PRIVACY POLICY AND INFORMATION ON DATA PROCESSING

1. For what purpose, under what title and on what basis do we process personal data?

• a. Functionality of the Website:

  • Purpose: to allow the use and navigation of Users (both registered and unregistered Users) through the Website by ensuring that the Website functions correctly, to allow technical updates and maintenance, and to improve the navigability and performance of the website or app based on anonymized usage data.
  • Categories of data processed: browsing data, including IP address, browsing habits, usage preferences, language, operating system, approximate location on region and country of access, operating system of your terminal, cookies and anonymized statistical data.
  • Categories of Data Subjects: Registered and unregistered users who make use of the Website.
  • Method of obtainment: shared by the User through the navigation on the Website.
  • Bases of legitimation: Legitimate interest, compliance with a legal obligation and consent for the processing of non-technical cookies.
  • Retention period: Personal data will be retained only for as long as necessary for the purpose for which it was initially collected. After its completion, personal data may be blocked during the periods provided by applicable legal provisions to comply with regulatory obligations, including tax, commercial and money laundering prevention regulations, as well as during the period of legal prescriptions.
  • Communication: your data will not be communicated in general. However, they may be communicated to our external providers of technological, IT and/or data hosting services essential to guarantee the purpose for which they were collected; and to public authorities if required by a legal obligation or by a public authority. Your data will not be sold to third parties.

• b. Provision of the Services:

  • Purpose: To provide Users the Services to find, research, compare and contact international schools and publication of reviews through the Website.
  • Categories of data processed: identification data (name and surname); Personal characteristics (date of birth, age or the children); contact data (including email address and telephone number); credentials and access data to registered Users (password and username). Additionally, we may process the status association with the School to which the User is posting a review (student, parent of a student, teacher, school administrator, or other) and the content of the messages or reviews published in the Website, personal preferences, age of the User’s children, and IP address.
  • Categories of Data Subjects: Registered and unregistered Users.
  • Method of obtainment: directly from the User when using the Website.
  • Legitimate bases: the processing is necessary for the performance of a contract to which the Data Subject is a party or for the application, at the request of the Data Subject, of pre-contractual measures; and the User's consent.
  • Retention period: for as long as the services are provided. After its completion, personal data may be blocked during the periods provided by applicable legal provisions to comply with regulatory obligations, including tax, commercial and money laundering prevention regulations, as well as during the period of legal prescriptions.
  • Communication: your data will not be communicated in general. However, they may be communicated to our external providers of technological, IT and/or data hosting services essential to guarantee the purpose for which they were collected; and to public authorities if required by a legal obligation or by a public authority. Your data will not be sold to third parties.

• c. Contact form or emails

  • Purpose: We receive communications, including emails, from potential users and users asking for more information. In those cases, we might need to use your data to be able to respond to the queries raised and to contact the user to resolve the doubts or questions raised.
  • Categories of personal data: identification and contact details of the person acting on behalf of a User who is a legal person (name, surname, e-mail, phone); and identification and contact details of the User - natural person (name, surname, e-mail address, information on your personal preferences regarding education and age of your children).
  • Categories of Data Subjects: Registered and unregistered Users who use the platform or Website and submit a contact form or sends a communication to the Provider through any of our contact means.
  • Method of collection: Data is collected directly from Users when they contact the Provider.
  • Legal basis for processing: The User’s consent, the legitimate interest of the Provider in giving a response to the User’s enquiry, or in where applicable, the execution of the requested pre-contractual measures.
  • Retention period: for the time necessary to fulfill the purpose for which they are processed. After its completion, personal data may be blocked during the periods provided by applicable legal provisions to comply with regulatory obligations, including tax, commercial and money laundering prevention regulations, as well as during the period of legal prescriptions.
  • Communication: your data will not be communicated in general. However, they may be communicated to our external providers of technological, IT and/or data hosting services essential to guarantee the purpose for which they were collected; and to public authorities if required by a legal obligation or by a public authority. Your data will not be sold to third parties.

Relevant information on the legal basis that legitimates some of our data processing:

• Compliance with legal obligations
  

  We must process personal data where it is required to do so by law. For this purpose, we process personal data in particular to the extent required by the relevant legal regulations in connection with our obligation to keep accounting records and in the performance of related tax obligations, or for the performance of obligations imposed by other laws.

  Data will be retained for as long as necessary to comply with the relevant legal obligations or for the time necessary to answer the questions posed through our contact form as established in this Privacy Policy.

• Legitimate interests of the Provider
  

  In justified cases, we may also process personal data on the basis of a legal title, which is the protection of our legitimate interests. However, we always carefully assess and ensure that the interest in processing your data for this purpose does not unreasonably interfere with your privacy.

• Identification of persons acting on behalf of contracting party of the Contract:
  

  These are typically members of statutory bodies, employees or other authorised persons who, although not a party to the Contract, enter into the Contract on behalf of the User, communicate with us and otherwise act for the User. We need the personal data of such persons in order to communicate and deal with the User through them for the purpose of entering into and continuing to perform the Contract. For these persons, we generally process name, surname, email, telephone number, delivery address, details of employment or other relationship with the contracting party and data from communications with them.

• Proof of acceptance of the terms and conditions:
  

  The Contract is concluded by electronic means and thus we store the data necessary to identify the User as a contracting party in order to have a time stamp as proof of the conclusion of the Contract and of the agreement to our terms and conditions in a specific wording in case of later doubts or disputes.

• Defence and exercise of legal claims:
  

  We also process personal data for the purpose of protecting our legitimate interest, which is to ensure the possibility of defending us in any legal disputes, court proceedings or inspections by state authorities or other public authorities. We process this data in order to be able to prove, if necessary, that we have acted in accordance with our contractual obligations and the law.

• Analysis and improvement of the Service:
  

  In our legitimate interests, we also process the data of Users (and visitors) of the Website and Service for analysing the use of the Service and further improving it. For these purposes, we collect and further process data on the activity of registered Users within the Website (logging the activity of Users). For this purpose, we may also process, within the scope of our legitimate interest, data of registered and unregistered visitors of the Website portal obtained by means of so-called cookies or other similar technologies that store data on or retrieve data from the visitor's device; the terms of use of cookies and similar technologies by the Provider are governed by specific terms and conditions, the text of which is available on the Website.

We obtain personal data primarily from data subjects, which is you. We do not collect any data other than those you give us. You are required to provide only accurate data and if your personal data is changed, you must update the data.

We use the following processors to process your personal data:

• Google Ireland Ltd, Gordon House Barrow Street Dublin 4, D04E5W5 Ireland as a processor via the service Google Suite and via the service Google reCAPTCHA; data may be transferred to the USA;
• Akamai Technologies, Inc. and its wholly-owned U.S. subsidiary Linode LLC, 145 Broadway Cambridge, MA 02142, USA, as a processor via the service Linode; data may be transferred to the USA;
• SmartBear Software Inc., 450 Artisan Way, Somerville, MA 02145, USA, as a processor via the service Bugsnag; data may be transferred to the USA;
• ActiveCampaign, LLC, 1 North Dearborn Street, Chicago, IL 60602, USA, as a processor via the service Postmark; data may be transferred to the USA;
• Pipedrive EU, Paldiski mnt 80, Tallinn 10617, Estonia, as a processor via the service Pipedrive;
• Nemesio Asesores y Consultores, S.L.P., CIF: B46424669, Avenida al Vedat 9 y 11, Torrent, Valencia, Spain, as a processor for taxes and accounting purposes;
• Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, USA, for data backups purposes; data may be transferred to the USA;
• BunnyWay d.o.o., Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia as a processor via the service bunny.net;
• GitHub, Inc. 548 4TH Street, San Francisco CA 94107, USA, as a processor via the service github.com;
• CookieYes Limited, 3 Warren Yard Warren Park Wolverton Mill, Milton Keynes, UK, as a processor via the service CookieYes; and
• YouTube LLC, 1600 Amphitheatre Pkwy Mountain View, CA 94043, USA, as a processor via the service youtube.com.

During processing of the personal data we also use a hosting service provided by the company Akamai Technologies, Inc. and its wholly-owned U.S. subsidiary Linode LLC, 145 Broadway Cambridge, MA 02142, USA.

As a general rule, no transfers of Personal Data are made to third countries or international organizations ("TTI", hereinafter). However, TTIs may be carried out on our providers of technological, computer and/or data hosting services, payment gateways, or logistics and transport services that are essential to guarantee the purpose for which they were collected, after informing applying some of the guarantees provided for in articles 44 GDPR and following to guarantee an adequate level of security of the processing of personal data, including the adequacy decision (list of countries based on an adequacy decision) or through the European Commission's Standard Contractual Clauses ("SCCs").

We process the personal data you provide to offer our Service as a school directory, as described in our Terms and Conditions. Section 1 of this Privacy Policy (titled 'For what purpose, under what title and on what basis do we process personal data?') details the specific purposes for which we use your data in providing this Service. These purposes encompass all necessary operations to enable you to search for and compare educational institutions, contact schools, manage the publication of your reviews, analyze aggregated information for Service improvement, and ensure the overall functioning of the platform. We do not perform any other profiling or automated decision-making.

The Personal Data of the Provider may be processed also manually and may involve our employees or other persons working for us, including for the purpose of removing errors, inaccuracies, etc. However, such persons may process personal data only under the conditions and in the scope above and are bound by the obligation to maintain confidentiality of personal data and security measures whose disclosure would threaten the security of personal data.

We always process personal data in accordance with applicable laws and we provide them with due care and protection. We take care that you never suffer any harm to your rights, in particular the right to the preservation of human dignity. We also protect you from unauthorized interference with your private and personal life.

• 4.1. Contract with User

  We keep the personal data which you provided during concluding the Contract and during its performance for the duration of the Contract. Even after the termination of the Contract, however, we are authorized to continue processing personal data, of which processing is necessary for the following purposes:

• 4.2. Compliance with legal obligations

  We process personal data processed due to our legal obligations within the time limits set by these laws.

  Personal data required by law must be processed for accounting and tax purposes (or for archival purposes). The processing period is 5 (five) years from the end of the accounting period, in the case of documents relevant to VAT payments it is (ten) 10 years from the end of the taxable period in which the transaction took place.

• 4.3. Legitimate interests

  We also process personal data to protect our legitimate interests, i.e. to defend ourselves against any claims of our customers, even before a court. In this context, the Provider processes your email and data about the performance of the Contract (its content, information about its fulfilment).

  We cannot delete this data even at the request of the User because they are not processed by consent. However, based on your request, we will review whether personal data is no longer needed.

• 4.4. Sending commercial messages

  We may send commercial messages as described above and process personal data for these purposes until you unsubscribe in accordance with the procedure set out in this document.

• 4.5. Longer processing

  Personal data may be processed for longer than the above if there is a relevant reason for further processing, typically an administrative or legal proceeding for which the personal data is relevant.

In the first place, you have the right to ask us for access to your personal data, including a copy of all your personal data, rectification, restriction of processing, erasure, data portability and opposition. You can do this by using the e-mail address provided at the head of this document.

Withdrawal of consent to processing: if we process your personal data on the basis of your consent, you may freely and free of charge withdraw your consent to processing at any time by using your User account, the contact e-mail mentioned above or otherwise as stated elsewhere in this document. In this case, we will no longer process your personal data processed on the basis of your consent.

For personal data that is not processed on the basis of consent, it is not possible to withdraw consent to processing. However, we will always assess, on the basis of your request, whether it is still necessary to process your personal data for any of the above purposes.

Your rights:

We will always keep you informed about:

• the purpose of the processing of personal data,
• the personal data or, where appropriate, the categories of personal data processed, including any available information on their source,
• the nature of the automated processing, including profiling, and the information relating to the procedure followed, as well as the significance and foreseeable consequences of such processing for the data subject,
• the recipients or categories of recipients of your personal data, and, in the case of a transfer of personal data to a third country, the appropriate safeguards applicable to the transfer to ensure the security of the personal data,
• the time at which the personal data will be stored or, if it is not possible, the criteria used to determine that time,
• any available information about the personal data source, unless it is obtained from you.

Your other rights are:

• ask us for an explanation,
• require us to eliminate the situation, in particular, it may be blocking, correcting, supplementing, limiting or deleting personal data (the right to be forgotten);
• request personal data that concern you in a structured, commonly used, and machine-readable format, and pass on these data to another controller without an obstruction, in any way;
• complain to the Office for the Protection of Personal Data of Spain (AEPD); and
• object to the processing of personal data that concern you.

We take our commitment to protect personal data very responsibly. We use SSL Encryption for all communications with our servers, data is stored in reliable datacenters with state-of-the-art security measures, data is only accessible through a secret password and our employees only have access to your data on a need-to-know basis.

By the mere fact of visiting this website or using the services of International Schools Database, no personal data that identifies a user is automatically recorded. However, we inform you that while browsing the Website "cookies" are used, small data files that are generated in the user's computer and that allow us to obtain the following analytical information:

• a) The date and time of access to the Website, allowing us to know the busiest times, and to make the necessary adjustments to avoid saturation problems at our peak times.
• b) The number of daily visitors to each section, allowing us to know the most successful areas and to increase and improve their content, so that users obtain a more satisfactory result and improve the design of the contents.
• c) The date and time of the last time the user visited the Website in order to carry out analytical and statistical studies on the use of the website.
• d) Security elements involved in controlling access to restricted areas.

For more information visit our cookie policy.

Any user may object to the use of his or her information for advertising purposes, market research or satisfaction surveys and may revoke his or her consent at any time (without retroactive effect). To do so, please send an e-mail to privacy@international-schools-database.com. When you receive advertising by e-mail, you may also object from that e-mail by clicking on the link included in the e-mail and following the instructions provided.

Our Privacy Policy may be updated due to changes and legal requirements, as well as due to improvements and changes included in the way we offer and provide our services. Therefore, we recommend that you visit and access our Privacy Policy periodically, in order to have access to the latest changes that may have been incorporated. In the event that such changes relate to the consent given by the user, in which case a separate and independent notification will be sent to the user in order to re-notify him/her again.

If you have any questions or concerns about our Privacy Policy or wish to exercise any rights or actions relating to your personal data, please contact us at privacy@international-schools-database.com.