Exupery International School
Privacy policy

In the course of the services we provide to you, the general education establishment Exupery International School, registered in the Educational Institution Register with registration number 4313803103 (hereinafter “EIS” or “we”), will process personal data relating to you and your children and will qualify as a data controller.

EIS is doing its best to comply with applicable data protection regulations and standards, most importantly – General Data Protection Regulation No.2016/679 (hereinafter “GDPR”), so this Privacy policy (hereinafter “Policy”) may be amended from time to time. This policy explains the general way in which EIS collects and uses personal data and covers information collected both in analogue form (forms, documents, in writing) and through technological means, such as information systems and email.

1. Collecting the data

Personal data relating to you and/or your children can be collected in the following ways:

  • Directly from you or your children, e.g. via completing different forms, via meetings with teachers and staff, from your notices (including through School Information System (hereinafter “SIS”)), etc.
  • Via various information channels, such as previous schools and other institutions and establishments, municipal and state registers, health professionals and registers, various social media, etc.
  • By the actions of EIS itself or its data processors, e.g. through evaluations, camera surveillance, access control measures, etc.
  • By using the services (including simple visiting of EIS’s homepage, e.g. cookies, or EIS’s premises, e.g. video surveillance).
  • 2. Purpose of collecting the data

    EIS collects personal data, including special categories of personal data of students and their legal representatives, to provide a secure, progressive, and individually-tailored environment for teaching, learning, and general educational purposes, e.g.:

  • Admissions and enrolment;
  • Safety and security (including, but not limiting child protection requirements) and general protection of health;
  • Monitoring and reporting on the progress of students;
  • Provision of educational services;
  • Provision of support (to ensure the emotional and psychological wellbeing of students);
  • Executing legal and contractual obligations;
  • Financial planning (including forecasting and planning for education service provision);
  • Investigation of concerns, complaints, and other events;
  • Building and maintaining the EIS community, including fundraising;
  • Communication (including provision of different kind of information on news and events that relate to EIS);
  • And other purposes that are compatible with the purposes described above.
  • 3. Basis of processing of data

    We collect and use personal data to carry out the educational services as prescribed above, in EIS’s Terms and Conditions and relevant normative acts that regulate the provision of educational services. Most of the data processing will occur due to the fact that it is necessary for the performance of a contract between you and EIS (including the process of admission that occurs chronologically before the contract is concluded).

    Other than performance of contractual obligations, data processing may be based on (1) specific consent of data subject, (2) our legitimate interests, (3) on the protection of you or your children’s vital interests, and/or (4) on the compliance with our legal obligations (for more detailed information please see article 6 of GDPR).

    4. Categories of data

    EIS collects the following categories of personal data:

  • Personal information (such as name, surname, ID numbers, date of birth, citizenship, ID document numbers, addresses)
  • Special categories of data (such as health information, ethnicity, etc.);
  • Educational and evaluation data (such as assessments, relevant medical information, special educational needs information, exclusions/behavioral information, and psychological reports and assessments);
  • Attendance information (such as sessions attended, number of absences, and absence reasons);
  • Logging and audit in the use of SIS;
  • Communication and correspondence data (such as emails, letters, and other types of correspondence)
  • Photographs and videos (including video surveillance).
  • EIS as an education services provider is subject to various education-specific legal obligations that requires EIS to collect and process special categories of data (such as health information), for the safety and purposes defined in such acts. EIS strictly follows all legal obligations for collecting and disclosing such data. You can be sure that EIS will not disclose or share special categories of data without necessary explicit consent or unless we are required to do so by law (for more detailed information please see article 9 of GDPR).

    5. Transfer (sharing) and storing of personal data

    Personal data is shared internally within EIS and could be shared externally (to third parties) for the purposes provided in article 2 of this Policy). Possible recipients of your (your children’s) personal data are:

  • Government (both state and local), social and health service organizations and institutions;
  • Other educational establishments;
  • Providers of IT services (hosting, cloud, maintenance etc.);
  • Security service providers;
  • Other parties, if such is required by law or we have received your consent to do so.
  • Data transfers outside of European Union can occur only with respect to Chapter V of GDPR.

    Personal data is stored for as long as necessary with regard to the purposes described in Article 2 of this Policy or for any other purposes that may be communicated to you. In general, personal data is stored on our own (in our individual ownership or lease) servers.

    EIS informs that it uses services of following data related service providers:

  • iSAMS – SIS service provider (privacy policy);
  • Microsoft – hosting and cloud server service provider (privacy policy).
  • Please see additional information on specific cases of data processing:

  • For video surveillance – article 6 of this Policy;
  • For Cookies – article 7 of this Policy;
  • For Photo and video – article 8 of this Policy.
  • 6. Video surveillance

    We collect information in the form of camera footage to ensure safety and security on EIS premises. We retain these images (video) for 20 days, after which they are deleted, unless we need to retain the images for further investigation or law enforcement purposes.

    7. Cookies

    We use cookies to personalize content and ads, to provide social media features, and to analyze our traffic. We also share information about your use of our site with our social media, advertising, and analytics partners who may combine it with other information that you’ve provided to them, or that they’ve collected from your use of their services. You consent to our cookies if you continue to use our website.

    8. Photographs and videos

    Photographs and videos of you and your children may be taken by staff and students throughout the school year to record and share everyday life at EIS (you and your child may be identifiable in these photographs or videos).

    If you have specifically stated that your child should not be photographed by filling out the relevant form during the admission process (or later at your sole discretion) then EIS will not take photos and videos of you and your child (except in the cases specified below).

    EIS could take photo and/or video of you and/or your child without your consent in following cases:

  • The identification of your child for health and securityrelated purposes (including video surveillance);
  • Educational and informational purposes (including video surveillance).
  • 9. Your rights

    Data subjects may exercise a number of rights with regard to the processing of their personal data, including rights to: Information and access to personal data; rectification, erasure and portability; object and not to be the subject of automated individual decision-making, including profiling, and other rights as prescribed in Chapter III of GDPR.

    Where the processing of your personal data is based upon consent, you and/or your child have the right to withdraw consent at any time. Such withdrawal of consent shall not affect the lawfulness of the processing based on consent before the withdrawal. In addition, withdrawal of consent may in certain cases impair the quality of services EIS is providing to you and your child.

    10. Contact information

    The first point of contact in connection with the processing of personal data and the exercise of the rights as the data subject is EIS (info@exupery.lv). EIS shall respond to such requests within a period of one month.

    The government institution that is responsible for the supervision of personal data protection, supervision of data protection in the electronic communications field, and the supervision of the circulation of information society services is the Data State Inspectorate (contact information can be found on the Inspectorate’s website homepage).

    11. Final provisions

    This Policy and any disputes arising out of (or in relation) to this Policy shall be exclusively governed by and construed in accordance with Latvian law. The State courts of Latvia shall be exclusively competent for any disputes arising out of or in relation to this Policy.

    EIS reserves the right to make changes to this Policy from time to time, e.g. in the light of new legislation or new developments. EIS will inform you about such events if possible, but in any case, it is highly recommended that you look through this Policy regularly.

    This Policy was adopted on 25.05.2018 and was last updated on16.01.2019.