Privacy Policy
In compliance with the General Data Protection Regulation 2016/679 (GDPR) and Organic Law 3/2018 on Data Protection and Guaranteed Digital Rights (LOPDGDD in Spanish) of 5 December 2018, please be informed:
DATA CONTROLLER
PURPOSE OF THE DATA PROCESSING
We inform you that the data you provide will be processed for the following purposes:
- Handling and replying to the contact requests, requests for information and/or queries received via the contact methods available on the website.
- Handling the enrollment requests received via the corresponding web form.
- Sending information and advertising about the educational institution’s services or related aspects, through any method, including via electronic communications or equivalents.
- Sending information and advertising about the products and services of third-party companies connected to the educational institution, through any means, including via electronic communications or equivalents, as well as receiving information about the NGO Cruzada por los Niños, the International Studies Foundation, the International Studies Foundation USA, and the RFK Human Rights Spain Foundation, non-profit institutions that belong to the same educational group as CIS University.
- Handling the data contained in the CVs received from candidates participating in the hiring processes to fill job openings.
Additionally, in accordance with the GDPR, records of the processing activities will be kept, specifying, as per the purposes, the processing activities carried out and other circumstances specified in the GDPR.
Personal information may not be used for purposes that are not related to the services hired or products purchased. Automated decisions will not be made based on this profile.
LAWFULNESS OF DATA PROCESSING
The legal basis for the processing is built on:
- The consent granted by the User by agreeing to this Policy and the corresponding box.
- The User has provided their personal data as part of a contractual or pre-contractual relationship to handle their request and/or query, and therefore the processing is needed to maintain this relationship.
- The legal obligations that apply to the Owner and require processing personal data for the services provided or those related to tax matters.
The User may withdraw their consent at any time for the processing of their personal data. The withdrawal of this consent will have no impact on the services provided and/or the fulfillment of contracts with the Owner.
PERSONAL DATA PROCESSED AND THE ORIGIN
The personal data we process is that of identifiable, personal or family nature; related to social and academic circumstances; as well as financial and economic data. This data has been provided by the User by sending emails or using the website’s features.
Using the contact sections, filling out the forms and/or harnessing the features available on the portal is voluntary. However, it is necessary to fill out certain fields in the forms or submit data through other features to properly handle requests, so if the User refuses to provide the required information, the Owner will be unable to properly handle the request.
The User guarantees that the data submitted is true, accurate and complete. Any data that is inaccurate, incomplete or no longer needed or pertinent for the purpose as per the applicable legislation will be canceled, deleted or blocked. If the personal data submitted is that of a third party, the User guarantees that they have informed them of the Privacy Policy and obtained their authorization to provide their data for the aforementioned purposes. The user also guarantees that the data provided is accurate and updated, being responsible for any direct or indirect damages that could be caused as a result of a breach of this obligation. The User promises and assumes responsibility for the veracity and accuracy of the data provided, and agrees to keep the data updated.
LINK POLICY
The website may include links to third-party sites and social media platforms on which the Owner is present. The aforementioned third-party websites have not been reviewed and are not subject to controls by the website or its owner. The Owner is not responsible for the content of these websites or the measures implemented for personal data processing or privacy. The User is advised to carefully read the terms of use and the privacy policy of these websites. If the User is interested in activating a link to this website, they should inform the Owner and obtain express written consent to create the link. The Owner reserves the right to refuse the activation of links to its website.
DATA PROTECTION OF MINORS
As per the GDPR and the LOPDGDD, only individuals over the age of 14 may consent to have their personal data processed legally. Only individuals over the age of 14 may submit personal data on this website. Consent from the parent or guardian is required for the processing of the personal data of minors under the age of 14.
PERSONAL DATA RETENTION PERIODS
The personal data provided by the User will be kept while they remain registered for the service, for the duration of the business relationship, as long as the User does not request its erasure or during the legally established period. The data may also be kept when needed to comply with legal obligations or to establish, exercise and defend any legal claims.
If the User withdraws their consent or exercises their rights of objection or erasure, the data will remain blocked and available to the Justice Administration during the legally established periods to address potential liabilities resulting from the processing of personal data. The withdrawal of this consent will have no impact on the services provided and/or the fulfillment of contracts with the Owner.
PERSONAL DATA SECRECY AND SECURITY
The Owner agrees to implement the necessary technical and organizational measures, as per the corresponding security level for the risk of the data collected, to guarantee the security of personal data and prevent the accidental or illegal destruction, loss or alteration of the personal data shared, stored or processed in another manner, or the unauthorized access or distribution of this data.
The personal data will be handled as confidential by the Owner, who agrees to notify and guarantee through a legal or contractual obligation that its employees, associates and individuals with access to this information will maintain this confidentiality.
TRANSFERS AND RECIPIENTS OF PERSONAL DATA
Your personal data will be shared when legally established to comply with obligations directly required of the Owner, when needed to comply with the aforementioned processing purposes or to provide services that are strictly necessary for the activity.
We share your information with:
- Service providers hired by (responsible for the processing): Our hosting service, computer technicians, consultants or service providers. We require our service providers to only use personal data for the purpose specified in the corresponding contract and, at its conclusion, the personal data must be destroyed.
- Service providers located outside of the European Economic Area (international data transfers): In these instances, reasonable efforts will be made to determine that the recipient of the transfer provides the appropriate data protection guarantees or that the European Commission has determined they offer an adequate level of protection.
- For legal obligations: Public Tax Administration, public authorities with jurisdiction, judges and courts, or similar, etc.
RIGHTS OF USERS
What are your rights when you provide us with your data?
The User has the right to obtain confirmation on whether we are processing personal data concerning them or not. The User has the right to access their personal data as well as to request the rectification of inaccurate data or, as the case may be, to request its erasure when, among other reasons, the data is no longer necessary for the purposes for which it was collected. Under certain circumstances, the User may request the restriction of the processing of their data, in which case, we will only keep the data for the exercise or defense of legal claims. In certain circumstances and for reasons relating to a particular situation, the User may oppose the processing of their data, in which case the controller will stop processing the data, except for compelling legitimate grounds or the exercise or defense of possible legal claims. When legally applicable, the User will have the right to the portability of their data, which entails having the right to receive their personal data we are processing and storing on a device we own.
When applicable, the User may exercise before the Owner the rights of access, rectification, objection, erasure, restriction of processing, portability and the right to not be subject to individual automated decisions by sending a written request and photo ID to certify their identity, specifying “GDPR Rights” as the subject matter, to Calle VELAZQUEZ 140, 28006 – MADRID or the email address .
We also inform you that you may send any personal data protection claims to the Agencia Española de Protección de Datos (Spanish Data Protection Agency) www.agpd.es, Autoridad de Control de España (Supervisory Authority of Spain).
