Privacy Policy

SRISA

SRISA - Santa Reparata International School of Art

Home
 / 
Privacy Policy

SRISA Privacy Policy Disclaimer

Effective Date: August 2, 2025
Santa Reparata International School of Art (“SRISA,” “we,” “us,” “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and protect personal information from our students, prospective students, employees, and other individuals who interact with our services. This includes our study abroad programs in Italy, online tuition payment system, and other related services.

This document contains a set of comprehensive guidelines and policies designed to safeguard the confidentiality, integrity, and availability of all sensitive and restricted data collected and maintained by and at SRISA.

By using our services, you consent to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not provide us with your personal data.

1. Information We Collect

We collect the following types of information in accordance with the law and to fulfill our administrative duties:

a. Personal Information

  • Contact Information: Name, email address, phone number, mailing address.
  • Academic Information: Enrollment status, academic records, course selections, and grades.
  • Payment Information: Credit card details or other payment information required when you pay tuition online.
  • Demographic Information: Age, nationality, and any other information required for enrollment or participation in our programs.
  • Health and Medical Information: Emergency contact details, health forms, and any special accommodations required.
  • Passport number, alien registration number, or other government-issued identification numbers.
  • Feedback: Responses to surveys, inquiries, or other communications.

b. Technical Information

  • Usage Data: Information about how you interact with our website, such as IP address, device type, browser type, and activity on our website.
  • Cookies: Small files that are placed on your device to help us improve your experience. You can disable cookies through your browser settings.

2. How We Use Your Information

We use your personal information for the following purposes:

  • Enrollment and Academic Services: To process your application, provide enrollment services, and offer academic support.
  • Tuition Payments: To process payments for tuition and other fees through our online payment system.
  • Communication: To send you administrative information, course updates, emails, WhatsApp messages, and respond to inquiries.
  • Health and Safety: To manage health-related accommodations and emergency contact information while you are studying abroad.
  • Compliance: To comply with legal obligations, including those related to immigration, reporting, and financial recordkeeping.
  • Improvement of Services: To improve our services, programs, and website based on your feedback and usage data.

3. Data Sharing and Disclosure

We may share your personal data in the following circumstances:

  • Service Providers: We may share your data with third-party service providers who assist in processing payments, providing academic resources, or hosting our website. These providers are required to maintain the confidentiality of your data.
  • Legal Compliance: We may disclose your information as required by law or in response to legal requests, such as a subpoena, court order, or governmental inquiry.
  • International Transfers: As an institution located in Italy, we may transfer personal data to third parties outside the European Economic Area (EEA), including the United States. When transferring data, we will ensure that appropriate safeguards are in place to protect your personal information.

4. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy or to comply with legal or regulatory obligations. When your data is no longer needed, it will be securely deleted or anonymized.

5. Data Protection Rights

As a student or individual interacting with our institution, you have the following rights regarding your personal data:

  • Access: You have the right to access the personal data we hold about you.
  • Correction: You can request that we correct any inaccurate or incomplete data.
  • Deletion: You can request that we delete your personal data, subject to any legal or contractual obligations.
  • Restriction: You may request restrictions on how we use your data.
  • Portability: You can request that we provide your personal data in a portable format.
  • Objection: You may object to certain uses of your personal data, such as processing based on legitimate interests.

To exercise any of these rights, please contact us at the information provided below.

6. Security of Your Information

We take appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, or alteration. While we strive to protect your information, no method of transmission over the Internet is completely secure, and we cannot guarantee absolute security.

7. Online Payments

If you make tuition payments online, we use a third-party payment processor that handles the transaction securely. We do not store your payment card information; rather, this information is processed directly by our trusted payment processor, PayPal. Payments are processed through an American bank, and by using our payment system, you consent to the transfer of payment data to the United States. Please refer to the payment processor’s Privacy Policy for more details.

8. Children’s Privacy

Our services are directed to individuals over the age of 18. We do not knowingly collect or solicit personal data from children under the age of 18. If we learn that we have collected personal data from a child under 18, we will take steps to delete such data.

9. Social Media

We maintain an active presence on social media platforms such as Facebook, Instagram, Twitter, and LinkedIn to engage with students, alumni, and the broader academic community. By interacting with our social media pages, you may provide us with personal information, including, but not limited to, your name, profile picture, and public posts. Please note:

  • Publicly Shared Information: Any information you share publicly through social media may be visible to other users of the platform. Exercise caution when posting or sharing personal information.
  • Third-Party Platforms: Our social media pages are hosted on third-party platforms, and the collection, use, and storage of data are governed by those platforms’ privacy policies. Review their respective privacy policies for more information.
  • Engagement and Marketing: We may use social media to respond to inquiries, post updates about our programs, or engage with students and prospective students. Interactions with our content may be used to improve our social media presence and outreach.

Note: If at any time you would like to unsubscribe from receiving future emails, If you no longer want information about SRISA, please send an email to newsletter@santareparata.org.

10. Third-Party Websites

Our website may contain links to third-party websites that are not operated or controlled by us. We are not responsible for the privacy practices of these third-party websites, and we encourage you to read their privacy policies.

11. Incident Reporting and Monitoring

We actively monitor our systems to detect unauthorized access, misuse, or breaches of personal data. Any incidents involving personal data will be reported to the relevant authorities in compliance with applicable laws and regulations.

12. Technical Measures and Governance

We implement strong encryption protocols, regular security audits, and employee training programs to protect your personal data. Access to sensitive data is limited and regularly reviewed to ensure compliance with privacy regulations.

13. General Program Monitoring

SRISA employs multiple monitoring procedures to protect information and information system assets. These procedures are in compliance with best practice ISO 9000:2018 and General Data Protection Regulation (GDPR) protocols. The fundamental focus is to prevent improper disclosure, alteration, and destruction of information assets and to ensure that transactions are genuine and cannot be disputed.

SRISA information assets are classified as follows:

  • Confidential – Confidential data refers to any data where unauthorized access, use, alteration, or disclosure of this data could present a significant level of risk to the Institution. All PI, as defined above, are designated as Confidential. Confidential data should be treated with the highest level of security to ensure the privacy of that data and prevent any unauthorized access, use, alteration, or disclosure.
  • Restricted – Restricted data refers to all other personal and institutional data where the loss of such data could harm an individual’s right to privacy or negatively impact the finances, operations, or reputation of the Institution. Any non-public data not explicitly designated as Confidential should be treated as Restricted Data. 
  • Restricted data include, but are not limited to, donor information, research data on human subjects, intellectual property, Institution financial and investment records, employee salary information, or information related to legal or disciplinary matters.
  • Access to restricted data is limited to individuals who are employed by or matriculate to SRISA and who have legitimate reasons for accessing such data. 
  • A reasonable level of security should be applied to both Confidential and Restricted data to ensure the privacy and integrity of this data.

Public (or Unrestricted) – Public data includes any information for which there is no restriction to its distribution, and where the loss or public use of such data would not present any harm to the Institution or its members (staff and students). Any data that is not classified as Confidential or Restricted should be considered Public data.

13. Compliance with California Privacy Laws

a. California Consumer Privacy Act (CCPA)

    We comply with the California Consumer Privacy Act (CCPA), which provides California residents with specific rights regarding their personal data. These rights include:

    • The right to know what personal information we collect, use, and share.
    • The right to request the deletion of personal data, subject to certain exceptions.
    • The right to opt out of the sale of personal information.
    • The right to non-discrimination for exercising CCPA rights.

    To exercise your CCPA rights, please contact us at the information provided below.

    b. California Online Privacy Protection Act (CalOPPA)

      We adhere to the requirements of the California Online Privacy Protection Act (CalOPPA), which sets standards for the presentation and wording of privacy policies. As part of our compliance, we:

      • Provide a clear and accessible privacy policy on our website.
      • Include details about the types of personal information we collect and how it is used.
      • Offer a “Do Not Track” option for website users.

      14. Changes to This Privacy Policy

      We may update this Privacy Policy from time to time. When we do, we will post the revised policy on our website and update the “Effective Date” at the top of this page. We encourage you to review this policy periodically for any updates or changes.

      15. Contact Us

      If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us.

      16. Legal Basis for Processing Personal Data (For EEA Students)

      If you are a student or individual from the European Economic Area (EEA), we process your personal data based on one or more of the following legal grounds:

      • Contractual Necessity: To fulfill the contract with you, such as processing enrollment and payments.
      • Consent: When you provide explicit consent for specific uses of your data (e.g., marketing communications).
      • Legal Obligation: To comply with legal requirements, including academic and immigration laws.
      • Legitimate Interests: For the operation and improvement of our services, provided that your rights and freedoms are not overridden.

      17. Notable Additions for Alignment with Best Practices

      Governance Structure: Data protection and security measures are overseen by a dedicated team, with clear roles and responsibilities to ensure accountability.

      Detailed Data Classification: Personal data is categorized into “confidential,” “restricted,” and “public” to ensure appropriate handling and security.

      Vendor Monitoring: Service providers must maintain strict security measures, and contracts are reviewed to include data protection clauses.

      Incident Response: A comprehensive incident response plan includes protocols for reporting, mitigating, and addressing security breaches.

      Periodic Audits: Regular audits are conducted to assess compliance with privacy policies and identify potential vulnerabilities.

      18. Your Consent

      By using our site, you consent to our online privacy policy.

      This policy was last modified in August 2025.

      Contacting Us

      If you have any questions regarding this privacy policy, please contact us using the information provided below.

      4940 Broadway St., Suite 215
      San Antonio, TX 78230
      info@srisa.org