The new ASP Data Protection Policy, that takes into account the GDPR can be read in below.
The www.asparis.org is defined as publicly accessible and password/login protected pages hosted under the domain asparis.org. ASP is not responsible for the privacy practices of external sites linked from or referenced by asparis.org. This policy applies solely to information collected by this website.
ASP will not collect any personally identifiable information about you, such as name, address, telephone number, or e-mail address ("personal data") through this site unless you have provided it voluntarily. If you do not want your personal data collected, do not submit it. When you do provide personal data, that information may be used in the following ways, unless stated otherwise:
- to fulfill a request you have made
- to update your school maintained record
- to contact you
The school will not sell, rent, or market personal data about you to third parties.
Additional Information Collected Automatically
In some cases, this website may automatically (i.e., not via registration) collect information about you that is not personally identifiable. Examples of this type of information include the type of Internet browser you are using, the type of computer operating system you are using, the IP address of your computer, and the domain name of the website from which you linked to this site. This information is used solely to provide the school with overall statistics on website usage, and to evaluate generalized user demographics to help us make our site more useful to visitors.
Online Profile Updates
If you complete a profile update form and share your personally identifiable information, this data will be used only to fulfill your request, provide you with further information about our school or to contact you when necessary. For Alumni Finder, please refer to our Alumni webpage for specific information about privacy settings for this feature.
You may always opt-out of receiving future mailings. Although you cannot remove yourself from our database, you can prevent unwanted communication.
Information Placed Automatically on Your Computer - Cookies
When you view this website, some information may be stored on your computer. This information will be in the form of a "cookie" or similar file and will allow the website to tailor the experience to your interests and preferences. With most Internet browsers, cookies can be blocked or erased after visiting a website. Some aspects of this website may not function properly if your browser is set to block cookies.
Use of Text and Images
If you would like to publish information that you find on our website, please send your request to firstname.lastname@example.org. Downloading any photos of students or community members from our website is not authorized. Where text or images are posted on our site with the permission of the original copyright holder, a copyright statement appears at the bottom of the page. Information about using our logo and image is available in the Media Gallery.
ASP takes every precaution to protect users' information. When users submit sensitive information via this website, it is encrypted and remains secure during all stages of transmission. The School complies with all French legislation requiring safeguards on specific types of information.
ASP Data Protection Policy
The American School of Paris (ASP) requires certain personal data – including some that is sensitive – about its past and present employees, students, parents, legal guardians, alumni, and other community members, in order to function well as an international school, and as an employer in France.
This policy is intended to ensure that ASP protects all personal data in accordance with the EU General Data Protection Regulation (EU–GDPR), and other related legislation. It applies to data regardless of the way it is collected, used, recorded and shared, and irrespective of whether it is held in paper files or electronically.
This policy applies to all employees, trustees, volunteers, and others working on behalf of ASP (‘members of ASP’s working community’). All members of ASP’s working community involved with the collection, processing and disclosure of personal data should be aware of their duties and responsibilities and adhere to these guidelines.
Individuals at the American School of Paris may have access to a wide range of personal and sensitive data regarding other individuals, depending on their role in the School.
Personal data means any information about, or that may be used to identify, a living person. ASP recognizes that any such data belongs to that individual (‘data subject’), and NOT to ASP or any other person or organization with whom we may share it. The data subject must be provided with complete information concerning the use of their data, and have ultimate control over its use.
Personal data includes, but is not limited to:
- information about members of the school community, such as their name, address, email address, phone numbers, health records and disciplinary records;
- curricular or academic data such as attendance records, grades, comments on progress and achievement, reports and recommendations;
- professional records such as employment history, taxation and social insurance records, confidential employee files and references;
- data held as photographs, video clips (including CCTV footage) or as sound recordings;
- any expression of opinion about an individual kept in a school file or system, or any indication of the school’s or someone else’s intentions towards an individual;
- any other information that might be disclosed by parents, or by other individuals or agencies working with families or employees.
Under the EU-GDPR, special categories of personal data (‘sensitive data’) require additional protection: information that concerns or reveals a person’s political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, state of health, and sex life or sexual orientation. Data concerning children under the age of 15 is also subject to special protections.
Data Protection Principles
The EU–GDPR establishes six principles to which ASP is held accountable whenever it handles personal data. Personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to the data subject;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
The ASP Board of Trustees is ultimately responsible for ensuring that the necessary systems, policies and procedures are in place to ensure that all personal data is appropriately protected, and that all employee, trustees, volunteers, and others working on behalf of the American School of Paris who process or use personal data follow these principles at all times. To that end, ASP has developed this Data Protection Policy.
This policy does not form part of any employee’s contract, although it forms part of the policies accepted as a condition of employment and may be amended at any time. Any breach of this policy by employees may result in disciplinary action.
In order to protect personal data from loss, theft and unauthorized access or disclosure, ASP will deploy necessary physical and technological security systems.
These systems and backup systems will be fully documented, regularly tested, and periodically audited.
All individuals who use technology provided by ASP will be required to comply fully with the respective protocols and procedures.
This policy will be reviewed as it is deemed appropriate, but no less frequently than annually by the Board of Trustees or a nominated representative.