In the course of the services we provide to you, the general education establishment Exupery International School, registered in the Educational Institution Register with registration number 4313803103 (hereinafter “EIS” or “we”), will process personal data relating to you and your children and will qualify as a data controller.
EIS is doing its best to comply with applicable data protection regulations and standards, most importantly – General Data Protection Regulation No.2016/679
Personal data relating to you and/or your children can be collected in the following ways:
Directly from you or your children, e.g. via completing different forms, via meetings with teachers and staff, from your notices (including through School Information System (hereinafter “SIS”)), etc.
Via various information channels, such as previous schools and other institutions and establishments, municipal and state registers, health professionals and registers, various social media, etc.
By the actions of EIS itself or its data processors, e.g. through evaluations, camera surveillance, access control measures, etc.
By using the services (including simple visiting of EIS’s homepage, e.g. cookies, or EIS’s premises, e.g. video surveillance).2. Purpose of collecting the data
EIS collects personal data, including special categories of personal data of students and their legal representatives, to provide a secure, progressive, and individually-tailored environment for teaching, learning, and general educational purposes, e.g.:
Admissions and enrolment;
Safety and security (including, but not limiting child protection requirements) and general protection of health;
Monitoring and reporting on the progress of students;
Provision of educational services;
Provision of support (to ensure the emotional and psychological wellbeing of students);
Executing legal and contractual obligations;
Financial planning (including forecasting and planning for education service provision);
Investigation of concerns, complaints, and other events;
Building and maintaining the EIS community, including fundraising;
Communication (including provision of different kind of information on news and events that relate to EIS);
And other purposes that are compatible with the purposes described above.3. Basis of processing of data
We collect and use personal data to carry out the educational services as prescribed above, in EIS’s Terms and Conditions and relevant normative acts that regulate the provision of educational services. Most of the data processing will occur due to the fact that it is necessary for the performance of a contract between you and EIS (including the process of admission that occurs chronologically before the contract is concluded).
Other than performance of contractual obligations, data processing may be based on (1) specific consent of data subject, (2) our legitimate interests, (3) on the protection of you or your children’s vital interests, and/or (4) on the compliance with our legal obligations (for more detailed information please see article 6 of GDPR
).4. Categories of data
EIS collects the following categories of personal data:
Personal information (such as name, surname, ID numbers, date of birth, citizenship, ID document numbers, addresses)
Special categories of data (such as health information, ethnicity, etc.);
Educational and evaluation data (such as assessments, relevant medical information, special educational needs information, exclusions/behavioral information, and psychological reports and assessments);
Attendance information (such as sessions attended, number of absences, and absence reasons);
Logging and audit in the use of SIS;
Communication and correspondence data (such as emails, letters, and other types of correspondence)
Photographs and videos (including video surveillance).
EIS as an education services provider is subject to various education-specific legal obligations that requires EIS to collect and process special categories of data (such as health information), for the safety and purposes defined in such acts. EIS strictly follows all legal obligations for collecting and disclosing such data. You can be sure that EIS will not disclose or share special categories of data without necessary explicit consent or unless we are required to do so by law (for more detailed information please see article 9 of GDPR
).5. Transfer (sharing) and storing of personal data
Personal data is shared internally within EIS and could be shared externally (to third parties) for the purposes provided in article 2 of this Policy). Possible recipients of your (your children’s) personal data are:
Government (both state and local), social and health service organizations and institutions;
Other educational establishments;
Providers of IT services (hosting, cloud, maintenance etc.);
Security service providers;
Other parties, if such is required by law or we have received your consent to do so.
Data transfers outside of European Union can occur only with respect to Chapter V of GDPR
Personal data is stored for as long as necessary with regard to the purposes described in Article 2 of this Policy or for any other purposes that may be communicated to you. In general, personal data is stored on our own (in our individual ownership or lease) servers.
EIS informs that it uses services of following data related service providers:
Please see additional information on specific cases of data processing:
For video surveillance – article 6 of this Policy;
For Cookies – article 7 of this Policy;
For Photo and video – article 8 of this Policy.6. Video surveillance
We collect information in the form of camera footage to ensure safety and security on EIS premises. We retain these images (video) for 20 days, after which they are deleted, unless we need to retain the images for further investigation or law enforcement purposes.7. Cookies