Privacy Policy

POLICY PURSUANT TO art. 13 Legislative Decree 196/2003 and PURSUANT TO art. 13 and 14 of EU Regulation 2016/679 ON THE PROCESSING OF THE PERSONAL DATA OF STUDENTS AND THEIR FAMILIES.

As set forth in art. 13 of Legislative Decree 196/2003 “Privacy Code” and in articles 13 and 14 of EU Regulation 2016/679 “General Data Protection Regulation” – GDPR, with provisions to protect natural persons for what concerns the processing of personal data, to perform its institutional functions and to manage its teaching, educational and training activities set forth in its Learning and Teaching Policy, this Educational Institution has to acquire or already holds personal data concerning you and your children, including data that Legislative Decree 196/2003 and EU Regulation 2016/679 refer to as sensitive and legal.

In this policy we would like to inform you of how that personal data is used correctly, legally and transparently to protect confidentiality and your rights.


Personal data, identifying (as an example name, surname, address, contact details, bank details, etc.) and sensitive needed for the correct, suitable and best performance of educational activities.

Pursuant to Law 119/2017, health data on the vaccine situation of students will also be collected.


Data are processed solely for the following purposes:

  • student participation in school activities organised to implement the Teaching & Learning Policy;
  • fulfilment of obligations resulting from laws, contracts, regulations on workplace health and safety, taxes, insurance matters, etc.;
  • protecting rights before the law.

Data will also be processed for the entire duration of relations between the School and the student, and subsequently to fulfil any Legal obligations.

  • Data will also be processed in the communications between teaching personnel of the different school levels in order to optimise the student’s teaching and educational continuity.
  • Personal data established as “sensitive data” or as “legal data” by the Code and data established by arts. 9 and 10 of the Regulation will be processed solely by school personnel, appointed for the purpose, as set forth in the law and regulation and when processing is strictly indispensable.
  • The personal data can be communicated to public authorities (for example, ASL (local health agency), Municipality, Province, Regional Scholastic Department, Territorial offices, criminal police bodies, tax police bodies, financial police, magistrate’s office) within limits set by laws and regulations in force and resulting obligations for this educational institution.
  • Data on the school results of students may be published on the school notice boards pursuant to regulations in force.
  • Solely for the school’s institutional purposes, the above data may also be processed if not collected by the School itself but by the Ministry for Education and its peripheral offices, by other State Administrations, by Regional and local authorities, Entities the school co-operates with in activities and projects foreseen in its Learning and Teaching Policy.
  • Data provided by you can be communicated to third parties providing services to this educational Institution such as, for example, travel agencies and hospitality structures (solely related to school trips, educational trips and school camps), insurance companies (for anti-accident insurance policies), any firms supplying other services (such as canteen services, management software, electronic register, digital services, etc.). Processing is needed so that the data subject can use the relative services. If processing is ongoing, the firms in question can be appointed as processors, solely for the services provided.

Materials such as photos, images, films, compositions, photos of works and teaching activities connected to the school’s institutional activities included in the Teaching & Learning Policy (for example photos of laboratory activities, guided tours, prize ceremonies, taking part in sports competitions, etc.) could be circulated outside the school (internet, Facebook and online social networks, yearbook, DVD productions of school activities, website, newspapers, magazines, etc.) solely for information and promotional purposes. In no case will the School publish or disclose the full name of the student together with his/her photo.

In the school environment, that data could be used for teaching and administrative purposes (secretary’s office, classroom, corridor notice boards, school plays).

In the videos and images mentioned above, the minors will only be portrayed in “positive” moments linked to school life: learning, school plays, sports competitions, etc. Please note that you can always notify your wish not to adhere to certain initiatives or services.

Sensitive and legal data will not be circulated. However, some data could be communicated to other public subjects to the extent strictly needed to perform the institutional activities foreseen by regulations in force on health, pension, tax, legal and education matters, within limits set by laws in force on the subject.

The personal data of students with disabilities (art. 3 l. 104/92) will be processed with specific, separate consent (art. 23 Privacy Code, art. 7 GDPR) to enable – if the student should be moved to a different school – the new school to access and process data recorded in the existing disability folder.

  • Personal data is processed as indicated in art. 4 of the Privacy Code and art. 4, no. 2 of the GDPR and specifically in any operation or group of operations, performed with or without automated processes and applied to personal data or groups of personal data, such as the collection, recording, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, communication through transmission, circulation or any other way of making data available, comparison or interconnection, restriction, erasure or destruction.
  • Personal data supplied will be processed correctly, legally and transparently to protect your confidentiality and rights.
  • Data is processed using instruments and procedures that guarantee security and confidentiality. This may be done on paper or magnetic mediums and also using electronic or automated instruments by methods and with the precautions set forth in the Privacy Code and the GDPR and stored for the time needed to perform the institutional and administrative activities referred to those purposes. The Controller will process the personal data for the time needed to fulfil the above purposes; in any case for no longer than 10 years from when the relationship ceases for service Purposes.
  • The school adopts the minimum personal data security measures set forth by the Legislative Decree and the GDPR.
  • The process controller is the “THE UDINE INTERNATIONAL SCHOOL”, represented by its pro tempore Principal, Mrs Laura Munaro.
  • The data can be made available to the school’s employees and collaborators for the purposes indicated, in their roles as parties appointed and/or internal processors and/or system administrators who will be informed of the constraints imposed by the Privacy Code and the GDPR.

Referred to data which must be provided by you in order the fulfil legal, regulatory or community law obligations, or instructions issued by Authorities and legitimised by Law and by supervisory and control bodies, not providing that data could make it impossible to finalise enrolment, to establish and continue the relationship, to the extent that the data is needed for that purpose, and not being able to provide the student with all the services needed to guarantee his/her right to education and training.

Referred to data considered optional, we will assess not obtaining them each time and will decide whether the relationship between the parties can be established or not.


Pursuant to laws in force, the Process Controller hereby specifies that, to pursue its educational purposes, the following third parties could receive communication of your personal data, strictly limited to the fulfilment of services offered to the school:

  • Owners, directors, employees and collaborators for various purposes of the Company;
  • Trusted consultants and/or professionals;
  • Municipal Bodies/Health Structures/Other Public Institutions;
  • Entities/Associations/other for teaching and/or recreational purposes;
  • SAM Educational S.r.l. and The International School of Trieste, founders of UIS;
  • Hospes Srl
  • Pursuant to Law 119/2017, data related to the vaccine situation and all other data needed to apply laws in force can be communicated to the local health Companies responsible.

Personal data will be managed and stored on servers located in the European Union, of the Controller and/or Third party companies assigned and duly appointed as Processors. The servers are currently located in the European Union. Single data can be transferred outside the European Union, in compliance with provisions in chapter V of the GDPR and with the specific consent of the Data Subject. It is however understood that the Controller, if that should be necessary, will have the right to move the servers to another European Union country and/or countries outside the European Union. In that case, the Controller hereto guarantees that the data will be transferred outside European Union pursuant to laws applicable stipulating, if needed, agreements that guarantee a suitable protection level and/or adopting the standard contractual clauses foreseen by the European Commission.


As data subjects, you may, at any time and with no specific formalities, contact the data Controller to enforce your rights as set forth in art. 7 of the Privacy Code (and connected articles) and chapter III of the GDPR.

Lastly, we would like to remind you:

  • that providing the data requested is indispensable for this educational institution to be able to fulfil its institutional obligations;
  • that, pursuant to art. 24 of the Privacy Code and art. 6 GDPR, in some cases processing can take place without the consent of the data subject.

The data Controller