Privacy Policy

1. Information We Collect

We collect the following categories of personal data:

• Identity data: Full name, date of birth, nationality, and identification documents.
• Contact data: Email address, phone number, and home address.
• Academic data: Enrollment records, grades, attendance, and program information.
• Health data: Medical conditions or dietary requirements relevant to student safety (collected with explicit consent).
• Usage data: IP address, browser type, and pages visited when using our website.
• Communications: Messages submitted through our contact or inquiry forms.

2. How We Use Your Information

We process personal data for the following lawful purposes:

• Administering student enrollment, academic progress, and school operations.
• Communicating important school news, events, and emergency notifications.
• Complying with legal obligations under Costa Rican and international educational regulations.
• Processing applications for admission or employment.
• Improving our website and digital services.
• Ensuring campus security and student safety.

3. Legal Basis for Processing

• Contractual necessity: To fulfill the educational agreement between GVS and enrolled families.
• Legal obligation: To comply with MEP regulations and other applicable laws.
• Legitimate interest: For school administration and communication with the GVS community.
• Consent: For optional activities such as newsletters, photography, and health-related disclosures.

4. Data Sharing and Third Parties

We do not sell or rent personal data. We may share data with:

• Government authorities: As required by Costa Rican law (MEP, CCSS, PRODHAB).
• Accreditation bodies: Such as the International Baccalaureate Organization (IBO) and Cognia.
• Service providers: Trusted partners who assist with school management systems — all under data protection agreements.
• Emergency services: When required to protect the life or safety of a student.

5. Data Retention

We retain personal data only as long as necessary for the purposes it was collected, or as required by law. Academic records are retained for a minimum of 10 years following graduation or withdrawal. Website usage data is retained for up to 12 months.

6. Your Rights

Under Law No. 8968 and applicable international standards, you have the right to:

• Access: Request a copy of your personal data held by GVS.
• Rectification: Correct inaccurate or incomplete data.
• Erasure: Request deletion of data where no legal basis for retention exists.
• Restriction: Limit how your data is processed in certain circumstances.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: At any time, where processing is based on consent.

To exercise any of these rights, contact our Data Protection Officer at soporte.it@goldenvalley.ed.cr. We will respond within 30 business days.

7. Cookies and Tracking

Our website uses essential cookies for functionality (e.g., language preferences and login sessions). We do not use advertising or tracking cookies. You can disable cookies in your browser settings, though some features may not function correctly.

8. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or disclosure. These include encrypted connections (HTTPS), access controls, and regular security reviews.

9. Children's Privacy

As a school, we routinely process data relating to minors. We do so exclusively in the context of our educational mission and with the informed consent of parents or legal guardians, in accordance with Law No. 8968 and the UN Convention on the Rights of the Child.

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or a notice on our website.

11. Mobile Application — GVS Tiquetes de Soporte

This section covers the mobile application GVS Tiquetes de Soporte (iOS and Android), an internal staff tool for creating and tracking maintenance and IT support tickets across our Heredia and Alajuela campuses. It supplements the rest of this Privacy Policy.

Who can use the app

Access is restricted to users with a Google Workspace account under the @goldenvalleyschool.ed.cr domain. The app is not intended for use by children or by anyone outside the School's staff and contractors.

Data the app processes

• Identity data (via Google Sign-In / OAuth): your full name, your @goldenvalleyschool.ed.cr email address, and your Google account identifier. We do not receive your Google password.
• Profile data assigned by the School: role (IT, Maintenance, Administration), department, position, username.
• Ticket content you create: descriptions, classroom and campus references, urgency, comments, and photo or document attachments you choose to upload.
• Status and history: changes to tickets you submit, are assigned to, or comment on.
• Authentication tokens: stored only on your device, in the operating system's protected keychain (iOS) or keystore (Android). They are not transmitted to anyone except our backend for authentication.
• Technical metadata: API request timestamps and error logs strictly necessary to operate the service.

Data the app does not collect

The app does not collect advertising identifiers, precise device location, contacts, microphone audio, biometric data, browsing history, or behavioural analytics. It contains no third-party advertising SDKs and no behavioural tracking.

Third parties that process app data

• Google LLC — solely to authenticate you via Google Sign-In. Subject to Google's own privacy policy.
• Render Services, Inc. — hosts the backend API that the app communicates with, on United States infrastructure. Ticket content and profile data are stored on Render.

By using the app, you understand that your data may be transferred to and processed in the United States, which may have data-protection laws different from those of Costa Rica. We rely on contractual safeguards with our processors.

Retention specific to the app

• Ticket records are retained while operationally or legally necessary, typically for the duration of your employment plus periods required by Costa Rican labour and tax law.
• Authentication tokens are stored on your device only and are cleared on logout, app uninstall, or expiry.
• Server logs are typically kept for 90 days.

Security measures

• HTTPS / TLS for all data in transit between the app and our backend.
• Authentication tokens stored on-device using Apple Keychain and Android Keystore.
• Sign-in restricted to verified @goldenvalleyschool.ed.cr accounts.
• Role-based permissions limit what each user can see and modify.

How to delete your data from the app

1. Email josedaniel@goldenvalley.ed.cr from your @goldenvalleyschool.ed.cr address.
2. We will close your account and delete or anonymize your personal data, except records the School is required to keep by law (e.g., labour, tax, audit).
3. To clear locally stored tokens on your own, sign out from the app or uninstall it.

Your rights under Costa Rica's Law No. 8968 (PRODHAB)

You may access, correct, delete, or restrict the processing of your personal data, and file a complaint with PRODHAB. To exercise these rights with respect to the app, contact josedaniel@goldenvalley.ed.cr.

12. Contact Us

For privacy-related inquiries, requests, or complaints, please contact:

You may also file a complaint with Costa Rica's data protection authority: PRODHAB.