







City and Country School GDPR Compliance Statement The City and Country School (“City and Country”) is committed to complying with the European Union’s General Data Protection Regulation (“GDPR”) as it applies to the faculty, staff, students, and parents, prospective students and parents, alumni and parents, grandparents, and donors who reside in the European Union (“EU”) or are citizens of the EU (“Covered Individuals”). The GDPR establishes specific requirements for how City and Country will handle the “personal data” of individuals who are Covered Individuals. “Personal Data” protected by the GDPR includes all financial, medical, and personal information and data that identifies an individual, including address, personal characteristics such as age, gender, nationality, social security number, and your ISP address.
What is the GDPR?
The GDPR is a regulation adopted by the European Parliament, the Council of the European Union and the European Commission to strengthen and unify data protection for all individuals in the European Union (the “EU”), including, but not limited to, EU citizens and EU residents.
The GDPR went into effect on May 25, 2018.
How does the GDPR affect staff, faculty, students and parents, prospective students and parents, alumni and parents, grandparents, and donors who are EU residents or citizens?
When Personal Data is collected, stored or used from a Covered Individual, that person has certain rights under the GDPR in relation to the use, transfer, storage, and retention of their Personal Data (see below). City and Country is required to comply with the GDPR for its students, teachers, staff, donors, alumni and others who are Covered Individuals, even if the Personal Data is collected or stored in the United States, not in the EU. City and Country is committed to complying with the GDPR and with other federal and state laws that protect the privacy of information for faculty, staff, students and parents, prospective students and parents, alumni and parents, grandparents, and donors.
What is City and Country’s responsibility under the GDPR?
The GDPR requires City and Country to:
If you are a Covered Individual under the GDPR, what are your rights?
City and County can collect information about you in a number of ways, for example, from information that you send to us, that you provide or that we gather when you visit our website, or from your communication with us. When you visit our website, City and Country may collect information about the date you visit, the webpages you view, and any information that you provide through the website. City and County can only collect and store information about you as required by law or a contract with you, as necessary for its legitimate interests to carry out its operations, to provide services to you, or information for which you have given consent to us to collect and retain.
In relation to the Personal Data that City and Country collects and stores about you, you have the right to:
If you provided consent to use or access your Personal Data or Personal Data for your child, you have the right to withdraw consent at any time. For more information about these rights or the GDPR generally, please contact Matthew D. Payne, Director of Communications, at matthewp@cityandcountry.org. You have a right to complain to the applicable supervisory authority, if you believe that your rights under the GDPR have been violated. Reem can provide you with information about filing a complaint.
GDPR Developments
It is expected that regulators in the EU will issue additional guidance in the coming months.