Privacy

PRIVACY POLICY

LOTISME Foundation

1. INTRODUCTION

The LOTISME Foundation is committed to protecting the privacy of users of its website, families of learners, professionals, and anyone whose personal data we collect. This privacy policy explains how we collect, use, share, and protect your personal information.

We invite you to read this document carefully to understand our practices regarding the processing of your personal data.

2. DATA CONTROLLER

The controller of personal data is:

LOTISME Foundation
[Complete address]
[Postal code and city]
[Country]
Email: [contact email address]
Telephone: [phone number]

3. INFORMATION WE COLLECT

3.1 Information you provide directly to us

We collect personal information that you voluntarily provide to us, including:

  • Identification data: surname, first name, date of birth
  • Contact details: postal address, email address, telephone number
  • Health data: relevant medical information concerning learners, diagnoses, assessment reports
  • School and educational information: educational background, specific educational needs
  • Family information: household composition, parental situation
  • Communication data: message content, requests, forms completed on our website

3.2 Information collected automatically

When you visit our website, we may automatically collect certain technical information, including:

  • Connection data: IP address, browser type and version
  • Navigation data: pages visited, time spent on each page, links clicked
  • Device data: device type, operating system, language settings

4. PURPOSES OF DATA PROCESSING

We use your personal data only for specific, explicit, and legitimate purposes, including:

  • Providing our educational and therapeutic services
  • Managing registrations and learner files
  • Communicating with families and healthcare professionals
  • Adapting our support to the specific needs of each learner
  • Organizing our training sessions and events
  • Improving our services and website
  • Responding to your requests and questions
  • Complying with our legal and regulatory obligations

The processing of your personal data is based on the following legal grounds:

  • The performance of a contract when we provide you with our educational services
  • Your explicit consent, particularly for the processing of health data
  • Our legitimate interest in improving our services and ensuring the proper functioning of our website
  • Compliance with our legal obligations regarding education and child protection
  • Safeguarding the vital interests of the learner, where applicable

6. RECIPIENTS OF DATA

Your personal data may be transmitted to the following recipients:

  • Our authorized internal staff (teachers, educators, administrative personnel) strictly within the limits of their functions
  • Our technical subcontractors (hosting, IT maintenance) bound by confidentiality obligations
  • Healthcare professionals involved in the monitoring of learners, with your consent
  • Educational authorities and public bodies, when required by law
  • Third-party service providers only when necessary for the execution of our services

We do not sell, trade, or otherwise transfer your personal information to third parties for commercial purposes.

7. TRANSFER OF DATA OUTSIDE THE EU

In principle, we keep your personal data within the European Union. However, if a data transfer to a third country should be necessary, we would ensure that this country offers an adequate level of protection, in accordance with the General Data Protection Regulation (GDPR).

In the event that data is transferred to a country not benefiting from an adequacy decision, we would implement appropriate safeguards in accordance with applicable regulations.

8. DATA RETENTION PERIOD

We retain your personal data only for the period necessary to fulfill the purposes for which they were collected, or to comply with our legal obligations.

Specifically:

  • Learners’ files are kept for the duration of their schooling at our establishment, and then for a period of 5 years after their departure
  • Data relating to information requests are kept for 3 years from the last contact
  • Website connection data is kept for a maximum of 13 months
  • Accounting documents and supporting documents are kept for 10 years, in accordance with legal obligations

At the end of these periods, your personal data is deleted or anonymized.

9. YOUR RIGHTS

In accordance with the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

  • Right of access: you can obtain a copy of the personal data we hold about you
  • Right to rectification: you can request the correction of inaccurate or incomplete data
  • Right to erasure: you can request the deletion of your personal data in certain circumstances
  • Right to restriction of processing: you can request the restriction of processing of your data
  • Right to data portability: you can receive your data in a structured format and transmit it to another controller
  • Right to object: you can object to the processing of your data based on our legitimate interest
  • Right to withdraw your consent at any time, when the processing is based on your consent
  • Right to define guidelines concerning the fate of your data after your death

To exercise these rights, you can contact us by email at [dedicated GDPR email address] or by postal mail at the address indicated in the “Data Controller” section.

We will endeavor to respond to your request within one month, except in particular circumstances which we will communicate to you.

10. DATA SECURITY

We implement appropriate technical and organizational measures to ensure the security of your personal data, including:

  • Encryption of sensitive data
  • Strict access controls to personal data
  • Training and awareness of our staff on data protection
  • Regular audits of our security systems and procedures
  • Business continuity and disaster recovery plans
  • Regular data backup

Despite these precautions, no security system is infallible. In the event of a data breach likely to create a risk to your rights and freedoms, we will inform you under the conditions provided by applicable regulations.

11. COOKIES AND SIMILAR TECHNOLOGIES

Our website uses cookies and similar technologies to improve your browsing experience and collect certain information. For more information on our use of cookies, please consult our Cookie Policy [link to cookie policy].

12. PROTECTION OF MINORS’ DATA

We are particularly attentive to the protection of children’s personal data. The collection and processing of data concerning minors is carried out with the consent of the holders of parental authority and only in the interest of the child.

We implement specific measures to ensure the protection of this particularly sensitive data.

13. CHANGES TO THE PRIVACY POLICY

We reserve the right to modify this privacy policy at any time. Any substantial modification will be clearly indicated on our website.

We encourage you to regularly consult this page to be aware of any changes. The date of the last update is indicated at the bottom of this policy.

14. COMPLAINT TO A SUPERVISORY AUTHORITY

If you believe, after contacting us, that your rights are not being respected, you can lodge a complaint with the supervisory authority in your country of residence.

For Switzerland:
Federal Data Protection and Information Commissioner
Feldeggweg 1
3003 Bern
Tel.: +41 (0)58 462 43 95
https://www.edoeb.admin.ch

15. CONTACT US

For any questions regarding this privacy policy or to exercise your rights, please contact us:

Data Protection Officer
LOTISME Foundation
[Address]
[Postal code and city]
Email: [DPO email]
Telephone: [DPO number]

Last updated: 04.01.2025