International Schools Partnership Limited – Claremont School (“ISP”) is committed to protecting and respecting your privacy. For the purposes of the General Data Protection Regulations (GDPR) and any subsequent UK legislation covering data protection, the Data
Controller is ISP. References to ISP, us or we in this Policy should be read to include the schools owned or operated by ISP.

This Policy sets out why we collect personal information about individuals and how we use that information. It explains the legal basis for this and the rights you have over the way your information is used. This Policy covers ISP in relation to the collection and use of the information you give us (including our schools). We may change this Policy from time to time. If we make any significant changes, we
will advertise this on the website or contact you directly with the information. Please check this page occasionally to make sure you are happy with any changes.

By providing your information, or the information of any student for whom you are responsible (whether via our website, in person, in writing or over the phone) to us, you acknowledge the processing set out in this Policy. Further notices highlighting certain uses we wish to make of you information together with the ability to opt in or out of selected uses may also be provided when we collect information from you. Some of the processing activities referred to in this Policy are undertaken by our schools, whereas other processing is undertaken by ISP as the ultimate owner of the schools, depending on the details of the processing. We can confirm which processing
activities are undertaken by which entity on request of a data subject.

Who is the controller of your data?
Data Controller: International Schools Partnership Limited – Claremont School.
Address: The Old Town Hall, 4 Queens Road, Wimbledon, SW19 8YB
Company Registration Number: 09817502
E-mail: info@ISPSchools.com
Data Protection Officer e-mail: dpo.external@ispschools.com

If you have any questions about this Policy or concerning your personal information, please contact us by e-mail or by post to the address indicated, in each case marked for the attention of the Chief Financial Officer and Head of Group Legal.

What type of personal information we collect

The type and amount of information we collect depends on why you are providing it.

The information we collect when you make an enquiry includes:
● First name
● Last name
● Job title
● Gender
● Preferred pronoun
● Date and place of birth
● Email (for login)
● Address (including billing address)
● Postcode
● IP address
● Student information (including admission information)

How we collect information

We may collect information from you whenever you contact us or have any involvement with us, for example when you:
● visit our website.
● enquire about our activities or services.
● sign up to receive news about our activities.
● post content onto our website/social media platforms.
● attend a meeting with us and provide us with information.
● take part in our events.
● contact us in any way including online, email, phone, SMS, social media or post.

Where we collect information from

We collect information:

(1) from you when you give it to us directly: you may provide us your data when you ask us for information, attend our events or contact us for any other reason. Your information may be collected by an organisation we are working with, but we are still responsible for your information.

(2) when you give it to us indirectly: your information may be shared with us by other organisations.They should only do so in the way they have set out in their own Privacy Policy which you should check when you give your details.

(3) when you have given other organisations permission to share it: your information may be provided to us by other organisations if you have given them your permission. This might for example be a business working with us or when you buy a product or service from a third-party organisation. The information we receive from other organisations depends on your settings or the option responses you have given them.

(4) when you use our website: information about you is recorded and stored when you use our website. See the information about the use of cookies under that heading below.

(5) when it is available on social media: depending on your settings or the privacy policies applied for social media and messaging services you use, such as Facebook, Instagram or Twitter, you must give us permission to access information from those accounts or services.

How we use your information

We will use your personal information in a number of ways which reflect the legal basis applying to the processing of your data. These may include:
● providing you with the information or services you have asked for (which may include us sharing information with our regional office teams which undertake management functions)
● sending you communications with your consent that may be of interest, including marketing information about our services and activities.
● when necessary, for carrying out obligations under any contract between us (for example, enrolment activities, providing educational and related services (including extra-curricular activities)
● seeking your views on the services or activities we carry out, so that we can make improvements.
● maintaining our organisational records and ensuring we know how you prefer to be contacted
● analysing the operation of our website and analysing your website behaviour to improve the website and its usefulness.
● processing job applications
● Complying with our legal or regulatory obligations

Use of Aggregated Data

Where Data can be aggregated (and anonymised), we may use this for research purposes without restriction. For example, we may monitor customer traffic patterns, site and services usage and related information in order to optimise users’ usage of the site and services and we may give aggregated statistics to a reputable third-party.

We are entitled to do this because the resulting data will not personally identify you and will therefore no longer constitute personal data from the perspective of data protection laws.

Our legal basis for processing your information

The use of your information for the purposes set out above is lawful because one or more of the following applies:

● where you have provided information to us for the purposes of requesting information or requesting that we carry out a service for you, we will proceed on the basis that you have given consent to us using the information for that purpose, based on the way that you
provided the information to us. You may withdraw consent at any time by emailing us at info@ispschools.com. This will not affect the lawfulness of the processing of your information prior to your withdrawal of consent being received and actioned;
● it is necessary for us to hold and use your information so that we can carry out our obligations under a contract entered into with you or to take steps you ask us to prior to entering into a contract;
● it is necessary to comply with our legal obligations;
● where the purpose of our processing is the provision of information or services to you, we may also rely on the fact that it is necessary for our legitimate interests in relation to providing the information or service requested, and given that you have made the request,
would presume that there is no prejudice to you in our fulfilling your request. 

If you want to contact us about your marketing preferences please contact info@ispschools.com, or call on +44 (0) 20 3867 7000.

How we keep your information safe

We understand the importance of keeping your personal information secure and take appropriate steps to safeguard it. Also, personal and sensitive data undergoes security reviews, and any financial or sensitive personal information adheres to our Data Protection Policy.
All information you provide us is stored on secure servers, it is accessed and used subject to our security policies and standards (which includes the appropriate training of users to manage your information).

No data transmission over the internet can be guaranteed to be completely secure. So whilst we strive to safeguard your information, we cannot guarantee the security of any information you provide online and you do this at your own risk.

Who has access to your information?
● Third parties who provide services for us, for example trusted consultancy work relating to Business Development, Staff Recruitment, Finance and Marketing activities. We select our third- party service providers with utmost care. We provide these third parties with the
information
● that is necessary to provide the service and we will have an agreement in place that requires them to operate with the same duty of care.
● Third parties if we run an event in conjunction with them. We will let you know how your data is used when you register for any event.
● Analytics and search engine providers that help us to improve our website and its use.
● Third parties in connection with restructuring or reorganisation of our operations, for example if we merge with another business. In such events, we will take steps to ensure your privacy rights will be protected by the third party. Owing to matters such as financial or technical considerations, the information you provide to us may be transferred to countries outside the European Economic Area (EEA), which are not subject to the same data protection regulations as applied in the UK. We do this because it is sometimes stored on servers outside the EEA, or we use suppliers based outside the EEA. We meet our obligations under UK GDPR by ensuring that the information has equivalent protection as if it were being held within the EEA. We do this by ensuring that any third parties processing your data outside the EEA either benefits from an adequacy determination for UK GDPR purposes and/or, where appropriate, we have entered into a data processing agreement which contains model UK clauses.

We may also disclose your personal information if we are required to do so under any legal obligation and may use external data for the purposes of fraud prevention and credit risk reduction, or where doing so would not infringe your rights, but is necessary and in the public interest. Other than this, we will not share your information with other organisations without your consent.

Keeping your information up to date

Please would you let us know if your contact details change. You can do so by contacting us at info@ispschools.com.

Data protection processing activities

We will process the following data, if you are associated with any of the following groups, please check the specifics.

+ WEB AND EMAIL CONTACTS

What data do we collect through the website?

We can process information about your IP address, operating system, and web browser. We can also process the duration of your visit to our website, previously pseudonymizing or encrypting your personal data. If you provide us personal data in the contact form, we will process that data in order to contact you.

Which are the purposes of the processing?
1. Answering your consultations, doubts, applications, or requests.
2. Managing the requested services.
3. Analysing and improving our website, products and services.
4. Improving our commercial strategy.

Which is the legal basis of the processing?

The acceptance and consent of the interested party, granted through an affirmative action, such as in cases where to make a request it is necessary to fill out a form and click on the send button. Sending the form will imply that you have been informed and have expressly given your consent to the content of the clause attached or accepted the Privacy Policy. In some cases, the legal basis for data processing may be the existence of a contractual or pre-contractual relationship between the parties.

How long are we going to keep your personal data?

We will keep your personal data until the withdrawal of the consent or until the end of the contractual relationship.

+ STUDENTS REPRESENTATIVES

What data do we collect?

Contact information and payment methods.

Which are the purposes of the processing?
1. Managing the requested services.
2. Billing and taxes.
3. Payment management. In some cases, we can ask you to accredit your degree of disability in order to comply with our tax obligations.
5. Managing the administrative, communication and logistic services provided by the Controller.
6. Send you news and communications.

Which is the legal basis of the processing?

Processing is necessary for the performance of a contract to which the data subject is party. To receive communications and news, the legal basis will be your consent.

How long are we going to keep your personal data?

During the validity of the relations between the parties and the prescription periods derived from them. For the sending of news and communications, we will keep your personal data until the withdrawal of your consent.

+ QUALITY SURVEYS

What data do we collect through the quality surveys?

We will collect your answers about the quality of our services.

Which are the purposes of the processing?

● Evaluating the quality of the services provided.
● Improving our services and strategies.

Which is the legal basis of the processing?

The consent of the user.

How long are we going to keep your personal data?

We will keep your personal data until the withdrawal of your consent.

+ SUPPLIERS

What data do we collect?

Business contact information and payment methods.

Which are the purposes of the processing?
1. Managing the requested services.
2. Sending you commercial and advertising information.
3. Billing and taxes.
4. Payment management
5. Managing the administrative and logistic services.

Which is the legal basis of the processing?

Processing is necessary for the performance of a contract to which the data subject is party. The consent to receive personalised communications and news.

How long are we going to keep your personal data?

During the validity of the relations between the parties and the prescription periods derived from them. We will keep your personal data until the withdrawal of your consent.

+ JOBSEEKERS

What data do we collect? 

We will process your contact data and the data included in your application.

Which are the purposes of the processing?

Selection processes for hiring employees.

Which is the legal basis of the processing?

Developing a contractual relationship between the parties, as a pre-contractual measure.

How long are we going to keep your data?

During the term of the selection process or, in any case, for a maximum of 1 year starting from the moment we receive your application.

+ GENERAL INFORMATION

Do we include third party’s data?

No, we only process the data provided by the owners of such data. If you provide us data from third parties, you must previously inform and request their consent, or else you exempt us from any responsibility for the breach of this obligation. If you are a customer of our sustainable tourism line, please refrain from providing us with details of family members that we have not requested; unless we ask you to do so, it will be sufficient for you to provide us with general characteristics of your companions (number of people, age, tastes, etc.) that are not sufficient to identify them. 

To which parties will your data be communicated? 

Your data will not be transferred to third parties, unless there is a legal obligation. In such cases, they will be communicated to tax authorities, banks, financial entities for the payment of the services provided or purchased products and to our data processors. The companies in charge of web development and maintenance will have access to our website when we ask for their services. They will have signed a contract that obliges them to maintain the same level of privacy measures as us.

Cookies

In addition to the information which you supply to us, information and data may be automatically collected through the use of cookies. Cookies are small text files employed on the website to recognise repeat users and allow us to observe behaviour and compile aggregate data in order to improve the website for you. For example, cookies will tell us whether you viewed the website with sound or with text on your last visit. Cookies also allow us to count the number of unique and return visitors to our website. Some of our associated companies may themselves use cookies on their own websites. We have no access to, or control of these cookies, should this occur.

Cookies may be either “persistent” cookies or “session” cookies. A persistent cookie consists of a text file sent by a web server to a web browser, which will be stored by the browser and will remain valid until its set expiry date (unless deleted by the user before the expiry date). A session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed. The law states that we can store cookies on your machine if they are essential to the operation of the website, but that for all others we need your permission to do so.

Opting out of cookies

If you do not wish to receive cookies from us or any other website, you are able to turn cookies off on your web browser: please follow your browser provider’s instructions in order to do so. Unfortunately, we cannot accept liability for any malfunctioning of your PC or its installed web browser as a result of any attempt to turn off cookies.

Your rights

You have the right to request details of the processing activities that we carry out with your personal information by making a subject access request. Such requests must be made in writing .

We have forms to help you exercise your rights, request them by email or if you prefer, you can use the forms made by the ICO. In some cases, we can ask for your ID in order to identify you. The forms can be submitted in person, sent by mail or by email to the address of the Controller, available at the beginning of this Policy.

You also have the following rights:
● the right to request rectification of information that is inaccurate or out of date;
● the right to erasure of your information (known as the “right to be forgotten”);
● the right to restrict the way in which we are processing your data;
● the right to request that your information be provided to you in a format that is secure and suitable for re-use (known as the “right to portability”);
● rights in relation to automated decision making and profiling including profiling for marketing purposes.

All of these rights are subject to certain safeguards and limits or exemptions, further details of which can be found in our Data Protection Policy. If you are not happy with the way in which we have processed your data, you can complain to the Information Commissioner’s Office. Further details about how to complain can be found here. If you change any data, we appreciate you letting us know so we can keep it updated.

Changes to this Privacy Policy

This Policy may be changed periodically. If we make any significant changes we will advertise this on our website or contact you directly with the information. We recommend that you read this Privacy Policy each time you consider giving your personal information to us.