Data Protection Statement
Thank you for visiting the website of Munich International School e.V. ,Schloß Buchhof, 82319 Starnberg, Germany (hereinafter “MIS”).
In the course of the services, we provide to you, MIS will process personal data relating to you and your children. With regard to such processing, MIS will qualify as data controller. In this capacity, MIS take the protection of your personal data very seriously and strives to comply with applicable data protection regulations, such as the European General Data Protection Regulation 2016/679 of 27 April 2016 and the New German Federal Data Protection Act (new BDSG), as may be amended from time to time. We would like to take the opportunity with the MIS Data Protection Notice (hereinafter “Notice”) to inform you about the steps taken by MIS to ensure the protection of your data as well as how your data may be processed and the purpose of doing so. This explains also how we collect and use personal data, whom we share it with and the ways in which we protect your privacy while doing so. This Notice applies to all personal data collected for and on behalf of MIS. This pertains to both information collected electronically or in paper form.
1. How we collect your personal data
- Personal data relating to you or your children can be obtained directly from you or your children, for example via completing the Application and Health and Consent forms, via the website, via meetings with teachers and staff, etc.
- Personal data relating to you or your children can also be obtained via other information channels, such as previous schools, health professionals, social media channels, etc.
- Personal data relating to you or your children also obtained by actions of MIS itself or its data processors, e.g. through evaluations, camera surveillance, access control measures, etc.
2. Why we use your personal data
MIS collects personal data, including special categories of personal data of students and parents to provide a safe and caring international environment for teaching, learning and general educational purposes.
More specifically we process your or your children’s personal data for the following purposes, and other purposes that are compatible with the purposes described below:
- to undertake and manage the School’s admissions processes
- to provide a safe and secure learning environment
- to comply with child protection requirements
- to support and enable the academic, pastoral and personal objectives of children, including the monitoring and reporting of progress
- to provide our educational services
- to provide safe transportation services
- to provide support and care for emotional and psychological wellbeing (pastoral and counselling)
- to protect the health of the students and staff we serve
- to provide a tailored learning environment and make evidence based education decisions for the children we serve
- to enable the children we serve to continue or progress their education at other educational organisations
- to support and develop our employees in the performance of their duties
- for financial planning to help in the future planning and resource investment purposes
- to meet our statutory reporting requirements to the education and other authorities
- to help investigate any concerns or complaints you may have
- to build and maintain the MIS community, including through fundraising
- to make you aware and inform you about our services, news, events and activities that are undertaken at or in association with MIS
- to communicate with you within the framework of your relationship with MIS
- to ensure the safety and security of students and staff, including camera surveillance
- for forecasting and planning for education service provision
- to respond to requests of our staff and (former) students regarding historic information pertaining to their time at MIS.
3. On which basis MIS processes your personal data
We collect and use personal data to carry out the education services as prescribed above. We do so under the lawful basis that the processing is necessary for the performance of a contract in which you are entering or have entered into. In some circumstances we may have to process data for other purposes that are not necessary for the performance of the contract. In such cases, the processing may be based upon (i) our legitimate interests, such as providing a safe learning environment, maintaining the MIS community, fundraising, etc., (ii) on the protection of you or your children’s vital interests, (iii) on the compliance with our legal obligations and/or (iv) on the consent you or your children may have provided to us.
4. The categories of personal data being processed
The categories of personal data that MIS collects and processes include:
- Personal information (such as name, unique number and address)
- Special categories of data (such as health information, ethnicity)
- Educational and evaluation data (such as assessments, relevant medical information, special educational needs information, exclusions / behavioural information and psychological reports and assessments)
- Attendance information (such as sessions attended, number of absences and absence reasons)
- Logging and audit in the use of IT systems and education technology apps, applications and cloud based systems
- Communication and correspondence data (such as emails, letters and other types of correspondence)
- Photographs and videos (see also section 8 and 9 of this Notice).
Special categories of data
The education services we provide require us to collect and process special categories of data, such as health information, for the purposes of safeguarding the protection of your children and the wellbeing of those within our care. We do not disclose or share special categories of data without explicit and unambiguous consent unless we have to do so where we are required to by law, or where we have good reason in protecting the vital interests of an individual, or where not doing so would place someone else at risk.
5. Storing personal data
We keep personal data for as long as necessary with regard to the purposes described in Article 2 of this Notice or for any other purposes that may be communicated to you.
In general, your personal data are stored on our own servers and on the servers of our external providers, located in the European Union. Regarding transfers outside the European Union, see Article 6 of this Notice.
6. Sharing and transfers of personal data
Your personal data is shared internally within MIS for the purposes of delivering the services required.
For the purposes described in Article 2 of this Notice, MIS may need to share your personal data externally with certain recipients, as well as with third parties processing your data on behalf of MIS. More specifically, this includes the following categories of recipients:
- PTV, Sportverein, Il Cielo, schools, colleges or universities that the students attend after leaving MIS; Other international schools (amongst others for the purposes of trips, sports and activities);
- Local education authorities in Bavarian;
- Family nurses, doctors or social service organisations (amongst others where sharing is in the vital interests, or where not sharing could have a negative impact on the individual);
- Providers of information systems that are necessary for MIS to deliver the admissions, administration, teaching and learning, pastoral development, transportation and child protection services;
- Providers of IT hosting and maintenance services;
- Government organisations, police, health and social care (where we are required to do so by law, or where we have obtained your consent to do so).
Personal data may also be transferred to organisations outside Germany and outside the European Union. This may for example occur for the purposes of student application for college or university. Various teaching and learning applications of providers that are based outside the European Union are also used. For such transfers of personal data outside the European Union, MIS has implemented suitable safeguards in the form of standard contractual clauses where required under applicable data protection legislation. More information on these transfers and suitable safeguards can be requested from the data protection officer (see section 11 below).
8. Google Analytics
By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. For more information about Google Analytics and data privacy see http://www.google.com/intl/en/analytics/privacyoverview.html.
9. Camera surveillance
We collect information in the form of camera footage via our CCTV-systems to ensure the safety and security of students and staff. We retain these CCTV images for 3 days after which they are deleted, unless we need to retain the images for further investigation or law enforcement purposes. Access to these images can be requested through the Data Protection Officer (see section 11 below).
10. Photographs and videos
Photographs and videos of your children may be taken by staff and students throughout the school year to record and share everyday life at MIS. Your child may be identifiable in these photographs or videos. Identifiable photographs of your child may be used for:
- educational and informational purposes (such as keeping records of lessons, field trips, sports, events, staff training), as we have a legitimate interest to do so;
- the identification of your child for health related purposes, such as allergies, as it is in the vital interest of your child to do so; and
- marketing and publication purposes, if and to the extent we have obtained you and/or your child’s consent where required under applicable data protection legislation to do so.
- If such photographs and videos reveal any sensitive personal data of you or your child, we will only process and use such photographs and videos if and to the extent we have obtained you and/or your child’s consent where required under applicable data protection legislation to do so.
11. Your rights
Parents and students may exercise a number of rights with regard to the processing of their personal data vis-à-vis MIS, in so far as they effectively have those rights under applicable data protection legislation, such as the European General Data Protection Regulation 2016/679 of 27 April 2016 and the New German Federal Data Protection Act (new BDSG), as may be amended from time to time.
The first point of contact in connection with the processing of personal data and the exercise of the rights described below is the MIS Data Protection Officer (firstname.lastname@example.org). MIS shall respond to such requests and may or may not act upon them, in principle within a period of one month, all in accordance with applicable data protection legislation.
In addition, you also have the right to contact or file a complaint with the Bavarian Data Protection Authority: Bayerisches Landesamt für Datenschutzaufsicht: http://www.lda.bayern.de.
The rights which you may have under applicable data protection legislation are:
- Right to object – the right to object on grounds relating to your particular situation to the processing of personal data based on the legitimate interests of MIS, and the right to object to the processing for direct marketing purposes.
- Right to information and access – to request access to and a copy of the personal data MIS holds on you, as well as the right to information about relevant aspects of the data processing by MIS. This Notice serves to inform you thereon, but do get in touch if you have any questions.
- Right to rectification – to correct inaccurate personal data or to complete incomplete personal data.
- Right to erasure – to request the deletion or removal of personal data in specific circumstances, for example if your personal data are no longer necessary for the purposes pursued by MIS or if there no longer is a legal ground for the data processing.
- Right to restriction of the processing – to limit the processing, e.g. where you have told us the data is inaccurate and we are in the process of checking this. In such circumstances we will continue to store your data but will not process it further until we have checked and confirmed whether the data is inaccurate.
- Right to data portability – to receive your personal data in a structured, commonly used format and to transmit it or have it transmitted to another international school.
- Right not to be subject to automated individual decision-making – the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Where the processing of your personal data is based upon consent, you and/or your child have the right to withdraw consent at any time. Such withdrawal of consent shall not affect the lawfulness of the processing based on consent before the withdrawal.
There may be instances where you may not want us to process or share your personal information. In these cases, we may not be able to fulfil the service you need, or do so in a limited way, or be able to comply with a statutory obligation. In those instances, we will not be able to comply with your request and we will tell you if this is the case.
12. MIS Data Protection Officer
For any questions or concerns relating to this Notice or the processing of your personal data by or on behalf of MIS, as well as for the exercise of any of the rights described in Article 10 of this Notice, please contact the MIS Data Protection Officer (email@example.com).
13. Applicable law and jurisdiction
This Notice and any disputes arising out of in relation to this notice shall be exclusively governed by and construed in accordance with German law. The courts of Munich, Germany, shall be exclusively competent for any disputes arising out of or in relation to this Notice.
This Privacy Notice has last been updated on 24 May 2018.