Montessori Institute Prague collects and uses personal information about visitors of our website, clients, staff, students, members and other individuals who come into contact with our organisation. MIP also takes documentary photographs during its events and trainings. The information is gathered in order to enable MIP to provide training, professional development, education, membership, services and other associated functions. In addition, there is a legal requirement to collect and use information to ensure that the organisation complies with its statutory obligations.
This policy applies to our websites, our use of emails and text messages for information, and any other methods that we use for collecting information. It covers what we collect and why, what we do with the information and what we won’t do with the information, and what rights you have.
Who are we?
We are Montessori Institute Prague s.r.o. (further only MIP). Our seat is Pod radnici 3, Praha 5. Our ID is 25434110. Our contact person is Executive Director Miroslava Vlckova: email@example.com. We are the owner of www.leadmontessori.com.
Anyone who works for, or acts on behalf of, MIP (including staff, volunteers, board members and service providers) should also be aware of and comply with MIP’s data protection policy for staff, which also provides further information about how personal data about those individuals will be used.
MIP’s Commitment to Privacy
MIP is committed to keeping the personal information that you share with us (on paper, over the telephone or via the internet) accurate, up to date and confidential.
Responsibility for Data Protection
Executive Director of MIP will is responsible for the oversight of data protection compliance. The Executive Director will deal with all your requests and enquiries concerning MIP’s uses of your personal data (see section on Your Rights below) and endeavour to ensure that all personal data is processed in compliance with this policy and the GDPR.
What Information Do We Collect?
We will only ever collect the information that we need, including data that will be useful to help us to improve our services. We collect two kinds of information:
- Personal information as detailed below. This information will be used for administration and for other normal purposes of a non-government organisation.
Personal Data Processed by MIP
Personal data processed by MIP includes contact details, and professional development, training and assessment results. MIP may also process sensitive personal data such as ethnic group or nationality.
How We Collect Personal Data
We will collect information about you at the time you apply for or purchase a membership, course, programme, event, service or product. From time to time we may request that you confirm and where necessary update the information that we hold. On occasion, we may request additional information if it is deemed necessary for administration or service provision.
Your personal data will usually be collected directly from you.
Purposes For Which Your Data May Be Processed
Your personal data (including sensitive personal data, where appropriate) is processed by MIP strictly in accordance with the GDPR in order to:
- support its students learning;
- monitor and report on their progress;
- support membership services;
- assess how well the MIP as a whole is doing;
- communicate with staff, members and students/trainees;
- for the purposes of management planning and forecasting, research and statistical analysis, including that imposed or provided for by law (such as tax, diversity or gender pay gap analysis);
- to enable relevant authorities to monitor MIP's performance and to intervene or assist with incidents as appropriate;
- to give and receive information and references about past, current and prospective staff;
- to give and receive information about past, current and prospective students/trainees;
- to give and receive information and references about past, current and prospective trainers;
- to monitor (as appropriate) use of MIP’s IT and communications systems in accordance with the MIP’s acceptable use policy;
- to make use of photographic images in publications, on the website and (where appropriate) on social media channels in accordance with the MIP’s policy on taking, storing and using images; and other reasonable purposes relating to the operation of MIP.
Unless you have requested otherwise, MIP may also use your contact details to send you promotional and marketing information by post, email and SMS about MIP and its activities. When you submit information via our website you will have the option to opt out of receiving marketing information. Should you subsequently decide that you would rather not receive such information then there is an “unsubscribe” option on all of our emails or you can contact firstname.lastname@example.org.
Third Parties with Whom We May Need to Share Your Personal Data
From time to time MIP may be required to pass your personal data (including sensitive personal data where appropriate) to third parties, including local and public authorities, and professional advisers, who will process the data:
- to comply with the law, for example to comply with a court order, or if requested by a government or local authority department which has the lawful authority to obtain the information;
- in response to a request from either the police or a local authority department in connection with our Child Protection obligations;
- to enable the relevant authorities to monitor MIP's performance;
- to compile statistical information (normally used on an anonymous basis);
- to secure funding for MIP (and where relevant, on behalf of individuals);
- to enable trainers and students/trainees to take part in assessments and to monitor progress and educational needs;
- to obtain appropriate professional advice and insurance for MIP;
- where a reference or other information is requested by another educational establishment or employer to whom they have applied;
- where otherwise required by law; and
- otherwise where reasonably necessary for the operation of the MIP.
Finally, in accordance with the GDPR, some of MIP’s processing activity is carried out on its behalf by third parties, such as IT systems, web developers or cloud storage providers, such as Smartselling, Facebook, Google, Fapi, Pragoecon- services we are not able to secure ourselves. This is always subject to contractual assurances that personal data will be kept securely and only in accordance with MIP’s specific directions.
Storing Your Information
Information is stored by us on servers located in Prague, Czech Republic. We may transfer the information to other reputable third-party organisations as explained above and they may store their information inside or outside the European Economic Area. We may also store information in paper files.
Unfortunately the transmission of information via the internet is not completely secure; any transmission is at your own risk. Once we have received your information we have in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. Whilst we cannot guarantee that loss, misuse or alteration of data will not occur whilst it is under our control, we make every effort to try to prevent this
Where a password is required to enable you to access parts of our website, it is your responsibility to keep this password confidential. Please do not share your password with anyone.
Retention of Data
MIP will retain personal data securely and only in line with how long it is necessary to keep for a legitimate and lawful reason.
If you have any specific queries about how our retention policy is applied or wish to request that personal data that you no longer believe to be relevant is considered for erasure, please contact the Executive Director at MIP. However, please bear in mind that MIP will often have lawful and necessary reasons to hold on to some personal data even following such request.
A limited and reasonable amount of information will be kept for archiving purposes, for example; and even where you have requested we no longer keep in touch with you, we will need to keep a record of the fact in order to fulfil your wishes (called a "suppression record").
When we no longer require information, we will always dispose of it securely, using specialist companies if necessary.
What MIP Won’t Do With Your Information
We will never sell or share your information with other organisations to use for their own purposes.
Individuals have various rights under the GDPR to access and understand personal data about them held by MIP, and in some cases ask for it to be erased or amended or have it transferred to others, or for MIP to stop processing it but subject to certain exemptions and limitations.
Any individual wishing to access or amend their personal data or wishing it to be transferred to another person or organisation, or who has some other objection to how their personal data is used, should put their request in writing to the Executive Director.
MIP will endeavour to respond to any such written requests as soon as is reasonably practicable and in any event within statutory time-limits (which is one month in the case of requests for access to information).
MIP will be better able to respond quickly to smaller, targeted requests for information. If the request for information is manifestly excessive or similar to previous requests, MIP may ask you to reconsider, or require a proportionate fee (but only where the GDPR allows it).
For more information about your rights, please see the EU GDPR portal.
You should be aware that the right of access is limited to your own personal data, and certain data is exempt from the right of access. This will include information which identifies other individuals, or information which is subject to legal privilege (for example legal advice given to or sought by MIP, or documents prepared in connection with a legal action).
MIP is also not required to disclose any student scripts, provide or other test marks ahead of any ordinary publication, nor share any confidential reference given by MIP itself for the purposes of the education, training or employment of any individual.
You may have heard of the "right to be forgotten". However, we will sometimes have compelling reasons to refuse specific requests to amend, delete or stop processing your personal data: for example, a legal requirement, or where it falls within a legitimate interest identified in this Privacy . All such requests will be considered on their own merits.
Where MIP is relying on consent as a means to process personal data, any person may withdraw this consent at any time. Examples where we do rely on consent are certain types of uses of images and certain types of marketing activity. Please be aware however that MIP may not be relying on consent but have another lawful reason to process the personal data in question even without your consent.
Data Accuracy and Security
MIP will endeavour to ensure that all personal data held in relation to an individual is as up to date and accurate as possible. Individuals must please notify the Executive Director of any significant changes to important information, such as contact details, held about them.
An individual has the right to request that any out-of-date, irrelevant or inaccurate or information about them is erased or corrected (subject to certain exemptions and limitations under the GDPR): please see above for details of why MIP may need to process your data, of who you may contact if you disagree.
MIP will take appropriate technical and organisational steps to ensure the security of personal data about individuals, including policies around use of technology and devices, and access to systems. All staff, volunteers and board members will be made aware of this policy and their duties under the GDPR and receive relevant training.
If you have any queries about this Policy or how personal data is processed by MIP, please contact the Executive Director. Please put GDPR in the subject heading.
If an individual believes that MIP has not complied with this policy or acted otherwise than in accordance with the GDPR, they should utilise the complaints procedure and should also notify the Executive Director.