• Sekolah Bogor Raya (hereinafter referred to as "the School") is committed to being a responsible custodian of the information you provide to us. This policy outlines our practices regarding the collection, use, and protection of personal data in compliance with ISO/IEC 27701 standards and applicable local data protection laws (UU PDP).

We process your personal data under the following legal frameworks:

• Consent: Explicit permission granted by parents/guardians or staff.
• Contractual Necessity: To fulfill our educational agreement with students and parents.
• Legal Obligation: To comply with Ministry of Education (Kemendikbud) reporting and other statutory requirements.
• Vital Interests: To protect the health and safety of students in emergencies.

We collect and process data across three categories:

• Identity Data: Names, NIK/Passport numbers, photos, and biometric data (where applicable for security).
• Sensitive Data: Health records, immunization history, and psychological evaluations (handled with enhanced security).
• Technical Data: IP addresses, cookies, and usage patterns from our website to improve user experience.

• As an educational institution, we treat student data with the highest level of confidentiality. Data collection for students under the age of 18 is performed only with the explicit consent of a parent or legal guardian.

In accordance with ISO/IEC 27001, the School employs robust technical and organizational security measures:

• Encryption: Data is encrypted both at rest and during transit (SSL/TLS).
• Access Control: Access to sensitive records is restricted to authorized personnel via Role-Based Access Control (RBAC).
• Regular Audits: We conduct periodic vulnerability assessments and staff training on data privacy.

• To support learning, we may use global platforms (e.g., Google Workspace, ManageBac). We ensure that these third-party providers comply with international standards and provide a level of protection equivalent to our own.

We do not sell your data. Sharing is limited to:

• Educational Authorities: For national examinations and accreditation.
• Service Providers: Secure third-party vendors (e.g., school transport, catering) under strict non-disclosure agreements.
• Emergency Services: Hospitals or medical professionals when immediate care is required.

• We retain personal data only for as long as necessary to fulfill educational purposes or as mandated by Indonesian law (typically 5–10 years for academic records). Upon expiry, data is securely deleted or anonymized.

Under ISO and PDP frameworks, you have the following rights:

• Right to Access: Request a copy of your personal data.
• Right to Rectification: Correct inaccurate or incomplete info.
• Right to Erasure: Request deletion of data (subject to legal retention requirements).
• Right to Portability: Request your data in a structured, machine-readable format.
• Right to Withdraw Consent: Revoke permission for optional data processing.

• In the event of a suspected data breach, the School has a response plan in place. We will notify the affected individuals and the relevant authorities within the timeframe required by law (72 hours where applicable).

• Our website uses cookies to analyze traffic and personalize content. You can manage your preferences through your browser settings, though some website features may be limited.