privacy policy


The policy of the French International School of Marbella (EFIM) with regard to the collection, use, transmission, management and protection of personal data is subject to the European Data Protection Regulation as transposed. This regulation recognizes both the right of individuals to protect their data – including the right of access and correction – and the need for EFIM to collect, use and transmit data for a legitimate and reasonable purpose. .

It covers the following elements:

Data collected and use

The French International School of Marbella (EFIM) collects and can use students' personal data (name, address, date of birth, photos, education, participation in activities, support for activities, setting up a project) for the following purposes (non-exhaustive list) :

  • Compliance with regulations (e.g. compliance with standards issued by the Ministry of National Education, administrative files, taxes etc.)
  • Transfer of personal data for the AEFE User Database by the Agency for French Education Abroad (AEFE)
  • Organization of lessons and publication of student results
  • General administration (e.g. project management, communication relating to work or teaching, school records)
  • Education (ex: prizes, rewards, certifications, academic achievements, schools attended)
  • Admission of students (ex: new admission, withdrawal / cancellation)
  • Communication with parents or legal representatives (emails from teachers, Guidance service, crisis communication)
  • School trips (e.g. organization, logistics, medical needs, food needs, registration)
  • Registration for Extra-Curricular Activities and Secondary Sports Activities
  • Medical needs (ex: allergies)
  • Registration at Alumni and alumni services (directory)
  • Insurance
  • Transmission of information to requesting third-party schools as part of their admission procedures

The school collects and may use the personal data of parents or legal guardians of students (such as name, date of birth, email address, telephone, bank details) for the following purposes (non-exhaustive list) :

  • Communication with parents or legal representatives (through teachers, school management, guidance service or administration)
  • Medical needs in case of emergency (ex: contact of the family in case of accident or major risk)
  • School trips (e.g. organization, logistics, medical needs, food needs, registration)
  • Fundraising for the needs of the school
  • Invoicing and payment (ex: invoicing of school fees, balance of any account and payment history, payment process)

Subject to express authorization the French International School of Marbella (EFIM) can :

  • Communicate the e-mail address of the parents or legal representatives to the Parents Commission and to the parents' representatives
  • Use students' personal data (name, photos, films, etc.) only for non-commercial purposes, including:
    • Internal uses: school booklet, brochure, poster, class photo
    •  educational projects etc ...
    • External uses: website and social networks of the Agency for French Education Abroad, website and social networks of the school, school presentation documents, etc.


Parental consent

For pupils in levels up to and including CM2, parental consent is considered sufficient.

The French International School of Marbella (EFIM) may collect and use the personal data of students and their parents or legal representatives.

Implied consent

Where a person has freely decided to participate in a situation or process in which the collection of personal data can reasonably be envisaged, implied consent may be considered given. This concerns:

  • Student registration files (admission process before acceptance)
  • Requests for information resulting in a follow-up and response process
  • The use of video surveillance in the EFIM
  • Events organized by EFIM


Data security

The French International School of Marbella (EFIM) is committed to:

  • Implement appropriate security measures to protect personal data against accidental or unlawful destruction, loss, alteration, disclosure or unauthorized access, in particular when the processing of the data involves transmission or storage on or in a network.
  • Notify the persons concerned in the event of accidental or unauthorized access to their data that could lead to damage or prejudice.

Rights of access, correction and withdrawal

Parents have the right to consult the personal data which concerns them or their children (subject to the exclusions listed below) and to request modifications or corrections to this data.

Data subjects may contact the DPO mentioned in the paragraph “Responsible persons”, in order to exercise their rights towards the controller.

Exceptions to the Right of Access The law does not provide for the right of access to all information held by an organization. Thus, the school reserves the right to refuse access to:

  • Opinions kept for evaluation
  • Copies or exam results
  • Confidential written references to support a student's application to other educational institutions or courses
  • Data or documents that would provide personal data about other individuals in violation of the Directive

Sharing data with third parties

Personal data may be transmitted by the school to third parties, service providers or agents (such as travel agencies, insurance companies and data hosting companies) or IT service providers (student school management, accounting management ). Personal data may also be transmitted to the French Ministry of National Education, to the AEFE, or to the French Embassy in Spain.

EFIM will share this data only in order to obtain the necessary services from these third parties and not for commercial purposes.

EFIM signs contracts to ensure that third parties use the data only for the purpose of providing the service and take appropriate precautions to protect the data.

In some cases, for example in the context of online services, there is no explicit contract. In such cases, EFIM will ensure that the terms and conditions of the service provide that:

  • The school remains the owner of the data.
  • The service provider is not authorized to use the data entrusted for any other purpose than to provide the requested service.
  • The service provider takes reasonable precautions to ensure data security.
  • When the school ends its relationship with the service provider, all data will be erased and will not be used for any other purpose.

Responsible persons

The Data Protection Officer (DPO) is responsible for:

  • to inform and advise the controller
  • monitor compliance with European regulations and national data protection law;
  • advising the organization on carrying out, in certain cases, an impact analysis (PIA) and verifying its execution;
  • to cooperate with the supervisory authority and to be the latter's point of contact.

He is the person to contact for any question or complaint in relation to data protection and for any request for access, modification, restitution and deletion of data.

Contact :