relating to Personal Information in compliance with data protection laws.
      

Other reasons include: 

1. 1. Health and Wellness Services
      • Student Health Needs and Medical Services: Assess and provide health, wellness, and mental health support services, including medical screenings, counselling, health plans, vaccination records, and referrals.
      • Support Program Eligibility: Determine eligibility for mental health counselling, nutrition guidance, wellness initiatives, and related support services.
      • Quality Improvement and Staff Training: Enhance service quality through monitoring consultations, training sessions, and maintaining confidentiality of health data.
      • Health and Safety Management: Detect and prevent health risks (e.g., communicable diseases), maintain student health records, and ensure compliance with health regulations.
      • Research and Data Analysis: Conduct research, review health trends, assess wellness program effectiveness, and gather feedback via surveys, adhering to applicable laws and obtaining consent.
         
   2. Transportation and Safety Services
      • Service Provision and Eligibility: Manage transportation services, including eligibility, route assignments, and incident resolution for students, staff, and other authorized individuals.
      • Operational Quality and Staff Training: Monitor transport services for quality and safety, provide staff training, and secure transport-related information.
      • Safety and Compliance: Prevent unauthorized vehicle use, investigate incidents, and manage operational risks to ensure student safety and regulatory compliance.
      • Data Analysis: Analyze transport service usage, demographic trends, and satisfaction surveys to identify risks and improve service quality, ensuring compliance and consent.
         
   3. Academic and Career Support
      • Educational and Career Counseling: Offer personalized guidance for academic progress, university admissions, financial aid, internships, and career planning.
      • Program Eligibility and Assessment: Evaluate students’ suitability for academic programs, scholarships, advanced courses, and support plans.
      • Data Privacy and Service Quality: Maintain confidentiality, enhance service quality through training, and prevent academic dishonesty.
      • Research and Improvement: Analyze performance data, student satisfaction, and program outcomes, ensuring consent where necessary.
         
   4. Security and Facility Management
      • Security Operations and Eligibility for Entry: Conduct security assessments, oversee access eligibility, and prevent and investigate incidents such as fraud and unauthorized entry.
      • IT and Physical Security Infrastructure: Manage security protocols (e.g., CCTV surveillance, document handling), in line with policies and compliance standards.
      • Risk Management and Regulatory Compliance: Safeguard against security risks, ensure operational continuity, and fulfill regulatory obligations.
         
   5. Financial and Administrative Operations
      • Financial Aid and Tuition Management: Assess financial aid eligibility, manage tuition payment plans, and process fee payments.
      • Procurement and Vendor Oversight: Oversee procurement activities, vendor management, and secure acquisition of goods and services.
      • Market Research and Risk Analysis: Conduct customer and market research, manage business risks, and adhere to legal standards with necessary consent.
      • Regulatory Compliance: Fulfill reporting and compliance obligations (e.g., ODPC, Ministry of Health), and comply with legal requests and court orders.
         
   6. Regulatory Compliance and Legal Operations
      • Data Rights and Privacy Management: Address data access and correction requests and uphold personal data rights in compliance with data protection laws.
      • Regulatory Reporting and Enforcement: File reports with regulatory authorities, defend legal rights, enforce policies, and comply with anti-money laundering and anti-terrorism laws to protect operations and data integrity.

We also receive personal information indirectly from the following sources in the following scenarios:

1. Academic Records
   • Previous Schools: We receive academic records, including transcripts, disciplinary history, attendance, and standardized test scores (e.g., KCPE, KCSE, SATs) from previous institutions to assess eligibility for programs, placement, and post-secondary applications.
   • Individualized Education Plans (IEPs) and Behavioral Assessments: Evaluations or plans from former schools or specialists help us provide necessary educational or behavioural support.
   • School References: Teacher or administrator references from previous schools provide insights into the student’s academic, social, and behavioural profile.
      
2. Standardized Testing and Academic Support Organizations
   • Testing Agencies: Organizations like the College Board (SAT), ACT, or NWEA MAP provide standardized test results to assess academic readiness and support college admissions.
   • External Competitions: For students in academic or sports competitions, we receive information on performance and participation to help in student profiles and records.
      
3. Extracurricular and Scholarship Information
   • Extracurricular Organizations: Data from clubs or sports teams supports student profiles for scholarships or post-secondary applications.
   • Scholarship and Internship Providers: Updates from external providers on scholarship or internship applications assist in academic and career planning.
      
4. Health and Medical Information
   • Healthcare Providers: With consent, we receive medical records, treatment plans, and health updates from healthcare professionals for continuity of care.
   • School Bus Security: CCTV footage on school buses captures images and biometrics like facial recognition and helps monitor security and safety.
   • Third-Party Health Service Providers: Personal health data from providers support proper care and health management on school premises.
      
5. Events, Transportation, and Logistics
   • Event and Activity Organizers: Data from third-party organizers of extracurricular activities or field trips includes student participation details and parental consent.
   • Transportation Providers: Personal data from transport providers, such as bus rosters and GPS tracking, supports attendance and transportation logistics.
      
6. Financial Data
   • Banking Institutions: Transactional data from banks or payment processors is used for fee payment and financial management.
   • Government Agencies and Financial Aid Providers: Financial aid eligibility, subsidy details, and scholarship data are obtained to assess assistance options.
   • Insurance Companies: Data related to health or accident claims supports any benefits or coverage the school provides.
   • Previous Schools: Financial history from prior institutions, such as outstanding fees, helps in current billing integration.
   • Parent or Guardian Employment Data: Employment status is sometimes received through financial aid forms for fee assessment.
      
7. Vendors and Suppliers
   Procurement Data: Contact and financial information related to purchases and invoicing supports procurement processes.

In connection with the purposes described above (see section above ‘How do we use Personal Information?’, we sometimes need to share your Personal Information with third parties (this can involve third parties disclosing Personal Information to us and us disclosing Personal Information to them).  

Personal Information may be shared between Rosslyn Academy and other third parties, including:

• Service providers such as Open Apply, PowerSchool, Medical Service Providers
• Government authorities, e.g. Ministry of Health, Ministry of Education
• Outside service providers, including Occupational therapists, Speech-Language Therapists, Educational Assessors, or other specialised practitioners (with parental consent ONLY).
• Other educational institutions ( with parental consent only)
• NWEA MAP assessments
• CollegeBoard- assessment nonprofit
• ACT Testing International- assessment nonprofit
• Universities and Colleges
• Third parties involved in legal proceedings.

We may share this information with the following organizations or individuals for specific purposes:

1. Universities and Colleges: We share your academic transcripts, recommendation letters, and test scores with universities and colleges as part of the application process to facilitate admissions decisions.
2. Scholarship and Financial Aid Providers: We share relevant academic and personal information with scholarship organizations to assess your eligibility and help secure financial support for your education.
3. Internship and Work Experience Providers: We may share your resume, academic performance data, and references with organizations offering internships or work experience opportunities to support your career development.
4. External Counselors or Educational Advisors: With your consent, we may collaborate with external counsellors or advisors to provide specialized support or additional guidance for academic or career planning.
5. Standardized Testing Organizations: We share necessary information with organizations like the College Board (for SATs) or ACT to register you for exams and ensure your scores are sent to relevant institutions.
6. Extracurricular Program Coordinators: For certain extracurricular or summer programs, we may share your participation details and achievements to enhance your profile or ensure eligibility.

We may share this information with:

1. Outside Service Providers
   • Purpose: To support administrative, operational, and communication needs through external software services.
   • Examples: Open Apply, PowerSchool, MailPoet, Almabase, Cloud HQ.
      
2. Medical Specialists and Emergency Services
   • Purpose: To provide necessary health support and specialized services for students.
   • Examples: Insurance companies, occupational therapists, speech-language therapists, educational assessors, and other specialized practitioners (shared only with parental consent).
      
3. Software/Cloud Service Providers
   • Purpose: To facilitate data storage, management, and digital tools for learning and school operations.
   • Examples: Google Suite, Adobe, PowerSchool (School Information System), and Smart Access.
      
4. Government and Regulatory Authorities
   • Purpose: To comply with regulatory requirements and legal obligations, ensuring data privacy and safety standards.
   • Examples: Office of the Data Protection Commissioner (ODPC), Ministry of Education, Ministry of Health, NTSA, KRA, U.S. Embassy (for U.S. citizens).
   • Legal Requirements: When required by law (e.g., court orders, subpoenas).
   • Safety and Security: To protect the safety and well-being of our school community.
   • Investigations: During investigations of legal or policy violations.Types of Information Shared:
     a) Student records (attendance, grades, disciplinary records)
     b) Contact information (names, addresses, phone numbers)
     c) Health and safety information (medical records, emergency contacts)

    

5. Business Partners and Service Providers
   • Purpose: To assist in business activities, ensure legal compliance, and support school events, trips, and mission-related activities.
   • Examples: Cloud providers, auditors, legal advisors, accountants, medical service providers, insurance providers, hotels, transportation services, event coordinators, mission partners, local churches, regulatory authorities, external security consultants.
      
6. Assessment and Testing Organizations
   • Purpose: To assess student academic performance and readiness for admissions and educational placement.
   • Examples: NWEA MAP, CollegeBoard, ACT Testing International.
      
7. Industry Associations
   • Purpose: To maintain operational standards, safety compliance, and partnerships relevant to school activities.
   • Examples: Kenya Transporters Association, relevant insurance companies, vehicle maintenance providers, law enforcement, banking, and auditing associations.
      
8. Educational Institutions
   • Purpose: To support student transitions, applications, and academic assessments or placements.
   • Examples: Other primary/secondary schools, universities, and colleges.

We ensure that any sharing of personal information is done in compliance with applicable data protection laws, including the Kenya Data Protection Act 2019 and GDPR. We conduct data protection impact assessments to evaluate the risks and ensure that personal data is shared securely and only when necessary 

Under the Kenya Data Protection Act (2019) the lawful bases we rely on for processing your personal  information may  include one or several of the following: 

(a) Your consent. You have a right to revoke your consent at any time by contacting the Data Protection Officer via dpo@rosslynacademy.com. We shall promptly process the request to revoke consent appropriately, subject to the following considerations:

1. Where We have a contractual obligation.
2. Where We have a legal obligation.
3. Where We have a vital interest.
4. Where We need it to perform a public task.
5. Where We have a legitimate interest.

Your information is securely stored in locked physical locations and on our cloud-based servers.

Information security is extremely important to us.   We put in place technical and physical security measures to keep Personal Information safe and secure. If, despite our efforts, you believe that Personal Information is no longer secure, please let us know so that we can resolve any security issues.

Rosslyn Academy uses appropriate technical, physical, legal and organisational measures which comply with data protection laws to keep Personal Information secure. As most of the Personal Information we hold is stored electronically, we have implemented appropriate IT security measures to ensure this Personal Information is kept secure. 

For example, we may use anti-virus protection systems, firewalls, and data encryption technologies.  We have procedures in place at our premises to keep any hard copy records physically secure.  We also train our staff regularly on data protection and information security.

When Rosslyn Academy engages a third party (including our service providers) to collect or otherwise process Personal Information on our behalf, the third party will be selected carefully and required to use appropriate security measures to protect the confidentiality and security of Personal Information.  

Unfortunately, no data transmission over the Internet or electronic data storage system can be guaranteed to be 100% secure.  If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any Personal Information you might have sent to us has been compromised), please immediately notify us at dpo@rosslynacademy.com or use the Privacy Contact Form.

We will keep Personal Information for as long as is necessary for the purposes for which we collect it.  The precise period will depend on the purpose for which we hold your information and detailed on our Retention Policies.  In addition, as a regulated academic institution, there are laws and regulations that apply to us that set minimum periods for retention of Personal Information. We will provide you with further information if appropriate to give you a full picture of how we collect and use your Personal Information as described in our internal Data Retention and Disposal policies. 

For example:

• • Where we hold Personal Information to comply with a legal or regulatory obligation, we will keep the information for at least as long as is required to comply with that obligation.
  • Where we hold Personal Information in order to provide a product or service (such as Parent communication, Admission, Teaching and Learning and Fee Billing), we will keep the information for at least as long as we provide the product or service, and for a number of years after expiry of the policy and the handling of any related claim.  

The number of years varies depending on the nature of the product or service provided – for example, for certain policies, it may be necessary to keep the Personal Information for several years after the expiry of the policy. Among other reasons, we retain the information in order to respond to any queries or concerns that may be raised at a later date with respect to the policy or the handling of a claim. 

When you visit our website, we use cookies to improve your browsing experience and ensure the website functions efficiently. Cookies are small text files stored on your device when you visit our website.

Types of Cookies We Use:

1. Essential Cookies
   These cookies are necessary for the website to function and cannot be switched off. They enable core functionalities, such as security, network management, and accessibility. As these cookies are essential, they do not require your consent.
2. Optional Cookies
   These cookies help us improve the performance of our website by providing insights into how it is being used. For example, analytics cookies allow us to understand user behaviour and enhance user experience. These cookies are not strictly necessary and will only be placed on your device with your consent.

Managing Your Cookies Preferences

When you first visit our website, you will see a cookie banner that allows you to manage your preferences. You can choose to accept all cookies, decline non-essential cookies, or customize your preferences. You can also adjust your browser settings to block or delete cookies at any time.

Prior to transferring personal data outside Kenya, we shall ascertain that the transfer is based on the provided legal and regulatory standards. Circumstances in which we may transfer your personal data outside Kenya are highlighted in the table below;
 

We will only transfer your personal data outside Kenya or in any other jurisdiction where we operate in accordance with applicable laws.

Under the Kenyan Data Protection law, you have rights including:

1. Your right of access – You have the right to ask us for copies of your personal information.
2. Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
3. Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
4. Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
5. Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
6. Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation or to you in certain circumstances.

These rights are not absolute and are subject to other applicable laws. You are not required to pay any charge for exercising your rights, but some may require nominal fees. If you make a request, we shall have one month to respond to you. 

Please contact us at dpo@rosslynacademy.com or use the Privacy Contact Form if you wish to make a request.

We regularly review and update this Privacy Policy to reflect changes in our practices, services, or legal requirements. When updates are made, we will revise the version number and the effective date at the top of this policy.

If any changes have a fundamental impact on the nature of how we process your personal data or affect your rights, we will notify you in advance. Notifications will be displayed prominently on our website before the changes become effective.

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, process, and use your personal data.  

Note: Typically, when such an update is made as a school, you will be required to re-collect consent where consent was the legal basis for collection of personal information.

If you have any concerns about our use of your personal information, you can make a complaint to us at:

Data Protection Officer
Rosslyn Academy
dpo@rosslynacademy.com
+254 798 484631

OR

Use the Privacy Contact Form

You may also complain to the Data Commissioner if you are unhappy with how we have used your data.

Office to the Data Commissioner, KENYA
Britam Tower, Hospital Road, Upperhill
NAIROBI
Mon – Fri: 8.00 am – 5.00 pm
info@odpc.go.ke
P.O Box 30920-00100
G.P.O Nairobi
0796954269 / 0778048164