Updated November 2023

The Administration shall respect the privacy of FIS employees, students, and families and shall remain committed to protecting the personal data maintained by FIS to conduct its business.

All FIS employees shall comply with the German Federal Data Protection Act (Bundesdatenschutzgesetz, (BDSG)) and the European Union General Data Protection Regulation (GDPR) which apply to the creation, storage, or transmission of personal or otherwise confidential information by users of the school’s Information, Communication, and Technology (ICT) resources. The school’s Data Protection team, in collaboration with the assigned Data Protection Officer (DPO), shall produce an annual GDPR status report for the prior school year that shall be made available to the Head of School and the FIS Works Council (Betriebsrat). Data protection training for faculty and staff shall be provided as necessary. 

FIS reserves the right to audit its systems and access information resources (including web traffic and email correspondence) in order to ensure compliance with school policies and investigate data privacy or other concerns. FIS shall audit its systems or access information resources only after receiving the prior approval of the Head of School and in compliance with BDSG and GDPR regulations as well as other applicable laws governing data protection. 

The Administration, in collaboration with the DPO, shall investigate and respond to complaints or evidence regarding a data breach or the improper use of data. When deemed necessary by the DPO, data breaches shall be referred to the State Data Protection Commissioner of the State of Hessen (https://datenschutz.hessen.de). 

Contact details of the FIS Data Protection Officer are available on request from gdpr@fis.edu and from the office of the Director of Finance and Operations.