- WHO WE ARE
- 1. HOW WE USE PERSONAL INFORMATION
- 2. WHY WE COLLECT DATA AND PERSONAL INFORMATION
- 3. CATEGORIES OF PERSONAL DATA PROCESSED BY LAS
- 4. COLLECTING STUDENT INFORMATION
- 5. RETENTION AND STORING OF PERSONAL DATA
- 6. SECURITY
- 7. WHO WE SHARE INFORMATION WITH
- 8. WHO WE SHARE WORKFORCE INFORMATION WITH
- 9. CCTV
- 10. PROCESSING AND TRANSFERS TO THIRD COUNTRIES
- 11. AUTOMATED PROFILING
- 12. IT SYSTEMS
- 13. COOKIES
- 14. FUNDRAISING AND KEEPING IN TOUCH
- 15. REQUESTING ACCESS TO YOUR PERSONAL DATA
- 16. CONTACT
Leysin American School S.A. (“LAS”) is a limited corporation based in Leysin, in the canton of Vaud, Switzerland, founded in 1960. Its identification number UID is CHE-107.024.781. In 2005, majority ownership of LAS was passed to the Foundation for the Advancement of International Education, a registered charitable foundation in the canton of Vaud. Its identification number IDE is CHE-112.481.256.
Last updated: 26, February 2019.
LAS collects personal information and sensitive categories of personal information of students, parents, employees, and at times third parties, to provide a safe and caring environment for teaching, learning, and general educational purposes. We use the information you provide for purposes that are necessary by law and required to undertake the performance of the contract into which you have entered and do so as we are required to do by law. We will always ensure we have a condition for processing personal and sensitive information.
We use the information you provide in the following ways:
- to undertake and manage the school admissions and enrolment and summer programs
- to approved school trips
- to provide a safe learning environment to comply with child protection requirements
- to support and enable the academic, pastoral and personal objectives of children, including the monitoring and reporting of progress to provide support and care for emotional and psychological wellbeing (pastoral and counseling)
- to protect the health of the students and staff we serve. We may also use data provided to us by other health professionals to safeguard staff and students
- to provide a tailored learning environment and make evidence-based education decisions for the children we serve to enable the children, we serve to continue or progress their education at other educational organizations
- to enable the development of a comprehensive picture of the workforce and how it is deployed
- to inform the development of recruitment and retention policies
- to support the employee hiring and appraisal processes
- to enable individuals to be paid
- to support and develop our employees in the performance of their duties
- to moderate teacher assessments of students
- to support students in deciding what to do after leaving LAS
- to develop and maintain relationships after graduation, successful completion of one semester, or upon request
- to financial planning to help in the future planning and resource investment purposes
- to meet our statutory reporting requirements to the Département de la formation, de la jeunesse et de la culture and other authorities
- to help investigate any concerns or complaints you may have
We collect and use personal information to carry out the education services as prescribed above. We do so under a lawful basis, as prescribed by the associated Regulations. In some circumstances we may be required to share your personal data for legal statutory purposes or under legitimate interest. If we need to share your information we will ensure, if required, that you are advised.
- personal information (such as name, date of birth, unique number, email address and mailing address)
- special categories of data (such as health, religion, medical information, criminal records)
- other relevant categories for the performance of our services (such as assessment, relevant medical information, special educational needs information, exclusions / behavioral information and psychological reports and assessments)
- attendance information (such as sessions attended, number of absences and absence reasons)
- logging and audit in the use of IT systems and education technology apps, applications and cloud-based systems
- photographs and videos taken by staff and students throughout the school year to record and share everyday life at LAS. Your child may be identifiable in these photographs
- photographs taken for identification purposes e.g. ID cards
- admissions, academic, disciplinary, and other education / employment-related records
- personal references, examination results, and grades
- financial information (eg for financial aid assessment or for fundraising)
- courses, meetings, or events attended
- schools, colleges, or universities that the students attend after leaving us
- family nurses, doctors, or other organizations where sharing is in the vital interests, or where not sharing could have a negative impact on the individual
- Département de la formation, de la jeunesse et de la culture, providers of information systems that are necessary for LAS to deliver the admissions, administration, teaching and learning, pastoral development, standardized testing bodies, college board, IB Organization, and child protection services
- third parties for school trips/outings
- law enforcement or other authorities if required by applicable law (eg permit and visa processing)
- contracted third-party providers of services (eg photographer, travel service providers)
- We are required to share information about our school employees with Federal Tax Office (concerning payroll), AVS Authority (social security office) and BCV Foundation second pillar (workplace pension)
The establishment records and stores personal data on the CCTV system for the following purposes:
- For security and personal safety of students, staff, visitors and members of the public.
- For security in the protection and monitoring of buildings, equipment, and personal property of students, staff, visitors and members of the public.
- For the purpose of prevention and detection of crime.
- For disciplinary reasons in monitoring and upholding the establishment related rules.
Location and positioning of cameras:
- Internal and external locations have been selected to achieve the purposes set out above.
- Locations and positions are appropriate to the purposes of image capture and are not located in areas that require heightened levels of privacy (changing rooms, toilets).
- Signage has been placed in visible locations notifying that CCTV is in use.
- Locations and positions of cameras may change from time to time in response to tactics required to meet the purposes set out above. With the limited exception of the public facing entrance(s), the cameras are not filming the public.
- Cameras are fixed and do not record audio.
- Cameras will record continuously.
System operation and management
- Only authorized staff may observe the operation of the system, and may do so 24 hours a day, 365 days a year.
- Viewing of captured images will be restricted in a private environment and is restricted to authorized individuals.
- Viewing of captured images will only be authorized in association with one of the purposes as above.
- Where viewing is authorized, the purpose, time, date and images viewed will be documented and logged by the authorised viewer.
- Unless otherwise required as evidence in pursuit of one of the stated purposes, images are stored for a maximum of 7 days before being deleted by Eagle Eye Networks.
- The organization takes proportionate organizational and technical measures to ensure the security of processing in accordance with Article 32 of the GDPR.
- Regular maintenance of the cameras and the system will take place to ensure the continuity of recording and good health of the system.
Image transfer and disclosure
- A log is maintained of all images viewed, downloaded, transferred and disclosed. The log will document:
- supported purposes and lawful basis for the use of the images
- the individual(s) who released the images and the individual to whom the data has been transferred / disclosed
- the date, time and protections in place when the transfer / disclosure took place.
- The establishment may receive CCTV images from third parties in achieving the purposes set out above. These parties may include transportation, accommodation organizations and other public bodies such as local government and police.
- The data protection law provides data subjects with a wide array of rights that can be enforced against organizations which process personal data. These rights may limit the ability of schools to lawfully process the personal data of data subjects, and in some cases these rights can have a significant impact on the way the school works.
- For further information on your rights, please refer to the Information Rights Policy or contact our Data Protection Committee.
Any questions relating to this policy should be directed to: gdpr@.com
- be informed of how we are processing your personal information—this Privacy Notice serves to explain this you but do get in touch if you have any questions;
- have your data corrected if it is inaccurate or incomplete;
- have your information erased (the right to be forgotten) in certain circumstances—e.g. where it is no longer needed by us the purpose for which it was collected or you have withdrawn your consent;
- restrict the use of your data in certain circumstances e.g. where you have told us the data is inaccurate and we are in the process of checking this. In such circumstances we will continue to store your data but will not process it further until we have checked and confirmed whether the data is inaccurate; to object to the processing of your data in certain circumstances—e.g. you may object to processing of your data for direct marketing purposes
- to object to decisions being taken by automated means or for it to be reviewed by manual intervention
- to object to processing of personal data that is likely to cause, or is causing, damage or distress prevent processing for the purpose of direct marketing in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
- claim compensation for damages caused by a breach of the Data Protection regulations
If you have any concerns about the way we are collecting or using your personal data, you should raise your concern with us in the first instance.
You can also directly contact the Supervisory Authority in Switzerland:
Federal Data Protection and Information Commissioner
Tel: +41 58 462 43 95
Fax: +41 58 465 99 96