To accomplish its teaching assignments, the LFSL (processor) processes a wide range of personal data of students, their parents or their guardians.
This data is collected either during the student’s registration or during the course of their schooling.
These personal data may include (non-exhaustive list) surnames, first names and addresses, telephone numbers, bank details, school records, disciplinary records, admissions and attendance, references, exam scripts and grades.
In accordance with the current regulations, the LFSL (processor) is obliged to process the personal data collected in a fair and transparent manner, protect them, minimise their quantity to the essential and limit their retention (in accordance with the legal framework), inform the user in the event of theft, leaks or data breaches.
PURPOSE OF THIS CHARTER
This privacy Charter constitutes the GDPR Charter on the implementation of Regulation 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free circulation of such data. It is limited to the strict scope of the application of this Regulation.
The purpose of this Charter is to describe the personal data that may be collected by the LFSL, what uses it can make of it, and what rights the user has for his own personal data.
IDENTITY OF THE PROCESSOR
The data is collected by:
Foundation Lycée Français Saint Louis in Stockholm
Organisation number: 902004-1852
Essingestråket 24/112 66 Stockholm
REFERENCES TO THE CHARTER
Reference: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free circulation of such data (known as GDPR)
in English: General Data Protection Regulation, GDPR
WHY THE GDPR?
This new European regulation starts from the following observation:
The legal framework has become inadequate for today’s digital environment;
Current protection is dispersed and unsuitable.
This new Regulation aims to:
Better supervise the free flow of data and preserve respect for privacy;
Allow people to become the owner of their data and to follow up on it;
Harmonize on a large scale, for greater coherence and organization.
WHAT ARE WE CONCERNED ABOUT?
REMINDER OF LFSL MISSIONS
The French high school – called the international school by the Swedish State – is composed of the elementary school from the first year (CP) to the last year (CM2) of primary school
The teaching provided is in line with all the French establishments of the AEFE network, namely an education in French which respects the programmes, schedules and instructions of the French Ministry of Education.
The following are prepared within the establishment:
– the Diplôme National du Brevet (national diploma of secondary education) – taken in Class 3
– the Baccalauréat (general school leaving qualification) – sections L, ES and S.
– the Swedish OIB, diplomas validated in senior class.
Swedish mother tongue pupils can also leave the high school at the end of their schooling with the Gymnasieexamen, a Swedish school-leaving diploma:
THE OBLIGATIONS OF THE LFSL
APPOINTMENT OF A DATA PROTECTION OFFICER
The personal data are processed in accordance with the regulations on data protection. The LFSL has a Data protection officer appointed by the LFSL and registered with the Datainspektionen:
The latter’s mission is to inform and ensure the implementation of and compliance with the new regulations within the institution. Any request for information, access to personal data, rectification or deletion, must be the subject of a letter signed by the applicant, transmitted in writing to:
Data protection officer
112 66 Stockholm
or by mail to firstname.lastname@example.org. The Data protection officer shall acknowledge receipt of the application either in writing or electronically, as the case may be, within eight days of receipt of the application.
RECORD OF PROCESSING ACTIVITIES
The LFSL has a record of processing activities imposed by the GDPR (Art 30 of the GDPR) documenting the processing used and the type of personal data used:
OUR DUTIES AND YOUR RIGHTS IN THE FACE OF THIS NEW REGULATION
The LFSL undertakes to set up the new regulations on the protection of personal data and their free circulation, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
Each parent of pupil(s), pupil or former pupil remains the owner of his personal data. The LFSL does not have it freely available.
All data concerning the parents of pupils, pupils and former pupils are collected directly from the latter.
The collection of the pupils’ personal data by the school is justified by the need to register, ensure the best quality of service to pupils and alumni, provide the best follow-up of their schooling and undertake the surveys required by the Ministry of Higher Education and Research and the supervisory bodies.
The data collected is intended for LFSL staff who have the authority to process these data (teachers, teaching staff, educational and health personnel) as well as for administrative, accounting, and computing purposes (administrative staff, IT Manager)
The information collected may be communicated to third parties (subcontractors) affiliated to the LFSL by contract for the execution of subcontracted tasks necessary for the realization of administrative tasks. (Finance, payroll)
In case of refusal to provide all or part of their personal data that is essential for their registration and the follow-up of their schooling, the parents of pupil(s) are informed by the LFSL that this registration will not be possible. This will also apply to former pupils with regard to the provision of services by the school.
Data from parents of pupils, pupils and alumni of the LFSL are processed transparently, confidentially and securely. The LFSL undertakes that the use of personal data provided by a parent of pupil(s), a pupil or a former pupil, in the course of his schooling, is exclusively intended for the monitoring of his schooling, for statistical processing and to provide professional guidance. This monitoring includes the transmission of data concerning the pupil to academic bodies or academic partners
In the event that statistical processing is carried out by the school, the information is anonymized and transmitted as such. The school therefore guarantees that it is not possible for the recipient to go back to the source of the data. No assignment of personal data is made by the school to third parties either free of charge or for a fee.
The LFSL lists and communicates to all the parents of the pupil(s) the data and information concerning them.
The LFSL undertakes to apply the “right to be forgotten” and the “right to rectification” to any parent of pupil(s) or a former pupil who desires the latter and to give him access to the information held by the school concerning him. The school shall notify the nature of the rectification or deletion of the data by post or email to the pupil, unless such rectification or deletion proves impossible or requires disproportionate efforts on the part of the school (art. 19 of Regulation 2016/619). The information provided by the school must be in a readable format and accessible to the applicant concerned.
The LFSL undertakes to use the necessary means to protect your personal data, in particular to prevent them from being distorted, damaged or communicated to unauthorized third parties.
DEVELOPMENT OF THIS CHARTER:
We reserve the right to develop and modify this Charter at any time based on changes in legislation. It is therefore advisable for users to regularly consult this version, in order to refer to the latest applicable version.
“personal data” shall be any information relating to an identified or identifiable natural person (hereinafter referred to as “the person concerned”); is deemed to be an “identifiable natural person” a natural person who may be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or one or more specific elements of its physical, physiological, genetic, psychological, economic, cultural or social identity.
“processing” means any transaction or set of operations carried out whether using automated processes or not and applied to data or sets of personal data, such as collection, registration, organisation, structuring, retention, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, reconciliation or interconnection, limitation, deletion or destruction…
“processor” means the natural or legal person, the public authority, the service or another body which, alone or in conjunction with others, determines the purposes and means of processing; when the purposes and means of such processing are determined by Union law or the law of a Member State, the processor may be appointed or the specific criteria applicable to the latter’s appointment may be provided for by Union law or by the law of a Member State;
“subcontractor” shall be the natural or legal person, the public authority, the service or another body which processes personal data on behalf of the processor.