Skip To Main Content

Privacy Policy

Effective date: [October 8, 2019]

About Our Privacy Policy

Concordia International School Shanghai (“we”, “us” or “Concordia”) takes your privacy seriously. We have created this privacy policy (the “Privacy Policy”) so you can understand how we collect, process, use, store, share, transfer and otherwise disclose any Personal Data (see definition below).

This Privacy Policy is applicable to the official website of Concordia (www.concordiashanghai.org), and other websites, apps, programs, software service and other information services (“Services”) owned or operated by us, but excluding any websites, apps, programs, software and other information services owned or operated by third parties, despite that Concordia may have introduced any such third party services to you.  Please read carefully and understand this Privacy Policy before you start to use our services. By clicking the button “I have read and agree to the Privacy Policy” and/or using the Services, such as filling in online forms and providing application information, you indicate that you fully understand and agree to the terms of this Privacy Policy and agree to authorize us to collect, process, use, store, share, transfer and otherwise disclose Personal Data that you provide to us within the scope of this Privacy Policy.  The Services we provide may ask to collect children’s Personal Data, please read carefully the Children section below regarding specific terms for children’s information.  Please discontinue use of the Services and do not submit any Personal Data if you do not agree to any terms contained in this Privacy Policy. 

Please make sure that you have the authority and full legal capacity for civil conduct to use the Services, to submit Personal Data as requested, and to authorize us to collect, process, use, store, share, transfer or otherwise disclose the Personal Data within the scope as described in this Privacy Policy.  Please discontinue the use of the Services if you do not have such authority or full legal capacity for civil conduct.

PLEASE NOTE that there may be changes to this Privacy Policy from time to time, which will be posted on the website, in the apps, programs or other Services.  We will remind you of such changes through announcements or by other reasonable means before such changes take effect.  The revised Privacy Policy will replace the prior version of the Privacy Policy and will be legally effective on the date specified in the revised Privacy Policy.  If you do not agree to any of the revised terms, please discontinue the use of the Services before the revised Privacy Policy takes effect.

Personal Data Protection

“Personal Data” means information that can be used to identify you or your child, either separately or in conjunction with other information.  This may include name, date of birth, contact information and other information required for admissions purposes such as nationality, address, ID, visa, residency, language, education, medical, personal interests, dietary needs, learning and pastoral needs, preferences and accomplishments.

Personal Data includes “Personal Sensitive Information”, which means personal information that if it is leaked, illegally provided or abused, may endanger physical or property safety, and can easily lead to damage to personal reputation, physical health, mental health or lead to discrimination.  Personal Sensitive Data includes but is not limited to a government issued identification number, personal biometric information, bank account number, communication records and content, property information, credit information, whereabouts, accommodation information, health and physiological information, transaction information, and personal information of children under 14 years old.

All Personal Data is treated in strict confidence and is processed in accordance with applicable laws and regulations.

We will provide corresponding security measures according to existing technology to protect Personal Data and provide a reasonable assurance of security.  We will endeavor to protect Personal Data from unauthorized access, disclosure, use, destruction, loss or divulgence.  However, despite these security measures, please understand that the use of computer networks has inherent risks and there is no absolute guarantee of security on the Internet.  In the event of a security incident we will initiate an emergency plan to prevent the expansion of the incident and inform you by means of mail, letter, telephone, push notifications, announcements, or other reasonable means.

We establish specialized management systems, processes and organizational functions to ensure data security.  For example, we only give limited personnel who need to access the Personal Data the authorization to access such information, and all personnel who may have access to your Personal Data are required to be bound by appropriate confidentiality obligations.

Provision of Accurate Information

You should ensure that the Personal Data you provide is true and accurate.  We will not assume any legal liability arising from any inaccurate, unauthorized or false information that you provide. If you provide any Personal Data that belongs to others, you must ensure that their proper consent and authorization has been obtained.

Use of Cookies (text files temporarily stored in the browser) and similar technologies

When you visit our websites or use other Services (as applicable), non-personally identifiable data about you is automatically detected and logged by our servers.  Typically, this will include your domain name and location, the page(s) visited, search terms and search engines used, and the web browser used.  Such information is used by us solely to monitor usage of the Services and to find ways of improving it.  This information is never loaned or sold to any third parties.

Our websites use cookies.  A cookie is a simple text file that we store on your computer or mobile device upon your consent.  These cookies allow us to collect the information described in the preceding paragraph.  This will enable us to provide you with a more user-friendly experience.  

If you wish to restrict or delete cookies already on your computer or mobile device, you can do so through your browser.  

Personal Data that We Collect and Use

We may collect, process, use, store, share, transfer or otherwise disclose Personal Data you provide to us.  Please note that certain Services may be inaccessible if you do not provide the required Personal Data.  We may request Personal Data from you via our websites, apps, programs or any other forms of Services:

  • When you send inquiries about Concordia to us:
  • When you subscribe for newsletters and other information about Concordia;
  • When you or your child applies to Concordia;
  • When you request to schedule an open day or visit to Concordia;
  • When you or your child applies to any activity held by or in affiliation with Concordia;

We may use the Personal Data we collect:

  • To facilitate account creation and logon process;
  • To send you marketing and promotional communications;
  • To send administrative information, activities, news of Concordia to you;
  • To post testimonials;
  • To request feedback of visit or life in Concordia;
  • For data analysis
  • To respond to governmental authorities, regulatory bodies, judicial departments, courts or other persons as per requirement under the applicable laws and regulations;

Personal Data Collection

For each case in which we request to collect Personal Data from you, the purpose and scope of collection will be indicated, and we will not collect Personal Data irrelevant to the indicated purpose.  We will only use the Personal Data for the purposes and to the extent which you have consented.

For each case in which we request to collect Personal Sensitive Data, we will further inform you by means of interactive page or design (such as pop-ups, captions, fill-in boxes, prompts, etc.), of the purpose, method and scope of the collection and use of the Personal Sensitive Data, as well as the consequence of  rejecting to consent, and obtain your explicit consent through affirmative action (such as clicking “Agree” or “The next step”, etc.).

Personal Data Storage

In principle, all Personal Data will be stored within the legal jurisdiction in which it is collected. We may, however, provide certain Services to you via resources and servers outside of your jurisdiction of residence and, due to our global operating and management requirements, we may transfer and store your Personal Data outside of your jurisdiction of residence to the extent permitted under applicable law.

Personal Data collected will be processed with appropriate security measures.  We will continue to retain Personal Data that we collect for as long as is reasonably necessary to fulfill the original purpose of collection and as may be required under applicable law.  We may delete or anonymize your Personal Data after a reasonable time in accordance with our policies on retention of data or otherwise required by applicable law upon the fulfillment of the relevant purpose.

If we terminate the relevant Service, we will notify you at least 30 days in advance and delete or anonymize your Personal Data after termination of the Service.

Personal Data Deletion

Except otherwise stated in this Privacy Policy or required by applicable laws and regulations, you have the right to require us to and we have the obligation to delete your Personal Data without undue delay where one of the following grounds applies:

(a)   The Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, with an exclusion to the Personal Data after processing that cannot be identified as specific individuals and that cannot be recovered;

(b)   You withdraw your consent on which the processing is based and where there is no other legal ground for the processing;  

(c)   The Personal Data have been unlawfully processed;

(d)   The Personal Data must be deleted for compliance with applicable law.

Where we have made the Personal Data public and are obliged pursuant to the preceding paragraph to delete the Personal Data, taking account of available technology and the cost of implementation, we will take reasonable steps, including technical measures, to inform controllers which are processing the Personal Data that the data subject has requested the deletion by such controllers of any links to, or copy or replication of, those Personal Data.  “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

Sharing, Transfer and Disclosure of Personal Data

In order to fulfill the purposes described in this Privacy Policy and to serve you, we may share Personal Data with educational institutions, educational service providers, performing arts institutions, arts organizations, sport organizations, professionals (individuals as well as organizations) involved in teaching and learning, university counseling service providers, data analysis service providers, co-curricular service providers, school trip and travel providers, advertising service providers, school bus service providers, school food service providers, other product suppliers and service providers which we may inform you of, whether located in China or any part of the world (“Recipients”).  We will only share and transfer Personal Data as is necessary, as subject to this Privacy Policy and will require these Recipients provide such Personal Data a standard of protection that is at least comparable to that under the applicable laws and regulations of the jurisdiction in which we operate.  The Recipients are required to use shared Personal Data for the purpose as you have consented to, and if the Recipients wish to use the shared Personal Data for any other purpose they are required to obtain your consent therefor.

For each case in which we request to share, transfer and disclose your Personal Sensitive Data, we will further inform you by means of interactive page or design (such as pop-ups, captions, fill-in boxes, prompts, etc.), of the purpose, method and scope of the sharing, transfer and disclosure of the Personal Sensitive Data, as well as the consequence of  rejecting to consent, and obtain your explicit consent through affirmative action (such as clicking “Agree” or “The next step”, etc.).

In case that a merger, acquisition, reorganization, other transaction or bankruptcy process results in the receipt or sharing of your Personal Data by or with another person or organization, we will inform you of the relevant situation, in accordance with applicable laws and regulations. 

Public Disclosure

We will only publicly disclose your Personal Data:

(a)   with your consent;

(b)   to any competent law enforcement body, regulatory body, government agency, court or other third party where we believe disclosure is necessary (a) as a matter of applicable law or regulation, (b) to exercise, establish, or defend our legal rights, or (c) to protect your vital interests or those of any other person.

Non-identifiable Personal Data

We may gather statistics with respect to academic performance and applications for admission and share with our affiliates or other institutions or publicly disclose such statistics and analytical data, for the purpose of analyzing the operations of our school.  Such statistics and analytical data will not consist of any Personal Data.

Managing Your Personal Data

If you wish to access or modify your Personal Data, to request us to delete your Personal Data or to cancel your account, you can reach us via the contact information in this Privacy Policy to access, modify, delete your Personal Data, or cancel your account.  We may require you to provide proof of identification to verify you have the right to make such a request.

If you wish to change or revoke your authorization to us regarding Personal Data collection and use, you may reach us via the contact information in this Privacy Policy to change or revoke your authorization.  We may require you to provide a necessary proof of identification to verify you have the right to make such a request.  However, your decision to revoke authorization will not affect our previous handling of your Personal Data.

If you wish to have a copy of your Personal Data, you can reach us via the contact information in this Privacy Policy to have the copy in a structured, commonly used and machine-readable format by automated means.

Please understand that due to technical limitations, legal or regulatory requirements, we may not be able to meet all your requirements and we will respond to your request within a reasonable time frame.  We may decline your requests if the laws and regulations so require, or if it is impracticable to fulfill your requests based on present circumstances.  For example, if your child is currently enrolled at Concordia, we will be unable to immediately fulfill your request to revoke your authorization to use and collect Personal Data relating to your child. Even if we delete your child’s Personal Data upon your request or you successfully revoke your authorization, we still have the right to retain and use anonymized data that we have collected based on your earlier authorization.  Such anonymized data will not be personally identifiable.

In the following cases, we may not be able to respond to your request according to the requirements of laws and regulations:

(a)   in relation to our fulfillment of obligations under applicable laws and regulations;

(b)   directly in relation to national security or national defense security;

(c)   directly in relation to public safety, public health and major public interests;

(d)   directly in relation to criminal investigation, prosecution, trial and judgment enforcement;

(e)   there is sufficient evidence to show that you have subjective malice or abuse of rights;

(f)    for the purpose of protecting material legal rights and interests of individuals and organizations;

(g)   responding to your request will result in serious damage to your or other individuals and organizations' legal rights and interests;

(h)   involving trade secrets.

Links to Other Sites and Software

Please note that this Privacy Policy does not apply to services provided by other organizations or individuals. Your use of such third party’s services is subject to its privacy policy (not this Privacy Policy) and you will need to read the policies carefully.

Concordia accepts no responsibility for third party’s sites, apps, programs, software or other services linked or introduced to or by Concordia’s websites or other Services, which you view and use at your own risk.

Copyright

All materials, design, content and data in the Services are protected by copyright under copyright laws throughout the world.  While you may download or print these materials, designs, content or data for your own personal use, you may not reproduce, sell, publish, distribute or reprint any material, design, content or data available from the Services for any commercial purpose without our explicit permission.  Requests to use any materials, designs, content or data should in the first instance be addressed to privacypolicy@concordiashanghai.org.

Contact Information

If you have any questions, comments, suggestions or requests, including but not limited to requests regarding the management of your Personal Data, please contact us by sending an email to privacypolicy@concordiashanghai.org.  If you find any of our practice in violation of provisions of laws, administrative regulations or this Privacy Policy, you can reach us via the contact information and you may also make complaints or reports to the department of Cyberspace Administration and other regulatory authorities.

Children

“Children” or “child” as mentioned in this Privacy Policy means person(s) under 14 years of age.  Persons under 14 years of age should use our Services with a parent or guardian.  Prior consent of a parent or guardian is required whenever you provide Personal Data regarding a child under 14 years of age.  Please make sure you are the lawful guardian of the child whose Personal Data you provide to us and read this Privacy Policy carefully.  By clicking the button “I have read and agree to the Privacy Policy” and/or using the Services, such as filling in online forms and providing application information, you indicate that you fully understand and agree to the terms of this Privacy Policy and agree to authorize us to collect, store, use, transfer and otherwise disclose your child’s Personal Data that you provide to us within the scope of this Privacy Policy.

For each case in which we request to collect, use, transfer or disclose your child’s Personal Data, we will further inform you in a noticeable and clear manner (such as pop-ups, captions, fill-in boxes, prompts, etc.), and obtain your explicit consent through affirmative action (such as clicking “Agree” or “The next step”, etc.).  When seeking your consent, we will provide the option of rejecting and explicitly inform you of the following matters:

(a)   the purpose, method and scope of collection, storage, use, transfer and disclosure of your child’s Personal Data;

(b)   the consequences of refusal;

(c)   terms of this Privacy Policy; and

(d)   other matters that have not been covered by this Privacy Policy.

If there is any substantial change in the informed matters regarding children’s Personal Data, we will further notify you and obtain your consent again.

A.     Children’s Personal Data Collection

You may be asked to provide your child’s Personal Data in using our Services.  Under no circumstances will we collect your child’s Personal Data without your consent.  Please note that certain Services may be inaccessible if you do not provide the required child’s Personal Data.  For each case in which we request to collect your child’s Personal Data, the purpose and scope of collection will be indicated, and the scope will not be beyond the necessary information to fulfill the purpose. We will not collect Personal Data irrelevant to the indicated purpose nor will we collect in violation of the provisions of laws and administrative regulations and your agreement with us.   

B.      Children’s Personal Data Storage

We will take security measures to store your child’s Personal Data in order to ensure information security.  In principle, all children’s Personal Data will be stored within the legal jurisdiction in which it is collected. We may, however, provide certain Services to you via resources and servers outside of your jurisdiction of residence and, due to our global operating and management requirements, we may transfer and store your child’s Personal Data outside of your jurisdiction of residence to the extent permitted under applicable law.

We will continue to retain your child’s Personal Data that we collect for the time necessary to fulfill the original purpose of collection and usage and as may be required under applicable law.  We may delete or anonymize your child’s Personal Data after a reasonable time or otherwise required by applicable law upon the fulfillment of the relevant purpose.

If we terminate the relevant Services, we will immediately cease the collection of children's Personal Data and notify you at least 30 days in advance and delete or anonymize your child’s Personal Data timely after termination of the Services.

C.      Children’s Personal Data Use

We will only use the Personal Data for the purposes and to the extent which you have consented. We will use your child’s Personal Data subject to the provisions of laws and administrative regulations and the purpose and scope you have consented.  If it is truly necessary to use such information beyond the agreed purpose and scope, we will obtain your consent again.

D.     Children’s Personal Data Transfer and Disclosure

We will not disclose your child’s Personal Data except for with your consent or requirements of laws and administrative regulations.  In order to provide Services to your child, we may disclose your child’s Personal Data to some third parties, such as, educational institutions, educational service providers, performing arts institutions, arts organizations, sport organizations, professionals (individuals as well as organizations) involved in teaching and learning, university counseling service providers, data analysis service providers, co-curricular service providers, school trip and travel providers, advertising service providers, school bus service providers, school food service providers, other product suppliers and service providers which we may inform you of, whether located in China or any part of the world (“Recipients”).  We will require these Recipients provide such children’s Personal Data a standard of protection that is at least comparable to that under the applicable laws and regulations of the jurisdiction in which we operate.  The Recipients are required to use shared children’s Personal Data for the purpose as you have consented to, and if the Recipients wish to use the shared children’s Personal Data for any other purpose they are required to obtain your consent therefor.

If we transfer children’s Personal Data to a third party, we will carry out a security assessment.  If we intend to entrust a third party to process children's Personal Data, we will carry out security assessment and enter into a written agreement with the third party. 

In case that a merger, acquisition, reorganization, other transaction or bankruptcy process results in the receipt or sharing of your child’s Personal Data by or with another person or organization, we will inform you of the relevant situation, in accordance with applicable laws and regulations. 

E.      Managing Children’s Personal Data

If you wish to access, modify or delete your child’s Personal Data or to withdraw your consent or cancel your account, you can reach us via the contact information in this Privacy Policy.  We may require you to provide proof of identification to verify you have the right to make such a request.

You have the right to require us to and we have the obligation to delete your child’s Personal Data we collect, store, use or disclose without undue delay in circumstances including but not limited to the following:

(a)     where we collect, store, use, transfer or disclose your child’s Personal Data in violation of the provisions of laws and administrative regulations or your agreement with us;

(b)    where we collect, store, use, transfer or disclose your child’s Personal Data beyond the scope of purpose or the necessary time limit;

(c)     where you withdraw the consent; and

(d)    where you terminate the use of the Services we provide by means of de-registration or otherwise.

F.      Children’s Personal Data Protection

We establish specialized management systems, processes and organizations to ensure data security.  For example, our staff's access to children’s Personal Data shall be examined and approved by the person in charge of the protection of children's Personal Data.  All personnel who may have access to your child’s Personal Data are required to be bound by appropriate confidentiality obligations. 

We will provide corresponding security measures according to existing technology to protect children’s Personal Data and provide a reasonable assurance of security.  We will endeavor to protect children’s Personal Data from unauthorized access, disclosure, use, destruction, loss or divulgence.  In the event of a security incident we will initiate an emergency plan to prevent the expansion of the incident and take remedial measures.  Where a serious consequence has been caused or is likely to be caused, we will immediately report to the relevant competent authority and inform you by mail, letter, telephone, push notifications, announcements, or other reasonable means.

G.     Contact Information

If you have any questions, comments, suggestions or requests, including but not limited to requests regarding the management of your child’s Personal Data, please contact us by sending an email to privacypolicy@concordiashanghai.org.  If you find any of our practice in violation of provisions of laws, administrative regulations or this Privacy Policy, you can reach us via the contact information and you may also make complaints or reports to the department of Cyberspace Administration and other regulatory authorities.