Application

Nord Anglia Education Privacy Information Collection Statement (“PICS”)

1          Our Privacy Policy

    1.1          NAE is committed to safeguarding Personal Data. This PICS is addressed to Parents or Guardians that are responsible for one or more prospective, past or present Students of any School managed or owned by NAE and situated in Slovakia. It explains how we collect and use your Personal Data and the Personal Data of each Student you are responsible for during the course of our provision of educational and related services to them.

    1.2          If you are the Parent or Guardian of a Student who is, or becomes, competent to make their own decisions relating to the processing of their personal data, then  you must provide a copy of this PICS to them. More information about provision and withdrawal of consent is set out at Consent.

    1.3          This PICS is intended to explain our privacy practices and covers the following areas:

·       Information we may collect about you and any Student you are responsible for and where we may collect it from;

·       How we use your Personal Data, and that of any Student that you are responsible for;

·       Use of Special Categories of Personal Data;

·       Legal Capacity of Students to make decisions about the Processing of their Personal Data;

·       Transmission, storage and security of your Personal Data, and that of any Student that you are responsible for;

·       Your rights, and those of any Students you are responsible for, relating to your Personal Data collected and processed by us;

·       Changes to our PICS or our Cookies Policy;

·       Lawful Bases;

·       Definitions; and

·       Contact Details.

    1.4          By providing your information, or the information of any Student you are responsible for (whether via our website, in person, in writing or over the phone) to us, you acknowledge the processing set out in this PICS. Further notices highlighting certain uses we wish to make of your Personal Data together with the ability to opt in or out of selected uses may also be provided to you when we collect Personal Data from you.

    1.5          Some of the processing activities set out in this PICS are undertaken by our Schools. Other processing activities are undertaken by NAE itself, as the ultimate owner of the Schools, or by our Regional Offices as identified at Contact Us. The exact split differs between Schools, Students and over time. We can confirm which processing activities are undertaken by which entity on request.

    1.6          This PICS only relates to processing undertaken by or on behalf of NAE. Whilst our websites may contain links to other third party websites, please note that we do not accept any responsibility or liability for their policies in relation to any Personal Data or their collecting and processing of any Personal Data.

2          What Personal Data do we process?

2.1          We may collect and process the following Personal Data about you and any Student you are responsible for:

·       Biographical and identification information ► including name, surname, gender, nationality, date and place of birth, details of family members, passport and national identity card information;

·       Contact information ► including address(es), telephone number(s), email address(es), emergency contacts;

·       Student information ► this includes admission information (e.g. tests scores), start date, year group, class information, school ID, grades, notes, timetables, transport routes, photographs and communications with Parents or Guardians, teachers and other Students and information relating to reports made by/concerning Student (e.g. bullying reports etc).

A subset of this information will be shared with the Ministry of Education of the Slovak Republic, to meet our statutory obligation to provide information relating to our Students to the central register administered by it.

The following Special Categories of Personal Data and Photographs of Students may be processed:

o     Health/medical information comprising information relating to any injury a Student may sustain at School or whilst undertaking an extra-curricular activity; any disability; health conditions relevant to education; and any health problems that could affect the ability to learn, we may process the Personal Data only in necessary extent so that we can maintain a safe environment for all Students;

o     Photographs of Students, so that we can identify them for security purposes.

You can find out more about this processing here: Use of Special Categories of Personal Data.

·       Payment information ► including bank account and credit/debit card information;

·       Our correspondence ► where we are contacted by you or a Student you are responsible for, we will keep a record of that correspondence;

·       Website and communication usage ► details of visits to our websites and information collected through cookies and other tracking technologies including, but not limited to, IP address and domain name, browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that are accessed;

·       Information you have provided to us ► any additional information that you or a Student you are responsible for may provide to us, such as through completing enquiry or feedback forms.

Where we collect Personal Data from

2.2          We may obtain Personal Data from you (or any Student you are responsible for) directly, or from third parties such as other educational or sporting institutions, credit reference and anti-fraud agencies, sanctions and politically exposed persons screening lists, our business partners and public registers.

3          How we use your Personal Data

3.1          Your Personal Data (and that of any Student you are responsible for) will only be processed where we have a specific purpose, and a lawful basis, for doing so. An explanation of the scope of the grounds available can be found in section Lawful Bases. These purposes and lawful bases are listed below.

(a)    To select, onboard and enrol Students ► We use the Personal Data in order to process application forms, tests, interviews, travel arrangements and all activities relating to the Student’s enrolment in a School. This may, in certain limited circumstances, include Special Categories of Personal Data, photographs of Students for identification and security purposes;

Lawful bases: contract performance; legitimate interests (to enable us to perform our obligations and provide our services). In the limited circumstances where we need to process Special Categories of Personal Data, we may also rely on explicit consent, legal claims or substantial public interest.

(b)    To manage the Student’s academic, sporting and boarding timetable and to provide access to the School’s communication networks► We use the Personal Data in order to schedule the Student’s activities and provide access to the School’s intranet and other information storage communication tools;

Lawful bases: contract performance; legitimate interests (to enable us to perform our obligations and provide our services).

(c)     To develop and support Students ► We use the Personal Data in order to assess and coach Students through dialogue and record keeping and suitability for current and future internal and external opportunities. This may in certain limited circumstances include Special Categories of Personal Data, such as religious beliefs, so that Students can observe religious/cultural practices, customs and/or celebrations.

Lawful bases: contract performance; legitimate interests (to enable us to perform our obligations and provide our services). In the limited circumstances where we need to process Special Categories of Personal Data we may also rely on explicit consent or legal claims

(d)    To provide a safe and healthy environment for Students and staff ► this may in certain limited circumstances include Special Categories of Personal Data and Photographs of Students:

(i)         Health data, comprising information relating to any injury a Student may sustain at School or whilst undertaking an extra-curricular activity; any disability; health conditions relevant to education; and any health problems that could affect the ability to learn. We use this data to make suitable provision and adjustments relating to the management of  disabilities, allergies, illnesses and injuries, including the provision of such information to third parties such as insurers or medical professionals where appropriate; or

(ii)        Photographs of Students, so that we can identify them onsite.

Lawful bases: contract performance; legal obligations; legitimate interests (to enable us to perform our obligations and provide our services).

In the limited circumstances where we need to process Special Categories of Personal Data (health data) we will rely on explicit consent or protection of the vital interests of you or another person (where you are unable to consent).

In the limited circumstances where we need to process photographs of Students, we will rely on explicit consent.

(e)    To conduct extra-curricular programs ► to organise, administer and operate extra-curricular expeditions and activities, including processing payment, which may include passing Personal Data to third parties for relevant insurance cover, medical assistance, supervision and execution of activities;

Lawful bases: contract performance; legitimate interests (to enable us to perform our obligations and provide our services)

(f)      To report back to Parents and Guardians on Students ► To provide reports and note correspondence on Students’ progress, opportunities and any issues. In conjunction with Students, Parents or Guardians, liaise with other bodies (educational, sporting or any other sector) in relation to Students;

Lawful bases: contract performance; legitimate interests (to enable us to perform our obligations and provide our services)

(g)     To provide newsletters and marketing materials ► to provide you and any Students you are responsible for with updates and offers relating to our products and services, where you have chosen to receive these. Where required by law, we obtain consent to conduct this marketing activity. We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by contacting us;

Lawful bases: legitimate interests (to promote our services); consent

(h)     To ensure that we are paid ► where required, to recover any payments due to us and where necessary to enforce such recovery through the engagement of third party debt collection agencies or taking legal action (including the commencement and carrying out of court proceedings);

Lawful bases: contract performance; legal claims; legitimate interests (to ensure that we are paid for our services)

(i)      To improve our services ► to analyse Personal Data in order to better understand your requirements, or those of any Student you are responsible for. This will assist us in tailoring and developing the services we offer;

Lawful bases: legitimate interests (to allow us to improve our services)

(j)      To monitor certain activities ► to monitor communications to ensure compliance with our internal procedures and any legal requirements;

Lawful bases: legal obligations; legal claims; legitimate interests (to ensure that the quality and legality of our services)

(k)     To ensure website content is relevant ► to ensure that content from our websites are presented in the most effective manner for you and any Student you are responsible for;

Lawful bases: contract performance; legitimate interests (to allow us to provide the content and services on the websites)

(l)      To reorganise or make changes to our business ► In the event that we are (i) subject to negotiations for the sale of our business or part thereof to a third party, (ii) is sold to a third party or (iii) undergo a re-organisation, we may need to transfer some or all of your and your Student(s)’ Personal Data to the relevant third party (or its advisors) as part of any due diligence process or transferred to that re-organised entity or third party and used for the same purposes as set out in this PICS or for the purpose of analysing any proposed sale or re-organisation;

Lawful bases: legitimate interests (in order to allow us to change and develop our business)

(m)   In connection with legal or regulatory obligations ► We may process your personal Data or that of any Student you are responsible for to comply with our regulatory requirements or to engage in dialogue with our regulators. This may include disclosing that Personal Data to third parties (for example, our statutory duty to provide data for entry on the register administered by the Ministry of Education of the Slovak Republic), the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so.

Lawful bases: legal obligations or legitimate interests (to cooperate with law enforcement and regulatory and public authorities).

In the limited circumstances where we need to process Special Categories of Personal Data we may also rely on explicit consent, substantial public interest or legal claims.

(n)     To manage our websites ► We use cookies on our websites. To find out more about how we use cookies, please see our Cookies Policy.

3.2          We may also process personal data (including Special Categories of Personal Data) where necessary in relation to the establishment, exercise or defence of legal claims.

Sharing Personal Data with other organisations

3.3          In order to provide our education and schooling services (including extra-curricular activities) effectively, we sometimes need to share information with other organisations. We share information with the following entities:

(a)        NAE Limited and our Regional Office Teams, which undertake management functions; and

(b)        Our suppliers, who assist us in providing educational and extra-curricular services. A list  of our suppliers can be provided upon request by Contacting us; and

(c)        The Ministry of Education of the Slovak Republic, to meet our statutory obligation to provide information relating to our Students to the central register administered by it.

3.4          Where these entities are outside of the EU/EEA, we ensure that there are adequate safeguards in place to ensure the security of your Personal Data.  See Export of data outside of the EU/EEA for more information.

4          Use of Special Categories of Personal Data and Photographs

4.1          As a general rule, we do not process Special Categories of Personal Data of Students, Parents or Guardians. However, in order to provide our education and schooling services (including extra-curricular activities) effectively to you and any Student you are responsible for, we are, in certain very limited circumstances, required to collect, process and disclose Special Categories of Personal Data and Photographs of Students, including but not limited to:

(a)        Health/medical information comprising information relating to any injury a Student may sustain at School or whilst undertaking an extra-curricular activity; any disability; health conditions relevant to education; and any health problems that could affect the ability to learn, so that we can maintain a safe environment for all Students;

(b)        Photographs of Students, so that we can identify them for security purposes.

The exact purposes for which we process this Personal Data is set out at How we use your Personal Data.

4.2          In addition to the usual appropriate technical and organisational measures we implement to ensure the security and integrity of the personal data processed by us, we may implement additional measures in relation to Special Categories of Personal Data, as appropriate. These may include segregation, pseudonymisation or restriction of access to the data.

4.3          Where we must process Special Categories of Personal Data Data or Photographs, we will do so on the following lawful bases (see Lawful Bases for more information):

Consent

4.4          Where a Student is under the age of 18, we will obtain explicit consent from a Parent/Guardian responsible for the Student, on his/her behalf. This consent will remain valid until it is withdrawn by the Parent/Guardian who provided it, or the Student, provided that:

(a)        The Student has legal capacity to withdraw consent (see Legal Capacity); and

(b)        Withdrawal of consent does not have a prejudicial impact on the interests of the Student.

4.5          In any instance where a Student under the age of 18 who was deemed to be capable of providing consent later withdraws that consent against his/her own best interests, we may revert to a Parent/Guardian to obtain consent on his/her behalf.

4.6          We will obtain consent directly from any Student over the age of 18.

5          Legal capacity of Students to make decisions about the processing of their Personal Data

5.1          Legal capacity will be assessed as follows:

5.2          Students under 16 years of age Where a Student is below the age of 16, they will not be considered sufficiently mature to make decisions about the processing of their personal data. We will provide these Students with a simplified, age-appropriate version of this PICS and rely on the consent provided by a Parent/Guardian, as required.

5.3          Students between 16-18 years of age Where a Student is above the age of 16 but below the age of 18, they will be presumed to be sufficiently mature to make decisions about the processing of their personal data, subject to an individual evaluation of their maturity and understanding, if deemed necessary. We will provide these Students with a copy of this PICS but continue to rely on the consent provided by a Parent/Guardian, as required, as described in section Consent.

5.4          Students over 18 years of age Where a Student has reached the age of 18, they will be considered to be sufficiently mature to make decisions about the processing of their personal data. We will provide these Students with a copy of this PICS and re-obtain consent from them directly, as required.

6          Transmission, storage and security of Personal Data

Security over the internet

6.1          No data transmission over the Internet or through a website can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your Personal Data, and that of any Student you are responsible for, in accordance with data protection legislative requirements.

6.2          All information you, or any Student you are responsible for, provide to us is stored on our and our suppliers’ secure servers and accessed and used subject to our security policies and standards. We ask that you, or any Student you are responsible for:

(a)        Refrain from sharing any password providing access to certain parts of our websites, applications or systems with any other person; and

(b)        Comply with any other security procedures that we may notify you of from time to time.

Export outside the EU / EEA

6.3          Your Personal Data, or that of any Student you are responsible for, may be transferred to, stored in or accessed by staff or suppliers in, a destination outside the European Union (EU) / European Economic Area (EEA). Regardless of location, we will impose the same data protection safeguards that we deploy inside the EU/EEA.

6.4          Certain countries outside the EU/EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export Personal Data to these jurisdictions. In countries which have not had these approvals, (see the full list here https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en) we will transfer it subject to European Commission approved contractual terms that impose equivalent data protection obligations directly on the recipient unless we are permitted under applicable data protection law to make such transfers without such formalities.

6.5          Please contact us if you would like to see a copy of the specific safeguards applied to the export of Personal Data relating to you or any Student you are responsible for.

Storage limits

6.6          We will hold Personal Data for as long as is necessary for the processing purpose(s) for which they were collected and any other permitted linked purpose (for example certain transaction details and correspondence may be retained until the time limit for claims in respect of the transaction has expired or in order to comply with regulatory requirements regarding the retention of such data). So if Personal Data is used for two purposes we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a shorter period once that period expires. We restrict access to Personal Data to those persons who need to use it for the relevant purpose(s).

6.7          Our retention periods are based on business needs and relevant laws. Records that are no longer needed are either irreversibly anonymised (and the anonymised information may be retained) or securely destroyed.

6.8          Your Personal Data obtained on the basis of the above consent will be processed during the term of the contractual relationship between you / Student and NAE and three years after its termination, or until revocation of the given consent.

7          Rights relating to Personal Data

Be aware of the rights that Data Subjects have in relation to their Personal Data

7.1          Data Subjects have a number of rights relating to how their personal data is used. Please be aware that certain exceptions apply to the exercise of these rights and so you will not be able to exercise them in all situations. In addition, these will vary slightly between EU member states. If you wish to exercise any of these rights we will check your entitlement and respond within a reasonable timescale.

7.2          Students may be able to exercise these rights independently, provided that they have Legal Capacity.

7.3          Where applicable, you will have the following rights relating to your Personal Data or the Personal Data of a Student you are responsible for:

·            Subject Access: ► Be provided access to any Personal Data held about you/a Student you are responsible for, by NAE. This information will generally be provided within one month of us confirming your identity and understanding the scope of your request.

·            Rectification: ► Require to have inaccurate Personal Data amended.

·            Erasure: ► Require us to erase Personal Data in certain circumstances. If the Personal Data has been made public, reasonable steps will be taken to inform other controllers that are processing the data that you have requested the erasure of any links to, copies or replication of it.

·            Withdrawal of consent: ► Withdraw any consents to processing that you have given us or that have been given on your behalf and prevent further processing, if there is no other ground under which we can rely to process your Personal Data.

·            Restriction: ► Require certain Personal Data to be marked as restricted in some circumstances, for example, whilst we resolve any complaint we may have received. Restriction means that whilst we still store the data, we will not process it until such time as the restriction may be lifted.

·            Portability: ► Have a copy of any Personal Data you have provided to us returned to you, or transmitted to another controller in a commonly used, machine readable format.

·            Prevent processing: ► Require NAE to stop any processing based on the legitimate interests ground unless NAE’s reasons for undertaking that processing outweigh any prejudice to your data protection rights.

·            Marketing: ► Require NAE to prevent processing of your Personal Data for direct marketing purposes.

·            Raise a complaint: ► Complain to your local Data Protection Authority about our processing of your Personal Data.

7.4          If you have any queries relating to your rights or exercise of your rights, please contact us.

8          Changes to our PICS and/or Cookies Policy

8.1          Our PICS and our Cookie Policy may change from time to time in the future. We therefore encourage you to review them when you visit the website from time to time to stay informed of how we are using Personal Data.

8.2          This PICS was last updated on 19^th July 2022.

Lawful Bases

Use of Personal Data under EU data protection laws must be justified under one of a number of Lawful bases and we are required to set out the Lawful bases in respect of each use in this policy. We note the Lawful bases we use to justify each use of your information in section How we use your Personal Data.

These are the principal Lawful bases that justify our use of your Personal Data:

These are the principal Lawful bases that justify our use of Special Categories of your Personal Data, in the limited circumstances where it is necessary to do so:

Definitions

The following terms are used in this PICS:

Data Controller: this is the person which alone or jointly with others determines the purpose and means of the processing of Personal Data. NAE is the Data Controller of all employment details used in its business.

Data Subject: for the purpose of this policy this includes all living individuals about whom we hold Personal Data, including employees, Students, Parents or Guardians, suppliers and business partners. A Data Subject need not be a national or resident of the country the concerned NAE business is based in. Within the EU, all Data Subjects have legal rights in relation to their Personal Data.

Data Processor: this is the person which processes Personal Data on behalf of the Data Controller (not including employees of the Data Controller). NAE’s suppliers and agencies that handle Personal Data on our behalf will be Data Processors.

Education Act: Act No. 596/2003 Coll., on State Administration in Education and School Self-government as amended and Act No. 245/2008 Coll. on Education and Schooling (the Education Act) as amended.

Guardians / Parents: this means any parents or guardians responsible for a Student.

Legal Capacity has the meaning provided to it here: Legal Capacity

NAE, Our, Us, We: Nord Anglia Education (which includes each of the companies and Schools listed on the contact page).

NAE Ltd: our London based Headquarters, Nord Anglia Education Limited of Nova South, 160 Victoria Street, Westminster, London, SW1E 5LB, United Kingdom.

Parents / Guardians: this means any parents or guardians responsible for a Student.

Personal Data: this is defined as any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified (either directly or indirectly) by reference to an 'identifier'. These include names, ID numbers, location data, online identifiers or one or more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that person.

Regional Office Teams: Nord Anglia International School LLC, a company established in Dubai, the United Arab Emirates with its registered address at Office No. 001, Level 100, Arenco Tower, Media City, Dubai; Collège Champittet SA a company incorporated in Switzerland with its registered address at Chemin de Champittet, c/o Collège Champittet; and Nord Anglia Education Limited, a company established in England and Wales with its registered address at 160 Victoria Street, Westminster, London, SW1E 5LB, United Kingdom.

School(s): this means any school within the Nord Anglia Education Group.

Special Categories of Personal Data: this type of data is, in the EU and some other countries, subject to more stringent processing conditions than other Personal Data and in the EU includes Personal Data which reveals racial or ethnic origin, political opinion, religious or philosophical beliefs, trade-union membership, and the processing of genetic data, biometric data in order to uniquely identify a person or data concerning health, sex life and sexual orientation. Data concerning health covers Personal Data relating to the physical or mental health of an individual which reveals information about the individual's health status. In the EU, Personal Data relating to criminal convictions or offences or related security measures may only be processed when authorised by Member State or EU law. In other countries the term Special Categories of Personal Data may include other categories of information such as financial information and passwords. If in doubt, please contact the Data Protection Officer.

Student: this means any prospective, past or present student of a School.