American International School of Zagreb Website Privacy Policies
This Policy of Use of Images and Recordings by the School establishes the framework in which the American International School of Zagreb (later in this text - AISZ) may take and use the photos or recordings of its students.
The school may wish to photograph, film or record students for certain events within the context of their school education. These images may be used in printed or online publicity materials, including school brochures or other publications, on the website, on the school’s social media platforms or around campus. The school may also use video footage or web camera recordings during inter-school conferences or educational projects.
From time to time the campus may be visited by the media who could take photographs, film footage or make recordings. Students may appear in these images which may be issued in local, national and international newspapers and televised or broadcasted news programs. The school is responsible for authorizing this and the media will not be invited in if the school feels their presence is inappropriate.
The legal basis that allows AISZ to take and use the images or recordings of students consists in the consent the parents / legal guardians have granted with consent given in School Information System.
Nonetheless, AISZ may use the photographs of students, without the prior consent of parents/legal guardians, in the school’s legitimate interest, when photographs are necessary for identification purposes for access card creation and thus ensuring the security on campus or when such photographs are used for official purposes such as when photographs are used on diplomas or other official documents.
The conditions of use of images and recordings of students are:
- Personal details, full names (first name and surname) or other elements which may lead to the identification of the student will not be disclosed on picture or alongside a picture or recording. The condition described above shall not apply to the publication of images in the Yearbook or School ID. Also, if expressly requested by media, this information will only be passed on if parent / legal guardian prior consent has been given
- Personal details such as email addresses, postal addresses, and telephone or fax numbers will not be disclosed.
- The school will only use pictures of appropriately dressed students.
- The permission to use images or recordings is for the period during which the child is a student of AISZ. After a student leaves AISZ, images and recordings shall be processed only for storage/archiving purposes according to the retention period established in AISZ Data Retention and Disposal Policy.
- Group photos will not require the consent
- The school will ensure that electronic images are stored on a secure network that cannot be accessed by members of the public.
- The school will not sell images or recordings to third parties without prior parental consent.
- The school will not pay students for images or recordings.
2. Rights related to the use of images and recordings by the school
With regard to the use of images and recordings as described in this Policy, parents and students that present an appropriate level of understanding, have certain rights derived from the data protection applicable regulations.
We refer here especially to the following rights that are most probably to be exercised regarding the use of images and recordings:
- The right to withdraw the consent given for the use of images at any time. Please note that in this situation, the processing of personal data performed prior to such withdrawal will not be affected.
- Right of erasure, which applies in the following situations:
- Where the photos and recordings are no longer useful and do not serve the initial purpose and other lawful purpose exists;
- Where the consent given to processing images by the school was withdrawn, provided that the school cannot justify other legal basis for processing;
- Where the photos and/or recordings were unlawfully processed;
- Where the right to object was successfully exercised;
- Where erasure is required by a legal provision applicable to the school.
Given the fact that photos and recordings are considered personal data, all the rights provided under the Privacy Notice dedicated to parents shall apply accordingly. In this respect, please consult the Privacy Notice. AISZ shall store the images and recordings of students for as long as they serve the purposes for which they were initially taken.
3. Use of camera phones and other recording devices by others
AISZ staff and students take photographs and videos throughout the school year to record and share everyday life at AISZ. These images will be shared internally, as well as on secure digital platforms (e.g.: AISZ School Information System, Google Services and SeeSaw). As a way of documenting and sharing their learning story as positive digital citizens, AISZ staff and students may share these images on social media platforms, including Facebook, Instagram, YouTube and Twitter.
Visitors will be advised not to use their camera on their personal phones while at the school and where possible, will be accompanied by a staff member for the duration of their visit. Students are not allowed to use any kind of personal mobile phone (camera phone or not) during school time, usage before and after school is permitted.
Where parents or family of students or students take photos or videos of other students on school premises or in the context of various school events or activities, for purely personal, household or recreational purposes, this policy shall not apply and the school shall not bear any responsibility with regard to the use of those photos or videos.
The school hereby, kindly requests parents to use all images and video taken as described above with maximum regard to the rights and liberties of other persons, especially children appearing in those photos or videos.
Where students or parents will take photos or videos for official use of the school, AISZ shall take care that these photos will be handled and used according to this Policy.
The school shall update this Policy every 2 years, in order to ensure its compliance with evolving technology and changes with respect to the data protection regulatory framework.
The American International School of Zagreb (“AISZ”) processes personal data on its prospective, current and former students and their parents or legal representatives, as part of its everyday operations of providing educational services.
AISZ handles your personal data according to the General Data Protection Regulation no. 679 / 2016 applicable in the European Union (“GDPR”). For these purposes, AISZ acts as controller with regard to your personal data and the personal data of students (“Personal Data”), meaning AISZ establishes the purposes and means of processing the Personal Data.
For the purposes of this Privacy Notice, please note that the term “processing” shall represent any operation performed on Personal Data, whether or not by automated means such as collection, recording, storage, adaptation, alteration, consultation, use, disclosure by any means, erasure or destruction.
AISZ wishes to be completely transparent with regard to the processing of Personal Data and therefore, we have presented below all the information you may need on this subject matter.
Please read this privacy notice to understand the data processing operations carried out by AISZ.
1. The purposes for which AISZ processes your Personal Data:
AISZ processes Personal Data that pertain following purposes:
- Provision of educational services, starting with the application process, enrolling students, administration of classes and timetable, teaching activities, administration of internal and public examinations, assistance regarding the application process to various universities, issuance of academic records.
- Provision of educational ancillary services: pastoral care, career and personal counselling, library services, extracurricular activities, school trips, financial assistance and scholarship, managing school’s publications, setting up the virtual learning environment and granting access to AISZ’s Intranet and Internet network as well as monitoring the use of AISZ’s network.
- Ensuring campus security: monitoring access on campus, performance of video surveillance.
- Provision of the medical care and counselling that students may need.
- School administration: handling student records and other academic documentation, administration of fees and accounts, internal and external audits and controls, reporting and statistics creation, implementing school policies, ensuring collaboration with other schools, archiving, assessing the quality of our services, facilitating research activities.
- School related communications: conveying various messages related to the students and AISZ’s activities by any communication means.
- Organizing fundraising activities and other school events (e.g., concerts, theatre productions, talent shows), including marketing communications related to the fundraising activities organized by AISZ.
- Dispute resolution and litigations.
2. The categories of Personal Data that AISZ processes, include, but are not limited to the following:
- Identification and contact information (first and last name, citizenship, country of birth, address, information included in ID’s / passports, phone number, e-mail etc).;
- Health data: medical history, allergies, immunization records, disorders, medical examination results and other medical data of the students;
- Data related to the educational background and regarding school performance of the students: academic, disciplinary or other educational related records, academic references, special needs, hobbies, results of educational diagnosis testing, test results, feedbacks, evaluations etc.;
- Behavioral data as well as data on preferences / interests of students;
- Family information: household information, language background, financial data, profession and workplace of parents etc.;
- Authentication and physical access data: e-mail, passwords, badge number, location data, other on-line identifiers, car details etc.;
- Photos and videos.
Generally, the Personal Data held by AISZ were provided directly by the parents or resulted from the interaction the parents and the students have with the school. In some cases, third parties (e.g., representatives of former schools attended by students) supply data.
3. The lawful basis for the processing operations we conduct with regard to the Personal Data
AISZ collects and further processes Personal Data, based on one of the following legal grounds, expressly laid down by the GDPR:
- For the performance of the enrollment contract, as well as in order to take steps at your request for entering into the enrolment contract and to further provide the educational services.
Please note that there are some mandatory categories of personal data necessary to AISZ in order to conclude the enrolment agreement and provide the educational services to students at a high standard and in the best interest of the students.
The mandatory categories of personal data are included in the application form, which you have filled in on-line or on paper forms and listed in the enrollment contract you already have / will sign with AISZ. All the categories of data that are compulsory for contract conclusion are marked accordingly in the application form.
Please take into consideration, that all the mandatory categories of data are necessary for AISZ to be able to evaluate your application and finally to enroll your child. Failure to provide all the information marked as mandatory will lead to the impossibility of AISZ to process your application and to enter into a contract with you.
- A legal obligation that requires AISZ to process your Personal Data (e.g. performance of video surveillance).
- For the performance of a task carried out in the public interest, considering that AISZ provides educational services, regarded as a service of public interest, according to the Croatian applicable provisions on education, many processing operations conducted by AISZ that are strictly related to educational purposes will be founded on this lawful basis for processing. We refer here mainly to: issuing and storing academic records, evaluating students’ performance etc.
- The legitimate interest pursued by AISZ.
AISZ relies on this legal ground in order to provide the educational services it has committed to deliver and additional services related to this scope at the highest standards, always for the benefit of the students and without outweighing the parents or the students’ rights and liberties.
AISZ may invoke the legitimate interest legal ground in the following cases:
- monitoring use of the AISZ’s virtual learning environment and network, including monitoring the use of e-mail accounts and devices provided by AISZ;
- conducting fundraising activities, including marketing of such activities;
- enforcement of legal claims, addressing complaints and third party controls;
- management, control, reporting and performing statistics on schools activity;
- ensuring security;
- maintaining close relationships with alumni and AISZ’s community;
- collaboration with other schools and educational institutions;
- performance of agreements with suppliers, including insurance suppliers;
- access to grants and other funding sources.
With respect to the processing of the special categories of personal data under the GDPR, respectively health data, please take into consideration that AISZ processes health data based on the following legal grounds:
- The necessity of the Medical Office to process such data for the purpose of preventive and occupational medicine, medical diagnosis and the provision of health or social care or treatment on the basis of European Union or national law;
- Processing is necessary for reasons of substantial public interest, on the basis of European Union or national law. Such a legal ground is used especially in those situations where the school has to assess the learning capacity of a student and adapt the teaching activities to the special needs of a student.
- The consent you have granted us, prior to any processing of the personal data, for:
- the processing of your child’s personal data on allergies.
- the use of students’ photographs and videos in various school publications, promotional images including AISZ news, School managed social media accounts (including Facebook, Instagram, YouTube, Twitter)
- child’s / children’s images in school advertising (digital / print)
- other consents that may be granted from time to time for various processing activities.
- The explicit consent granted by you for the disclosure of the personal data of students related to the allergies they suffer from.
4. Disclosure of Personal Data
AISZ discloses your Personal Data only to those members of AISZ, staff and collaborators, who need access to the personal data mainly for ensuring the provision of the educational and ancillary services. In this respect, please take into account that only the Medical Office has access to the students’ medical records. Other departments of the school have access to specific health data (i.e. for allergies) or in order to protect a substantial public interest based on E.U. or national law (e.g., various medical conditions triggering special learning needs).
With respect to the disclosure of your Personal Data to third parties, outside AISZ, please note that such disclosure is performed solely in the regular activity of the school. The categories of recipients include the following:
- IT providers, including educational applications, on-line tools, server hosting suppliers such as ManageBac, SchoolIS, SeeSaw, NWEA and College Board etc.
- Cafeteria Owner in its capacity of independent provider of meal services on campus;
- Other educational institutions or organizations, not limited to other schools;
- Travel agencies, catering and transportation providers;
- Photographer and video crew;
- Courier services providers;
- Utilities services providers;
- Public authorities and institutions, national or foreign, judicial courts and foreign embassies or other forms of diplomatic missions;
- Bank, financial institutions and insurance providers
- Tax, legal and accounting consultants
5. Third country transfers
AISZ transfers your personal data to the third countries, as follows:
- United States of America – to third parties that have obtained EU – US Privacy Shield certification (i.e. Faria Systems LLC as provider of the ManageBac). With other USA based providers of applications, AISZ is in the process of implementing appropriate safeguards in order to ensure secure transfers of personal data by May 25, 2018.
If you wish to consult the appropriate safeguards put in place by AISZ about the transfers of personal data to USA, please refer to the contact point at the end of this Privacy Notice.
6. Retention of Personal Data
AISZ holds all your Personal Data for as long as you are in a contractual relation with us, and afterwards for a standard period of 5-year, period for which AISZ can justify a need in storing such personal data. AISZ keeps the student file and all the data related to the student interaction with AISZ mainly for the scope of assessing the school’s activity and the quality of services provided but also for addressing potential request of students with regard to their school trajectory within AISZ, which usually appear after the students have graduated.
Notwithstanding the retention period mentioned above, please be informed, that all the academic records and other school acts and documents related to study activities are kept for an indefinite period of time, according to the legal obligations that AISZ has in this respect. Moreover, in any case where a legal provision imposes a minimum retention period, AISZ will keep the Personal Data for at least that mandatory period. In case of a legal process data will be retained as long as the legal process requires.
7. Your rights related to the processing of Personal Data by AISZ
The GDPR provides certain rights related to the processing of personal data, that both you and the students have.
AISZ respects all the rights mentioned under the GDPR and is committed to furnishing the appropriate means by which you can exercise these rights, according to the details mentioned below:
The right of access, which entails your possibility to obtain the confirmation from AISZ whether your Personal Data is being processed by AISZ or not, and if the case may be you are entitled to solicit access to this data, as well as additional information regarding the Personal Data, such as: the purposes of processing, the categories of recipients the Personal Data are being disclosed to and the envisaged retention period. In the situations where you may need to exercise the right of access, please consider contacting AISZ and requesting confirmation by e-mail at email@example.com. Please consider that there might be specific situations that are exempted from the right of access, such as information that identifies other individuals or which is subject to confidentiality obligations.
- The right to rectification, that allows you to request AISZ rectification of any inaccurate Personal Data that AISZ may hold, as well as to have your incomplete Personal Data to be completed.
- The right to erasure meaning that in the situations expressly regulated by law, you may request erasure of your personal data. Please take into account, that the cases where the law provides for the possibility of erasure of personal data amount to the situations where the processing is unlawful or where the processing is based on your consent, and you have withdrawn such consent.
- The right to restriction of processing, signifying your right to obtain restriction of processing your Personal Data from AISZ’s part. Please bear in mind that this right can be exercised only in specific situations laid down by the GDPR such as when you challenge the accuracy of your Personal Data. During the period necessary for us to rectify your data, you may ask us to restrict the processing of your Personal Data.
- The right to data portability implying your right to receive the personal data in a structured, commonly used and machine-readable format and further to transmit such data to another controller. This right to data portability shall be applicable only to the personal data you have provided to us and where the processing is carried out by automated means based on your consent or for the performance of the contract you have concluded with AISZ.
- The right to object to the processing of your Personal Data by AISZ, on grounds relating to your particular situation. The right to object applies to the situations where AISZ relies on consent as legal basis for processing (e.g. using your e-mail address for conveying fundraising related messages).
- The right to lodge a complaint designates your right to challenge the manner in which AISZ performs processing of your Personal Data with the competent data protection authority.
- The right to withdraw your consent given for various processing operations, in cases where the consent represents the lawful basis for processing. In cases where you withdraw your consent to processing your Personal Data, please note that the processing will end from the moment the withdrawal takes place without any effect on the processing that took place prior such withdrawal.
Confidential references provided by the American International School of Zagreb
Confidential references given by AISZ for staff or students, which includes references on its behalf written by staff either in their formal capacity or as part of a standard procedure, are exempt from subject access requests where the references relate to:
- education, training or employment of the data subject
- appointment of the data subject to any office
- provision by the data subject of any service
This means that AISZ has absolute discretion to refuse to release confidential references written on its behalf if requested to do so in a subject access request or as part of a request.
Once the reference has been received by another organisation or individual, the reference ceases to be exempt from data subject access and, consequently, could be accessed by the data subject through the receiving organisation. Please note in the above example, that the right to release the reference rests with the institution not the individual faculty.
AISZ creates various profiles through automated means based on the Personal Data that pertain to students. Generally, such profiles are created via various applications used in the on-line education environment such as: MAP Testing Tool.
AISZ creates and uses such profiles to evaluate the performance of its students, to identify gaps in their development or to assess specific traits that characterize students’ personality, preferences, and behavior or professional inclinations.
9. Video Surveillance
AISZ has implemented a video surveillance system on the campus, in order to ensure security of its students, staff and all the other persons that enter our premises. The security and wellbeing of our students is our primary concern and these video cameras allow us to offer real time protection.
All the areas covered by a video camera are signalized on campus through specific banners, informing you with regard to the video surveillance conducted by the AISZ.
10. Contact Point
In the situation where you may wish to exercise any of the rights listed under point 7 of this Privacy
Notice or to obtain additional information or clarifications on the subject of processing your Personal Data please contact AISZ, via its appointed Data Protection Officer – responsible for ensuring that AISZ complies with all the requirements of the GDPR.
Contact Details of AISZ’s Data Protection Officer:
E-mail address: firstname.lastname@example.org
Phone Number: 01/7999 323
American International School of Zagreb respects the privacy of every individual who visits this website (www.aisz.hr). This policy demonstrates our commitment to your privacy. It outlines the information American International School of Zagreb may collect about you while visiting this website and how this information will be handled. American International School of Zagreb reserves the right to modify this policy at any time by updating the contents of this page.
American International School of Zagreb website is defined as publicly accessible and password/login protected pages hosted under the domain www.aisz.hr. American International School of Zagreb is not responsible for the privacy practices of external sites linked from or referenced by www.aisz.hr. This policy applies solely to information collected by this website.
American International School of Zagreb will not collect any personally identifiable information about you when you visit this website unless you have provided it voluntarily. By providing such information to us, you are giving us your consent to use the information in the following ways:
- to fulfil a request you have made
- to update your school maintained record
- to contact you
American International School of Zagreb will not sell, rent, or market personal data about you to third parties unless otherwise stated.
Anonymous Visitor Statistics
- how many people have visited our website
- what type of technology they are using (e.g., Mac or Windows), which helps to identify when our site isn't working as it should for particular technologies
- how long they spend on the site
- what page they look at, etc. This helps us to continuously improve our website.
- collect any personally identifiable information
- pass data to advertising networks
- pass personally identifiable data to third parties
- pay sales commissions
American International School of Zagreb may link to other websites but is not responsible for the accuracy of the content on external sites nor does it imply endorsement of their views. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies solely to information collected by this website.
Whenever users submit personal information (such as contact info) via online forms or registration, upon submission that information is encrypted via the highest level of SSL available. Servers that store personally identifiable information are in a secure environment. American International School of Zagreb will not ask for or store credit card information online.
Use of Text and Images
If you would like to publish information that you find on our website, please send your request to ICTManager@aisz.hr. Downloading any photos of students or community members from our website is not authorized. Information about using our logo is available by contacting ICTManager@aisz.hr.