Date Privacy

1. The name and contact details of the controller responsible for processing, as well as the company data protection officer
 
This data protection statement applies to data processing by the:
Controller: International School Augsburg -ISA- gemeinnützige AG
Wernher-Von-Braun-Str.1a
D-86368 Gersthofen
Management Board: Cathie Mullen, Marcus Wagner
Tel: +49 821 - 45 55 60 0
 
The external data protection officer is Stefan Haugg
Email: sh@smischek.de, Tel: +49 821 – 570 877 92
 
2. Collection and storage of personal data, and nature and purpose of its use
 
a) When visiting the website
 
When you open our website, isa-augsburg.com, the browser you use on your end device automatically transmits information to our website’s server. This information is stored temporarily in what is known as a log file. The following information is collected without any action on your part, and stored until it is automatically deleted:
 
  • IP address 
  • The date and time of the request 
  • The time difference in relation to Greenwich Mean Time (GMT) 
  • The content of the request (specific page) 
  • The access status/HTTP status code 
  • The volume of data transferred in each case 
  • The website from which the request is received 
  • Browser type and version 
  • The operating system and its interface
  • The language and version of the browser software
  • Name of the accessed website
  • Notification if request was successful
 
We process this data for the following purposes:
 
  • To make sure that a seamless connection to the website can be established
  • To ensure convenient use of our website
  • To evaluate system security and stability and
  • for other administrative purposes.
 
The legal basis for data processing is point (f) of the first sentence of Article 6(1) GDPR. Our legitimate interest arises from the purposes for data collection outlined above. Under no circumstances will we use the data collected for the purposes of drawing conclusions about you.
 
We also use cookies and analysis services during visits to our website. More information can be found under sections 5 and 6 of this data protection statement.
 
b) When registering for our newsletter​
If you have explicitly consented for us to do so in accordance with point (a) of the first sentence of Article 6(1) GDPR, we will use your email address to regularly send you our newsletter. Providing us with an email address is sufficient for receiving the newsletter.
 
You can unsubscribe at any time, for example by using the link provided at the end of each newsletter. Alternatively, you are also welcome to email an unsubscribe request to info@isa-augsburg.com at any time.
 
c) When using our contact forms​
For enquiries of any kind, you can contact us through a number of forms provided on the website. If you use this option, please provide a valid email address and your name, so that we know who has sent the enquiry and so that we can reply. Other information can be provided on a voluntary basis.
 
Data provided for the purpose of contacting us is processed in accordance with point (a) of the first sentence of Article 6(1) GDPR on the basis of your voluntary consent.
 
The personal data we collect for use of the contact form is erased after completion of the enquiry you have submitted.
 
d) Registration process for new students, registration for information events or school tours​
The full admissions process for new students can be launched from our home page. For our general school administration, we use carefully vetted and selected service providers who are experienced and certified specifically to handle the sensitive personal data of children.
 
The registration process is handled through the OpenApply service of the Faria Education Group. More information is available at  https://www.openapply.com/secure/ 
 
Any subsequent administration up to the end of a child’s schooling is handled by managebac, another Faria Education Group service. More information is available at https://www.managebac.com/terms/terms-of-service/. 
 
The Faria Education Group is certified according to DIN ISO 27001 and the Privacy Shield framework between the USA and the EU  https://www.privacyshield.gov/
 
The legal basis for data processing and storage is point (a) of the first sentence of Article 6(1) GDPR, your explicit consent and, on conclusion of a contract, point (b) of the first sentence of Article 6(1) GDPR
 
3. Disclosure of data​
Your personal data shall not be transferred to third parties for purposes other than those listed below.
We shall only disclose your personal data to third parties, if:
 
  • You have given your explicit consent for us to do so in accordance with point (a) of the first sentence of Article 6(1) GDPR
  • Disclosure is required for the establishment, exercise or defence of legal claims in accordance with point (f) of the first sentence of Article 6(1) GDPR, and there are no grounds to assume that you have an overriding compelling interest in the non-disclosure of your data
  • A legal obligation to disclose the data exists in accordance with point (c) of the first sentence of Article 6(1) GDPR, or
  • it is lawful, and required for performance of the contract we have concluded with you, in accordance with point (b) of the first sentence of Article 6(1) GDPR.
 
We use other online services in school life. The services are operated with pseudonymous student user profiles to ensure that the providers cannot attribute data to a natural person. Although we cannot monitor and check every process and action performed by our students on the internet, our main objective is the protection of our students’ privacy.
 
4. Speculative applications​
You are welcome to send us speculative applications. Please ensure that your preferred transmission method provides adequate security. Sending an email without suitable encryption methods is not recommended, as this means that your data can also be easily read and exploited by unauthorised persons in the communication channel. If you want to send us an encrypted email with application documents, please always use the email address jobs@isa-augsburg.com.
 
5. Cookies
Our site uses cookies. These are small files which are automatically created by your browser, and which are stored on your end device (laptop, tablet, smartphone etc.) when you visit our site. Cookies do not cause any damage to your end device, and do not contain viruses, Trojans or other malware.
 
The cookie stores information relating to the specific end device used. This does not mean however that you can be directly identified as a result.
 
Cookies are used primarily to make our website more user-friendly. This is why we use “session cookies” to detect that you have already visited certain pages on our website. These are automatically deleted after you leave our website.
 
We also use temporary cookies to optimise user-friendliness. These are stored on your end device for a specific period. When you visit our website again to avail yourself of our services, we automatically see that you have visited us previously, and which input and settings you have made so that you do not have to repeat them.
 
We also use cookies to collect statistical data on the use of our website, and to analyse it for the purpose of optimising our website to meet your needs (see section 6). These cookies enable us to automatically see that you have already visited our website when you visit it again. These cookies are automatically deleted after a defined period.
 
The data processed by cookies is required for the purpose of protecting our legitimate interests, as well as those of third parties in accordance with point (f) of the first sentence of Article 6(1) GDPR.
 
Most browsers automatically accept cookies. You can configure your browser so that no cookies are stored on your computer, or to always ask before a new cookie is created. Disabling all cookies may however mean that you are unable to use all the functions of this website.
 
6. Social media plug-ins
Our website uses social plugins for Facebook, Twitter and Instagram on the basis of point (f) of the first sentence of Article 6(1) GDPR, in order to publicise our company through these channels. The marketing purpose behind this should be seen as a legitimate interest pursuant to GDPR. Responsibility for ensuring compliance with data protection provisions lies with the respective provider. We embed these plugins using the double-click method, which provides the best possible protection for visitors to our website.
 
a) Facebook
Our website uses Facebook social media plugins to personalise its use. We use the “LIKE” or “SHARE” button for this purpose. This is a Facebook service.
If you access a page on our website that contains a plugin of this type, your browser connects directly to the Facebook servers. Facebook transfers the content of the plugin directly to your browser, and that content is integrated into the website by the browser.
 
Through this integration, Facebook receives information that your browser has accessed the corresponding page on a website, even if you do not have a Facebook account or you are not currently logged in to Facebook. This information (including your IP address) is transferred by your browser directly to a Facebook server in the USA, and stored there.
 
If you are logged in to Facebook, Facebook can match your visit to our website directly to your Facebook account. If you interact with the plugins, for example using the “LIKE” or “SHARE” button, this information is also transferred directly to a server operated by Facebook and stored there. The information is also published on Facebook and shown to your Facebook friends.
 
Facebook can use this information for advertising purposes, market research, and needs-oriented design of Facebook pages. To this end, Facebook creates usage, interest and relationship profiles, e.g. in order to analyse your use of our website with regard to the advertising shown to you on Facebook, to inform our Facebook users of your activity on our website, and to provide other services relating to the use of Facebook.
 
If you do not want Facebook to attribute the data gathered via our website to your Facebook account, you must log out of Facebook before visiting our website.
 
The purpose and scope of data collection, and the further processing and use of the data by Facebook, as well as your associated rights and settings options for the protection of your privacy, can be found in the Facebook Data Policy:https://www.facebook.com/about/privacy/.
 
b) Twitter
Plugins for the Twitter Inc. (Twitter) news and social networking site are integrated into our website.Twitter plugins (Tweet button) can be identified by the Twitter logo on our website. An overview of Tweet buttons is available here: https://about.twitter.com/resources/buttons.
 
If you access a page on our website that contains a plugin of this type, your browser connects directly to the Twitter server. Twitter therefore receives the information that you have already visited our website from your IP address. If you click on the Twitter “Tweet” button while you are logged in to your Twitter account, you can link the content of our website to your Twitter profile. Twitter can therefore match the visit to our site to your user account. Please note that as the website provider, we have no knowledge of the content of the transferred data and its use by Twitter.
 
If you do not want Twitter to match your visit to our website, please log out of your Twitter user account.
 
Additional information is available in the Twitter Privacy Policy: https://twitter.com/privacy.
 
 
7. YouTube video embedding
We have embedded YouTube videos on our website, which are stored on http://www.YouTube.com and can be played directly from our website. [These are all embedded in “extended data protection mode”, i.e. no data relating to you as a user will be transferred to YouTube if you do not play the videos. The data mentioned in paragraph 2 will only be transferred if you play the videos. We have no control over this data transfer.]
 
By visiting the website, YouTube is informed that you have opened the respective page on our website. The data mentioned in section 2 a of this statement is also transferred. This is done regardless of whether YouTube has provided a user account which you have used to sign in, or if no user account exists. If you are signed in to Google, your data will be directly matched to your account. If do not want data to be matched to your YouTube account, you must sign out before clicking the button. YouTube stores your data as usage profiles, and uses it for advertising and market research purposes, and/or designing its website to meet users’ needs. This type of analysis is conducted mainly (even for users who are not signed in) to provide needs-oriented advertising, and to inform other social network users of your activity on our website. You have the right to object to the creation of this user profile, and must inform YouTube of your wish to exercise this right.
 
More information on the purpose and scope of data collection and its processing by YouTube is available in the Privacy Policy. This also includes further information on your rights and settings options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and is subject to the EU-U.S. Privacy Shield https://www.privacyshield.gov/EU-US-Framework. 
 
8. Google Maps embedding
This website uses Google Maps. It allows us to display interactive maps directly on the website, and provides you with a convenient map function.
 
By visiting the website, Google is informed that you have opened the respective page on our website. The data mentioned in section 3 of this statement is also transferred. This is done regardless of whether Google has provided a user account which you have used to sign in, or if no user account exists. If you are signed in to Google, your data will be directly matched to your account. If do not want data to be matched to your Google account, you must sign out before clicking the button. Google stores your data as usage profiles, and uses it for advertising and market research purposes, and/or for designing its website to meet users’ needs. This type of analysis is conducted mainly (even for users who are not signed in) to provide needs-oriented advertising, and to inform other social network users of your activity on our website. You have the right to object to the creation of this user profile, and must inform Google if you wish to exercise this right.
 
More information on the purpose and scope of data collection and processing thereof by the plugin provider is available in the provider’s privacy policies. This also includes further information on your rights and settings options to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and is subject to the EU-U.S. Privacy Shield https://www.privacyshield.gov/EU-US-Framework.
 
9. Data subject right
You have the right:
 
  • pursuant to Article 15 GDPR to request information about your personal data that we process. In particular, you may request information about the purposes of processing, category of personal data, categories of recipients to whom your data has been or will be disclosed, the planned duration of storage, the existence of a right to rectification, erasure, restriction of processing or objection, the right to lodge a complaint, the origin of your data if we have not collected it, and about the existence of automated decision-making including profiling, and where applicable, meaningful information about the details thereof;
  • pursuant to Article 16 GDPR, to immediately request the rectification of inaccurate or incomplete personal data relating to you stored by us;
  • pursuant to Article 17 GDPR, to request the erasure of personal data relating to you stored by us, unless processing is required for the exercising of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of the public interest, or for the establishment, exercise, or defence of legal claims;
  • pursuant to Article 18 GDPR, to request the restriction of processing of your personal data in the event that you dispute the accuracy of the data; processing is unlawful but you decline its erasure and we no longer need the data but you require it for the establishment, exercise, or defence of legal claims; or you have submitted an objection to processing pursuant to Article 21 GDPR;
  • pursuant to Article 20 GDPR, to receive the personal data relating to you that you have provided to us in a structured, established, and machine-readable format, or to request the transfer of the same to another controller;
  • pursuant to Article 7(3) GDPR, to at any time revoke any consent you have provided to us. This will result in us no longer being permitted to continue the data processing that this consent relates to in the future, and
  • pursuant to Article 77 GDPR, to lodge a complaint to a supervisory authority. Generally, you can contact the supervisory authority for your usual place of residence or place of work, or our registered headquarters for this purpose.
 
10. Right to object​
If your personal data is processed based on legitimate interests pursuant to point (f) of the first sentence of Article 6(1) GDPR, you have the right to submit an objection to the processing of your personal data pursuant to Article 21 GDPR, provided that there are reasons to do so arising from your particular situation, or if the objection relates to direct advertising. In the latter case, you have a general right to object which we will implement without requiring a particular situation to be stated.
 
If you would like to exercise your right to revoke consent or to object, it is sufficient to send an email to info@isa-augsburg.com to do so.
 
11. Data security
During your visit to our website, we use the popular SSL (Secure Socket Layer) process in conjunction with the highest level of encryption supported by your browser. This is generally 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can verify that information is being transmitted in encrypted format on the individual pages of our website by checking for the closed padlock icon in the bottom status bar of your browser.
 
We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or full loss, destruction or unauthorised access by third parties. Our security measures are continually being improved in line with technological developments.
 
12. Validity and amendment of this data protection statement​
This data protection statement is currently valid as of May 2018.
 
This data protection statement may require amendment following the development of our website and products offered through this website, or due to changes in legal or statutory requirements.