Privacy

The GDPR is a regulation adopted by the European Parliament, the Council of the European Union and the European Commission to strengthen and unify data protection for all individuals in the European Union (the “EU”), including, but not limited to, EU citizens and EU residents. The GDPR went into effect on May 25, 2018.

In accordance with the GDPR, we have: (1) further strengthened the way we protect the Personal Data we collect, retain, use, and share; and (ii) ensured that privacy is central to what we do.

When Personal Data is collected, stored or used from a Covered Individual, that person has certain rights under the GDPR in relation to the use, transfer, storage, and retention of their Personal Data (see below).

The Lycée is required to comply with the GDPR for its students, teachers, staff, donors, alumni and others who reside in or provide information to the Lycée while in the EU, even if the Personal Data is collected or stored in the United States, not in the EU.

The Lycée is committed to complying with the GDPR and with other federal and state laws that protect the privacy of information for faculty, staff, students and parents, prospective students, alumni, and donors.

Among other obligations, the Lycée must:

1. Collect or use Personal Data from Covered Individuals only for legitimate purposes, including if: (a) the Lycée has a legal obligation to collect or use the Personal Data; (b) collection and use is necessary to provide services under a contract with you; (c) collection or use of the Personal Data is necessary for the vital interests of a Covered Individual; or (d) collection and use of the Personal Data is necessary to serve the Lycée’s legitimate interests;
2. Seek specific consent to collect and use certain sensitive Personal Data, such as health care information, as required by the GDPR;
3. Conduct assessments of our privacy protections;
4. Enter into contracts with any third parties that will receive Personal Data requiring those third parties to protect Personal Data in accordance with the GDPR:
5. Follow procedures for reporting any data breaches of Personal Data; and
6. Document the collection, use and disclosure of Personal Data.

It is expected that regulators in the EU will issue additional guidance as the GDPR is implemented over time. We encourage you to visit this website in the future for further information.

If you provided consent to use or access your Personal Data or Personal Data for your child, you have the right to withdraw consent at any time. For more information about these rights or the GDPR generally, please see the Lycée Consent Policy or contact the Chief Information and Data Officer (privacy@lfny.org). You have a right to complain to the applicable supervisory authority in the EU if you believe that your rights under the GDPR have been violated. The Chief Information and Data Officer can provide you with information about filing a complaint.