• IT
  • EN

    • Privacy Policy

    Information on the Processing of Personal Data for Students and Their Guardians

    In accordance with Article 13 of the European Regulation 679/2016 (hereinafter “GDPR”) we inform you that the personal data of students and their guardians are collected by the following means and for the following purposes.

     

    1. Types of Personal Data Collected

    The Data Controller processes the following data:

    • personal data provided at the conclusion of the contracts for services offered by the Data Controller such as: anagraphic and contact details of students and their guardians (name and surname, address, telephone contacts, social security number, email address, etc.);
    • data of the guardians and any other sponsor of the school fees, in relation to economic and judicial relationships necessary to fulfil the requested services;
    • personal data of the students in relation to evaluations, performances and behaviour within the school environment;
    • particular data of the student related to racial and ethnic origin, religious and/or philosophical beliefs (specific times or intake/not intake of types of food or beverages, compatibly with the organisational needs of the school), political opinions, memberships to parties, trade unions or to any associations or organisations having religious, philosophical, political or trade union nature, health and judicial data; the health data refer to the state of health of the students in relation to diets or allergies connected to specific type of food or other things, vaccinations, application of sanitary measures and prophylaxis, medical sports certificates;
    • data related to customer satisfaction and feedback;
    • data collected while visiting the school website – such as the data collected through the use of cookies and other data automatically collected to allow access to the school websites, or information provided while visiting the school website (for example, through contact forms, etc…).
    1. Purposes of data processing

    In accordance with the art. 13 of the European Regulation 679/2016 we inform you that the purposes of data processing are:

    1. to provide the services requested and/or available on the school website whose writer handles the service of didactic and connected nature; the legal basis is the performance of a contract to which the data subject is a party or to the execution of pre-contractual measures taken at his or her request and/or express consent; 
    2. to fulfil contractual, legal or regulatory obligations or obligations of the Community legislation and to fulfil legal, fiscal and accounting obligations: the legal basis is to fulfil a legal obligation that the data controller is subjected to.
    1.     Means and duration of data processing 

    In accordance with the art. 5 of the European Regulation 679/2016 we inform you that your personal data will be:

    • processed by the principles of lawfulness, fairness and transparency;
    • processed with adequate safety measures in order to protect the integrity and privacy of the provider;
    • collected by necessary means to pursue the purposes mentioned above, and processed in order to be compliant with those purposes;
    • kept on paper forms and/or computing support, still electronical, protected and retained in compliance with the applicable legislation;
    • kept for the duration of the contract and subsequently, for the time required by law in order to serve any civil, fiscal or other purposes for which the data is processed.
    1.   Provision nature and the consequences of the processing of personal data refuse

    The provision of the requested data for the purposes as at point 2. letter a), b) is necessary for the correct performance of the activity and for the effective management and delivery of the related services, and the refusal of the provision will not allow the writer to carry out the work required.

    In accordance with the art. 6 par. 1 lett. b), it is noted that the authorisation to process personal data is considered directly obtained if essential to enable the School to deliver the educational service (for example services such as google classroom).

     

    1.     Access to and communication of the data

    The data can be:

    • known to employees and collaborators of the Data Controller, in their capacity as appointees and/or administrators of the system;
    • communicated to Public Bodies and Administrations (e.g. Health Institutions, organisations of Public Education or other nature permitted by law, Financial Administration, Law Enforcement and Judicial Authorities, Social Welfare institutions, Governmental Employment Agencies, etc.);
    • communicated to third-party companies or other entities (e.g. banking and insurance institutions, professional firms, consultants, etc.) that pursue outsourcing activities on behalf of the Data Controller:
    • processed, also outside the European Union, in the context of “main services” (didactic services and of remote evaluation, videoconference, e-mail services, photo and document archive, word processing, spreadsheets, shared calendar, etc.) and “additional services” (such as for example Translator, YouTube, etc.) managed by the Google Workspace for Education, as well as in the context of educational services offered by third parties and acquired through the other Applications for educational purposes, the updated list of which is available on the website of IST and periodically notified to the interested parties;
    • processed, also outside the European Union, in the context of services offered by the firm Rediker Software, Inc. (e.g. Plus Portals) and by IXL Learning (e.g. IXL math);
    • the academic performance of students can be communicated to bodies or institutions of proven reliability and professionalism in order to facilitate the orientation, the training and the employability. 

    Parents can be captured in photographs or video during the celebrations and school plays (e.g. Family Day and other events) by IST personnel and/or persons authorised by the writer for video and photo services (e.g. Annual school yearbook or events). Those pictures and videos can be shared with students, their families and school staff. Pictures and videos captured by relatives of students are permitted as long as they are not shared with external parties to the School Community.

     

    1.     Transfer

    Personal data is now stored in servers located both inside and outside the European Union. It is agreed that the Data Controller, if necessary, will have the right to transfer the data on EU servers or extra-EU servers. In such a case, the Data Controller guarantees that the transferring of data outside the EU will be performed in accordance with applicable statutory provisions. 

     

    1.       Rights of the concerned data subjects

    Concerned data subjects have the right to obtain confirmation by the Data Controller regarding the processing of their personal data in due course and, in this case, have the right to obtain access to and cancellation of the data, rectification, or limitation of the processing; they can also object to the treatment at any time, to the treatment with the purpose of direct marketing and to the automated decisional process; in addition, data subjects have the right to portability where technically possible, to the withdrawal of consent at any time, without prejudice to the lawfulness of the treatment based on the consent given before the withdrawal. Furthermore, data subjects also have the right to lodge a complaint with the supervisory authority identified by Italian law. The concerned data subjects can exercise the above rights by sending a request to the INTERNATIONAL SCHOOL OF TRIESTE, Via Conconello 16, 34151 – Opicina (Trieste), or per email at info@istrieste.org

     

    1.       Data controller

    The Data Controller is INTERNATIONAL SCHOOL OF TRIESTE, Via Conconello 16, 34151 – Opicina (Trieste), phone: 040.211452, email: info@istrieste.org.