top of page

Privacy Policy

PRIVACY AND DATA COLLECTION POLICY

Barcelona High School

Last Updated: November 5, 2024

 

1. Introduction

Barcelona High School (“we,” “our,” or “the school”) respects your privacy and is committed to protecting the personal data of our students, parents, staff, and other individuals associated with the school. This policy outlines how we collect, use, disclose, and safeguard personal data in compliance with the EU General Data Protection Regulation (GDPR). We encourage you to read our Privacy Policy in full. We remain dedicated to protecting you, your data, and your experience at Barcelona High School.

2. Data Controller

Barcelona High School, located at C/ Sant Agustí 3, 08012 Barcelona, is the Data Controller responsible for the processing of personal data collected through our operations and communication channels. For questions about this policy, please contact our Data Protection Officer (DPO) at ciaran@barcelonahighschool.com.

 

3. Types of Personal Data Collected

We may collect and process the following types of personal data, depending on our relationship with you:

 

  • Students: Name, date of birth, address, parent/guardian details, academic records, health information (for safety purposes), and emergency contact information.

  • Parents/Guardians: Contact information, identification documents (if required), relationship to student, and payment information.

  • Staff Members: Employment history, qualifications, performance data, health information, and banking information for payroll purposes.

  • Visitors and Volunteers: Name, contact details, and identification documents (if applicable).

 

4. Legal Basis for Processing

The school processes personal data under one or more of the following lawful bases as outlined in GDPR:

 

  • Consent: Where required, we obtain explicit consent from individuals or, for minors, from their legal guardians.

  • Contractual Necessity: Processing is necessary for the performance of a contract with our employees or service providers.

  • Legal Obligation: Compliance with legal requirements such as health and safety or employment laws.

  • Legitimate Interests: The school may process data to manage its educational and operational activities where it does not outweigh the rights and freedoms of the individual.

 

5. Purposes of Data Collection

We use personal data for purposes directly related to the educational and operational functions of the school, including:

 

  • Academic management, including admissions, teaching, assessment, and student support.

  • Safety and welfare, including health records and emergency contact information.

  • Communication with parents, guardians, and students.

  • Payroll and employment administration for staff.

  • Compliance with regulatory and legal obligations.

 

6. Data Sharing

We may share personal data with third parties only where necessary to fulfill a legitimate purpose, including:

 

  • Service Providers: External companies that assist with payroll, IT services, student assessment, or similar services.

  • Regulatory Authorities: To comply with legal requirements, we may share data with government or educational regulatory bodies.

  • Emergency Services: Health and safety data may be shared in emergencies or as required by law.

  • All third parties that process personal data on our behalf are required to maintain the confidentiality and security of the data and to comply with GDPR requirements.

 

7. Data Retention

Personal data is retained only as long as necessary for the purposes stated, unless required by law for a longer period.

 

  • Student Records: Maintained for the duration of enrollment and for a limited period afterward, in line with educational regulations.

  • Staff Records: Retained during employment and for a period afterward to comply with tax, contractual, and legal obligations.

  • Visitor Information: Retained temporarily, unless required for safeguarding purposes.

 

8. Data Security

Barcelona High School takes the security of personal data seriously. We implement technical and organizational measures to protect data from unauthorized access, alteration, and loss. Access to data is restricted to authorized personnel, and data is stored on secure servers with regular security assessments.

 

9. Data Subject Rights

Under GDPR, individuals have the following rights concerning their personal data:

 

  • Right to Access: Individuals may request access to their data.

  • Right to Rectification: Individuals can request corrections to inaccurate data.

  • Right to Erasure: Individuals can request deletion of data where no longer necessary.

  • Right to Restrict Processing: Individuals may request limitations on how their data is processed.

  • Right to Data Portability: Upon request, individuals can receive a copy of their data in a structured format.

  • Right to Object: Individuals may object to data processing based on legitimate interests.

  • To exercise any of these rights, please contact our DPO at ciaran@barcelonahighschool.com

 

10. Consent Withdrawal

Where processing is based on consent, individuals have the right to withdraw consent at any time. Withdrawal does not affect the legality of prior processing based on consent.

 

11. Changes to this Policy

This policy may be updated periodically to reflect changes in legal requirements or school practices. The most current version will be available on the school’s website and upon request.

 

12. Contact Information

For questions or concerns regarding this policy and practices, please contact:

 

Data Protection Officer

Ciarán O’Mahony 

Barcelona High School

C/ Sant Agustí 3, O8012 Barcelona

Email: ciaran@barcelonahighschool.com​​

FAQ: FAQ
bottom of page