EAC Data Protection and Privacy Notice
Escola Americana de Campinas (EAC) shall comply with the relevant national (Brazilian) data protection regulations and international data protection standards. EAC is committed to keeping personal information collected from students, parents, employees and third parties accurate, up-to-date, safe and secure. This commitment includes not keeping personal information longer than necessary. This EAC Data Protection Policy (hereinafter “POLICY”) applies to all personal data collected for and on behalf of EAC, collected in similar form (forms, documents, in writing) and through technological means, such as information systems and email.
1. Purpose of Collecting Personal Information
EAC collects personal data, including special categories of personal data of students, parents, employees, and third parties (e.g. vendors) in order to provide a safe and caring international environment for teaching, learning and general educational purposes.
More specifically, EAC processes the personal data of students, families and employees for the following purposes:
- To undertake and manage the school admissions and enrollment;
- To provide a safe and secure learning environment;
- To comply with child protection requirements;
- To support and enable the academic, pastoral and personal objectives of children, including the monitoring and reporting of progress;
- To provide quality and well informed educational services;
- To provide support and care for social, emotional and psychological wellbeing (counseling);
- To protect the health of the students and faculty/staff;
- To provide a tailored learning environment and make evidence based education decisions for the students we serve;
- To enable the children we serve to continue or progress their education at other educational organizations;
- To support and develop our employees in the performance of their duties;
- To support financial planning to support future planning and resource investment purposes;
- To meet our statutory reporting requirements to the education and other authorities;
- To help investigate any concerns or complaints registered by students, faculty/staff, and parents;
- To build the EAC community and advance the mission, vision, and core values (e.g. sponsorship);
- To inform the community about any services, news, events and activities that are undertaken at EAC;
- To communicate within the framework of your relationship with EAC;
- To ensure the safety and security of students and staff, including camera surveillance;
- To forecast or plan for education service provision;
- To respond to requests of our staff and (former) students regarding historic information pertaining to their time at EAC.
EAC collects and uses personal data to carry out the education services as described above. We do so under the lawful basis and in alignment with the terms and conditions in employment contracts and contracts between parents/legal guardians and the school.
2. Data Subjects’ Rights
This Policy aims to guarantee students, parents, employees and third parties the following rights:
- Access to information;
- Data portability;
- To Rectification if there is an error on the data stored;
- To erasure if there is no longer a need for school to keep the data;
- To restrict processing, i.e. to limit what is done with their data;
- To object to data being shared or collected;
Data subjects’ rights are also subject to child protection and safeguarding concerns, sharing information for the prevention and detection of crime. EAC also have legal and contractual obligations to share information with organizations. In some cases these obligations override individual rights.
3. Categories of Personal Data
The categories of personal data that EAC collects and processes include all personal identification details about students, parents, employees and third parties, in order to provide a safe and caring international environment for teaching, learning and general educational purposes.
This personal data includes some or all of the following: name and address, birth date, parents’ name, identification document, email address, mobile number, previous school details, teacher reports applications, medical data, dietary requirements and restrictions, emergency contact information, position area of work of employees and third parties while working at EAC or on our behalf.
The provision of educational services requires EAC to collect and process special categories of data, such as health information, for the purposes of safeguarding the protection students and the wellbeing of those within our care. EAC will not disclose or share special categories of data without explicit and unambiguous consent unless we have to do so where we are required to by law, or where we have good reason in protecting the vital interests of an individual, or where not doing so would place someone else at risk.
4. Storing personal data
EAC is committed to efficiently managing records in order to comply with legal and regulatory obligations. Records provide evidence for protecting the legal rights and interests of the school, and provide evidence for demonstrating performance and accountability. All student and faculty/staff records will be stored securely at all times.
Paper and electronic records will have appropriate security measures in place. This will ensure that confidentiality is maintained for student and staff records while enabling information to be shared lawfully and appropriately, and to be accessible for those authorized to see it. Student and employee records will be disposed of in accordance with the safe disposal of records guidelines.
All secure digital storage are encrypted against data exchange and access, stored in servers with restricted access (physical and electronically), password protected (to access the data, system requires username and password, only authorized EAC employee has access) Physical secure storage, all file cabinets are stored in a safe room, all doors are safely locked and secure. Only authorized personnel has access to the files.
5. Sharing and transfers of personal data
EAC shares personal data internally within EAC for the purposes of delivering the services required. For the purposes described in Article 3 of this POLICY, EAC may need to share your personal data externally with certain recipients, as well as with third parties processing your data on behalf of EAC. More specifically, this includes the following categories of recipients:
- Schools, colleges or universities that the students attend after leaving EAC; Other international schools (amongst others for the purposes of trips, sports and activities);
- Local education authorities in Brazil;
- Family nurses, doctors or social service organizations (amongst others where sharing is in the vital interests, or where not sharing could have a negative impact on the individual);
- Providers of information systems that are necessary for EAC to deliver the admissions, administration, teaching and learning, pastoral development, and child protection services;
- Providers of IT hosting and maintenance services;
- Government organizations, police, health and social care such as the Diretoria de Ensino and the Conselho Tutelar (where we are required to do so by law, or where we have obtained your consent to do so);
- Share student parent information with field trip providers.
Unless there is a statutory requirement, EAC will not share information about workforce members with anyone without consent unless the law and our policies allow us to do so.
EAC may also transfer personal data to organizations outside Brazil. This may, for example, occur for the purposes of student application for college or university. For such transfers of personal data outside Brazil, EAC has implemented suitable safeguards (e.g.parent-guardian permission, encrypted email, secure college/university application platforms) required under applicable data protection legislation.
6. EAC Google Email Address
EAC issues one secure and encrypted Gmail address to the parent(s)/legal guardian(s) of all students enrolled in the school. Parents/guardians are responsible for securing and managing the password to their school-issued Gmail account. This Gmail address serves as a login to all software applications used by the school (e.g. EAC App, PowerSchool, Schoology, Seesaw, etc.) EAC will not issue an EAC Gmail account to any third party (e.g. personal assistant) or provide support for a third party to log-in to an EAC software application.
7. IT Systems
For the purposes of IT hosting and maintenance, all school information including personal data is located on servers hosted either at school or in the cloud managed by providers such as PowerSchool, SeeSaw, Schoology, SchoolBuddy, EAC APP, Totvs, and Google. No third parties have access to your personal data unless the law allows them to do so. Where the law allows, EAC will share information with third parties.
EAC cannot deliver our education services without processing the data we collect and share. All our data are encrypted and secured, and all data is backed up on a daily basis. EAC has put proportionate organizational and technical measures in place to protect personal information. Only authorized EAC employee has access to your data. More information about this can be requested from EAC’s Data Protection Officer Leonardo Goes at email@example.com.
8. Cookies: EAC Website and App
Cookies are small text files exchanged between the web-server and your browser each time a page is visited. Cookies typically perform functions intended to enhance your browsing experience. Cookies are used to track user digital preferences, such as what are your favorites places to eat, travel, things you are looking for. Cookies are mostly used for advertising purposes, to show what you are interested in.
9. Camera surveillance
EAC collects information in the form of camera footage via a CCTV-system to ensure the safety and security of students and faculty/staff. We retain these CCTV images for 30 days after which they are deleted, unless we need to retain the images for further investigation or law enforcement purposes.
10. Photographs and Videos
Faculty/staff and students may take photographs and videos of your children throughout the school year to record and share everyday life at EAC. Your child may be identifiable in these photographs or videos. Identifiable photographs of your child may be used for:
§ Educational and informational purposes (such as keeping records of lessons, field trips, sports, events, staff training), as we have a legitimate interest to do so;
§ The identification of your child for health related purposes, such as allergies, as it is in the vital interest of your child to do so; and
§ Marketing and publication purposes, if and to the extent we have obtained you and/or your child’s consent where required under applicable data protection legislation to do so. (See Media Authorization Release Form)
If such photographs and videos reveal any sensitive personal data of you or your child, we will only process and use such photographs and videos if and to the extent we have obtained you and/or your child’s consent where required under applicable data protection legislation to do so.
11. Applicable Law and Jurisdiction
This Policy and any disputes arising out of in relation to this Policy shall be exclusively governed by and construed in accordance with Brazilian law. The appropriate local courts are responsible for any disputes arising out of or in relation to these guidelines and procedures.
12. Questions & Concerns
If an employee or parent has questions or concerns about EAC’s approach to data collection and protection, please contact Data Protection Officer Leonardo Goes at firstname.lastname@example.org or 19 2102-1025
As this Privacy Notice is based on new legislation, it will also be reviewed if and when any new local or national guidance for schools is published.