At Avenues, we respect and are committed to maintaining your privacy.
Our web site provides information to you and facilitates your interaction with us. We only collect personally identifiable data that you voluntarily submit to us. You can have general access to our site and browse pages describing our school without providing any personal information or being required to register with us. However, you may not be able to access all parts of our site without supplying personal information. For example, you may need to provide us with personal information to register for an event or to complete online forms or applications.
We will not disclose any of your personal information to anyone, other than to our affiliates, except as permitted by law, such as to our attorneys. We will only release information about you if you direct us to do so, if necessary to comply with a legal process, or in connection with any government or regulatory organization request or investigation. We may also disclose information you provide to us to companies that perform marketing services on our behalf. If such a disclosure is made, we will require such third-parties to treat your private information with confidentiality.
Avenues recognizes the power of technology on the student learning experience. We want technology at Avenues to facilitate creativity, innovation, collaboration and communication among all our students, faculty and staff, both at one site and at our global campuses. To this end, Avenues promotes safe, legal, responsible and effective uses of technology. As technology permeates all aspects of teaching, learning, research, outreach and the business and facilities functions of the school, safeguarding information and information systems is essential to preserving the ability of the school to perform its mission and meet its responsibilities to students, faculty, staff, contributors and the citizens whom it serves.
This policy is dated June 2021. The purpose of this policy is to ensure the protection of Avenues: The World School’s and our students’ and their families’, teachers’, staff’ and contributors’ data and information resources (including sensitive and nonsensitive personal data) from improper access or accidental or intentional damage while also preserving and nurturing the open, information-sharing requirements of our academic culture.
This policy is applicable to all employees, staff, contributors, students, parents or legal guardians, contractors and guests who use Avenues technology, data and or are granted use of Avenues technological resources.
This policy refers to all school information data and resources whether individually controlled or shared, Standalone or networked. It applies to all computer and communication facilities owned, leased, operated, or contracted by the school. This includes all networked devices, including but not limited to personal digital assistants, cell phones, personal computers, workstations, minicomputers, other wireless devices such as tablets/iPads, and any associated peripherals/accessories and software, regardless of whether their use is intended for administration, research, teaching or other purposes.
This policy may be altered at any time. The most recent version of this policy will be available on OPEN and on our website and we will inform its last update date and any substantial changes to the text within 30 days prior to the application of those changes.
Compliance with the Brazilian General Data Protection Law (“LGPD”) and other state and federal statutes, rules and regulations, including other explicit agreements also mandate the security and privacy of information and information systems.
Avenues acknowledges its obligation to ensure appropriate security for data and information systems in its domain of ownership and control. Furthermore, the school recognizes its responsibility to promote security awareness among the members of the Avenues’ worldwide community. This policy establishes the general principles of data protection and information security that will be applied throughout the school.
To contact us in case of any questions or concerns, contact us through electronic mail at firstname.lastname@example.org, or contact us through this address Rua Pedro Avancine, 73 - Jardim Panorama - São Paulo - SP - 05679-160.
Data Protection Officer:
Department: Information Systems & Technology
Author(s): VP, Information Systems & Technology, Academic Systems Director, Global Systems Engineer
Last revision: June 2021 (Updated twice each year)
Additional references: LGPD
We highlight that Avenues adopts some principles in the care of colleagues’ data (being understood as “colleagues” in this instrument all students, parents, teachers, staff and contributors):
- The collection and processing of personal data will be completed in accordance with current legislation and this policy, and to fulfill the purposes here specified;
- The collected data will not be commercialized to third parties;
- When personal data is no longer needed and we are not under legal obligation to store it, we will delete, destroy or anonymize it.
If there is a need of using your data for other purposes that are not specified in this policy, we will ask for your consent before proceeding, unless it is to fulfill a legal obligation imposed on the school, or as a result of our contractual relationship with colleagues, or to serve our legitimate interests (for example, internal investigations, preventing fraud and other illegalities in our system, and investigate illicit activities), situations in which we can use them, observing limitations imposed by current legislation and best practices.
We guarantee that the protection of your personal data is one of our priorities and in case of any accidental, illegal or unplanned access happens, we will take all plausible measures to mitigate and or reduce possible damage. In accordance with article 48 of LGPD and applicable regulations, Avenues will report such occurrences to the appropriate authorities.
Below we describe the main data obtained by Avenues:
1) Data provided in the Avenues admissions process:
Data provided by parents or guardians relating to themselves and students, such as name, phone number, date of birth, email and address are necessary for scheduling a visit to Avenues and for receiving marketing materials about our services.
Data provided by parents or guardians relating to themselves, students and their siblings, such as name, phone number, email, gender, ethnicity, address, citizenship, date of birth, grade, academic information, school records, letters of recommendation, family issues and information about the student’s conditions, information about the necessity of scholarships and other information provided voluntarily are necessary for Avenues’ admissions process and participation in school inclusion programs. For this purpose, parent and guardian information such as RG, passport, marriage certificate, credit card information, employer and educational level are also necessary.
Data provided by candidates to Avenues’ positions about themselves (and, when applicable, about family members), such as name, address, email, phone number, credentials and licenses, curriculum information, academic history, professional experience, photo, gender, ethnicity, class demonstration video, extracurricular activities, documents, health conditions, biographical information, salary, social media profiles, assessments written by reference contacts, criminal history and other information provided voluntarily are necessary for the hiring process of Avenues teachers and employees and for participation in the school’s diversity programs.
2) Data provided by parents or guardians and students regarding scholarship request:
Data provided by parents or guardians about themselves and students, such as name, annual income, properties and assets, information about positions held, salary and benefits, costs and expenses, supporting documents (such as income tax return and bank statements) are necessary for evaluating scholarship applications.
3) Data provided by enrolled students:
In addition to data provided in the admissions process, data provided by parents or guardians about themselves and students, such as ID, CPF, birth certificate, photo, transfer declaration and school records are necessary to complete the student’s enrollment at Avenues, to deliver the contracted services, including but not limited to registration in internal and educational systems and applications used by the school and for activities carried out at and outside the school (eg trips and excursions).
Data on student health, such as medical records, medical statements, medications in use and treatments, allergies and medical and psychological conditions, health plan data, physical limitations, learning disabilities, vaccines and emergency contacts are necessary to ensure the safety, health and physical integrity of students and campus community, as well as the provision of services related to students’ academic and social development.
Student data, such as participation in governmental programs or native communities, school grades and reduced mobility are necessary for the fulfillment of legal obligations.
4) Data provided by hired faculty and staff:
Data provided by hired faculty and staff about themselves (and their dependents, when applicable), such as documentation (proof of residence, ID, CPF, driver's license, marriage certificate, army discharge certificate, diplomas), photo, banking information, disabilities and health information are necessary to hiring teachers/employees, completing a background check, conceding benefits and for registration in internal and educational systems and applications used by the school, and fulfillment of legal obligations.
5) Data collected by cookies on our website:
In addition, we use third-parties’ systems in our site that may collect cookies according to the privacy policies of such parties. For more information, please consult their privacy policies:
How long we store your data for
The indicated personal data will be stored in our databases for as long as they are necessary to fulfill the described purposes, in accordance with the applicable legal bases. Anonymized personal data, with no possibility of association with the individual, might be stored for an undefined period of time.
Information Security Objectives
Information security is critical to the interests of the school and the many constituencies it serves. The following list provides some of the objectives of information security at Avenues: The World School. This list is representative and is not meant to suggest the full range of objectives of the school’s information security policy or program.
- Safeguard personal data and the privacy of individuals and information
With the increasing risk of identity fraud and other potential misuses of personal information as well as compliance to regulations (e.g., LGPD), it is paramount that the school understand and safeguard personal information entrusted to its stewardship.
- Support and maintain the ongoing functions of the school
As an increasing percentage of the school’s functions are handled electronically, it is critical that information and information systems be protected so the school can operate without interruption.
- Comply with state and federal laws.
State and federal laws and regulations require the school to take reasonable steps to ensure the security of the data. Failure to safeguard this information could result in the legal action or cause the school to lose its ability to offer services.
Students, faculty, staff and contributors who use personally-owned systems to access school resources are responsible for the security of their personally-owned computers and other network devices and are subject to the following: the provisions of the school’s security policies, standards and guidelines for best practices for users of school computing and network facilities as well as all other laws, regulations, or policies directed at the individual users.
Unauthorized Account or System Access
You may not access or use, or attempt to access or use, any computer accounts other than your own assigned account or any computer system for which you have not been granted access. In other words, all colleagues should use only their own files, email accounts and accesses, those that have been designated as public, or those that have been made available to them with the knowledge and consent of the owner.
The school’s academic integrity code and its prohibitions against plagiarism and cheating, among other things, applies to student use of any files and information, including those obtained on computing resources used in the preparation of academic coursework.
Colleagues may not access computers, software, data or information, or networks without proper authorization, regardless of whether any damage is done or whether the computer, software, data, information, or network in question is owned by the school.
Campus colleagues all share in the commitment to safeguarding the school’s data. The school will rely on the principle of ‘least privilege’ in granting access to data and information.
Reporting Information Security Incidents
Reporting incidents is an ethical responsibility of all members of the Avenues: The World School community. All the information related to information security incidents should be reported promptly by contacting the Help Desk.
Loss of Computing Privileges/Disciplinary Implications
Protecting the security of school information and information systems is the responsibility of every member of the school community. Each student, faculty, staff and contributors is responsible for understanding and complying with all current and future approved IS & Technology policies and procedures including this Information Security Policy. Failure to comply with these policies may result in loss of computing privileges and/or disciplinary action, up to and including termination. An example of noncompliance include, but are not limited to inappropriately accessing and/or using school data. As described earlier, no person may store or use programs on school-owned systems that violate or hamper another person's use of computing resources. Examples of such programs are ones that attempt to obtain another user's password, acquire another user's files, circumvent system security measures, or crash the computer system.
Inappropriately accessing and/or using school data
No person may store or use programs on school-owned systems that violate or hamper another person's use of computing resources. Examples of such programs are ones that attempt to obtain another user's password, acquire another user's files, circumvent system security measures, or crash the computer system.
Data transfer to third parties and abroad
Personal data may be shared with contractors (such as accountants and legal advisors), educational applications, governmental authorities and unions, other organizations within the Avenues group, and business partners. We may hire other companies and individuals to perform functions on our behalf or perform activities related to the contract with its holder. Examples include, but are not limited to, information management systems and servers, travel and excursion companies, health plans and companies hired to grant benefits to teachers and employees, photographers and security and food companies hired by Avenues. We will always be guided by current legislation determinations to complete such transfers and will instruct these business partners on how to treat such data and comply with the law.
We are part of a global community. It is possible that personal data is transferred to countries other than Brazil (eg. countries in which other Avenues campuses are located, such as New York, United States, and Shenzhen, China), or countries that host our technology information systems. In these cases, Avenues will take all measures to comply with current legislation and make use of reasonable and available technical measures to ensure that these transfers are conducted in accordance with applicable legislation, and that at least the same levels of protection will be adopted in these other countries.
In the event that Avenues is the object of a consolidation, acquisition, merger by a third party or any corporate or asset restructuring, we reserve the right to transfer the collected data to the third party involved in the operation, who must comply with the privacy rules set forth herein.
Creating a heightened awareness of the importance of information technology security is an important component in establishing an environment in which each individual feels responsible and empowered to act in his/her own and the community’s best interests.
Avenues recommended procedures to protect our organization:
- Conducting security audits to identify weaknesses and update/patch vulnerable systems;
- Ensuring proper audit logs are created and reviewed routinely for suspicious activity;
- Training staff and students on data security best practices and phishing/social engineering awareness; and
- Reviewing all sensitive data to verify that outside access is appropriately limited.
Below we describe the rights held by our students and their families, and faculty and staff when it comes to their personal data:
- Accessing personal data;
- Confirming the existence of processing;
- Correcting incomplete, inaccurate or out of date data;
- Anonymizing, blocking or deleting unnecessary or excessive data, or data that was proven to be processed without accordance with LGPD;
- Information about the entities with which the controller made the shared use of data;
- Portability of data to another service or product provider;
- Information about the possibility of not granting consent;
- Revoking consent, when the data processing was made based on consent;
- Reviewing automated decisions;
- Right to oppose data processing, if proven irregular;
- Deleting personal data that was processed with consent from the holder.
Avenues has the right to not approve requests for data deletion in certain situations, such as, for example, fulfillment of legal or regulatory obligation by the data controller; existence of a valid contract with the holder; and if the law or regulations determine minimum deadlines for data retention.