The Data Controller of your personal data, meaning who ultimately decides how and for what purposes your data is processed, is the American School of Milan, with offices in Via K. Marx, 14, Noverasco di Opera (MI), (henceforth "ASM", "we", "us"). In order to get in touch with us on this matter, you can write to our offices or send an email to email@example.com If you want to contact our Data Protection Officer ("DPO"), please send an email to firstname.lastname@example.org or issue your request to our offices.
Information on processing of personal data
When you visit, consult or use our website, when you ask for assistance or support, fill the forms available on the website, we may process the following data relating to persons who have been or can be identified. We need your data in order to permit you to surf our website safely, to receive assistance and to manage your specific requests. We mainly process your data through our analysis and storage systems that are protected by technical and organizational security measures. Your data is stored for the period required for the purposes indicated below; after this period we proceed to delete your data.
We can process your data by manual and automated means, adopting security measures that prevent the loss, unauthorized access and illicit use of your information. In order to guarantee the functionalities of the website and provide you with the best surfing experience we need to disclose your data with third parties such as companies supporting us with the website and other related services. If you want to know more about our suppliers acting as data processor, you can write an email to email@example.com. Our personnel involved in the processing of your data has been informed and instructed on how to carry out the processing activities.
Your data is mainly stored in Italy or in the European Union, but some data can be processed and managed by third parties services suppliers that are based in countries outside the EEA. In this case we implement the mechanisms provided by the GDPR (for example the implementation of standard contractual clauses approved by the European Commission according to GDPR) in order to ensure that your data is processed according to European data protection legislation standards.
Personal data collected and purposes of the processing
In order to fulfill your requests for admissions, we can ask you to fill the form available on our website with your child/children' age, your availability to meet us, the way you heard about us, study you or your children are interested in and other information provided in your message. We collect this data when you ask for information, in the event that you need to manage a meeting with us and come to visit us.
Some of this information is also required if you wish to to take part into our alumni organization. In case you would like to receive ASM email communications and keep in touch with the school via social media, you you are asked to complete a form with your first and last name, maiden name if applicable, date of birth, current address, physical and email, mobile contact, ASM graduation year or last year of attendance, university degree/s. In case of an alumni feature on our website, we can ask you to fill the form with your first and last name, year of graduation, current address, university attendance, email contact and information about how ASM made an impact on your life.
In case you wish to support ASM with a donation, you will be asked to complete a form requesting first and last name, date of birth and birth country, residence, tax code, donation amount, whether or not you have the legal capacity to donate, whether or not the donation is of modest value, whether or not you confirm your having read ASM’s fundraising and gift acceptance policy, whether or not the donation is to be made in the form of a public deed, how you wish to be recognized for your gift and the related recognition information (name, email, address, city, zip code, country) or whether or not you wish to remain anonymous.
Data contained in fields marked with an asterisk is mandatory and in its absence it won't be possible to proceed to your request. Without providing your mandatory data we can't answer your questions and provide you with the required services. In this case you can still surf our website.
Please also note that when you use our website we can also collect your IP address and other browsing data. Your browsing data is required to supply you with the tools required to visit the website and access the operations available on it.
We remind you that the processing of your data is necessary to fulfill your request for information, support and assistance in relation to our services. For this reason your consent is not required in order to process your data.
Use of Personal Information
We do not collect any personal information unless you voluntarily provide it by sending us e-mail, participating in a survey, or completing an on-line form. Personal information submitted will not be transferred to any non-affiliated third parties unless otherwise stated at the time of collection. When a user submits personally identifiable information it is used only for the purpose stated at the time of collection.
Where consent for the use and disclosure of personal information is required, the school will seek consent from the appropriate person. In the case of a student’s personal information, the school will seek the consent from the student and/ or parent depending on the circumstances and the student’s mental ability and maturity to understand the consequences of the proposed use and disclosure.
A cookie is a small text file stored by your browser that allows the website to “remember” your preferences (such as calendar settings and site bookmarks) on the site from visit to visit, or to maintain your “logged in” status when visiting protected areas. Usage of a cookie is in no way linked to any personally identifiable information while on our site. Web browsers have settings allowing you to reject cookies, or selectively accept cookies, or delete cookies previously accepted. Please be aware that rejecting or deleting cookies from our website may make certain functions unavailable to you.
Like most standard website servers we use website statistic packages such as Google Analytics to analyze trends in how our website is accessed and utilized. Information monitored includes internet protocol (IP) addresses, geographic location of visitors (country, city), browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, time spent on pages, and keywords used to find our site via search engines. This information is anonymous and cannot be directly linked to individual users. We may use it to identify high-use or low-use areas of the site, pinpoint problem areas of the site, analyze broad demographic trends in our visitors, and make decisions about how to make it easier for people to find and navigate our website.
This website may contain links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every Web site that collects personally identifiable information. This privacy statement applies solely to information collected by this website.
This website takes every precaution to protect our users' personal information. Whenever users submit personal information (such as contact info or credit card info) via online forms, registration, or online purchase, upon submission that information is encrypted via the highest level of SSL (Secured Sockets Layer) available. Servers that store personally identifiable information are in a secure environment. Under no circumstances are credit card numbers permanently stored on our website servers.
Posts to discussion forums, discussion boards, comments to blogs are viewable by other users. When these areas are not in a password protected area, they may be viewable by the general public. Please be aware of this when posting personal information in these areas.
Method and location of the processing
Processing connected with the services offered on our website can takes place at ASM offices in Italy and at our data processors' offices. For example, when data is processed by Finalsite covered by the Privacy Shield. In this case we implement the mechanisms provided by the GDPR in order to ensure that your data is processed according to European data protection legislation standards.
We remind you also that your data is stored for the period strictly required to achieve the objectives for which data was collected or for the maximum statutory period.
We recognize the need to provide further privacy protection with respect to personal information we may collect about children through the forms available on our website.
Rights of Data Subjects
According to data protection law, you can control how your data is processed, you can limit its use, if any. You can exercise your rights at any time and free by writing us as indicated below. We'll do everything in our capability to facilitate the exercise of your rights. In accordance with articles 15-21 of the GDPR, you have the right to:
- receive confirmation of the existence of your personal data, access your data and obtain a copy (access right);
- update, modify and / or correct your personal data (right of rectification);
- request the deletion or limitation of the processing of data in the cases envisaged by GDPR, including where data has been processed in violation of the law or if storage is not necessary in relation to the purposes for which data was collected or otherwise processed (right to deletion and right to limitation);
- withdraw your consent, where given, at any time and without prejudice to the lawfulness of the processing based on the consent given prior to the withdrawal (right of withdrawal of consent);
- within the limits of the provisions of GDPR, receive a copy of data provided by you in a structured, commonly used and readable by automatic devices and, where possible, ask for the transmission of such data to another data controller (if technically feasible) (right to data portability);
- you also have the right to object the processing of your data in the cases in which it is provided for by GDPR (right of object).
We inform you that requests for deletion of data are subject to current legal requirements to retain documents imposed on us by laws or regulations, if applicable.
Our Data Protection Officer is available to manage your data protection and privacy related requests. You can exercise rights at any time contacting sending an email to firstname.lastname@example.org or by post-write to our offices. When contacting us, please make sure that you include your name, email address, postal address and / or telephone number (s) to make sure we can handle your request correctly.
If you believe that your personal data aren't processed in accordance with the law or there are complaints about their use, you can lodge a complaint with the supervisory authority of the member state where you live, work, or where you think the alleged violation has occurred.