The Association Montessori Internationale (AMI) collects and uses personal information about staff, students, trainers, trainers-in-training, members and other individuals who come into contact with our organisation. The information is gathered in order to enable AMI to provide training, professional development, education, membership, services and other associated functions. In addition, there is a legal requirement to collect and use information to ensure that the organisation complies with its statutory obligations.
The Netherlands ‘Autoriteit Persoonsgegevens’ does not require organisations to register anymore. AMI however has a duty to issue a Privacy Notice summarising the information held, why it is held and the other parties to whom it can be passed on.
This policy applies to our website, our use of emails and text messages for information, and any other methods that we use for collecting information. It covers what we collect and why, what we do with the information and what we won’t do with the information, and what rights you have.
Purpose of this Privacy Notice
This policy is intended to provide information about how AMI will use (or "process") personal data about individuals. This information is provided because the GDPR gives individuals rights to understand how their data is used. All are encouraged to read this Privacy Notice and understand the AMI’s obligations to its entire community.
This Privacy Notice applies alongside any other information AMI may provide about a particular use of personal data, for example when collecting data via an online or paper form.
This Privacy Notice is applicable in addition to AMI’s other relevant terms and conditions and policies.
Anyone who works for, or acts on behalf of, AMI (including staff, volunteers, board members and service providers) should also be aware of and comply with AMI’s data protection policy for staff, which also provides further information about how personal data about those individuals will be used.
AMI’s Commitment to Privacy
AMI is committed to keeping the personal information that you share with us (on paper, over the telephone or via the internet) accurate, up to date and confidential.
Responsibility for Data Protection
AMI is not required to designate a Data Protection Officer, but the Operations Manager will take responsibility for the oversight of data protection compliance reporting to the Chief of Staff. The Operations Manager will deal with all your requests and enquiries concerning AMI’s uses of your personal data (see section on Your Rights below) and endeavour to ensure that all personal data is processed in compliance with this policy and the GDPR.
What Information Do We Collect?
We will only ever collect the information that we need, including data that will be useful to help us to improve our services. We collect two kinds of information:
- Personal information as detailed below. This information will be used for administration and for other normal purposes of a non-government organisation.
Personal Data Processed by AMI
Personal data processed by AMI includes contact details, and professional development, training and assessment results. AMI may also process sensitive personal data such as ethnic group.
How We Collect Personal Data
We will collect information about you at the time you apply for or purchase a membership, course, programme, event, service or product. From time to time we may request that you confirm and where necessary update the information that we hold. On occasion, we may request additional information if it is deemed necessary for administration or service provision.
Your personal data will usually be collected directly from you, but some may be passed to AMI by third parties, for example references and reports required for trainer-in-training applications. Personal data such as emails and examination results from trainees undertaking our courses will be collected from AMI training centres and data such as emails and addresses of members, will be collected from affiliated societies administering AMI collective membership.
Purposes For Which Your Data May Be Processed
Your personal data (including sensitive personal data, where appropriate) is processed by AMI strictly in accordance with the GDPR in order to:
- support its trainers, trainers in training, and students/trainees’ learning;
- monitor and report on their progress;
- support membership services;
- assess how well the AMI as a whole is doing;
- communicate with staff, members and students/trainees;
- for the purposes of management planning and forecasting, research and statistical analysis, including that imposed or provided for by law (such as tax, diversity or gender pay gap analysis);
- to enable relevant authorities to monitor AMI's performance and to intervene or assist with incidents as appropriate;
- to give and receive information and references about past, current and prospective staff;
- to give and receive information about past, current and prospective students/trainees;
- to give and receive information and references about past, current and prospective trainers;
- to monitor (as appropriate) use of AMI’s IT and communications systems in accordance with the AMI’s acceptable use policy;
- to make use of photographic images in publications, on the website and (where appropriate) on social media channels in accordance with the AMI’s policy on taking, storing and using images; and
- other reasonable purposes relating to the operation of AMI.
Unless you have requested otherwise, AMI may also use your contact details to send you promotional and marketing information by post, email and SMS about AMI and its activities. When you submit information via our website you will have the option to opt out of receiving marketing information. Should you subsequently decide that you would rather not receive such information then there is an “unsubscribe” option on all of our emails or you can contact email@example.com. If you want to receive information but haven’t opted in, you can do so by emailing firstname.lastname@example.org.
Third Parties with Whom We May Need to Share Your Personal Data
From time to time AMI may be required to pass your personal data (including sensitive personal data where appropriate) to third parties, including local and public authorities, and professional advisers, who will process the data:
- to comply with the law, for example to comply with a court order, or if requested by a government or local authority department which has the lawful authority to obtain the information;
- in response to a request from either the police or a local authority department in connection with our Child Protection obligations;
- to enable the relevant authorities to monitor AMI's performance;
- to compile statistical information (normally used on an anonymous basis);
- to secure funding for AMI (and where relevant, on behalf of individuals);
- to enable trainers and students/trainees to take part in assessments and to monitor progress and educational needs;
- to obtain appropriate professional advice and insurance for AMI;
- where a reference or other information is requested by another educational establishment or employer to whom they have applied;
- where otherwise required by law; and
- otherwise where reasonably necessary for the operation of the AMI.
Finally, in accordance with the GDPR, some of AMI’s processing activity is carried out on its behalf by third parties, such as IT systems, web developers or cloud storage providers. This is always subject to contractual assurances that personal data will be kept securely and only in accordance with AMI’s specific directions.
Storing Your Information
Information is stored by us on servers located in Amsterdam, United Kingdom and Australia. We may transfer the information to other reputable third-party organisations as explained above and they may store their information inside or outside the European Economic Area. We may also store information in paper files.
Unfortunately the transmission of information via the internet is not completely secure; any transmission is at your own risk. Once we have received your information we have in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. Whilst we cannot guarantee that loss, misuse or alteration of data will not occur whilst it is under our control, we make every effort to try to prevent this
Where a password is required to enable you to access parts of our website, it is your responsibility to keep this password confidential. Please do not share your password with anyone.
Retention of Data
AMI will retain personal data securely and only in line with how long it is necessary to keep for a legitimate and lawful reason.
If you have any specific queries about how our retention policy is applied or wish to request that personal data that you no longer believe to be relevant is considered for erasure, please contact the Operations Manager (email@example.com) at AMI. However, please bear in mind that AMI will often have lawful and necessary reasons to hold on to some personal data even following such request.
A limited and reasonable amount of information will be kept for archiving purposes, for example; and even where you have requested we no longer keep in touch with you, we will need to keep a record of the fact in order to fulfil your wishes (called a "suppression record").
When we no longer require information, we will always dispose of it securely, using specialist companies if necessary.
What AMI Won’t Do With Your Information
We will never sell or share your information with other organisations to use for their own purposes.
Individuals have various rights under the GDPR to access and understand personal data about them held by AMI, and in some cases ask for it to be erased or amended or have it transferred to others, or for AMI to stop processing it but subject to certain exemptions and limitations.
Any individual wishing to access or amend their personal data or wishing it to be transferred to another person or organisation, or who has some other objection to how their personal data is used, should put their request in writing to the Chief of Staff.
AMI will endeavour to respond to any such written requests as soon as is reasonably practicable and in any event within statutory time-limits (which is one month in the case of requests for access to information).
AMI will be better able to respond quickly to smaller, targeted requests for information. If the request for information is manifestly excessive or similar to previous requests, AMI may ask you to reconsider, or require a proportionate fee (but only where the GDPR allows it).
For more information about your rights, please see the EU GDPR portal.
Requests That Cannot Be Fulfilled
You should be aware that the right of access is limited to your own personal data, and certain data is exempt from the right of access. This will include information which identifies other individuals, or information which is subject to legal privilege (for example legal advice given to or sought by AMI, or documents prepared in connection with a legal action).
AMI is also not required to disclose any student examination scripts, provide examination or other test marks ahead of any ordinary publication, nor share any confidential reference given by AMI itself for the purposes of the education, training or employment of any individual.
You may have heard of the "right to be forgotten". However, we will sometimes have compelling reasons to refuse specific requests to amend, delete or stop processing your personal data: for example, a legal requirement, or where it falls within a legitimate interest identified in this Privacy Notice. All such requests will be considered on their own merits.
Where AMI is relying on consent as a means to process personal data, any person may withdraw this consent at any time. Examples where we do rely on consent are certain types of uses of images and certain types of marketing activity. Please be aware however that AMI may not be relying on consent but have another lawful reason to process the personal data in question even without your consent.
That reason will usually have been asserted under this Privacy Notice or may otherwise exist under some form of contract or agreement with the individual (e.g. an employment contract, or because a purchase of goods, services or membership has been requested).
Data Accuracy and Security
AMI will endeavour to ensure that all personal data held in relation to an individual is as up to date and accurate as possible. Individuals must please notify the Operations Manager (firstname.lastname@example.org) of any significant changes to important information, such as contact details, held about them.
An individual has the right to request that any out-of-date, irrelevant or inaccurate or information about them is erased or corrected (subject to certain exemptions and limitations under the GDPR): please see above for details of why AMI may need to process your data, of who you may contact if you disagree.
AMI will take appropriate technical and organisational steps to ensure the security of personal data about individuals, including policies around use of technology and devices, and access to systems. All staff, volunteers and board members will be made aware of this policy and their duties under the GDPR and receive relevant training.
AMI will update this Privacy Notice from time to time. Any substantial changes that affect your rights will be provided to you directly as far as is reasonably practicable.
If you have any queries about this Notice or how personal data is processed by AMI, please contact the Operations Manager via email@example.com. Please put GDPR in the subject heading.
If an individual believes that AMI has not complied with this policy or acted otherwise than in accordance with the GDPR, they should utilise the complaints procedure and should also notify the Operations Manager. You can also make a referral to or lodge a complaint with the Dutch Autoriteit Persoonsgegevens, although the Autoriteit Persoonsgegevens recommends that steps are taken to resolve the matter with AMI before involving the regulator.