Version effective as of November 20, 2019
This Policy establishes how we process and protect the personal data of our students, staff, guests and other individuals.
“Personal data” means any information related directly or indirectly to a specific or identifiable individual.
Personal data may include, specifically, information that allows identifying an individual (e.g., first name, last name, passport data, and photographs) and additional information (e.g., postal address, email address, phone number, place of employment, job title, and marital status).
“Personal data processing” means any automated or manual operation performed on personal data, including collecting, recording, systematising, gathering, storing, verifying the accuracy of (updating, altering), extracting, using, transferring (distributing, providing access to), depersonalising, blocking, deleting or destroying personal data.
“Controller” means a government body, a municipal body, a legal entity or an individual that, independently or in cooperation with other entities, organises or conducts the processing of personal data. The Operator also determines the purpose for processing personal data, the content of personal data to be processed and the operations to be performed on personal data.
“Automated personal data processing” means processing personal data with computing facilities.
“Cross-border transfer of personal data” means transfer of personal data to the territory of a foreign country, to a foreign authority, a foreign individual or a foreign legal entity.
Protecting your personal data rights and freedoms is pivotal to the way we operate. To ensure your rights and freedoms are protected, upon your request, we, as your personal data Controller, may:
For more information on how to contact the School and discuss these and other issues, please see section “How to contact the School”.
2.1 INFORMATION WE MAY COLLECT FROM YOU
We may collect and process the following information about you:
• Information you give us: You may give us information about you by filling in forms or completing editable fields on our website. This includes information you submit on our website when you create a user profile, subscribe to our services and/or newsletters, participate in discussion boards or other forums, enter a competition, promotion or survey, and/or when you report a problem with our website. The information you give us may include your name, address, e-mail address, phone number, photograph, and/or such other information as you may give us from time to time.
• Information we may collect about you is automatically logged: Each time you visit our website we may collect (automatically or otherwise) information including:
• the Internet protocol (IP) address used to connect your computer to the Internet. This information identifies only the computer that is being used to view the website, and does not identify the user as an individual; and
• your web browser type and version, time zone setting, operating system, and the Uniform Resource Locators (URL) of the websites which you use immediately before and after our website. This information enables us to produce and review vital statistics about our website, in turn enabling us to develop our website to provide the best possible experience for our users.
In order to ensure that we can provide you with a secure website which complies with user expectations and all necessary laws, we may also collect information which you submit through the use of any private messaging functionality on our website. Any such information which we collect will be used only for security and member rules, compliance purposes, and will not be used for other purposes such as advertising.
• Information we receive from other sources: we may receive information about you if you use any of the other websites we operate or the other services we provide. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, and/or credit reference agencies) and may receive information about you from them from time to time.
2.2 HOW WE USE THIS INFORMATION
We may use information held about you in the following ways:
Information you give to us - We may use this information
• to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products, and services that you request from us;
• to notify you about changes to our service; and/or
• to ensure that content from our website is presented in the most effective manner for you and for your computer.
Information we collect about you - With exception to any information collected through your use of any private messaging functionality on our website
• to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistics, and/or survey purposes;
• to improve our website to ensure that content is presented in the most effective manner for you and for your computer;
• to allow you to participate in interactive features of our service, if and when you choose to do so;
• as part of our efforts to keep our website safe and secure; and/or
• to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.
Any information collected through your use of any private messaging functionality on our website may be used to provide you with a secure website which complies with user expectations, and all necessary laws, member rules, and will not be used for any other purposes such as advertising.
• Information we receive from other sources: we may combine this information with information you give to us, and which we collect about you. We may use this information, including the combined information, for the purposes set out above (depending on the types of information we receive).
2.3 DISTRIBUTION OF YOUR INFORMATION
We may disclose your information:
• to any member of our group, being our subsidiaries and/or holding company (and its subsidiaries);
• in the event that our business (or any party of it) is bought by, or integrated with, a third party business, to our advisers and/or the prospective purchase and their advisers, and potentially also onto the new owners of the business (or relevant part of the business);
• in aggregated form to third parties for the purpose of their or our analysis, including for the purpose of fraud protection and assisting us with the improvement or optimisation of our website; and/or
The School processes personal data on legal grounds only, such as an obligation to process personal data by law, the need to process to execute a contract signed with the data subject or in its interest, personal data subject’s consent or consent of its legal representative, and other grounds stipulated by applicable legislation.
We may process your personal data both using automated tools including information and telecommunication networks and manually.
We do not make decisions that may affect your rights and interests based on automated processing of your personal data only.
A limited number of the School’s staff and third parties with whom we have signed appropriate agreements will have access to your personal data. When collecting your personal data, we will inform you on the third parties that will have access to your data and on the purposes we transfer your data to such third parties.
We will ensure our staff comply with this Policy. Delegating your personal data processing to third parties, we oblige them to ensure protection and security of your personal data.
The School may be obliged to disclose your data upon request from law-enforcement agencies and other bodies under applicable law.
We will make all reasonable effort to prevent disclosure of your data to third parties who have no legal grounds to process such data and to ensure protection of your personal data during transfer outside the School including cross-border transfers.
We will take all necessary legal, organisational and technical measures to ensure your personal data security under applicable law. In particular, the School:
The School will be processing your personal data no longer than is necessary to fulfil the purpose they were collected. The personal data may be retained longer where law establishes other retention periods.
The School retains accurate personal data and updates them. You may request to delete, correct or amend your personal data if they are inaccurate or if you believe the School has no right to process them under applicable law. You may also request access to your personal data.
For more detail on how to file a request, see section “How to contact the School”.
The School will permanently destroy your personal data where it is established that the School does not have any legal grounds to process them, e.g., where the retention period has expired or where you have withdrawn your consent. The School will also ensure permanent destruction of your personal data by third parties processing your personal data under the School’s instructions.
If you have any questions on how we apply, use, change or delete the personal data you provided to us or if you want to stop any further communication with the School, please contact us by sending a free-format message to the following email address: email@example.com.
Alternatively, you can send your message to communications@aas, to the attention of the Data Protection, Privacy and Compliance office responsible for organisation of personal data processing.
In all your correspondence with the School, please specify your first and last name, ID (if applicable), personal data processing circumstances that cause doubt or concern, and a detailed account of the matter. We will make all reasonable efforts to handle your request promptly.
In some cases, to handle a request, we will need to identify the data subject who filed it. This may entail a personal visit of the data subject to the School and provision of an ID document and (or) preparation of a written request signed personally by the personal data subject or its legal representative.
If the school makes changes to this Policy, the updated version will reflect all changes and we will notify you on them by updating the effective date of the Policy indicated on the title page. Without prejudice to your rights, under current legislation, we reserve the right to amend this Policy from time to time to reflect new technology, legal developments, new regulations, and business practices.