International School of Europe S.P.A. is registered as Camera di Commercio di Milano Monza Brianza LODI Registered Office via Manfredo Camperio 14, 20123 Milano (MI) Italy – Fiscal code 12932001006
International School of Europe S.P.A. takes data protection and our responsibilities to correctly and lawfully treat personal data as a data controller seriously. We are committed to complying with legal obligations and practicing industry standards when collecting, processing and storing personal data.
This privacy notice provides detailed information about how we treat information that you provide to us. Our Data Protection Officer can be contacted by email on firstname.lastname@example.org if you have any queries regarding your personal data.
2. TYPES OF PERSONAL DATA WE PROCESS
We process personal data about prospective, current and past: pupils and their parents; staff, suppliers and contractors; donors, friends and supporters; and other individuals connected to or visiting International School of Europe S.P.A.
The personal data we collect, process and store will be personally identifiable information related to pupils and their parents, staff, suppliers and contractors, donors, friends and supporters. The personal data processed includes recorded information that is true and correct and/or video and photographic images about an individual. Information such as;
- names, addresses, telephone numbers, e-mail addresses and other contact details;
- family details;
- admissions, academic, disciplinary and other education related records, information about special educational needs, references, examination scripts and marks;
- education and employment data;
- images, audio and video recordings;
- financial information;
- schools previously attended.
Other types of data we collect, process and store is protected health information, criminal record information and other sensitive information related to an individual. Information such as;
- information about health status or provision of health care linked to a specific individual;
- information about criminal records linked to a specific individual;
- biometric information;
3. HOW WE COLLECT AND PROCESS PERSONAL DATA
International School of Europe S.P.A. collects information in several ways, including:
- in person and over the phone: from students and their family, staff, volunteers, visitors, job applicants and others;
- from electronic and paper documentation: including job applications, emails, invoices, enrolment forms, letters to our school, consent forms, our school’s website or school-controlled social media;
- through online tools: such as apps and other software used by our school;
- through any CCTV cameras located at our school;
- through third parties, such as referees, previous schools, professionals or authorities working with the individual
- through publicly available resources
Our school has a Data Protection Standard in place to oversee the effective and secure processing of your personal data. We have policies around the use of technology and devices, and access to school systems. We try to ensure that all personal data held in relation to an individual is as up to date and accurate as possible.
Your Data processing will be carried out in accordance with GDPR.
In particular, your Data will be processed in accordance with the principles of lawfulness, fairness and transparency. Data will be processed in an adequate, relevant and limited way to what is necessary in relation to the proper execution of the employment.
Processing will be carried out with manual and/or paper and/or automated methods and with proper equipment, as far as it is reasonable and given the state of the art, to ensure the appropriate security and confidentiality by means of proper procedures avoiding, inter alia, the risk of loss of, or unauthorized access to, personal data.
In particular, the processing will be carried out:
- by means of paper and electronic documentation;
- by subjects properly authorized to perform such tasks, adequately informed and updated about GDPR provisions;
- in order to avoid or reduce at the minimum level the risks: (i) of Data destruction or loss, even accidentally, (ii) of unauthorized access, (iii) of a non-allowed processing or a processing not in compliance with the purposes of article 5 below;
in compliance with the legal limits set forth by the Italian Law n. 300/1970 (i.e. “Statuto dei lavoratori”).
4. PURPOSES FOR WHICH WE PROCESS PERSONAL DATA
International School of Europe S.P.A. processes personal data to lawfully and legitimately support the school’s operation as an independent school. Our school collects information about students and their families when necessary to:
- select and admit students;
- educate students;
- administer pupils’ entries to public examinations;
- provide academic reporting upon each student and publishing of results;
- provide references for current and past pupils;
- support students’ social and emotional wellbeing, and health;
- support operational management of the school including administration of pupil records; the administration of invoices, fees and accounts; the management of the school’s property; the management of security and safety arrangements (including the use of CCTV in accordance with our CCTV Policies and monitoring of the school’s IT and communications systems in accordance with our Acceptable Use Policy); management planning and forecasting; research and statistical analysis; the administration and implementation of the school’s rules and policies for pupils and staff; the maintenance of historic archives and other operational purposes;
- fulfil legal requirements;
- take reasonable steps to reduce the risk of reasonably foreseeable harm to students, staff and visitors (duty of care);
- make reasonable adjustments and support for students with special needs;
- provide a safe and secure working and school environment;
- communicate with parents about students’ schooling matters and celebrate the efforts and achievements of students;
- maintain the good order and management of our school
- promote the school on our school’s website or school-controlled social media, the school prospectus and other publications and communications conducted by the school
Our school collects information about staff, prospective staff and contractors when necessary for:
- the administration of staff records;
- the recruitment of staff;
- the engagement of contractors;
- administration of payroll, pensions and sick leave;
- staff appraisal;
- disciplinary procedures;
- administration of human resources records;
- providing references
5. HOW LONG DO WE KEEP PERSONAL DATA
We retain personal data only for a legitimate and lawful reason and only for so long as necessary or required by law. Our Data Protection Officer can be contacted by email on email@example.com if you have any queries regarding the retention of your personal data.
6. YOUR RIGHTS
Under Data Protection Law you have rights regarding the collection, processing and storage of your personal data. These rights are, however, subject to certain exemptions and limitations.
You have the right to:
- access and understand the personal data we hold about you;
- access and understand the personal data we hold about your child;
- ask for the personal data we hold about you and/or your child to be erased (this is with limitations and exceptions as we may have lawful reason to hold such data);
- ask for the personal data we hold about you and/or your child to be amended;
- ask us to stop processing such data (this is with limitations and exceptions as we may have lawful reason to process such data);
- withdraw consent to process your personal data or your child’s personal data (this is with limitations and exceptions as we may have lawful reason to process such data regardless of consent)
Our Data Protection Officer can be contacted by email on firstname.lastname@example.org if you have any queries regarding your rights. Any request for data we store and process about you must be completed in writing.
7. SUBJECT ACCESS REQUESTS
Under Data Protection Law you have the right to request information or request to delete information we store about you and/or your child without incurring costs. We are only obligated to provide information that is related to you and your child (depending on legal custody). Parents can request data on behalf of their child, however, depending on their age, a student can also submit a Subject Access Request form to obtain their own data. Access to personal data belonging to your child may require the child’s consent if the child is old enough to understand the implications of such a request. Any data access request is, however, subject to certain exemptions, limitations or contractual obligations. Data belonging to or identifying other individuals is exempt from right of access and will be subject to legal privilege. We cannot disclose confidential information related to the purpose of providing education, examinations or supplying examination scripts to external bodies. We cannot disclose confidential information on any of our staff.
Any request for data we store and process about you or your child must be completed in writing. The Subject Access Request form can be obtained from our Data Protection Officer by email on email@example.com. Data Protection Law allows us to respond to any such written requests within one calendar month. Excessive requests or simultaneous requests for the same information may incur an administration fee or be refused where Data Protection Law allows us to do so.
Under Data Protection Law we are required to obtain consent to process an individual’s personal data. This is with limitations and exceptions as we may have lawful and legitimate reasons to process such data to support the school’s operation as an independent school or fulfil contractual or legal obligations, regardless of consent. When our school collects information about you, our school takes reasonable steps to advise you of certain matters. This includes the purpose of the collection, and how to access, update and correct information held about you. For information about students and their families, a consent form is provided to parents (or mature students) upon enrolment. In some cases, we may send out separate consent requests using:
- paper based consent forms;
- electronic consent forms;
- digital applications to obtain consent
9. PRIVACY NOTICE UPDATES
International School of Europe S.P.A. will update this Privacy Notice from time to time. Any substantial changes that affect how we process your personal data will be notified on our website. If required we will also notify you directly. This Privacy Notice should be read in conjunction with other school policies and any contract terms and conditions.
In order to enforce your rights, you can send at any time a request indicating in the subject “privacy – exercise of the Privacy rights”:
- by registered letter with return receipt to be sent to Data Protection Officer;
- via e-mail to firstname.lastname@example.org.
It is understood that, should the request for access be filed by means of electronic media, the information can be provided in a commonly used electronic format.
Finally, we would inform you that if you consider that your data have been infringed by the Controller, the Data Protection Officer, a Responsible, an Officer or a third party, you can complain to the Privacy Guarantor and/or any other competent authority under GDPR.
11. COOKIES POLICY