By providing us with your personal data and using our website, we understand that you have read and understood the terms and conditions that apply to them.
1. Personal data controller
UNIVERSITAT INTERNACIONAL DE CATALUNYA, Fundació Privada (hereinafter, UIC BARCELONA)
Immaculada, 22, 08017 Barcelona
+34 932 541 800
+34 934 677 275
Data Protection Officer: Ms. Marta Gustà Contact email for the Data Protection: firstname.lastname@example.org
2. Personal data and special categories of personal data
Personal data is all the information held on an identified or identifiable private individual (the “data subject”), such as their name, address, telephone number or email address.
Special categories of personal data is a subgroup of personal data that reveals ethnic or racial origins, religious or philosophical convictions, sexual orientation, health and medical information and trade union memberships, among others.
Personal data (or data) constitutes any information regarding an identified or identifiable private individual, either directly or indirectly, through reference to any other type of information, including a personal identification number.
3. Personal data we collect and the purposes of its processing
3.1 Request for personal data
It is possible that other personal data will be compiled on you during the time of your relationship with the University, in which case you will be asked for your consent and will be informed about the processing to be carried out, its purpose, the legal basis of its processing and your rights in respect of your personal data, as well as other information.
Personal data can be provided directly by the user or collected automatically through using the website.
3.2 Purposes of the processing
UIC BARCELONA collects your personal data for various purposes according to its use and source (students, customers, suppliers, employees or third parties, etc.).
Students’ personal data is processed exclusively to carry out the University’s own teaching or guidance functions. Any use of students’ personal data other than specified herein will require prior, express and specific consent from the data owners or their legal representatives. According to current regulations, the personal data we can request in order to carry out the aforementioned tasks is that which is necessary for the education and guidance of students.
In the case of students, potential students or suppliers, UIC BARCELONA collects and processes personal data for the purpose of managing offers for educational services and any commercial or service relationships related to them.
In the case of UIC BARCELONA employees, personal data is collected for the purpose of fulfilling and managing the working relationship and to deal with UIC BARCELONA activities, including personnel administration, occupational health and safety, the sending of general or personalised communications, including those relating to UIC BARCELONA teaching or course information, managing awards and recognitions and subsidies. In the case of curricula vitae, personal data is collected for the admission and management of the student body or of candidates and their selection processes and, where applicable, subsequent recruitment.
In all cases, any personal data collected will be used to fulfil both legal obligations and those derived from the execution of commercial relationships and contracts of an academic, commercial, administrative and any other nature, to which UIC BARCELONA is a party, as well as dealing with any academic, legal, work-related or commercial complaint or claim.
They can also be used for sending out surveys, questionnaires and assessment forms relating to our services, given that such information is very useful for us in terms of quality control.
We process the contact data collected from your letters and emails or online forms on this website in order to manage your requests and queries.
Data from Cookies: any Cookies - or other tracking tools - employed by the website itself or by external service providers involved in this website will, unless otherwise specified, be used to identify users and to register their preferences for purposes strictly related to providing the service requested by the user, and will at all times be processed according to our Cookies Policy.
Additionally, UIC BARCELONA will be able to use your data to provide you with information about our courses, services, products or information about the University. You can request, at any time, that we do not contact you or tell you about our courses and services, and that we do not reveal your information to third parties for such purposes, either by contacting us directly or, where applicable, clicking on the “unsubscribe” button in our promotional emails.
3.3 Methods of collecting data
We generally collect personal data directly from you. We compile the information and personal data that you provide us with electronically, including information given through the website, through telephone conversations with UIC BARCELONA staff, through the provision of our services and through your completing of forms or any other kind of written or electronic means of communication.
If we collect information about you from third parties we will make you aware of it and, where necessary, we will request your consent to such processing.
If we receive information or personal data about you that we have not requested or that is irrelevant for the aforementioned purposes, we will destroy it or render the information anonymous, unless obliged to keep it in order to comply with current legislation.
3.4 What happens if you do not provide your information and personal data or do not authorise their processing?
If you are a student, client or supplier, you are within your right to not provide us with information or personal data, although in that case it may be impossible to sign any kind of contract or to provide services.
If you are an employee and do not provide the information or personal data required to comply with obligations and the exercising of legal or statutory rights, or else to exercise a work contract or service provision by UIC BARCELONA to its students, or to fulfil legitimate interests, this could impede or affect your working relationship with UIC BARCELONA in some way.
In the case of special category data, your explicit consent will always be requested, unless the processing is necessary to comply with the obligations and exercise of specific rights of the data controller or data subject in the field of Employment Law and the interests of security and social protection, or else necessary to protect vital interests, or that refers to data you have manifestly made public, as well as data used in defending claims or for reasons of essential public interest, or for preventative healthcare or work-related reasons, assessment of your work capacity, medical diagnosis or treatment of a medical or social nature.
4. Legal grounds of processing personal data
The legal grounds for processing your data for the aforementioned purposes will always be among those covered by Article 6 of the GDPR i.e.:
Consent of the data subject.
The execution of a contract.
Compliance with a legal obligation applicable to the data controller.
Protection of the vital interests of the data subject or another private individual.
Satisfaction of legitimate interests pursued by the data controller or by a third party
If the processing refers to special category data, it will always be justified by one of the legal grounds established in Article 9 of the GDPR.
If the user is a minor, the prior consent of their parents or guardians will be required before including their personal data in web-based forms. UIC BARCELONA exempts itself from any liability resulting from non-compliance with this requirement.
5. Duration of processing personal data
When UIC BARCELONA is deemed to be the Data Controller, it will ensure that any data processed is:
Used for the purpose for which it was collected.
Not used for different and/or incompatible purposes to those that justified its collection and processing.
Not kept indefinitely without justification.
Erased when it is no longer needed for the purpose that justified its collection and processing.
Retaining data is justified when:
The data is to be used for historical and/or statistical purposes.
There is potential for damage to the legitimate interests of the data subject or of third parties.
A regulation imposes an obligation to keep the data for a specified period.
The data and documentation serve as proof of an activity undertaken or service rendered, for the duration of the limitation periods in respect of civil, penal, administrative or any other type of action that may arise from the activity undertaken or service provided.
Both parties have agreed to keep the data for a longer period.
In cases where there is a legal obligation to keep data for a specific amount of time and/or for the duration of a limitation period on actions that could arise from the activity undertaken or service provided, the University will block the data during such periods. The blocked data will be available exclusively to Public Administrations, Judges and Courts, in order to deal with potential liabilities resulting from the processing of the data for the duration of its limitation period and/or within the legal deadlines established for this purpose. Once these limitation periods and deadlines have expired, the blocked data must be erased.
When UIC BARCELONA is deemed to be the Data Processor, in accordance with the GDPR, and once the contractual commitment that gave rise to the processing has been fulfilled, the personal data must be destroyed or returned to the Data Controller, along with any media support or document which contains any data subject to being processed.
As in the previous case, data will not be erased by the data processor when a legal provision dictates they should be preserved, in which case they should be returned to the data controller with a guarantee of such preservation. Equally, it is established that the data processor may keep the blocked data so long as liabilities may arise as a consequence of its relationship with the data controller.
In accordance with these requirements, the following is established
Personal data retention periods
With regard to applications for admission to studies taught at the University:
Period: In the event of your enrolment not being confirmed, your personal data will be kept for historical research and statistical purposes only; and for use as evidence in the quality procedures in which the University participates.
With regard to the enrolment of university students.
Period: personal data included in a confirmed enrolment to begin studies at the University and which is necessary to identify the student, along with data derived from the academic record of people that have studied at the university will be kept indefinitely, in accordance with the legal obligations of the University. Normative reference: Articles 2 and 6 of Organic Law 6/2001, of 21 December 2001 on Universities and the regulations regarding filing and documentation.
With regard to academic data:
Period: As required by law, the length of time data regarding a student’s academic record can be kept is indefinite. Normative reference: Articles 2 and 6 of Organic Law 6/2001, of 21 December 2001 on Universities and the regulations regarding filing and documentation.
With regard to former students: Period: The status of alumni is for life, and so the personal data provided voluntarily to UIC BARCELONA will be kept on the system indefinitely so long as the data subject does not request its erasure. Normative reference: Articles 6.1.a) and 6.1.b) of the General Data Protection Regulation.
With regard to data relating to University staff:
Period: It will be kept for the time necessary to comply with the purpose for which it was collected and to establish the potential liabilities that could arise from that purpose and the processing of the data. The provisions established in the regulations on filing and documentation will apply. Normative reference: Article 21.1 RDL 5/2004 on social order infringements and penalties and Articles 6.1.b) and 6.1.c) of the General Data Protection Regulation. In the specific case of job applications and curricula vitae, data will be kept for a period of one year, unless otherwise indicated by the data subject.
With regard to occupational health and safety:
Period: It will be kept for the time necessary to comply with the purpose for which it was collected and to establish the potential liabilities that could arise from that purpose and the processing of the data. The provisions established in the regulations on filing and documentation will apply. Normative reference: Article 4 RDL 5/2004 on social order infringements and penalties and Articles 6.1.b) and 6.1.c) of the General Data Protection Regulation.
With regard to processing personal data for advertising and promotional purposes.
Period: The personal data of people interested in receiving advertising and promotional information from the University will be kept on the system indefinitely provided that the data subject does not request its erasure. Normative reference: Article 6.1.a) of the General Data Protection Regulation.
With regard to video surveillance:
Period: 1 month Normative reference: Article 22.3 of the LOPD-GDD.
With regard to control of access to buildings: applicable to administrative and service staff of the University who need to be registered.
Period: Three months from the collection of personal information.
En matèria de control d'accessos a edificis: d'aplicació al personal d'administració i serveis de la Universitat que han de fitxar:
Period: It will be kept for the time necessary to comply with the purpose for which it was collected and to establish the potential liabilities that could arise from that purpose and the processing of the data, in compliance with the General Tax Law 58/2003, of 17 December 2003, as well as the provisions established in the regulations on filing and documentation. Normative reference: General period of limitation that applies to personal actions in civil legislation (Article 1964 CC and 121-20 and ss CCCat), Article 6.1.c) of the General Data Protection Regulation, the General Subsidies Law 38/2003, of 17 November 2003, and the General Tax Law 58/2003, of 17 December 2003.
With regard to justifying subsidies and national or international public grants
Period: until the end of the limitation period of the obligation to justify any expenses that can be ascribed to grants and subsidies. Normative reference: General Subsidies Law 38/2003, of 17 November 2003.
6. Transfer of personal data to third parties
We may share or reveal your personal information to third parties for any of the aforementioned reasons. These third parties might include education centres, university centres, as well as clients, external consultants, suppliers or subcontractors (for example, the postal service, support services, etc.), in compliance with the contractual relatonships signed with such third parties, both within and outside the EU/EEA. Additionally, your data can be communicated to third parties due to legal obligations or requirements, to courts, tribunals and public administrations where necessary, or to any other third party, person or entity authorised by you.
In the case of international transfers, we always solicit your express consent to transfer your personal data to third parties located outside the country in which we collected your data (where applicable), except when the transfer is authorised or required by a law, norm or court.
We will not share any special category personal data relating to you with any person or any entity other than UIC BARCELONA, our employees, UIC BARCELONA collaborators, state-run bodies and others in compliance of legal obligations or requirements, courts, tribunals and public administrations, or any other third party authorised by law.
7. Storage and security of personal data
We store your personal data as either paper or electronic files. We have put safeguards in place according to the requirements of current legislation to protect the personal data we store from improper use, interference and loss, unauthorised access, modification or disclosure.
UIC BARCELONA applies technical security measures such as encryption in those cases where it is reasonably possible to do so. Additionally, there are different systems such as the secure archiving of original documents or limiting access to personal data to appropriately authorised people so that your personal data can be processed securely.
8. Rights relating to your personal data
UIC BARCELONA ensures that the information kept on you is accurate, updated, complete and relevant. However, you have the right to access this information and correct it if it is incorrect, inaccurate, outdated or incomplete. You can also withdraw your consent to the processing of your personal data.
What rights protect you with regard to the processing of your data?
Right to request access to your personal data.
Right to request its rectification or erasure.
Right to request the limitation of its processing.
Right to object to its processing.
Right to data portability.
Right to withdraw the consent granted.
Access/rectification and erasure: data subjects have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its erasure when, among other reasons, the data is no longer required in order to execute the contract.
Limitation: in certain circumstances, data subjects can request a limit on the processing of their data, in which case we will only keep them for making claims or defending ourselves against them.
Objection: data subjects can object to the processing of their data. UIC BARCELONA will stop processing the data, except for legitimate or compelling reasons or else to make or defend ourselves against potential claims, and we will keep it duly blocked while legal obligations persist.
At the same time, data subjects have the right to object to the adopting of automated individual decisions that could have legal consequences or affect them significantly.
Portability: data subjects can request and receive the data held on them and which they have provided or ask us to send it to another data controller of their choice, in a commonly used machine-readable structured format.
When will we respond to your request?
We will respond to your requests as quickly as possible and, in all cases, within a period of one month from receiving your request. This period could be extended for a further two months where necessary, taking into account the level of complexity involved and the number of requests received. The data controller will inform the data subject of any such extension during the first month following receipt of the request.
Do you have the right to withdraw your consent?
Data subjects can withdraw the consent given at any time without affecting the legality of the processing undertaken based on the consent granted at the time of registering or providing the data.
How do you go about exercising your rights?
To exercise your rights, data subjects can send a letter with all their data, including a copy of their DNI (ID card) or passport and indicating which right they would like to exercise, addressed to UIC BARCELONA, C/Immaculada 22, 08017 - Barcelona, or by email to email@example.com
Do you have the right to claim?
We advise you that if you have submitted a request to exercise these rights and feel that it has not been adequately dealt with by our institution, you can register a claim with the Spanish Data Protection Agency in accordance with the procedure described at the following address.
9. Electronic communications
In compliance with Law 34/2002, of 11 July 2002, on Information Society Services and E-Commerce, we advise you that email addresses can be used to send information about the University. If you do not wish to receive information or wish to revoke the consent granted to process your data, we would request that you do so in the manner described above or by sending an email to firstname.lastname@example.org.
11. Additional information
For more information on privacy in general, you can visit the website of the Spanish Data Protection Agency (AEPD) at www.aepd.es and of the Catalan Data Protection Authority (APDCAT) at www.apdcat.gencat.cat.