You are here: Privacy Policy


You're in: PRIVACY POLICY

Presentation.
With the entry into force in May, 2018 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th, April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data and re-pealing Directive 95/46/EC, better known today as the General Data Protection Regula-tion (GDPR) there was a significant evolution in the processing of personal data by or-ganizations. Subsequently, in December 2018, Organic Law 3/2018, of December 5th, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD) was pub-lished, which adapted the aforementioned regulation to Spanish legislation and which also brought with it relevant updates.

At Universidad Europea Miguel de Cervantes (UEMC) we are particularly sensitive to compliance with these legislations. Therefore, this Privacy Policy describes the pro-cessing of personal data carried out in the institution (and in dependent organizations, such as the UEMC Foundation and the UEMC University Clinic), the exercise of the rights of the persons concerned and other important aspects to be taken into account for per-sonal data protection.

In this document, we will refer to 'data subject' or 'affected' when we want to identify any individual who has communicated to UEMC their personal data (of which they will always be the owner), in order for the university to carry out some processing on them.

UEMC reserves the right to modify or adapt this Privacy Policy when relevant changes occur. Therefore, it is recommended to review it every time a data form is completed or the website is accessed. Likewise, where relevant and/or legally required, interested par-ties may receive notices from UEMC, which may modify and supplement some of the information.

Last updated date of the contents of this page: May 2020.

DATA CONTROLLER DETAILS.
Entity name: UNIVERSIDAD EUROPEA MIGUEL DE CERVANTES, S.A. (hereinafter, UEMC)
Address: Padre Julio Chevalier 2, 47012 Valladolid (SPAIN).
Phone: +34-983 00 1000
e-mail: info@uemc.es
For any questions related to the processing of personal data, data subjects may contact the UEMC Data Protection Officer using the following details:
Address: Padre Julio Chevalier 2, 47012 Valladolid (SPAIN).
Phone: +34-983 00 1000
Email: dpd@uemc.es

CATEGORIES AND ORIGINS OF PERSONAL DATA PROCESSED.

The main categories of personal data for UEMC are:
  • Data provided by stakeholders at the beginning of the different relationships es-tablished with UEMC (contractual or not).
  • Data generated in the management, maintenance and development of these rela-tionships.
  • Data provided by external sources, if the corresponding consent is given.
  • Data collected in the use and navigation of the UEMC website and by the differ-ent web platforms that host the services offered.
Regarding data input media or sources, the most common are:
  • Various submitted forms (electronic or paper).
  • Data subjects' phone calls requesting information.
  • Transmissions of information via e-mail.
  • The collection of data originated in web browsing (cookies) and the like.

TREATMENT ACTIVITIES.

The Register of Personal Data Processing Activities is a document in which all the pro-cessing of personal data carried out by UEMC is specified.
This register provides detailed information on the processing activities, purposes and legality thereof; as well as other information regarding the types of personal data pro-cessed by our organization, the expected retention periods and the recipients of such information.
The updated log can be found at the following link.

RIGHTS OF INTERESTED PARTIES.

This section details the rights that, as a data subject, can be exercised before UEMC.

To exercise these rights, the data subject must contact UEMC via email address pdcp_derechos@uemc.es, indicating in the field "Subject" the text "Management rights personal data". To make the application, it is required to prove the identity of the per-son exercising their rights by sending a scanned copy of their ID, NIE, Passport or equiva-lent document (on both sides).

Information Right.

At the time prior to the collection of personal data, the data subject must be informed in a concise, transparent, intelligible and easily accessible manner; with a clear and sim-ple language, among other aspects, of the legitimacy and purpose for which data are collected and the uses to be made of them, as well as the possibility of exercising their rights with the identification of the controller.

Right to Withdraw Consent.

If the data subject has given consent to the processing of personal data for one or more purposes, he/she has the right to withdraw his/her consent at any time (without affect-ing the legality of the processing before withdrawing it).

To withdraw consent, the data subject may contact UEMC in the same way that his/her consent was first provided, or send the corresponding request to the Data Protection Officer.

Right of Access and Rectification.

Throughout the period of validity of the data processing, the data subject can access them or request the correction of those that are inaccurate. You also have the right to request all relevant details about the processing of your personal data.

In the event of any data modification of the data subject, UEMC will appreciate the writ-ten communication of them, in order to keep them duly updated.

Right to Data Portability.

Throughout the period of validity of the data processing, the data subject may request a copy of them, provided in a way that respects the rights and privacy of other people.

This means that the data subject has the right to receive such data in a portable format (structured, commonly used and machine-readable format) and to have such data trans-ferred to him or, where technically feasible, directly to another Data Controller.

Opposition Law.

The data subject may object to the processing of his/her personal data in relation to his/her situation. This is relevant as long as the processing is based on legitimate inter-ests.

Individual Decision Making.

To be more effective in information management, UEMC may, in some cases, use tools that automate both the processing as well as the classification of personal data, based on relevant criteria. However, at no time are decisions based on automated treatments that may have legal effects on data subjects or that may significantly affect them.

Right to Suppression (Right to Be Forgotten).

The data subject may request that his/her personal data be deleted and not processed. However, if UEMC still needs and/or is legally obliged to maintain such information, this right may be postponed. In such situations, the data subject shall be expressly informed of the reason for such postponement, and what is the expected elimination time.

Right to Limitation of Treatment.

Instead of erasure, the data subject may request to restrict their data. Subsequent pro-cessing of restricted data may only be done with their consent or for reasons expressly stipulated in applicable laws.

If the restriction is not possible, because UEMC needs such data and is legally author-ized or required to process it, (s)he will be expressly informed of those reasons. It will also be reported before restriction is lifted.

Right to Claim before Supervisory Authority.

If the data subject considers that the processing of his/her personal data infringes Euro-pean Union law or his/her rights are not adequately addressed, (s)he has the right to file a complaint with the relevant supervisory authority (in the EU Member State of his/her habitual residence, place of work or place of the alleged infringement). In the case of Spain, it is the Spanish Data Protection Agency.

Complaints.

If the data subject is not satisfied with the way in which his/her data is handled, with the information he receives, or for any other reason related to the protection of his/her personal data, he/she may file a complaint to the Data Protection Officer by sending an email to dpd@uemc.es.

SAFETY MEASURES.

At UEMC we implement various technical and organizational measures aimed at pro-tecting the personal data of all data subjects and certifying that such data is processed in accordance with applicable laws and regulations. We also ensure that we have appro-priate non-disclosure, data processing and other provisions to ensure that such data is adequately protected.

For UEMC, the information processed - and more specifically the information with per-sonal data - is one of the fundamental assets to be protected. For this purpose of pro-tection, all measures integrated into the information security management system are implemented, the ultimate purpose of which is to protect the integrity, availability and confidentiality of data.

In this line, asset threats and vulnerabilities are periodically analyzed to identify risks, in order to implement, at all times, the necessary technical and organizational measures to minimize them and comply with the legal requirements of the GDPR and LOPDGDD.

Some Examples of these measures include:
  • Publication of the corresponding internal regulations or data protection and se-curity management policy in the computer environment.
  • Identification, authentication and control of users' access to data.
  • Modeling and mapping data access profiles to users.
  • Encryption of media and databases.
  • Communications encryption.
  • Application of technical measures of email protection (anti-spam), web protec-tion, antivirus protection, patch management and vulnerability detection soft-ware, firewall, VPN, etc.
  • Anonymization and pseudonymization of data.
  • Application of Backup Systems.
  • Recording of data processing activities and processing operations.
  • Etc.