PERSONAL DATA PROTECTION POLICY
OF THE LYCÉE FRANÇAIS DE VARSOVIE
The policy of the Lycée français de Varsovie regarding the collection, use, transmission, management and protection of personal data is subject
to the General Data Protection Regulations (GDPR).
This regulation guarantees natural persons access, modification, restitution and deletion of their data and compels institutions to collect
and prove the informed consent of individuals, guarantee the security of all collected, processed and stored data, and finally document protection measures and procedures.
2-DATA COLLECTION AND USE
2-1 STUDENT DATA
The Lycée français de Varsovie collects and may use students’ personal data (such as name, date of birth, photos, schooling and medical records) for the following purposes (non-exhaustive list):
- Compliance with regulations (e.g. compliance with the regulations of the French Ministry of Education, the Agency for French Education Abroad, etc.).
- Organization of classes and publication of student results
- General administration (e.g., project management, communication related to work or education, school records)
- Schooling (e.g., awards, certifications, academic achievements, attended schools)
- Admission of students (e.g. re-admission, withdrawal/cancellation)
- Communication with parents or legal representatives
- School trips (e.g. organization, logistics, medical needs, food needs, registration)
- Registration for extracurricular activities
- Medical needs (e.g. allergies)
- Former students services
- Transmission of information to third-party schools in the context of their admission procedures
- Recording and broadcasting of the image and voice of the students (name, photos, films etc…) only for non-commercial purposes, including:
> Internal uses: school booklet, brochure, poster, class photo, yearbook, pedagogical projects, etc…
> External uses: website and social networks of the Agency for French Education Abroad, website and social networks of the school, school information documents, etc…
2-2 PARENT DATA
The Lycée collects and may use the personal data of students’ parents or legal representatives (such as name, date of birth, email address, telephone number, bank details) for the following purposes (non-exhaustive list):
- Communication with parents or legal representatives (through teachers, the school head office or school representatives)
- Medical needs in case of emergency (e.g. family contact in case of accident or major risk)
- School trips (e.g. organization, logistics, medical needs, food needs, registration)
- Billing and payment (e.g. billing of tuition fees, final settlement and payment history, payment process)
- Allowing emails to be sent to parents or legal representatives through mailing lists by parent-teacher representatives (Management Board, School Council, Primary School Council)
2-3 EMPLOYEE DATA
The Lycée collects and may use the personal data of its employees and candidates for job positions at the LFV (such as name, date of birth, email address, telephone number, bank details, diplomas, employment certificates) for the following purposes (non-exhaustive list):
- Receipt of applications (CV, cover letter, testimony, recommendation letter)
- Recruitment of an employee (contact details, social security number, family situation…)
- Execution of employment contracts (company directory, badge data, employment contract amendments, medical certificates, expenditures receipts, payslips…)
- Staff evaluation (yearly evaluation, disciplinary record, career record, trainings)
- Departure (mutually agreed termination of contract, letter of dismissal)
2-4 SITE-SAFETY RELATED DATA
The Lycée collects and may use personal information (such as first name, last name, date of birth, ID card number, email address) in order to ensure the safety of individuals on the Saska Kepa and Sadyba sites, in the terms and conditions described as follows:
- Students and employees access to the sites is organized by the use of electronic badges or visual control
- Parents or third parties access to the sites is allowed after a visual check (Sadyba site) or an identity check (Saska Kepa site)
- Access to the sites for service companies regularly entering the sites (catering, maintenance, etc.) is based on the registration of individuals and vehicles
- Both sites are under video surveillance
3-1 PARENTAL CONSENT
In the case of students’ data, it is the agreement of the legal representatives that proves consent to the collection and processing of the data.
3-2 CONSENT OF LEGAL REPRESENTATIVES
The legal representatives explicitly consent to the collection and processing of data by signing the registration contract or the re-registration contract (cf. paragraph 9 of these contracts).
4-DATA MANAGEMENT AND PROTECTION
4-1 DATA SECURITY
The Lycée français de Varsovie is committed to :
- Implement appropriate security measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, particularly when the processing of data involves the transmission or storage on or in a network.
- Notify the people involved in the event of accidental or unauthorized access to their data that could lead to damage or harm.
4-2 RIGHTS OF ACCESS, MODIFICATION, RESTITUTION, DELETION, CORRECTION AND WITHDRAWAL
Parents have the right to review personal data concerning themselves or their children (subject to the exceptions listed below) and to request modifications or corrections to such data. Parents will have access to data held about their children during their schooling at the Lycée within the limits specified in this policy. Through the Factos Net online tool, parents have free access at any time to the personal information the Lycée holds about them or their children. A modification or correction is always possible if necessary. The Lycée français de Varsovie has the right to refuse access
to certain students’ school data (non-exhaustive list):
- Opinions retained for evaluation purposes
- Papers and examination results
- Confidential written references to support a student’s application to another educational institutions or courses
- Data or documents that would provide personal data about other individuals in violation of this Policy or the PDPA
4-3 DATA STORAGE AND DELETION
The Lycée français de Varsovie agrees to make every effort to destroy or anonymize documents containing personal data as soon as it can be considered that:
- The purpose for which the data was collected no longer requires its storage.
- Storage of the data is no longer necessary for legal or management reasons.
- Storage period for video surveillance files is of 1 month and of 3 months for access control files.
- The storage period for human resources files depends on their purpose, but must not exceed 5 years after the employee’s departure.
- The duration of the data concerning students and legal representatives is defined in the sorting and storage guidelines for the archives received and produced by the services and institutions contributing to national education and is available in the official journal
at this address : http://www.education.gouv.fr/bo/2005/24/MENA0501142J.htm
4-4 DATA SHARING WITH THIRD PARTIES
Personal data may be transmitted by the school to third parties, service providers or agents in Warsaw (such as travel agencies, insurance companies) and data hosting companies or IT service providers (e.g. students school management, accounting). Personal data may also be transmitted
to the French Ministry of National Education.
The Lycée français de Varsovie will share this data only in order to obtain the necessary services from these third parties and for
The School signs contracts to ensure that third parties use the data solely for the purpose of providing the service and take adequate precautions
to protect the data.
In all cases, the school ensures that the general terms and conditions of service include the following terms:
- The school retains ownership of the data.
- The service provider is not allowed to use the entrusted data for any other purpose than to provide the requested service.
- The service provider shall take reasonable precautions to ensure data security.
- When the Lycée terminates its connection with the provider, all data will be deleted and will not be used for any other purpose.
5-1 DATA PROTECTION OFFICER
The Data Protection Officer (DPO) is responsible for:
- informing and advising the data controller or processor and its employees;
- monitoring compliance with the European regulation and national law on data protection;
- advising the organization on the conduct, in certain cases, of an impact assessment (IAP) and verifying its completion;
- cooperating with the supervisory authority and being its point of contact.
It is the contact person for any questions or complaints related to data protection.
The DPO is Matthieu Ghariani, teacher for primary education.Contact : email@example.com
5-2 THE DATA CONTROLLER
The data controller is the person who decides and organizes the processing of personal data. This person is responsible before the law
for the conformity of the processing of personal data. The data controller is the person to be contacted to request access, modification, restitution and deletion of data.
The data controller is Emmanuel Guillemin, Administrative Director of the LFV.
Contact : firstname.lastname@example.org
Lycée français de Varsovie,
ul. Walecznych 4/6,
Updated on 05/14/2018