The Data Controller offers a Community Platform (hereafter, the “Platform”) to its users which have subscribed on the Platform and as such have a user account (hereafter, the “Users”). The Community Platform provides users with features enabling networking opportunities, access to group discussions and events to share ideas and good practice with peers within the international schools sector. The Platform is available at the following url address https://peer-sphere.com
The Data Controller uses a solution called Peer Sphere which enables the import and export of user lists and data, the management of content and events, the organization of emailing campaigns and opportunity research and sharing as well as the management of funds and contributions of any kind.
GDPR (the General Data Protection Regulation) means Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, and its European and national implementing laws.
ARTICLE 1. COLLECTED PERSONAL DATA
1.1 When subscribing on the Platform
When subscribing to the Platform, the User is informed We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows for the purpose of creating a user account:
Identity Data includes first name, last name, username or similar identifier, current role (job title and organisation name),
Contact Data includes email address and telephone numbers.
Optional data includes location, citizenship, social media links, information regarding members’ education and professional experience. The User is informed that it is not possible to access the Platform without providing the Identity Data strictly necessary to create an account and authenticate the User.
1.2 During the use of the Platform
The User may validly publish, at its own initiative, any content on the Platform which shall be kept by the Company. This may include:
ARTICLE 2. THE PURPOSE OF THE DATA PROCESSING
We have set out below the purposes for which we process the information described in this notice and the legal basis we rely on for each processing purpose. Data Protection Law requires us to have at least one “legal basis” for processing personal data. The legal bases applicable to the personal data to which this notice relates are:
Performance of contract: Where the processing is necessary for us to perform a contract that you are party to, or to take steps at your request prior to entering a contract, such as a contract for the sale of our products to you;
Legal obligation: Where the processing is necessary for compliance with a legal obligation to which we are subject;
Consent: If you have given your consent to us processing your personal data for specified purposes.
Creation and management of a user account;
Providing the User with all functionalities of the Platform, meaning:
● Sending invitations for events organized by Data Controller or other Users, if the User has accepted to receive such invitations;
● Sending offers (including commercial) from the Data Controller or its partners if the User has accepted to receive such offers.
● Invite the User to events organized by the Platform Performance of Contract
Management of data subjects rights according to the Personal Data Legislation.
Storage of User personal data; Legal Obligation
Management of transactions through the Platform Consent and Performance of Contract
Management of prospection operations:
• Sending email prospect campaigns in the Name
PD Academia and/or its commercial partners
• Sending newsletters in the Name of PD Academia
and/or its commercial partners Consent
Making statistics in order:
• to improve the quality of the services proposed by
• improve the usage functionalities of the Platform; Consent
Making statistics regarding the effective use of the Platform; Consent
Making statistics regarding the different levels of activity Consent on the Platform.
Enable the synchronization of the User’s LinkedIn profile; Consent
ARTICLE 3. DATA RETENTION PERIOD
The Data Controller informs the User that the personal data related to the User Account is retained only during the length of the User’s subscription on the Platform.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Following the termination of said subscription, the data collected upon the subscription as well as the content published by the User on the Platform shall be deleted after a period of 30 days.
ARTICLE 4. DATA TRANSFERS
The Users’ data are stored in Singapore and the EEA by the Data Controller and its trusted service providers. However, depending on the processing, the Users’ data may also be transferred in a country outside of Singapore and EEA, to our trusted service.
When transferring data outside the SINGAPORE or EEA, the Data Controller ensures that the data is transferred in a secured manner and with respect to the Data Protection Law. When the country where the data are transferred does not have a protection comparable to that of the SINGAPORE or EU, the Data Controller uses “appropriate or suitable safeguards”.
When the service providers to whom personal data are transferred, are located in the United States, these transfers are governed by the standard data protection clauses adopted by the Commission.
Please contact us at [email protected] if you want further information on the specific mechanism used by us when transferring your personal data out of the SINGAPORE/EEA.
ARTICLE 5. COMMITMENT OF THE DATA CONTROLLER
The Data Controller commits to process User’s personal data in compliance the Data Protection Law and undertake to, notably, respect the following principles:
• Process User’s personal data lawfully, fairly, and in a transparent manner;
• Only collect and process the Users’ data for the strict purpose as described
• Ensure that the personal data processed are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
• Do the best efforts to ensure that the personal data processed are accurate and, if necessary, kept up to date and take all reasonable steps to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
• Keep personal User’s data for no longer than is necessary for the purposes for which they are processed;
• Put in place all necessary technical and organizational appropriate measures in order to ensure the security, confidentiality, integrity, availability and the resilience of the process systems and services;
• Limit the access to the Users’ data to the persons duly authorized to this effect;
• Guarantee to the Users their rights under the Data Protection Law in relation to the processing of their data and make the best efforts to satisfy any request, where this is possible.
ARTICLE 6. EXERCISE OF THE USERS’ RIGHTS
The User is duly informed that it disposes at any time, depending on the legal basis of the processing, a right to access, to rectification, to erasure, to restriction of processing, to data portability, and to object.
When processing is based on User’s consent, the right to withdraw consent at any time, without affecting the lawfulness of the processing based on consent before its withdrawal.
The User can exercise its rights by sending an email to the following address [email protected] or by mail at the following address Flexi-Space, 183, Smart-Space 3C_L8, Level 8, Cyberport 3, Core C, 100 Cyberport Road, Hong Kon provided that the User justifies his/her identity.
In addition, in the event the User considers that its rights have not been respected, the User of which the personal data is collected can lodge a complaint before the competent supervisory authority. For any additional information, you can review your rights on the websites of the competent authorities.
The competent supervisory authorities are listed on the following website:
ARTICLE 7. COOKIES
ARTICLE 8. RECIPIENT AND PERSONS AUTHORIZED TO ACCESS THE USERS’ DATA
Only authorized persons working for the Data Controller can access your personal data. The Data Controller makes its best effort to ensure that these groups of people remain as small as possible and maintain the confidentiality and security of User’s personal data.
The Data Controller also uses trusted service providers to carry out a set of operations on his behalf for hosting and payment services. The Data Controller can also use service providers in the tech industry, editors of specific tools integrated in the Platform for technical purposes.
The Data Controller only provides service providers with the information they need to perform the service and ask them not to use your personal data for any other purpose. The Data Controller does his best to ensure that all these trusted service providers only process the personal data on our documented instructions and provide sufficient guarantees, in particular in terms of confidentiality, expert knowledge, reliability and resources, to implement technical and organizational measures which will meet the requirements of the applicable legislation, including for the security of processing.