Purpose and objectives
This protocol concerns the rules on the processing of personal data of ESI pupils.
This protocol aims:
a. protect the privacy of data subjects against the improper and unintentional use of personal data;
b. determine which personal data are processed and for what purpose this is done;
c. ensure the accurate processing of personal data;
d. to guarantee the rights of the interested party.
Purpose of the processing of personal data
In the processing of personal data, ESI adheres to the relevant legislation and to the EU legislation. on the protection of personal data entered into force on 25 May 2018.
The processing of personal data takes place for:
a. organization or teaching, supervision of pupils, participants or students
b. provision or making available of teaching materials;
c. to calculate, register and collect tuition fees;
d. provide insurance for pupils against accidents;
and. dealing with disputes and carrying out auditing activities;
f. maintain any contact with alumni.
Personal data are used only to the extent that such use is compatible with the specific purposes of the processing. The school does not process more data than is necessary to achieve the set goals.
Basis of processing
The processing of personal data takes place exclusively on the basis of:
a. Authorization – In the event that the interested party has given unequivocal consent to the processing
b. Legal obligation – In the event that the data processing is necessary to fulfill a legal obligation to which the ESI may be subject
c. A vital interest (insurance, injuries,…);
d. Justified interest.
ESI does not keep the data longer than necessary for the fulfillment of the purpose for which it was obtained, unless there is another legal obligation that makes data retention mandatory.
ESI grants access to personal data stored in the school's archives and systems a:
- the person authorized to process personal data;
- the teachers each pupil refers to;
- third parties who must be allowed access to data in accordance with the law.
Security and confidentiality
ESI adopts appropriate technical and organizational security measures to prevent data from being damaged, lost or unlawfully processed;
ESI ensures that employees do not have access to personal data that is not strictly necessary for the proper performance of their work.
Provision of data to third parties
If there is a legal obligation to do so, ESI may provide personal data to third parties. The provision of personal data to third parties may also take place with the prior authorization of the interested party.
Rights of interested parties
Improvement, addition, removal and protection: the interested party can request the correction,
addition, removal or protection of your personal data.
ESI informs the interested party about any possible processing of his personal data.
Responsible for data protection
The data protection officer checks the application and respect for privacy and is also the contact person for complaints and questions from those involved in confidential treatment.