Policy:
TableOf Contents
Whoweare
IntroductiontothePolicy
Applicablelaws
WhatispersonalData?
PersonalDatawecollectaboutyou
SocialMedia
Howandwhywecollectpersonaldata
PersonaldatarelatingtoThirdParties
PurposeofProcessing(whatweuseyour personaldatafor)
SpecialnoteonConsent
Accuracyofpersonaldata
Directmarketing
Transferstothirdcountries
InternetCommunications
AuthorisedDisclosures
Sharingofpersonaldatawithothercategoriesof recipients
Securitymeasures
RetentionPeriods
Processingforresearchandstatisticalreasons
Linkstothird-partysources
Cookies
Minors
Automateddecision-making
YourRightsunderDataProtectionLaws
YourRightofAccess
YourrightofRectification
YourRighttoErasure(Yourrighttobeforgotten)
YourRighttoDataRestriction
YourRighttodataprobability
YourRighttoWithdrawConsent
YourRighttoobjecttocertainprocessing
YourRighttolodgeacomplaint
Whatwemayrequirefromyou
Timelimitforresponse
TheCollegeDetails
Updates
Whoweare Aboutus MissionStatement
At St Edward's College we strive to create exemplary citizens in this increasingly globalised and technological world, placing strong emphasis on character formation, genuine intercultural understanding and leadership skills which will assist them to contribute to the well-being of society.
St Edwards is an Independent private school which accepts students from EarlyChildhoodtoIBDPSixthForm.Wehaveamodernboardingsectionfor students age 11 years up. Our educational experience has shaped us into the person we are today. Whether we learned from our own experiences, fromourparents,grandparents,friendsorteachers,wehavegonethrough the 'learning experience'. Dedicated, caring and experienced professionals are the key to our success. The underlying approach to all lessons throughout St Edward’s is simple. We do not want our students to solely learn,unlessthereisunderstandingofaconcept/topicthereislittlepointin learning and to understand one needs to think. Hence, TUL - Think, Understand,Learn
AtStEdward'swedeliverourlessonswiththemostcurrent,triedandproven internationalmethodologies.
Definingthe PrivacyPolicy
Introduction
This Master Privacy Policy (“Privacy Policy”) relates to the website http://stedwards.edu.mt/ and/or any sub-website and/or associated domains (and/or sub-domains) of http://stedwards.edu.mt/ hereinafter referred to as the “Site”) the services provided by St Edwards College, the owner of the Site, ("We", "Us", "Our", “Ourselves”, “the Foundation” and/or “the College”) and any related software applications (‘Apps’), where Personal Data is processed by the same (via the Site, any of Our Apps or otherwise) relating to You. In this Master Privacy Policy, "You" and "Your" and “User” refer to an identified or identifiable natural person being the User of the Site and/or client (or prospective client) of any of Our services, including students and/or prospectivestudentsandtheir
Definingthe PrivacyPolicy
respectiveparentsorlegalguardians(thelatteractingonbehalfofa minor or minors and/or in their capacity). Our full details, including contactdetails,canbereadbelow.
YoumaybereadingthisPrivacyPolicyasaUserorvisitoroftheSiteor Youmayhavebeendirectedherebyone(ormore)ofOurcondensed privacypoliciesorOurothernotices(digitalorotherwise).
Although this Privacy Policy provides detailed, layered information on howandwhyWegenerallyprocessPersonalData(viatheSite,anyof Our Apps, or otherwise) as well as detailed information about Your various rights, the specific and tailor-made content of such condensed policies or other notices will, in most cases, provide You with more focused and detailed information on specific processing operations(forexample,thespecificlegalbasisforprocessingcertain categories of Personal Data and the specific purpose for doing so dependingonthematterathand).
Although Our goal is to always be as clear and transparent as possible, We appreciate that legal documents can sometimes be difficult to read. However, We strongly encourage You to read this Privacy Policy (which is layered for Your convenience) with care. Please do not hold back from contacting Us for any clarification You may need. For example, if You need clarification on a specific legal basis We are relying on to process Your Personal Data for a specific processing operation, We would be happy to provide You with any suchinformationYoumayneed.
Applicable laws
As an entity established in Malta, EU, the main privacy laws that are applicabletoUsinsofarasYouareconcerned,areasfollows:
TheMalteseDataProtectionAct(Chapter586oftheLawsofMalta)as well as the various subsidiary legislation issued under the same – the ‘DPA’;
The Regulation (EU) 2016/679 of the European Parliament and of the Councilof27April2016ontheprotectionofnaturalpersonswithregard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)–the‘GDPR’.
Alltheabove,asmaybeamendedfromtimetotime,referredtotogether asthe“DataProtectionLaws”
Whatis ‘PersonalData’?
“PERSONAL DATA” means any information that identifies You as an individualorthatrelatestoanidentifiableindividual.
Whenever it is not possible or feasible for Us to make use of anonymous and/or anonymised data (in a manner that does not identify any Users of the Site or customers of Our services), We are neverthelesscommittedtoprotectingYourprivacyandthesecurityof YourPersonalDataatalltimes.
We collect Personal Data in various ways both digitally via the Site (either when You choose to provide Us with certain data or in some cases,automaticallyorfromthirdparties)aswellasnon-digitally(for examplewhenYoufillinaphysicalformtobenefitfromoneormoreof Ourservices).
PersonalData we collect about you
There are various categories of Personal Data that We collect about You.
1CONTACTDETAILS: . Name
Surname
Mailingaddress, Telephoneormobilenumber
Emailaddress REGISTRATIONDATA: ausername password dateofbirth countryofresidence gender
2.MARKETINGDATA:
ADDITIONALINFORMATION
In some cases, (for example, if You are a client [or prospective client] of Our services, via the Site, any App or otherwise) We may requestadditionalPersonalDataasameansofsecurelyidentifying Youorforanothersimilarlawfulpurpose(whichwillbeexplainedin thetablebelowand/orinacondensedpolicy/noticethatmayhave directed You here). The additional information We may request fromYoutobeabletoprovideYouwithOurservicesincludes:
Moresecureidentificationmethods
Credentials/references
DetailsofYournextofkin
Certain special categories of data (sensitive Personal Data) such as health conditions/status (only where necessary and withsafeguardsinplace).
Many of the categories of Personal Data above are collected directly from You (for example, Your Contact Details and Your Registration Data). However, WE MAY ALSO COLLECT PERSONAL DATA FROM OTHER SOURCES, including data companies, other educational establishments (both in the private and public sectors), publicly accessible databases, joint marketing partners, socialmediaplatformsandotherthirdparties.Wemayalsoreceive Personal Data about You from third parties when We need to confirm Your Contact Details or even certain Financial Information. Should this be the case, We will take all measures as required by law to further inform You about the source of such Personal Data and the categories of Personal Data We collect and process. There are certain instances at law where We are specifically forbidden fromdisclosingtoYousuchactivity(forexample,whencarryingout duediligenceforanti-moneylaunderingpurposes).
For a detailed description of the reasons why We process the categoriesofPersonalDataabove(andanyotherspecificPersonal Data We process) as well as the corresponding legal ground(s) for doing so please see the ‘What We Use Your Personal Data For (PurposeofProcessing)’below.
For information/Personal Data that We may collect automatically viatheSite,pleaseseetheCookiessectionbelow.
Social Media
Howandwhywe CollectData
As a general rule, We do not collect any Personal Data, that is, information that identifies You as an individual other than that which You choose to provide to Us such as the data (including Contact Details and Registration Data) You provide when registering with Our Site (where this is available), when enlisting as a member of the Foundation (if this applies to You), when contacting Us with inquiries relatingtoOurgoodsand/orservices,whensubscribingtoanyservice offeredbyUsorviaOurSite,suchasanynewslettersasmaybeissued by Us from time to time or even when subscribing to any offers We (and/orOuraffiliatesand/orcorporatepartners)mayofferfromtime totime(seePersonalDataWeCollectAboutYouabove).
Unless otherwise specified and subject to various controls, as a general rule, We only collect Personal Data (from You or elsewhere) thatWe:
Need to be able to provide You with the goods or services You requestfromUs
Are legally required to collect/use and keep for a predetermined time
BelievetobenecessaryforOurlegitimatebusinessinterests
BelievetobenecessarytoprotectYourvitalinterests(forexample ifYourlifeisatriskduetoamedicalconditionthatyoumayormay nothavedisclosedtousatenrolment)
For a detailed description of the reasons why we process specific categories of personal data as well as the corresponding legal ground(s) for doing so, please see the ‘What We Use Your Personal DataFor(PurposeofProcessing)’below.
By providing Us with or allowing Us to access Personal Data relating to individuals other than Yourself, You are letting Us know that You have the authority to send Us that Personal Data or the authority to permit Us to access those data in the manner describedinthisPrivacyPolicy.
Purposeof Processing
Thefollowingisadescription(inaclearandplainmanner)ofwhat We use Your Personal Data for and the corresponding legal ground(s)werelyonfordoingso.
For more detail on what is meant by terms such as ‘Contact Details’, ‘Registration Data’ and other categories of Personal Data used in the tables below, please see the section above relating to PersonalDataWeCollectAboutYou.
Please note that WHEREWERELYONYOURCONSENT,THISCANBE WITHDRAWNATWILL(SeeSpecialNoteonConsentbelow).
ProspectiveClients
Specialnoteon
Consent
For the avoidance of all doubt, We would like to point out that in those limited cases where We cannot or choose not to rely on another legal ground (for example, Our legitimate interests), We will process Your Personal Data on the basis of Your consent. In some cases, We will require Your explicit consent, for example, when,onthebasisofYourexplicitconsentWewillprocessspecial categories of data concerning You such as Your health data, Religious beliefs, or, in those instances where the services of our School Counsellor are involved, information relating to sexual orientation are involved or data that reveals Your race or ethnic origin(whatwaspreviouslyreferredtoas‘sensitivePersonalData’) that might be needed as part of Our processing of Your application for enrolment with Our college (for example when disclosing to Us any medical or psychological conditions that wouldrequireUstotakecertainprecautionsandmakenecessary arrangements (for example, the appointment of necessary LearningSupportAssistants(LSAs).
Consent Specialnoteon
In those cases where We process on the basis of Your consent (whichWewillneverpresumebutwhichWeshallhaveobtainedin a clear and manifest manner from You), YOU HAVE THE RIGHT TO WITHDRAW YOUR CONSENT AT ANY TIME and this, in the same mannerasYoushallhaveprovidedittoUs.
Should You exercise Your right to withdraw Your consent at any time(bywritingtoUsatthephysicaloremailaddressbelow),We will determine whether at that stage an alternative legal basis existsforprocessingYourPersonalData(forexample,onthebasis ofalegalobligationtowhichWearesubject)whereWewouldbe legallyauthorised(orevenobliged)toprocessYourPersonalData withoutneedingYourconsentandifso,notifyYouaccordingly.
When We ask for such Personal Data, You may always decline, howevershouldYoudeclinetoprovideUswithnecessarydatathat Werequiretoproviderequestedservices,Wemaynotnecessarily be able to provide You with such services (especially if consent is theonlylegalgroundthatisavailabletoUs).
Just to clarify, consent is not the only ground that permits Us to process Your Personal Data. In the last preceding section above We pointed out the various grounds that We rely on when processingYourPersonalDataforspecificpurposes.
Accuracyof
PersonalData
AllreasonableeffortsaremadetokeepanyPersonalDataWemay holdaboutYouup-to-dateandasaccurateaspossible.Youcan checktheinformationthatWeholdaboutYouatanytimeby contactingUsinthemannerexplainedbelow.IfYoufindany inaccuracies,Wewillcorrectthemandwhererequired,deletethem asnecessary.PleaseseebelowforadetailedlistofYourlegalrights intermsofanyapplicabledataprotectionlaw.
Direct
Marketing
IWe only send mail, messages and other communications relating to marketing where We are authorised to do so at law. In most cases We rely on Your consent to do so (especially where We use electronic communications). If, at any time, You no longer wish to receive direct marketing communications from Us please let Us know by contacting Us at the details below or update Your preferencesonanyofOurSite(s)orApps(whereapplicable).
Inthecaseofdirectmarketingsentbyelectroniccommunications (where We are legally authorised to do so) You will be given an easy way of opting out (or unsubscribing) from any such communications.
PleasenotethatevenifYouwithdrawanyconsentYoumayhave given Us or if You object to receiving such direct marketing material from Us (in those cases where We do not need Your consent),fromtimetotimeWemaystillneedtosendYoucertain importantcommunicationsfromwhichYoucannotopt-out.
ThirdCountries Transfersto
Asageneralrule,thedataWeprocessaboutYou(collectedvia theSite,anyofourAppsorotherwise)willbestoredand processedwithintheEuropeanUnion(EU)/EuropeanEconomic Area(EEA)oranyothernon-EEAcountrydeemedbythe EuropeanCommissiontoofferanadequatelevelofprotection (theso-called‘white-listed’countrieslistedhere: https://ec.europa.eu/info/law/law-topic/data-protection_en).
Insomecases,itmaybenecessaryforUstotransferYour PersonalDatatoanon-EEAcountrynotconsideredbythe EuropeanCommissiontoofferanadequatelevelofprotection (forexampletooneormoreofOurdataprocessorslocated there).Forexample,fortheimplementationofYourdesired transactionitcanbenecessarythatWediscloseYourPersonal DatatobanksoutsidetheEEA.Wemayalsohavetoshare studentdatawithotherschoolsand/orcollegesaroundthe world.Ourpolicyistobeastransparentonthisaspossible.
Insuchcases,apartfromallappropriatesafeguardsthatWe implement,inanycase,toprotectYourPersonalData,Wehave putinplaceadditionaladequatemeasures.Forexample,We haveensuredthattherecipientisboundbytheEUStandard ContractualClauses(theEUModelClauses)designedtoprotect YourPersonalDataasthoughitwereanintra-EEAtransfer.You areentitledtoobtainacopyofthesemeasuresbycontactingUs asexplainedbelow.
Internet
Communications
YouwillbeawarethatdatasentviatheInternetmaybe transmittedacrossinternationalbordersevenwheresenderand receiverofinformationarelocatedinthesamecountry.We cannotbeheldresponsibleforanythingdoneoromittedtobe donebyYouoranythirdpartyinconnectionwithanyPersonal DatapriortoOurreceivingitincludingbutnotlimitedtoany transfersofPersonalDatafromYoutoUsviaacountryhavinga lowerlevelofdataprotectionthanthatinplaceintheEuropean Union,andthis,byanytechnologicalmeanswhatsoever(for example,WhatsApp,Skype,Dropboxetc).
Moreover,Weshallacceptnoresponsibilityorliability whatsoeverforthesecurityofYourdatawhileintransit throughtheinternetunlessOurresponsibilityresultsexplicitly fromalawhavingeffectinMalta.
Disclosures Authorised
WithoutprejudicetoanythingcontainedinthisPrivacyPolicyandin theinterestoffulltransparency,Wereservetherighttodisclose(and otherwiseprocess)anyrelevantPersonalDatarelatingtoYouthat Wemaybeprocessing(includingincertaincasesrelevantIP addresses)toauthorisedthirdpartiesinoroutsidetheEU/EEAifsuch disclosuresareallowedundertheDataProtectionLaws(whetheror notYouhaveprovidedYourconsent)includingbutnotlimitedto:
1. intheeventoftheCollegebeinginvolvedinamerger,sale, restructure,acquisition,jointventure,assignment,transfer(or similareventanalogouslyapplicabletoregisteredfoundations);
Forthepurposeofpreventing,detecting,orsuppressingfraud(for example,ifYouprovidefalseordeceptiveinformationabout Yourselforattempttoposeassomeoneelse,Wemaydisclose anyinformationWemayhaveaboutYouinOurpossessionsoas toassistanytypeofinvestigationintoYouractions);
2. toprotectanddefendOurrights(includingtherighttoproperty), safety,orthoseofOuraffiliates,ofUsersofOurSiteorevenYour own;
3. 4toprotectagainstabuse,misuseorunauthorizeduseofOurSite; . foranypurposethatmaybenecessaryfortheperformanceof anyagreementYoumayhaveenteredintowithUs(includingthe requestforprovisionofservicesbythirdparties)orinordertotake stepsatYourrequestpriortoenteringintoacontract;
5. tocomplywithanylegalobligationssuchasmayarisebywayof responsetoanyCourtsubpoenaororderorsimilarofficialrequest forPersonalData;or
7.
6. asmayotherwisebespecificallyallowedorrequiredbyorunder anyapplicablelaw(forexample,underanti-moneylaundering legislation).
Sharingofpersonaldatawithother categoriesofrecipients
Relevantdatawillalsobedisclosedorsharedasappropriate(andin allcasesinlinewiththeDataProtectionLaws)to/withmembersand staffoftheCollege,and/orto/withaffiliatedentitiesand/orsubcontractorsestablishedwithintheEuropeanUnionifpertinenttoany ofthepurposeslistedinthisPrivacyPolicy(includingto/withOur servicesproviderswhofacilitatethefunctionalityoftheSiteand/or anyserviceYoumayrequire).Personalinformationwillonlybe sharedbyUstoprovidetheservicesYourequestfromUsorforany otherlawfulreason(includingauthorizeddisclosuresnotrequiring Yourconsent).
Anysuchauthorizeddisclosureswillbedoneinaccordancewiththe DataProtectionlaws(forexampleallOurprocessorsare contractuallyboundbytherequirementsinthesaidDataProtection Laws,includingastrictobligationtokeepanyinformationthey receiveconfidentialandtoensurethattheiremployees/personnel arealsoboundbysimilarobligations).Thesaidserviceproviders(Our processors)arealsoboundbyanumberofotherobligations(in particular,Article28oftheGDPR).
YourPersonalDatawillneverbesharedwiththirdpartiesfortheir marketingpurposes(unlessYougiveYourconsentthereto).
ThethirdpartieswhoWemaydisclosetoand/orshareYourPersonal Datawithare,atthedateofthisPrivacyPolicy,thefollowing:(seenext page)
Security
Measures
ThepersonalinformationwhichWemayhold(and/ortransfertoany affiliates/partners/subcontractorsasthecasemaybe)willbeheld securelyinaccordancewithOurinternalsecuritypolicyandthelaw. Weusereasonableeffortstosafeguardtheconfidentialityofany and/orallPersonalDatathatWemayprocessrelatingtoYouand regularlyreviewandenhanceOurtechnical,physicalandmanagerial proceduressoastoensurethatYourPersonalDataisprotectedfrom: -unauthorisedaccess -improperuseordisclosure -unauthorisedmodification -unlawfuldestructionoraccidentalloss.
TothisendWehaveimplementedsecuritypolicies,rulesand technicalandorganisationalmeasurestoprotectthePersonalData thatWemayhaveunderOurcontrol.Allourmembers,staffanddata processors(includingspecificsubcontractors,includingcloudservice providersestablishedwithintheEuropeanUnion),whomayhave accesstoandareassociatedwiththeprocessingofPersonalData, arefurtherobliged(undercontract)torespecttheconfidentialityof OurUsers’orclients’PersonalDataaswellasotherobligationsas imposedbytheDataProtectionLaws.
Despitealltheabove,Wecannotguaranteethatadata transmissionorastoragesystemcaneverbe100%secure.For moreinformationaboutOursecuritymeasurespleasecontactUsin themannerdescribedbelow.
Authorisedthirdparties,andexternal/thirdpartyserviceproviders, withpermittedaccesstoYourinformation(asexplainedinthis PrivacyPolicy)arespecificallyrequiredtoapplyappropriate technicalandorganisationalsecuritymeasuresthatmaybe necessarytosafeguardthePersonalDatabeingprocessedfrom unauthorisedoraccidentaldisclosure,lossordestructionandfrom anyunlawfulformsofprocessing.
Asstatedabove,thesaidserviceproviders(Ourdataprocessors) arealsoboundbyanumberofotherobligationsinlinewiththe DataProtectionLaws(particularly,Article28oftheGDPR).
Periods Retention
WewillretainYourPersonalDataonlyforaslongasisnecessary (takingintoconsiderationthepurposeforwhichitwasoriginally obtained).ThecriteriaWeusetodeterminewhatis‘necessary’ dependsontheparticularPersonalDatainquestionandthespecific relationshipWehavewithYou(includingitsduration).
Ournormalpracticeistodeterminewhetherthereis/areanyspecific EUand/orMalteselaw(s)(forexampletaxorcorporatelaws) permittingorevenobligingUstokeepcertainPersonalDatafora certainperiodoftime(inwhichcaseWewillkeepthePersonalData forthemaximumperiodindicatedbyanysuchlaw).Forexample,any datathatcanbedeemedtobe‘accountingrecords’mustbekeptfor ten(10years).
Wewouldalsohavetodeterminewhetherthereareanylawsand/or contractualprovisionsthatmaybeinvokedagainstUsbyYouand/or thirdpartiesandifso,whattheprescriptiveperiodsforsuchactions are(thisisusuallyfive(5)years).Inthelattercase,Wewillkeepany relevantPersonalDatathatWemayneedtodefendOurselves againstanyclaim(s),challenge(s)orothersuchaction(s)byYou and/orthirdpartiesforsuchtimeasisnecessary.
WhereYourPersonalDataisnolongerrequiredbyUs,Wewilleither securelydeleteoranonymisethePersonalDatainquestion.
PleasenotethatcertainlawsobligeUstodisclosesomepersonal data(forexample,academicprogress/examinationresults)tothe authorities(forexample,theNationalStatisticsOffice)inwhich case,suchentities(asseparatecontrollers)wouldthendetermine theirownretentionpolicies(whichinsuchcasesmaybemuch longerthanthosedescribedabove).
Processing
Forresearchandstatisticalreasons
ResearchandstatisticsusingUserorclientinformationisonly carriedoutsothatWemayunderstandOurUsers'and/orclients’ needs,todevelopandimproveOurservices/activitiesand/orfor philanthropicgoalsrepresentativeoftheCollege’spurpose.Inany case,WewillalwaysensuretoobtainanyconsentWemaylegally requirefromYoubeforehand.Asinallothercases,Wewillalso ensuretoimplementallappropriatesafeguardsasmaybe necessary.
LinkstoThirdPartysources
LinksthatWeprovidetothird-partywebsitesareclearlymarked andWearenotinanywaywhatsoeverresponsiblefor(norcanWe bedeemedtoendorseinanyway)thecontentofsuchwebsites (includinganyapplicableprivacypoliciesordataprocessing operationsofanykind).WesuggestthatYoushouldreadthe privacypoliciesofanysuchthird-partywebsites
Cookies
WhenYouvisitOurSite,WecollectcertaincategoriesofPersonal Dataautomaticallythroughtheuseofcookiesandsimilar technologies.
Formoredetailedinformationincludingwhatcookiesareandhow andwhyWeprocesssuchdatainthismanner(includingthe differencebetweenessentialandnon-essentialcookies)please readOurdetailedbuteasy-to-readCookiePolicy.
Minors
TheSiteandOuronlineservices(enteringintocontractswiththe College)arenotintendedtobeusedbyanypersonsundertheage ofeighteen(18)andthereforeWewillneverintentionallycollectany PersonalDatafromsuchpersons.IfYouareundertheageof consent,pleaseconsultandgetYourparent’sorlegalguardian’s permissiontousetheSiteandtouseOurservices.
WeshallconsiderthatanyPersonalDataofpersonsundertheage ofeighteen(18)receivedbyUs,shallbesentwiththeproper authorityandthatthesendercandemonstratesuchauthorityat anytime,uponOurrequest.
PleasenotethatintermsofSubsidiaryLegislation586.07,students maylegallyprovideUswithconsenttoprocessPersonalDataifthey aresixteen(16)yearsofageorolder.However,toenterintoa contractwithUs,Youmuststillbeeighteen(18)yearsofageor olderasstatedabove.
AutomatedDdecision-making
Wedonotrelyonanydecisionstakensolelybyautomatedmeans (inotherwords,withoutsignificanthumanintervention)–including anyprofiling.Shouldthispositionchangeinthefuture(andonlyas Wemaybelegallypermittedtodo),Youwillbenotifiedaccordingly.
YourRights underthedataprotectionlaws
BeforeaddressinganyrequestYoumakewithUs,Wemayfirstneed toverifyYouridentity.InallcasesWewilltrytoactonYourrequests assoonasreasonablypossible.
AsexplainedintheRetentionPeriodssectionabove,Wemayneed tokeepcertainPersonalDataforcompliancewithOurlegal retentionobligationsbutalsotocompletetransactionsthatYou requestedpriortothechangeordeletionthatYourequested.
Yourvariousrightsatlawinclude:
YourRighttoaccess
Youmay,atanytimerequestUstoconfirmwhetherornotWeare processingPersonalDatathatconcernsYouand,ifWeare,You shallhavetherighttoaccessthatPersonalDataandtothe followinginformation: WhatPersonalDataWehave, WhyWeprocessthem, WhoWedisclosethemto, HowlongWeintendonkeepingthemfor(wherepossible), WhetherWetransferthemabroadandthesafeguardsWetake toprotectthem, WhatYourrightsare, HowYoucanmakeacomplaint, WhereWegotYourPersonalDatafrom
Uponrequest,Weshall(withoutadverselyaffectingtherightsand freedomsofothersincludingOurown)provideYouwithacopyofthe PersonalDataundergoingprocessingwithinonemonthofreceiptof therequest,whichperiodmaybeextendedbytwomonthswhere necessary,takingintoaccountthecomplexityandnumberofthe requests.WeshallinformYouofanysuchextensionwithinonemonth ofreceiptoftherequest,togetherwiththereasonsforthedelay.
YourRightofRectification
YouhavetherighttoaskUstorectifyinaccuratePersonalDataand tocompleteincompletePersonalDataconcerningYou.Wemay seektoverifytheaccuracyofthedatabeforerectifyingit.
YourRighttoErasure
AlsoknownasTheRighttobeForgotten
YouhavetherighttoaskUstodeleteYourPersonalDataandWe shallcomplywithoutunduedelaybutonlywhere:
ThePersonalDataarenolongernecessaryforthepurposesfor whichtheywerecollected;or
YouhavewithdrawnYourconsent(inthoseinstanceswhereWe processonthebasisofYourconsent)andWehavenoother legalgroundtoprocessYourPersonalData;or YoushallhavesuccessfullyexercisedYourrighttoobject(as explainedbelow);or YourPersonalDatashallhavebeenprocessedunlawfully;or ThereexistsalegalobligationtowhichWearesubject;or Specialcircumstancesexistinconnectionwithcertainchildren’s rights.
Inanycase,WeshallnotbelegallyboundtocomplywithYour erasurerequestiftheprocessingofYourPersonalDataisnecessary: forcompliancewithalegalobligationtowhichWearesubject (includingbutnotlimitedtoOurdataretentionobligations);or fortheestablishment,exercise,ordefenseoflegalclaims.
ThereareotherlegalgroundsentitlingUstorefuseerasurerequests althoughthetwoinstancesabovearethemostlikelygroundsthat maybeinvokedbyUstodenysuchrequests.
YourRighttoDataRestriction
YouhavetherighttoaskUstorestrict(thatis,storebutnotfurther process)YourPersonalDatabutonlywhere:
TheaccuracyofYourPersonalDataiscontested(seetheright todatarectificationabove),foraperiodenablingUstoverifythe accuracyofthePersonalData;or
TheprocessingisunlawfulandYouopposetheerasureofYour PersonalData;or
WenolongerneedthePersonalDataforthepurposesforwhich theywerecollectedbutYouneedthePersonalDataforthe establishment,exerciseordefenceoflegalclaims;or YouexercisedYourrighttoobjectandverificationofOur legitimategroundstooverrideYourobjectionispending.
FollowingYourrequestforrestriction,exceptforstoringYour PersonalData,WemayonlyprocessYourPersonalData: WhereWehaveYourconsent;or Fortheestablishment,exerciseordefenceoflegalclaims;or Fortheprotectionoftherightsofanothernaturalorlegal person;or Forreasonsofimportantpublicinterest.
YourRighttoDataProbability
YouhavetherighttoaskUstoprovideYourPersonalData(thatYou shallhaveprovidedtoUs)toYouinastructured,commonlyused, machine-readableformat,or(wheretechnicallyfeasible)tohaveit 'ported'directlytoanotherdatacontroller,providedthisdoesnot adverselyaffecttherightsandfreedomsofothers.Thisrightshall onlyapplywhere:
TheprocessingisbasedonYourconsentorontheperformance ofacontractwithYou;and
Theprocessingiscarriedoutbyautomatedmeans.
YourRighttoWithdrawConsent
SeeOurSpecialNoteonConsentfordetailedinformationonthis right(whichYoumayexerciseatanytime). (whenwerelyonconsent)
YourRighttoobjecttocertain processing
InthosecaseswhereWeonlyprocessYourPersonalDatawhenthis is1.)necessaryfortheperformanceofataskcarriedoutinthe publicinterestor2.)whenprocessingisnecessaryforthepurposes ofthelegitimateinterestspursuedbyUsorbyathirdparty,You shallhavetherighttoobjecttoprocessingofYourPersonalDataby Us.Whereanobjectionisentered,theprocessingofdatashall cease,unlessWeasdatacontrollerprovidecompellingand legitimategroundsrequiringthecontinuationofthedata processingwhichoutweightheobjectionsYoumayhaveraised.
WhenYourdataisprocessedfordirectmarketingpurposes,You havetherighttoobjectatanytimetotheprocessingofYour PersonalData,whichincludesprofilingtotheextentthatitisrelated tosuchdirectmarketing.
Fortheavoidanceofalldoubt,whenWeprocessYourPersonalData whenthisisnecessaryfortheperformanceofacontract,when necessaryforcompliancewithalegalobligationtowhichWeare subjectorwhenprocessingisnecessarytoprotectYourvital interestsorthoseofanothernaturalperson,thisgeneralrightto objectshallnotsubsist.
YourRighttolodgeacomplaint
Youalsohavetherighttolodgecomplaintswiththeappropriate DataProtectionSupervisoryAuthority.Thecompetentauthorityin MaltaistheOfficeoftheInformationandDataProtection Commissioner(OIDPC).
WekindlyaskthatYoupleaseattempttoresolveanyissuesYou mayhavewithUsfirst(eventhough,asstatedabove,Youhavea righttocontactthecompetentauthorityatanytime).
Whatwemayrequirefromyou
AsoneofthesecuritymeasuresWeimplement,beforebeinginthe positiontohelpYouexerciseYourrightsasdescribedaboveWe mayneedtoverifyYouridentitytoensurethatWedonotdisclose toorshareanyPersonalDatawithanyunauthorisedindividuals.
Timelimitforaresponse
Wetrytoreplytoalllegitimaterequestswithinonemonthfrom receivingthem.Insomeparticularcases(forexample,ifthematter isparticularlycomplexorifYousendUsmultiplerequests),itmay takeUslongerthanamonth.Insuchcases,wewillnotifyYou accordinglyandkeepYouupdated.
TheCollegeDetails
StEdward’sCollegeaFoundationregisteredinMaltawith registrationnumber(LPS-210)andwhoseaddressisatTriqSan Dwardu,Birgu(CittaVittoriosa),Cottonera,Maltaisthedata controllerresponsibleforprocessingYourPersonalDatathattakes placeviatheSiteorinthemannerexplainedabove(orinthe condensedprivacypolicyornoticethatdirectedYouhere).
IfYouhaveanyquestions/commentsaboutprivacyorshouldYou wishtoexerciseanyofYourindividualrights,pleasecontactUsat: bursar@stedwards.edu.mtorbywritingtoTheHeadmaster,(atthe addressabove)byphoningUsusingtelephonenumber(+356) 27881199(duringnormalofficehours).
Updates
Wereservetheright,atOurcompletediscretion,tochange,modify, addand/orremoveportionsofthisPrivacyPolicyatanytime.IfYou areanexistingclientwithwhomWehaveacontractualrelationship YoushallbeinformedbyUsofanychangesmadetothisPrivacy Policy(aswellasothertermsandconditionsrelevanttotheSite). WeshallalsoarchiveandstorepreviousversionsofthePrivacy PolicyforYourreview.
AsaUseroftheSitewithwhichWehavenocontractualrelationship orevenalawfulwayoftracing,itisinYourinteresttoregularly checkforanyupdatestothisPrivacyPolicy(whichareusually deemedtobeeffectiveonthedatetheyarepublishedontheSite), intheeventthatOurattemptstonotifyYouofsuchupdatesdonot reachYou.