DATA PROTECTION AND PRIVACY NOTICE
Website www.ois.pt
Oeiras International School, ASFL (hereinafter referred to as OIS), respects your privacy and is committed to safeguarding the personal data it collects and processes, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data (General Data Protection Regulation – GDPR), as well as applicable national legislation.
This Policy clearly outlines how we use your personal data, for what purposes, the duration for which we retain it, with whom it is shared, and what your rights are.
- Data Controller
OIS is the entity responsible for the processing of personal data collected through this website and in related procedures.
- Address: Rua Antero Quental, No. 7 – 2013-030 Barcarena
- General Contact: office@ois.pt / +351 211 935 330
For any queries regarding the processing of your personal data or the exercise of your rights, you may contact us via:
dpo@ois.pt.
2. Personal Data Processed, Purposes, Legal Grounds, and Retention Periods
OIS processes personal data solely for specific, explicit, and legitimate purposes:
| Area | Category of Data | Purpose of Processing | Legal Basis | Retention Periods |
|---|---|---|---|---|
| School Visits | Identification, contact details, scheduling preferences | To organise in person visits | Consent (Article 6(1 (a) of the GDPR) | Up to two years after the last contact or until consent is withdrawn, where applicable |
| School Applications | Identification of student(s) and guardian(s), contact details, basic academic information, and student health data | To manage school applications, establish contact with guardians, and ensure the safety and wellbeing of our students | Pre-contractual steps (Article 6(1)(b) of the GDPR) | Up to two years after the last contact or until consent is withdrawn, where applicable. If the application is successful, data will be retained for the duration of the student’s enrolment, plus the legally required archiving period. |
| Information Requests and Extracurricular Activities | Identification, email, phone number, and any relevant student data | To respond to enquiries and provide information about activities | Consent of the data subject (Article 6(1)(a) of the GDPR) | Up to two years after the last contact or until consent is withdrawn, where applicable |
| Scholarships | Identification, contact details, academic information, application video, guardian contact details, and IRS declaration of guardians | To manage scholarship applications | Consent and pre-contractual steps (Article 6(1)(a) and (b) of the GDPR) | During the evaluation process and, if awarded, for the duration of the scholarship, plus the legally required archiving period |
| Recruitment | Identification, contact details, CV and cover letter, and reference contacts | To manage spontaneous applications or recruitment processes | Consent and pre-contractual steps (Article 6(1)(b) of the GDPR) | Up to one year after the conclusion of the process, unless express consent is given for a longer retention period |
Cookies and Similar Technologies
In addition to the personal data outlined above, OIS uses cookies and similar technologies on its website to ensure proper functionality and to enhance the browsing experience. For further information, please refer to our Cookies Policy.
Children’s Privacy
Personal data relating to minors may only be submitted on the OIS website by individuals holding parental responsibility, in accordance with the law. OIS recommends that parents and guardians supervise their children’s use of the internet and raise awareness of the risks associated with sharing personal information online.
Data Sharing
Personal data may be shared with service providers acting on behalf of OIS, such as educational software vendors or information technology service providers. These entities operate as data processors and are contractually bound to comply with the GDPR, processing data solely in accordance with OIS’s instructions. Personal data is not disclosed to third parties for commercial purposes. However, it may be shared with public authorities when required by law.
3. International Transfers
As a general rule, OIS does not transfer personal data outside the European Economic Area. Should such a transfer be necessary, appropriate safeguards will always be ensured, namely through European Union adequacy decisions or the use of standard contractual clauses approved by the European Union.
4. Security
OIS employs appropriate technical and organisational measures to protect personal data against destruction, loss, alteration, disclosure, or unauthorised access. Access to personal data is restricted to authorised staff and service providers, all of whom are bound by confidentiality obligations and non-disclosure agreements
5. Data Subject Rights
As a data subject, you have the right to:
a. Access, rectify, or erase your personal data;
b. Restrict or object to its processing;
c. Withdraw your consent at any time, where processing is based on consent, without affecting the lawfulness of processing carried out prior to withdrawal;
d. Request data portability.
To exercise your rights or obtain further information about how we process your personal
data, you may contact us at:
dpo@ois.pt
If you disagree with the way your personal data is being processed, you also have the right to lodge a complaint with the Comissão Nacional de Proteção de Dados (CNPD) –
www.cnpd.pt.
6. Updates
This Privacy Notice may be reviewed periodically. The updated version will always be published on this website.
September 2025