Data Privacy Policy

How we collect, process, and protect your data.

Section 01

Introduction and Purpose

ISWS is committed to protecting the privacy and security of student and school data entrusted to us. This Data Privacy Policy outlines the principles, practices, and safeguards we employ in the collection, processing, storage, and handling of data related to our International School Wellness Survey (ISWS) and related wellness survey services.

We recognise the sensitive nature of the information involved in wellness research among school-age populations. This policy has been designed to ensure full compliance with the General Data Protection Regulation (GDPR), the EU ePrivacy Directive, and other applicable international data protection legislation.

This policy applies to all data processed by International School Wellness Survey, referred to as "ISWS" throughout this document.

Section 02

Key Definitions

Term Definition
Personal Data Any information relating to an identified or identifiable natural person, as defined under GDPR Article 4(1).
Data Subject An individual whose personal data is processed. In the context of ISWS, this primarily refers to students.
Data Controller The entity that determines the purposes and means of processing personal data. The partner school is typically the Data Controller.
Data Processor The entity that processes data on behalf of the Controller. ISWS acts as a Data Processor when administering surveys on behalf of schools.
ISWS Survey The International School Wellness Survey administered by ISWS to collect anonymous data on student wellbeing perceptions and behaviours.
Anonymised Data Data that has been irreversibly altered so that the data subject is no longer identifiable, directly or indirectly.
Section 03

Anonymous Data Collection

ISWS has designed its survey methodology to ensure that no personally identifiable information (PII) is collected from students at any point during the data collection process. Our commitment to anonymity is fundamental to both our ethical standards and the integrity of our research.

3.1 Anonymity by Design

  • All ISWS survey responses are completely anonymous from the point of collection.
  • No student names, email addresses, student ID numbers, or other personal identifiers are collected, recorded, or stored.
  • IP addresses are not stored or associated with survey responses. The survey platform may generate anonymised network identifiers for duplicate detection purposes, but these cannot be used to identify individual respondents.
  • Cookie consent controls are enabled on all surveys. No tracking cookies or device fingerprints are used to identify respondents. Functional cookies required for survey operation are disclosed via the platform's cookie consent banner.
  • Survey responses cannot be linked back to any individual student under any circumstances.

3.2 Lawful Basis for Processing

Where applicable under GDPR, the lawful basis for processing survey data is legitimate interest (Article 6(1)(f)), as the data collected is fully anonymised and does not constitute personal data within the meaning of the Regulation. Schools may also rely on their own lawful basis as the Data Controller when engaging ISWS to administer surveys.

Section 04

Secure Data Infrastructure

ISWS employs Typeform, a GDPR-compliant survey administration platform with enterprise-grade security measures, to collect and store all survey data. Typeform's technical safeguards include:

  • End-to-end TLS encryption for all data in transit.
  • AES-256 encryption for all data at rest.
  • Hosting on secure, certified data centres with SOC 2 compliance.
  • Regular third-party penetration testing and security audits.
  • Automated threat detection and monitoring systems.
  • Strict firewall configurations and network segmentation.
Section 05

Data Access Controls

ISWS enforces strict role-based access controls to limit exposure of raw survey data. Access is granted on a need-to-know basis in accordance with the principle of least privilege.

5.1 Authorised Personnel

Raw survey data is accessible to only two authorised individuals within the ISWS organisation:

Role Purpose Access Level
Founders Organisational oversight and quality assurance Full read access
Data Analyst (Contractor) Statistical analysis and report preparation Read access for analysis
Contributing Experts Subject matter expertise and survey question review No access to raw data

5.2 Access Restrictions

  • No other ISWS staff members have access to raw survey data.
  • No third parties, external organisations, or government agencies are granted access to raw data.
  • All access is logged and auditable.
  • Data Processor agreements are in place with any contractors who handle data.
Section 06

Data Sharing with Schools

ISWS never shares raw survey data with schools or any other party. Instead, schools receive the following deliverables:

  • ISWS Wellness Report:a comprehensive summary of findings tailored to the school's context.
  • Aggregated statistical analyses:presenting trends at the cohort or grade level only.
  • Anonymised trend analyses:identifying patterns without any possibility of individual identification.
  • Year-over-year comparative insights:benchmarking against previous survey cycles (where available).
  • Contextualised findings:supporting evidence-based social norms interventions and wellness programming.

All reports are reviewed to ensure that no data point could allow for the re-identification of any individual student, particularly in small cohorts. Where a response group contains fewer than five respondents, data is suppressed or aggregated further to prevent potential identification.

Section 07

Data Retention and Disposal

ISWS maintains survey data only for as long as necessary to fulfil the purposes for which it was collected, or as required to comply with legal obligations.

7.1 Retention Schedule

  • Anonymised survey data is retained for a maximum of five (5) years to enable longitudinal trend analysis for partner schools.
  • Reports delivered to schools become the property and responsibility of the receiving institution.
  • Operational logs and access records are retained for two (2) years for audit purposes.

7.2 Secure Disposal

  • Upon expiry of the retention period, data is permanently and irreversibly deleted using industry-standard secure deletion methods.
  • Deletion is documented and confirmed in writing upon request.

7.3 Deidentified Aggregate Data and ISWS Member Access

In addition to school-specific reporting, deidentified and fully anonymised survey data will be incorporated into a larger aggregate dataset maintained by ISWS. This dataset is intended to support cross-institutional benchmarking, longitudinal wellness research, and evidence-based best practices across the international school community.

Beginning in 2028, individuals who register as ISWS members will have access to this aggregate dataset. Participating member schools will receive their own school's data in a confidential report when ready. Access to the aggregate dataset is subject to the following safeguards:

  • All data included in the aggregate dataset is fully deidentified and cannot be traced back to any individual student or specific school.
  • Access to the aggregate dataset is restricted to verified ISWS member institutions and authorised personnel within those institutions.
  • Data suppression rules apply: where any data subset could potentially allow identification due to small sample sizes, the data is aggregated further or withheld.
  • Schools participating in the ISWS survey consent to the inclusion of their deidentified data in the aggregate dataset as part of the standard service agreement. Schools may opt out of aggregate data inclusion upon written request.
  • The aggregate dataset is intended solely for educational and research purposes in support of student wellness across ISWS member schools.
Section 08

Rights of Schools and Data Subjects

ISWS is committed to transparency and accountability. Schools and their communities have the following rights:

  • Right to Information:Schools may request detailed information about our data handling practices at any time.
  • Right to Data Deletion:Schools may request the deletion of their institution's survey data prior to the standard retention period.
  • Right to Amend:Schools may request corrections to any inaccurate information in reports.
  • Right to Withdraw:Schools may withdraw from data collection at any time.

Since survey data is fully anonymised and does not constitute personal data under GDPR, individual data subject rights (such as access, rectification, and erasure under Articles 15–17) do not technically apply. However, ISWS remains committed to addressing any privacy enquiries from students, parents, or guardians in good faith.

Section 09

Data Breach and Incident Response

Although the anonymised nature of our data significantly reduces the risk and impact of any potential breach, ISWS maintains a formal incident response protocol:

  • All suspected security incidents are investigated within 24 hours of discovery.
  • Affected partner schools are notified within 72 hours in accordance with GDPR Article 33 requirements, where applicable.
  • A root cause analysis is conducted, and remedial actions are documented and implemented.
  • An annual review of incident response procedures is conducted to ensure continued effectiveness.
Section 10

Policy Review and Updates

This Data Privacy Policy is reviewed at least annually, or more frequently in response to changes in applicable legislation, organisational practices, or the threat landscape. Partner schools will be notified of any material changes to this policy.

Section 11

Contact Information

For questions, concerns, or requests relating to this Data Privacy Policy or our data handling practices, please contact us:

International School Wellness Survey

info@iswsurvey.org