Privacy Policy

Data Controller:

Sotogrande International School S.L. (SIS)

Av. de la Reserva, s/n, 11310 Sotogrande, Cádiz, España

Telephone: +34 956 795 902

E-mail : privacy@sis.gl

 SIS is part of Inspired Education Holdings Limited

  1. INTRODUCTION

In accordance with the terms of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Individuals with regard to the Processing of Personal Data (GDPR) and the Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y Garantía de los Derechos Digitales, (LOPD-GDD) SIS provides information about how we are processing the personal data that you provide to us.

Our Data Protection Officer can be contacted by email at the address privacy@sis.gl if you have any queries regarding the processing of your personal data.

 

  1.  TYPES OF PERSONAL DATA WE PROCESS

We process personal data from our students and their families and / or legal representatives and also from our employees, candidates, suppliers, contractors, prospective customers and third parties interested in finding out more about SIS within the systems controlled by the school as Data Controller.

The personal data processed is mainly the following:

  • Names, addresses, telephone numbers, e-mail addresses and other contact details;
  • Family details;
  • Safeguarding information (such as court orders and professional involvement)
  • Education and employment data;
  • Images, audio and video recordings, including CCTV footage (video images);
  • Financial information;
  • Educational centres previously attended.

Other types of data we may collect and process, according to the school purposes, are related to health condition, criminal records and other sensitive information related to an individual, such as:

  • Information about health status or provision of health care linked to a specific individual;
  • Behavioural information;
  • Special educational needs
  • Criminal records linked to a specific individual;
  • Biometric information;
  • Ethnicity;
  • Religion;
  • Nationality and location.

 

  1.  HOW WE COLLECT AND PROCESS PERSONAL DATA

SIS collects information in several ways, including:

  • Personally and over the phone;
  • Through our webpage, including information received through the following sections: Employment (recruitment), application form, subscription to our newsletters, enquiry form, chat;
  • From email and hand delivery paper documentation: including job applications, emails, invoices, letters, consent forms;
  • Through online tools: such as apps, educational platforms and other software used by our staff;
  • Through any CCTV cameras located at our premises or sites;
  • Through third parties, such as referees, professionals or authorities working with the individual;

 

  1.  PURPOSES FOR WHICH WE PROCESS PERSONAL DATA

SIS processes personal data to lawfully and legitimately carry out the school’s educational activity. The school collects and keeps students and parents’ information when necessary:

  • To ensure that the student meets the school’s admission criteria;
  • To provide educational services including the support of pupil learning, monitor and report on pupil progress;
  • To provide to the students welfare and pastoral care services;
  • To provide to the students medical and nurse attention, catering service and school transportation, among other necessary services;
  • To meet the educational, social, physical and emotional requirements of the student;
  • To comply with the law regarding data sharing;
  • To comply with legislative or administrative requirements;
  • To administer the school’s governing body;
  • To enable parents/guardians to be contacted in the case of emergency or in the case of school closure, or to inform parents of their child’s educational progress or about school events, etc.
  • With the aim to celebrate school’s achievements and to keep a record of the history of the school, SIS may take photographs and recorded images of students to be shared in, e.g. yearbooks, school website, etc, always based on informed consent from parents or students of legal age;
  • To send commercial communications if previously requested and authorised by the data subject. Commercial communications will include: newsletters and notices from the webpage, referral of commercial advertisements through e-mail, SMS, MMS, social networks or any other electronic or physical means, present or future, which enables such commercial communication. You will be able to unsubscribe from the receipt of commercial communications by clicking in the “unsubscribe” section found in all these kind of e-mails sent by the school.
  • In the case of a CV received through our webpage, in the section “Employment”, with the purpose to include the candidate in the selection process or to consider their application for future positions; In this regarding, the school also collects information about staff and prospective staff when necessary for:

-Conducting the selection process;

-Assessing the suitability of the candidate for the position;

-Administration of staff records;

-Recruitment of staff;

-Administration of payroll, pensions and sick leave;

-Staff appraisal;

-Disciplinary procedures;

-Administration of human resources records;

The personal data object of processing may only be communicated to other schools within the Inspired group with the prior written consent of the data subject and the personal data will be processed with the same legitimate purposes mentioned herein.

 

  1. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

As a school, we may be lawfully required to share personal information with relevant authorities or third parties as permitted on statutory grounds, to comply with legal obligations or on the basis of a specific consent given by the individual concerned.

We will ensure that, where relevant, contractual safeguards are implemented to ensure the protection of your personal data when disclosing your personal data to a third party. For example, we will enter into data processing agreements with relevant parties (providing for restrictions on the use of your personal data and obligations with respect to the protection and security of your personal data).

The parties to whom we may disclose your personal data as above referred may be located in countries outside the European Economic Area (EEA), including countries which may offer a lower level of data protection than in the EEA.

In such cases, we will implement appropriate measures to ensure adequate protection of your personal data in accordance with applicable data protection legislation.

Your personal data shall be neither rented nor sold to third parties.

 

  1.  Conservation of data

Personal information will only be retained for the period of time required to fulfil the purpose for which it was collected unless for a longer time for public interest archiving, scientific or historical research, or statistical purposes. Once the personal information is no longer required or permitted to be retained for legal or business purposes, it will be destroyed or made anonymous.

 

  1. YOUR RIGHTS

Under the GDPR you have rights regarding the processing of your personal data. These rights are, however, subject to certain exemptions and limitations.

You have the right to:

  • Be informed, at the time when personal data is collected, about the data processing.
  • Access the information we process and how we process it as well as to obtain a copy of the personal data considering the legal limitations and exceptions;
  • Ask for the erasing of the personal data we hold about you without undue delay considering the legal limitations and exceptions;
  • Obtain the rectification of your personal data providing a supplementary statement;
  • Obtain restriction of processing of your personal data when it is inaccurate, illegal, unnecessary or not verified, considering the legal  limitations and exceptions;
  • Obtain data portability of your personal information in a structured, commonly used and machine-readable format. This allows the right to transmit that data to another controller without hindrance from the controller to which the personal data has been provided;
  • Object to processing for direct marketing purposes;
  • Withdraw consent at any time and freely to the processing of your personal data. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Therefore, in accordance with the provisions of GDPR, data subjects will be able to exercise their rights through the procedure Subject Access Request (SAR) by sending a written specific request, along with a copy of their ID card, to the DPO’s email address privacy@sis.gl.

  • SUBJECT ACCESS REQUESTS (SAR)

According to the previous paragraph, the Subject Access Request (SAR) procedure regulates the right of the subjects to access their personal data verbally or in writing and at no charge. We have processes in place to ensure that we respond to a subject access request without undue delay and within one month of receipt although we can extend the time limit to respond to a request if necessary. We are aware of the information we must provide in response to a subject access request and the need to provide it in clear and plain language.

Any data access request is subject to certain exemptions, limitations or contractual obligations. Data belonging to or identifying other individuals is exempt from right of access and will be subject to legal privilege. We cannot disclose any confidential information related to the purpose of providing education within our group of schools, examinations or supplying examination scripts to external bodies. We cannot disclose confidential information on any of our staff.

 

  1.  CONSENT

You will have the right and possibility to withdraw your consent for any specific purpose granted at any given time without prejudice of the legality of processing according to the consent given before withdrawal.

 

  1. MINORS

SIS will not process data of minors under 14 years of age without the prior written consent of their parents or legal guardians.

 

  1. STORING AND SECURING INFORMATION

The school shall use the appropriate technical and organisational measures to ensure the security, confidentiality, integrity and privacy of the personal data, preventing from unauthorised access or unlawful processing as well as accidental loss, destruction or damage of the files.

 

  1.  COMPLAINTS

If you are not satisfied with our response, you would like to discuss anything regarding this privacy notice, or you believe we are processing your personal data disregarding the data protection regulations in force, any claim can be sent to our DPO privacy@sis.gl or to the Spanish data protection authority, Agencia Española de Protección de Datos (AEPD) with contact details described at https://www.aepd.es/es/la-agencia/donde-encontrarnos.

 

  1. PRIVACY NOTICE UPDATES

SIS may need to update this privacy notice periodically so we recommend that you review this information from time to time.

This version was last updated on October 2020.