IB Arthur School is committed to protecting the personal data and privacy of everyone who visits our website. This Privacy Notice and Cookie Policy explains who we are, what personal data we collect from you when you visit www.ibarthurschool.edu.gh, how we use and protect it, and what rights you have in relation to your personal data.
This Notice applies to all website visitors, including prospective and current students and parents, members of the public, job applicants, partner organisations, alumni, and researchers. It does not govern the internal processing of personal data of enrolled students, staff, or contractors, which is covered by separate internal data protection policies available from the School office.
We process personal data in accordance with the Data Protection Act, 2012 (Act 843) of Ghana (“the Act”) and the data protection principles set out in Section 27 of the Act. We are registered as a Data Controller with the Data Protection Commission of Ghana.
| Organisation | IB Arthur School |
| Curriculum | Cambridge Assessment International Education (CAIE) |
| Country | Ghana |
| Website | www.ibarthurschool.edu.gh |
| DPC Registration | Registered Data Controller under Act 843 |
IB Arthur School is committed to processing personal data in accordance with
the eight (8) data protection principles established under the Data Protection
Act, 2012 (Act 843). These principles underpin everything we do with your
personal data:
| # | Principle | How We Apply It |
| 1 | Accountability | The School takes full responsibility for complying with the Act. Our DPO oversees compliance, maintains our Data Protection register, and ensures staff are trained on their obligations. |
| 2 | Lawfulness of Processing | We only collect and process your personal data where we have a lawful basis to do so — namely, your consent, a contractual necessity, a legal obligation, or a legitimate interest of the School that does not override your rights. |
| 3 | Specification of Purpose | We collect personal data for specific, explicitly stated, and legitimate purposes. We do not process personal data for purposes that are incompatible with the reason it was collected. |
| 4 | Compatibility of Further Processing | Where we need to use your personal data for a purpose beyond its original collection, we will assess whether that further use is compatible with the original purpose and, if not, seek fresh consent. |
| 5 | Quality of Information | We take reasonable steps to ensure that the personal data we hold is accurate, complete, and up to date. We encourage you to inform us of any changes to your information. |
| 6 | Openness | We are transparent about how we collect and use personal data. This Notice, in compliance with Section 27(2) of the Act, ensures you are fully informed about the nature of data collected, the persons responsible, and the purpose of collection. |
| 7 | Data Security Safeguards | We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure, in line with Section 28 of the Act. |
| 8 | Data Subject Participation | You have the right to access, correct, delete, and object to the processing of your personal data. We honour these rights and provide clear channels for exercising them. |
4.1 Data You Provide Directly
When you interact with our website by submitting an enquiry form, applying for admission, registering for an event, or subscribing to our newsletter, we may collect:
- Full name
- Email address
- Phone number
- Postal or residential address
- Message or enquiry content
- Child’s personal details, including health status or allergies, may be collected for your child’s well-being on campus (for admissions).
4.2 Data Collected Automatically
When you visit our website, our systems automatically collect certain technical information, including:
- Internet Protocol (IP) address
- Browser type and version
- Operating system and device type (laptop, tablet or phone)
- Referring website or URL
- Pages visited and time spent on each page
- Date and time of your visit
- Approximate geographic location (derived from IP address)
4.3 Special Categories of Personal Data
We do not intentionally collect special category data (as defined under Section 26 of the Act) through our website. This includes data relating to race or ethnic origin, religion, health, political opinions, or biometric data. If any such data is inadvertently submitted through a contact or enquiry form, we will delete it promptly and notify you.
4.4 Data Relating to Minors
In recognition of our duty of care as a school operating the Cambridge Curriculum, we are especially protective of children’s data. Our website is not designed to collect personal data directly from children under the age of 18. Parents or guardians submitting data about a child do so on behalf of the child, and we process such data with the utmost care in accordance with the Act and the Children’s Act, 1998 (Act 560).
We use personal data collected through the website for the following specific purposes, in accordance with Section 22 of the Act:
Responding to enquiries: To reply to messages, questions, or admission requests submitted through our contact forms.
Admissions processing: To manage expressions of interest and applications for places at the School.
Newsletter and communications: To send updates about the school’s activities, news, and Cambridge curriculum developments, only where you have given express consent.
Website improvement: To analyse how visitors use our website using analytics data, to improve content and user experience.
Legal compliance: To comply with legal obligations under the Act, regulatory requirements, and court orders.
Legitimate interests: To protect the security of our website and IT systems, and to prevent fraud or misuse.
Under the Data Protection Act, 2012 (Act 843), we rely on the following lawful bases to process your personal data:
| Legal Basis | When We Rely on It |
| Consent (Section 20) | Sending marketing emails, newsletters, or non-essential cookies. You may withdraw consent at any time. |
| Contractual Necessity | Processing admission applications and enquiries to provide requested services. |
| Legal Obligation | Complying with lawful requests from authorities or regulatory bodies under Ghanaian law. |
| Legitimate Interests | Improving website functionality, ensuring security, preventing misuse, and managing visitor analytics — where your fundamental rights do not override these interests. |
7.3 Your Cookie Choices
When you first visit our website, a cookie consent banner will appear. You can
accept all cookies, accept only strictly necessary cookies, or customise your
cookie preferences. You may change your preferences at any time by clicking
the “Cookie Settings” link in the website footer.
You also have the right to configure your browser to refuse all or some
cookies. Please note that disabling strictly necessary cookies may affect the
functionality of certain parts of the website. For guidance on managing
cookies in popular browsers, visit the relevant browser’s help pages.
IB Arthur School does not sell, rent, or trade your personal data with third parties for commercial or marketing purposes. We will only share your personal data in the following limited circumstances:
Service Providers: We engage trusted third-party technology providers to support our website operations (e.g., hosting, email delivery, and analytics services). These providers process data only on our documented instructions and are contractually bound to maintain confidentiality and comply with Act 843.
Cambridge Assessment International Education (CAIE): Where required in connection with the Cambridge Curriculum, examination registrations, or quality assurance processes, we may share relevant data with CAIE or its authorised representatives under appropriate safeguards.
Legal and Regulatory Authorities: We may be required to share personal data with the Ghana Data Protection Commission, law enforcement agencies, courts, or other government bodies where required by law or in the protection of legal rights and national security.
Professional Advisers: Our legal, financial, or insurance advisers may process data on our behalf where necessary, subject to professional confidentiality obligations.
Business Transfers: In the event of a merger, acquisition, or restructuring, personal data may be transferred to the successor organisation under equivalent data protection obligations.
Where personal data is transferred outside Ghana, for example, to cloud service providers or to Cambridge Assessment International Education in the United Kingdom, we ensure that appropriate safeguards are in place. These may include contractual data protection clauses, the adequacy framework of the recipient country, or other mechanisms.
You may contact our DPO to obtain further information about the safeguards applied to any specific international transfer of your personal data.
In accordance with the principle of minimality (Section 19) and Section 24 of
the Act, we do not retain personal data for longer than is necessary to
fulfil the purpose for which it was collected. Our general retention periods
for data collected through the website are as follows:
| Data Type | Retention Period |
| General contact/enquiry data | 2 years from the date of last contact |
| Admission enquiry/application data | 3 years from the academic year of enquiry |
| Newsletter subscription data | Until unsubscribed, then 6 months |
| Website analytics/cookie data | Up to 26 months (anonymised after 13 months) |
| Legal / compliance records | As required by applicable Ghanaian law (typically 6–10 years) |
“`
Under the Data Protection Act 2012 (Act 843), you have the following rights regarding your personal data. We are committed to honouring these rights promptly and without charge:
| Right | What It Means for You |
| Right to Be Informed | You have the right to be told how your personal data is collected, used, and stored, which is the purpose of this Notice. |
| Right of Access | You may request a copy of the personal data we hold about you (commonly known as a Data Subject Access Request (DSAR)). |
| Right to Rectification | You may ask us to correct inaccurate or incomplete personal data we hold about you. |
| Right to Erasure | You may request that we delete your personal data where there is no compelling reason for us to continue to hold it. |
| Right to Restrict Processing | You may ask us to limit how we use your personal data in certain circumstances, for example, where you contest its accuracy. |
| Right to Object | You may object to processing based on legitimate interests, or to receiving direct marketing communications from us at any time. |
| Right to Withdraw Consent | Where we rely on your consent to process personal data, you may withdraw that consent at any time without affecting the lawfulness of processing before withdrawal. |
| Right to Lodge a Complaint | You have the right to raise a concern with the Data Protection Commission of Ghana if you believe your data protection rights have been violated. |
To exercise any of these rights, please contact our Data Protection Officer using the details in Section 2. We will respond to your request within 21 days in accordance with the Act. In complex cases, we may extend this period by a further 30 days, in which case we will notify you.
IB Arthur School takes the security of your personal data seriously. In accordance with Sections 28–30 of the Act, we have implemented appropriate technical and organisational measures to safeguard personal data against unauthorised access, disclosure, loss, alteration, or destruction. These measures include:
- Secure Sockets Layer (SSL/TLS) encryption for all data transmitted to and from our website
- Access controls limiting access to personal data to authorised personnel only
- Staff training on data protection obligations and secure data handling procedures
- Contractual obligations on third-party processors to maintain equivalent security standards
- Incident response procedures, including notification to the Data Protection Commission in the event of a reportable data breach
Notwithstanding these safeguards, please be aware that no method of transmission over the internet is completely secure. We encourage you NOT to share SENSITIVE personal information through unsecured channels.
Our website may contain links to third-party websites, such as the Cambridge Assessment International Education (CAIE) portal, social media platforms, or partner organisations. This Privacy Notice does not apply to external sites. We encourage you to review the privacy notices of any third-party websites you visit, as we have no control over and accept no responsibility for their data practices.
Where we embed third-party services on our website (such as social media share buttons, video players, or maps), those services may independently collect data from you. We will identify such services in our cookie-consent settings.
As a Cambridge-registered school, IB Arthur School operates in accordance with the data requirements of Cambridge Assessment International Education. Examination and assessment-related data (including candidate numbers, results, and certificates) is processed in accordance with CAIE’s own data protection policies as well as this Notice. Parents and candidates may contact our DPO for further information about examination data processing.
We are committed to the highest standards of academic data integrity and take particular care to ensure that any data shared with or received from CAIE is handled lawfully, securely, and only for legitimate educational purposes.
We review and update this Privacy Notice periodically to reflect changes in our practices, legal requirements, or technology. Any material changes will be published on this page with the revised Effective Date clearly displayed at the top. Where changes are significant, we may notify you directly by email (if we hold your contact details) or via a prominent banner on our website.
We recommend that you revisit this Notice periodically. Your continued use of our website following the publication of any changes constitutes your acknowledgement of the updated Notice.
The Ghana Data Protection Commission (DPC) is the independent supervisory authority responsible for enforcing the Data Protection Act, 2012 (Act 843). If you are not satisfied with our response to any data protection concern, you have the right to lodge a complaint with the DPC:
| Organisation | Data Protection Commission of Ghana |
| Website | www.dataprotection.org.gh |
| info@dataprotection.org.gh | |
| Location | Accra, Ghana |
For all data protection enquiries, subject access requests, or complaints, please contact our Data Protection Officer:
| Data Protection Supervisor | IB Arthur School Data Protection Supervisor |
| dpo@ibarthurschool.edu.gh | |
| Phone | 030 290 7575 / 020 160 7006 |
| Postal Address | P.O Box MB312, Castlegate Estate, Katamanso, Accra |
| Office Hours | Monday – Friday, 8:00 AM – 4:30 PM (GMT) |
We aim to acknowledge all data protection requests within 5 working days anDd to resolve them within 21 days. If your matter is urgent or involves a potential data breach, please mark your communication “URGENT: DATA PROTECTION” and call us directly on the number above.