We have developed this Policy statement in order for you to understand how we collect, use, maintain and disclose personal information.
Each Academy, as referred in the enrollment contract from each of the existing Boarding Schools (hereinafter the “Academy”), is responsible for protecting the confidentiality of the personal data, sensitive personal data and personal financial or patrimony data of their past, current and prospective students, and their parents or guardians, in addition to securing their privacy and their informative self-determination rights.
To exercise the rights of access, correction, cancellation, limitation on use or revocation of consent, a request in writing may be submitted to the Privacy Division at the following e-mail firstname.lastname@example.org
This Policy has the purpose of protecting the privacy of the information rendered by our past, current and prospective students and their parents or guardians, to enable the academic services provided by the Academy.
When providing personal data, the parents or guardians of the student (each, a “data subject”), consents to its handling as required by Law. If the data subject does not agree, the data subject must refrain from providing any information.
The Academy, in compliance with its local law as well as other applicable legislations may collect personal data, sensitive personal data and financial or patrimony data for some of the following purposes:
Aid in the admissions process to any Academy; follow-up of the admissions process; schedule activities depending on the student’s skills and preferences; contact parents and render feedback on the progress of their kids; keep parents up to date concerning their kids; keep in touch with students and their parents or guardians when courses are over.
The following personal data, sensitive personal data and financial and patrimony personal data may be handled and treated, including but not limited to:
a) Identification Data: Name, age, date and place of birth, nationality, country of residence, gender, height, weight, domicile, e-mail, contact phone numbers, Passport info, visa info.
b) Information on Relatives: Mother and father’s general data, or if applicable, the guardian’s data. Name and age of siblings.
c) Academic Data: Student’s current school, grade, previous course grade point average, conduct average, number of credits, number and list of failed subjects. Mention if student has been enrolled in any of the Academies.
d) Sensitive personal Data: Religion, religious beliefs, religious associations to which the individual was a member of, hobbies, sports, extracurricular activities.
e) Health Data: Health conditions, clinical history, diseases, dietary restrictions allergies, blood type, organ donor, psychological and psychiatric character matters, doctor’s contact info, medical or psychological treatments received and emergency contact info.
The lack of the aforementioned data may result in the denial from the Academy of rendering academic services.
Additionally, it is established that in order to fulfill the purposes provided in the herein Policy, sensitive personal data previously described will be collected and handled. Consequently, the Academy agrees to treat and handle the data under strict security measures always guarantying confidentiality.
The Academy, concerning the protection of personal data, observes the principles of confidentiality, legitimacy, consent, information, quality, loyalty, proportionality and responsibility.
In those cases, permitted by Law, the Academy may share national or international data without the data subject’s consent. In addition, the data is also shared with service providers who help us achieve the agreed contractual duties.
Third parties and other entities will be subject to the same obligations and/or responsibilities accepted by the Academy with the data subject, through this Policy.
The data subject holding a legal relation with the Academy accepts and acknowledges that personal data may be shared pursuant to the terms and conditions established in the herein Policy.
Options and means to limit the use or disclosure of personal data.
The handling and sharing of your personal data, will only when necessary, appropriate and relevant regarding the purposes provided in the herein Policy.
The Academy has the necessary safety, managerial, technical and physical means, necessary for the protection of your personal data against damage, loss, alteration, destruction, unauthorized use or access.
Personal Data is safeguarded in secure data bases and computer equipment and systems that prevents the leaking of data. Some of the protection tools used for data safeguarding of the Academy are: physical and logical controls, environmental controls, firewalls, antivirus protection tools, and web filtering.
If the data subject desires to limit the use or disclosure of the personal data, the data subject may request so before the Privacy Division at the following e-mail email@example.com.
Rights of Data Subject’s Personal Data
The data subject may exercise the rights of access, correction, cancellation and disclosure over personal data, and the Academy will provide the means necessary for the appropriate exercise of his rights. The exercise of the rights of access, correction, cancellation, disclosure, limitation of use or revocation of consent must be requested in writing before the Privacy Division at the following e-mail firstname.lastname@example.org
Exercise of Rights Procedure
The request in writing and via e-mail for the access, correction, cancellation, disclosure, limitation of use or revocation of consent, must contain and be accompanied by the following;
1. Name and domicile of the student or another way of delivering the response to the aforementioned request,
2. Documents that prove identity or, if applicable, those of his legal representative
3. Detailed and clear description of the personal data of which he seeks the exercise of some of the aforementioned rights,
4. Any other element or document that aids in the finding of the personal data.
5. Concerning correction requests, the data subject shall detail the desired changes and render the documents that support his request.
Within a period of 20 business days following the date of reception of the request for access, correction, cancellation or disclosure, the Academy will let the data subject know their decision, for the purpose of, if applicable, executing it within the 15 days following the date of the response. The aforementioned terms may be extended only once for the same period, provided that the case´s circumstances validate the extension.
The obligation of Access to the information shall be considered fulfilled when placed at the disposition of the data subject.
The data subject of the personal data may revoke his consent for the treatment of personal data at any time, by sending written request to the Privacy Division at the following e-mail email@example.com.
Within the 20 business days following the reception of the revocation request the Academy will inform the data subject, the legitimacy or illegitimacy of the request, if the request is legitimate it will be effective 15 business days following the response via e-mail provided by the data subject.
Changes to this Policy
These changes are available through the web page: www.oakinternational.org
The data subject renders express consent, when providing his data orally, in writing, by electronic, optical or any other technological mean, or by unmistakable signs.
Pursuant to the Academy’s local law, through this Policy:
This express consent may be accepted through handwritten signature, electronic signature or any other authentication mechanism.
First Publication: July 6, 2011
Last modification: April 10, 2019