Data Protection Statement
Introduction
Thank you for visiting the website of Munich International School e.V. (MIS). We take the protection of your personal data very seriously and strictly observe the appropriate laws and regulations. We would like to take this opportunity to inform you about the steps taken by MIS to ensure the protection of your data as well as how your data may be processed and the purpose of doing so. The legal framework are set by the European Union (“EU”) General Data Protection Regulation (“GDPR”) and the revised German Federal Data Protection Act (BDSG-new).
The primary reason that MIS uses personal data is to enable the School to provide educational and support services to enrolled students. With regard to such processing, MIS will qualify as a data controller. This notice explains how MIS collects, processes and stores personal information of parents, students, staff, service providers / supplier, applicants and interns, who this information might be shared with and the ways in which the School protects and accounts for the protections to privacy. The notice also explains decisions that parents, students, staff, donors, service providers / supplier, volunteers, applicants and interns can make about their personal data held by MIS.
What Is Personal Data?
Personal data is data that the School holds about students, parents, staff, service providers / supplier, volunteers, applicants and interns (“data subjects”) which identifies them. The School needs to know the basic personal data of parents, staff, service providers / supplier, volunteers, applicants and interns (such as but not limited to contact details, dates of birth, home languages, gender, current employer, diplomas achieved, and criminal background checks) and students (including names, addresses, dates of birth, home languages, academic progress, examination results and behaviour records). This could also mean recording and processing special categories of personal data such as medical data. CCTV, photos and video recordings are also personal data (all together, the “Personal Data”).
This notice applies to all Personal Data collected for or on behalf of the School whether in analogue form (documents and forms in writing) or in digital form (such as information systems, databases and emails).
Legal Basis for Processing of Personal Data by MIS
Personal Data will be collected, processed and stored for the purpose of the enrolment and education of students, the employment of staff or the execution of contracts and agreements with the School.
We do so under the lawful basis that the processing is necessary for the performance of a contract in which you as the data subject is entering or has entered into (Art. 6 (1) a) GDPR). In some circumstances we may have to process data for other purposes that are not necessary for the performance of the contract but are within the lawful basis of Art. 6 (1) b)-f) of the GDPR. In such cases, the processing may be based upon our legitimate interests, such as providing a safe learning environment, maintaining the MIS community, fundraising, etc.,
- - on the protection of you or your children’s vital interests,
- - on the compliance with our legal obligations and/or
- - on the consent you or your children may have provided to us.
Collection of Personal Data: How We Use Your Personal Data
MIS collects personal data, including special categories of personal data of students and parents to provide a safe and caring international environment for teacher, learning and general educational purposes.
More specifically we process your or your children’s personal data for the following purposes, and other purposes that are compatible with the purposes described below:
- - to undertake and manage the School’s admissions processes
- - to provide a safe and secure learning environment
- - to comply with child protection requirements
- - to support and enable the academic, pastoral and personal objectives of children, including the monitoring and reporting of progress
- - to provide our educational services
- - to provide safe transportation services
- - to provide support and care for emotional and psychological wellbeing (pastoral and counselling)
- - to protect the health of the students and staff we serve
- - to provide a tailored learning environment and make evidence based education decisions for the children we serve
- - to enable the children we serve to continue or progress their education at other educational organisations
- - to support and develop our employees in the performance of their duties
- - for financial planning to help in the future planning and resource investment purposes
- - to meet our statutory reporting requirements to the education and other authorities
- - to help investigate any concerns or complaints you may have
- - to build and maintain the MIS community, including through fundraising
- - to make you aware and inform you about our services, news, events and activities that are undertaken at or in association with MIS
- - to communicate with you within the framework of your relationship with MIS
- - to ensure the safety and security of students and staff, including camera surveillance
- - for forecasting and planning for education service provision
- - to respond to requests of our staff and (former) students regarding historic information pertaining to their time at MIS.
How We Collect Your Personal Data
Personal data relating to you or your children can be obtained directly from you or your children, for example via completing the Application and Health and Consent forms, via the website, via meetings with teachers and staff, etc.
Personal data relating to you or your children can also be obtained via other information channels, such as previous schools, health professionals, social media channels, etc.
Personal data relating to you or your children also obtained by actions of MIS itself or its data processors, e.g. through evaluations, camera surveillance, access control measures, etc.
Categories of Personal Data Being Processed
The categories of personal data that MIS collects and processes include:
- - Personal information (such as name, unique number and address)
- - Special categories of data (such as health information, ethnicity)
- - Educational and evaluation data (such as assessments, relevant medical information, special educational needs information, exclusions / behavioural information and psychological reports and assessments)
- - Attendance information (such as sessions attended, number of absences and absence reasons)
- - Logging and audit in the use of IT systems and education technology apps, applications and cloud based systems
- - Communication and correspondence data (such as emails, letters and other types of correspondence)
- - Photographs and videos.
Special Categories of Data
The education services we provide require us to collect and process special categories of data, such as health information, for the purposes of safeguarding the protection of your children and the wellbeing of those within our care. We do not disclose or share special categories of data without explicit and unambiguous consent unless we have to do so where we are required to by law, or where we have good reason in protecting the vital interests of an individual, or where not doing so would place someone else at risk.
Collecting Data With Consent
Whilst the majority of data provided to MIS is required for the performance of a contract, agreement or by law, some of it is provided on a voluntary basis. In order to comply with the GDPR, MIS will inform parents, staff, service providers / supplier, volunteers and interns when consent is required to process the data. Where consent is provided the data subject is free to withdraw consent at any time.
There may be instances where the data subject may not want MIS to process or share Personal Data. In these cases, MIS may not be able to fulfil the contracted or agreed service, or only do so in a limited way, or be able to comply with a statutory obligation. In those instances, MIS may not be able to comply with such a request. Data subjects can contact the School’s Data Protection Officer by emailing dpo@mis-munich.de, if they wish to withdraw consent.
Storing and Processing of Personal Data
We keep personal data for as long as necessary with regard to the purposes described above or for any other purposes that may be communicated to you.
In general, your personal data are stored on our own servers and on the servers of our external providers, located in the European Union. Regarding transfers outside the European Union, see below.
Sharing and Transfer of Personal Data
Your personal data is shared internally within MIS for the purposes of delivering the services required.
For the purposes described above, MIS may need to share your personal data externally with certain recipients, as well as with third parties processing your data on behalf of MIS. More specifically, this includes the following categories of recipients:
- - PTV, Sportverein, Il Cielo, schools, colleges or universities that the students attend after leaving MIS; Other international schools (amongst others for the purposes of trips, sports and activities);
- - Local education authorities in Bavaria;
- - Family nurses, doctors or social service organisations (amongst others where sharing is in the vital interests, or where not sharing could have a negative impact on the individual);
- - Providers of information systems that are necessary for MIS to deliver the admissions, administration, teaching and learning, pastoral development, transportation and child protection services;
- - Providers of IT hosting and maintenance services;
- - Government organisations, police, health and social care (where we are required to do so by law, or where we have obtained your consent to do so).
Transfer to Third Countries
Personal data may also be transferred to organisations outside Germany and outside the European Union. This may for example occur for the purposes of student application for college or university. Various teaching and learning applications of providers that are based outside the European Union are also used. For such transfers of personal data outside the European Union, MIS has implemented suitable safeguards in the form of standard contractual clauses where required under applicable data protection legislation. More information on these transfers and suitable safeguards can be requested from the data protection officer.
Retention of Data
MIS will retain Personal Data for as long as required by law or best educational practice. MIS retains Personal Data after parents, students, staff, service providers / suppliers, volunteers and interns have left MIS in order to provide traceability, alumni management, and donor engagement. It is widely accepted that a School should hold data on the achievements and experiences of a child for their benefit in later life should they need to access that information.
Subject to appropriate safeguards, MIS may keep some information during a longer period if needed for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes. Such information will be anonymised where reasonable.
Publication of Photos and Videos by the School
Photographs and videos of your children may be taken by staff and students throughout the school year to record and share everyday life at MIS. Your child may be identifiable in these photographs or videos. Identifiable photographs of your child may be used for:
educational and informational purposes (such as keeping records of lessons, field trips, sports, events, staff training), as we have a legitimate interest to do so;
the identification of your child for health related purposes, such as allergies, as it is in the vital interest of your child to do so; and
marketing and publication purposes, if and to the extent we have obtained you and/or your child’s consent where required under applicable data protection legislation to do so.
If such photographs and videos reveal any sensitive personal data of you or your child, we will only process and use such photographs and videos if and to the extent we have obtained you and/or your child’s consent where required under applicable data protection legislation to do so.
MIS Community
Publications destined for the MIS community, School Yearbook: students, parents, staff, service providers / suppliers, volunteers and interns may be identified by name in images found in publications such as the MIS Yearbook, weekly blog posts.
Public
Publications destined for the general public, including the MIS public website, School publications, press releases and articles: individuals will not be identified by name in photos or video clips without prior agreement.
If such photographs and videos reveal any sensitive personal data of you or your child, we will only process and use such photographs and videos if and to the extent we have obtained you and/or your child’s consent where required under applicable data protection legislation to do so.
Camera Surveillance / CCTV
Automated Decision Making / Profiling
The School’s IT systems may profile the use, access and content of all users. The profiling enables identification of safeguarding and child protection risks or concerns, on the basis of your explicit consent. Some education apps profile the behaviour, use and outcomes of children. The School has an internal process to assess the impact of this on students. In evaluating the use of these apps the School will consider the benefit gained from using it for the student to learn, develop and explore, against the negatives identified from profiling. Decisions will always be made by MIS employees and not be automated as a result from profiling.
Cookies
We use cookies on our website. For more information on how we use cookies, please refer to MIS official cookie policy.
Hubspot Analytics
Your Rights
Parents and students may exercise a number of rights with regard to the processing of their personal data vis-à-vis MIS, in so far as they effectively have those rights under applicable data protection legislation, such as the European General Data Protection Regulation 2016/679 of 27 April 2016 and the New German Federal Data Protection Act (new BDSG), as may be amended from time to time.
The first point of contact in connection with the processing of personal data and the exercise of the rights described below is the MIS Data Protection Officer (dpo@mis-munich.de). MIS shall respond to such requests and may or may not act upon them, in principle within a period of one month, all in accordance with applicable data protection legislation.
In addition, you also have the right to contact or file a complaint with the Bavarian Data Protection Authority: Bayerisches Landesamt für Datenschutzaufsicht: http://www.lda.bayern.de.
The rights which you may have under applicable data protection legislation are:
Right to object – the right to object on grounds relating to your particular situation to the processing of personal data based on the legitimate interests of MIS, and the right to object to the processing for direct marketing purposes.
Right to information and access – to request access to and a copy of the personal data MIS holds on you, as well as the right to information about relevant aspects of the data processing by MIS. This Notice serves to inform you thereon, but do get in touch if you have any questions.
Right to rectification – to correct inaccurate personal data or to complete incomplete personal data.
Right to erasure – to request the deletion or removal of personal data in specific circumstances, for example if your personal data are no longer necessary for the purposes pursued by MIS or if there no longer is a legal ground for the data processing.
Right to restriction of the processing – to limit the processing, e.g. where you have told us the data is inaccurate and we are in the process of checking this. In such circumstances we will continue to store your data but will not process it further until we have checked and confirmed whether the data is inaccurate.
Right to data portability – to receive your personal data in a structured, commonly used format and to transmit it or have it transmitted to another international school.
Right not to be subject to automated individual decision-making – the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Where the processing of your personal data is based upon consent, you and/or your child have the right to withdraw consent at any time. Such withdrawal of consent shall not affect the lawfulness of the processing based on consent before the withdrawal.
There may be instances where you may not want us to process or share your personal information. In these cases, we may not be able to fulfil the service you need, or do so in a limited way, or be able to comply with a statutory obligation. In those instances, we will not be able to comply with your request and we will tell you if this is the case.
Data Security
MIS has developed its internal organisation in such a way that it complies with the specific requirements regarding data protection. For the time that MIS stores and uses Personal Data, the School will ensure the appropriate security of this Personal Data including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Our website is hosted on internal servers, the technology is provided from Finalsite (Active Internet Technologies LLC). Data collected via our website is secured via a SSL encrypted connection.
Please note that communication and data processing via e-mail might cannot be 100% restricted from illegal access.
Liability for Links
Our website contains links to third-party websites over which we have no control. Consequently, we cannot accept any liability for the content of these external websites. Sole liability for the content of linked websites rests with the relevant provider or operator.
MIS Data Protection Officer
We are available for you at any time to answer your questions regarding the measures we have implemented to ensure your data protection and the processing of your personal data. If you wish to receive further information in addition to this Data Protection Notice or if you wish to receive detailed information about a specific topic please contact the Data Protection Officer at MIS.
For any questions or concerns relating to this Notice or the processing of your personal data by or on behalf of MIS, as well as for the exercise of any of the rights described above, please contact the MIS Data Protection Officer (dpo@mis-munich.de).
Applicable Law and Jurisdiction
This Notice and any disputes arising out of in relation to this notice shall be exclusively governed by and construed in accordance with German law. The courts of Munich, Germany, shall be exclusively competent for any disputes arising out of or in relation to this Notice.
This Privacy Notice has last been updated on 05 March 2024.
Munich International School e.V.
Schloss Buchhof
82319 Starnberg, GERMANY
info@mis-munich.de
+49 (0) 8151 3660