Admissions Information Notice according to section 13 of the EU Regulation 2016/679
According to the General Data Protection Regulation (Reg. UE 2016/679, the "GDPR"), the American School of Milan, with offices in Via K. Marx, 14, Noverasco di Opera (MI), certified email address, firstname.lastname@example.org, (Tel: +39 025300 0021; Fax: +39 025760 6274) as Data Controller (*) ("ASM" ,"we", "our", "us") provides you (the “Data Subject”) (**) with the following information:
1. Categories of data
When you fill the forms available online and send the documentation required according to our admissions and application procedures, we can collect the following data:
1.1 Common data such as your or your child(ren)'s name, surname, contact details, date and place of birth, home address and other contact details including telephone number(s) and email(s), nationality, ID Card/passport number and copy and eventually tax ID and employer information. We can also require information related to student's native language, level of English knowledge and other languages spoken. We can also collect data related to the year and the grade for which you are applying. We can also ask previous teacher(s) to provide an indication of students' social development, language and mathematical skills or other skills related to previous educational courses.
1.2 Special categories of data: in particular we can ask parents to provide information related to students' health, for example learning needs, disabilities or specific diseases that require our assistance in terms of organizational facilities and/or our educational support. We will also collect data related to immunizations (vaccinations) when we are required by law to ask for this information.
2. Purposes and legal basis of the processing of personal data
The personal data, including that of your children, inserted by you in the admissions forms and applications and provided by previous teachers, shall be processed by the ASM for the following purposes:
2.1 requesting admission to ASM’s course of studies, managing your request, making an evaluation of students' applications, performing all the related administrative and fiscal activities required when receiving an admission. The processing of data is required for managing your requests; if you don’t provide this data we can’t properly process your request. The legal basis for processing data in relation to these purposes consists in the need to perform the contract or take steps prior to entering a contract;
2.2 carrying out all the necessary organizational activities, including evaluating and placing students in different classes and schools, checking our capability to provide the necessary support to students and parents in order to permit them to benefit from all the activities and initiatives offered by ASM. The collection of data for these purposes is necessary to provide you with the services we offer to you. The legal basis for processing data for these purposes consists in the need to perform the contract or take steps prior to entering a contract.
2.3 ensuring compliance with our policies and with applicable laws, by managing all the organizational activities and screenings in order to be sure that we can offer students and parents appropriate support and assistance and that we are able to guarantee students equality in opportunities, for example in the participation of our educational offer; or to comply with specific laws such as those related to health and safety in schools and those sectorial laws that impose specific immunization requirements. Data we require shall be necessarily collected for ensuring our compliance with law in providing educational services. The legal basis is the need to comply with legal obligations and to perform a task carried out in the public interest;
2.4 providing parents with services arranged with their employers, should an employer be facilitating admissions and/or enrollment and costs. The legal basis for processing data in relation to these purposes consists in the need to perform the contract or take steps prior to entering a contract.
3. Means by which data is processed
The processing of personal data by manual and electronic means is designed to preserve the reserved nature of data and to prevent the loss, illicit processing and unauthorized access to personal data. In particular, appropriate security measures are adopted when our processing activities involve special categories of data, including information revealing students' health. We limit the access to this data, retained in physical archives or IT systems and infrastructures, only to those persons that strictly need to know personal information in order to provide students and parents with specific services, assistance and support.
4. Categories of recipients to whom the data may be communicated
The personal data collected during the admissions phase could be communicated to the following categories of recipients, who carry out essential activities for ASM for the purposes listed above and are limited to the necessary assistance provided:
- our authorized employees and/or collaborators that assist and advise us on administration, services, legal affairs and information systems, as well as those in charge of maintaining our network and hardware/software equipment;
- our third-party service providers which process personal data on our behalf and under our instructions for the purposes described above, such as: Information technology companies for the technical and administrative management of data, including the companies a) Finalsite for the assistance with our website, b) OpenApply (a Faria Education Group company) for managing online admissions requests, c) PowerSchool LLC, the student information system at ASM for managing enrolled student and parent information;
- other third parties which process data as independent data controllers expressly guaranteeing full compliance with the data protection applicable laws, such as payment providers and financial institutions, competent authorities and law and enforcement third parties when this is necessary so that we can enforce our policies and protect and defend the safety of your child(ren), our rights or property or the rights or property of any third party.
5. International transfer of personal data
Personal data may be processed in or accessed from jurisdictions outside the European Economic Area ("EEA") such as the U.S. or in other extra EU countries where other schools or organizations are located.
We only transfer personal data to organizations outside EEA which are Privacy Shield certified or have entered into the European Commission-approved standard contractual clauses to safeguard the transfer. For further information, including obtaining a copy of the documents used to protect your information, please contact us as described in the Contact Us section below.
6. Data retention
We will retain personal data in a form that identifies you and your child for no longer than is necessary for the purposes for which the personal data is processed and in particular for the duration of the admission process. Upon admissions, data will be processed and retained according to the enrollment privacy notice included in the ASM enrollment contract. For denied applications, we can retain data for one year from the moment of denial; for withdrawn application we can retain data for 18 months from the moment of withdrawal. Furthermore, we can store some of your personal data that are needed to comply with legal and tax obligations, for the whole duration of the admission process and for the time required in compliance with further obligations (including, without limitation, the obligation to keep the invoices and other company documents for at least 10 years).
7. Your Rights
You have the right to ask us for access to and obtain a copy of your personal data; to correct, delete or restrict processing of your personal data; and, in some circumstances, to obtain the personal data you provide in a structured, machine readable format. These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required to keep by law.
In addition, you can object to the processing of your personal data in those circumstances carried out by law.
You can exercise the above rights at any time by:
- Contacting the DPO (see contact details below, point 8)
- or by writing an email to email@example.com.
If you have unresolved concerns, you have the right to contact the Data Protection Authority.
8. Contact Us
- The Data Controller of your personal data and that of your child is the American School of Milan, based in Via K. Marx, 14, Noverasco di Opera (MI), certified email address, firstname.lastname@example.org, (Tel: +39 025300 0021; Fax: +39 025760 6274; email@example.com);
- The Data protection officer is available at firstname.lastname@example.org
9. Update of this privacy notice
Please note that this Privacy Notice may vary over time.
* According to section 4, par. 1, let. f) ‘data controller’ shall mean any individual or legal entity, public administration, body, association or other entity that is competent, also jointly with another data controller, to determine purposes and methods of the processing of personal data and the relevant means, including security matters;
** According to section 4, par. 1, let. i) ‘data subject’ shall mean any individual that is the subject of the personal data