This document aims to provide you with a simple, clear, transparent explanation as to how we process and protect your personal information and your rights. Your safety and that of your personal data is important to us and we take their suitable protection very seriously.
This policy was updated on 21 June 2021.
UAX reserves the right to amend this policy to adapt it to new legislative, doctrinal or jurisprudential aspects that are applicable, or for technical, operational, commercial, corporate and business reasons, and it will be duly published here. As such, we recommend you read this policy in detail every time you access this platform.
Furthermore, UAX may personally inform you in advance of the changes planned for this policy, before the amended policy comes into force, provided that this is technically and reasonably possible.
WHO IS THIS POLICY AIMED AT AND WHO DOES IT APPLY TO?
This policy is aimed at and applicable to all website users (members of the UAX community, campus visitors, employees, suppliers, etc.) who are considered identified or identifiable natural persons.
WHO IS THE DATA CONTROLLER RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA?
WHO IS THE DATA PROTECTION OFFICER (DPO)?
UAX has appointed a Data Protection Officer (DPO) who will ensure compliance with data protection regulations at the university. If they desire, users may contact this individual with any questions they have regarding the processing of their personal data and to exercise their rights as set out in the GDPR. Users can contact our DPO using the following contact details: email@example.com
WHAT TYPES OF DATA DO WE PROCESS?
The data you provide through the different website forms may vary depending on the purpose; however, we will always ask for personal data that is appropriate, pertinent and limited to data that is strictly necessary, within the following categories:
WHAT ARE THE PURPOSES AND LEGAL BASES FOR US PROCESSING YOUR DATA?
In general, the purposes for processing your personal data in the scope of the UAX are related to compliance with our legal and contractual obligations linked to our teaching and research activity, management of our administrative and auxiliary services inherent to a university centre, management of requests for information, and actions of academic and institutional outreach.
The personal data you provide will be processed for the purposes indicated specifically in the information notices shown alongside the website forms, which are mainly the following:
HOW LONG DO WE STORE YOUR DATA FOR?
All personal data you provide will be stored for the time necessary to fulfil the purposes for which they were collected and at least one of the legally established legal bases applies.
You can find more information about our storage periods and criteria here. In general, when personal data are no longer necessary for the processing purposes for which they were collected, they will be suppressed such that they may not be processed - nor viewed - except in cases when they must be stored, duly blocked, and kept at the sole disposition of judges and courts, the Public Prosecution Service or the competent public administrations, particularly the data protection authorities, to demand possible liability resulting from processing and only within the limitation period.
WHAT ARE CONSEQUENCES IF YOU DO NOT PROVIDE YOUR DATA?
We try to ask you for or apply the minimum data required for the forms of personal data processing we carry out in developing our business and social purposes. Of course, we do this in accordance with the principles set out in applicable regulations.
Failure to supply your personal data may mean you are unable to: 1) correctly browse our platform (failure to accept technical or session cookies); 2) access certain contents or services (for example, if you do not supply the data required to receive our newsletter you will not receive it or the information or contents associated with it); 3) have your applications or registrations processed (for example, due to failing to complete - or insufficiently completing - the corresponding form or application).
Users will be fully responsible for the personal data and information they provide and, where applicable, the products or services that they require or hire from us.
DO WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES?
Your personal data may be accessible to external auxiliary suppliers and service providers hired by UAX whose activity requires that said data be processed, such as providers offering hosting services, computer maintenance, cyber security, private security, etc. In these cases, these providers will be considered data processors, which means they are contractually obliged to following UAX’s instructions in terms of personal data protection. UAX will carry out the corresponding controls, inspections and audits in this regard to check said data processors strictly comply with their legal and contractual obligations in matters of personal data protection.
On the other hand, when there is a legal basis to do so, your personal data may be transferred to:
ARE YOUR PERSONAL DATA TRANSFERRED INTERNATIONALLY?
Some forms of personal data processing, such as exchange or cooperation programmes, may involve international transfers of data to entities located outside the European Economic Area. In these scenarios, UAX will comply with the requirements set out by the Spanish Data Protection Agency and the European Union, ensuring that all international transfers of personal data are carried out based on any of the legally established guarantee instruments. (https://ec.europa.eu/info/law/law-topic/data- protection/international-dimension-data-protection/standard-contractual-clauses-scc_en).
WHAT RIGHTS DO YOU HAVE AND HOW CAN YOU EXERCISE THEM?
You may exercise the rights that correspond to you in line with data protection regulations in force, which are:
To exercise any or several of these rights, you must send your written request to the email address firstname.lastname@example.org.
If you would like further information on your rights related to data protection or if you would like to file a claim, please contact the Spanish Data Protection Agency.
ARE SECURITY AND PROTECTIVE MEASURES APPLIED TO YOUR PERSONAL DATA?
Bearing in mind the nature, scope, context and indicated purposes of processing, as well as the risks of varying likelihood and severity to your rights and freedoms, UAX applies (and will continue to apply) appropriate technical and organisational measures to guarantee the due security and protection of your personal data, considering privacy criteria from design and applying a system focused on the concurrent risk, which will be reviewed and updated by UAX when necessary.
Furthermore, we continuously undertake research to improve these measures and we invest in both new tools and R&D.
Academic and administration staff have been trained and received information on data protection, and specifically how to process the information containing personal data that they must handle in their job post, and how to act in the event of an incident.
Alfonso X El Sabio University’s email addresses are published on our contact pages for exclusively academic and administrative purposes. Using these for different purposes, particularly commercial purposes or the mass sending of emails (spam), will be considered contrary to article 5 of the GDPR, and article 21 of Law 34/2002, and the competent data protection authorities will be informed.