1. IDENTIFICATION
Data controller: Depending on the university you contact and express interest in, the following entities within Grupo Guadarrama may act as data controllers:
Data Protection Officer: dpd@uax.es.
Hereafter, both entities will be collectively referred to as “UAX”.
2. INFORMATION
By accepting this Privacy Policy, the user (hereinafter, the “User” or, where applicable, the “Users”) is informed that the personal data provided through the webpage https://www.uax.com/ (hereinafter, the “Website”), as well as any data resulting from browsing and any other data the User may provide in the future, will be processed by UAX as the data controller for the purposes outlined in this policy.
The User should read this Privacy Policy carefully. It has been written clearly and simply to ensure understanding, allowing the User to freely and voluntarily decide whether to provide their personal data to UAX.
3. OBLIGATION TO PROVIDE DATA
The data requested in the forms on the Website is generally mandatory (unless otherwise specified in the required field) to fulfil the purposes for which it is being collected.
Therefore, if the User does not provide the data or provides it incorrectly, UAX may be unable to process the User’s requests, though certain content on the Website will still remain freely accessible.
4. FOR WHAT PURPOSE DOES UAX PROCESS USER DATA?
UAX will process the User’s data for the following specific purposes:
a) Handling information requests:
• To address requests made through the forms available on the Website.
• To manage, process and respond to information requests.
• To address and resolve issues, complaints, claims or queries raised by the User.
b) Sending commercial communications to the User regarding products or services of UAX and other Grupo Guadarrama companies:
• To manage the sending of commercial communications about UAX’s products and services, as well as the Newsletter.
• To handle the sending of commercial communications from third-party companies within the Group to which UAX belongs.
• To manage the sending of information about the UAX Alumni Club.
These communications will be sent via email, post and text message. Additionally, if the User has consented by ticking the relevant box, commercial communications may also be sent via WhatsApp.
c) Managing the admission process: To handle communications in response to admission requests for studies selected by the User.
d) Managing event registrations and seat reservations:
• To handle communications in response to User requests.
• To register Users for events organised by UAX.
e) Handling visit requests: To process requests for visits to UAX campus facilities, as submitted by the User via the form available on the Website.
f) Handling requests for credit transfers: To process requests for the recognition of subjects and/or degrees completed at other universities, as submitted by the User via the form available on the Website.
g) Producing reports, statistics and internal analyses to improve the Website’s services: To analyse, manage and prepare internal reports and statistics on User behaviour, with the aim of implementing improvements on the Website, using aggregated data in all cases.
Please note that, if you consent to the installation of cookies and similar technologies, your data may be processed to display personalised advertising during your browsing experience. As indicated in the preceding paragraph, this will be carried out by both UAX entities, acting as joint controllers, in accordance with Article 26 of the GDPR. For more information, please refer to UAX’s Cookie Policy.
h) Preventing and controlling the use of the Website for illegal or unauthorised purposes, with or without financial intent:
• To monitor User activity for security purposes and control the goods or services provided to the User.
• To analyse, manage and handle incidents related to the services provided by UAX to the User.
• To handle complaints, incidents and unlawful activities conducted by Users.
i) Creating a commercial profile based on the information provided by the User to UAX: To send commercial communications that may be of interest to the User. The User may object at any time to the processing of their data for this purpose by UAX.
j) Conducting quality and satisfaction surveys with Users: Related to the quality and satisfaction of the services provided by UAX, as well as to analyse reports and statistics derived from User responses.
k) Complying with legally established obligations: When processing is necessary to comply with legal obligations under Spanish or European Union law that may apply to UAX (such as tax regulations).
5. WHAT USER DATA WILL UAX PROCESS?
While browsing the Website, the following personal data may be processed:
a) Handling information requests:
• Identifying data: Name, surname.
• Contact details: Email, phone number.
• Academic data: Academic degree, current academic status.
• Data related to student interests: The academic degree they wish to pursue.
b) Sending commercial communications to the User:
• Identifying data: Name, surname.
• Contact details: Email, phone number.
• Academic data: Studies completed.
c) Managing the admission process:
• Identifying data: Name, surname.
• Contact details: Email, phone number, postcode.
• Academic data: Current academic degree, current academic status.
• Data related to student interests: The academic degree they wish to pursue.
d) Managing event registrations and seat reservations:
• Identifying data: Name, surname.
• Contact details: Email, phone number, postcode.
• Academic data: Current academic status.
• Data related to student interests: The academic degree they wish to pursue.
e) Handling visit requests:
• Identifying data: Name, surname.
• Contact details: Email, phone number.
• Academic data: Current academic status.
• Data related to student interests: The academic degree they wish to pursue.
• Additional data related to the visit: Type of visit, visit date, number of accompanying persons.
f) Handling requests for credit transfers:
• Identifying data: Name, surname, ID No, passport.
• Contact details: Email, phone number, province, postcode and country of residence.
• Other data provided by the applicant.
g) Producing reports, statistics and internal analyses to improve the Website’s services:
• Aggregated User information.
• Website browsing data: IP, user ID, Website behaviour, cookie information.
h) Preventing and controlling the use of the Website for illegal or unauthorised purposes, with or without financial intent:
• Identifying data: Name, surname.
• Contact details: Email, phone number.
• Website browsing data: IP, user ID, Website behaviour, cookie information.
i) Creating a commercial profile based on the information provided by the User to UAX:
• Identifying data: Name, surname.
• Contact details: Email, phone number.
• Academic and professional data: Degree.
j) Conducting quality and satisfaction surveys:
• Identifying data: Name, surname.
• Contact details: Email address, phone number, postal address.
• Other data: Any data the User may provide in the survey, such as opinions.
k) Complying with legally established obligations:
Any data that may be legally required, in particular:
• Identifying data: Name, surname.
• Contact details: Email address.
• Any other required data.
If the User provides third-party data, they declare that they have obtained consent and/or sufficient authorisation and commit to informing those third parties of the contents of this Privacy Policy, thereby releasing UAX from any liability in this regard.
However, UAX may conduct appropriate verifications to confirm this, adopting necessary due diligence measures in accordance with data protection regulations.
6. WHAT IS THE LEGAL BASIS FOR UAX PROCESSING THE USER’S DATA?
UAX processes the User’s data based on the following legal grounds:
a) Handling information requests: Data processing for this purpose is based on the User’s consent, which can be withdrawn at any time. If the User withdraws consent, the query or request cannot be processed.
b) Sending commercial communications to the User: Data processing for this purpose is based on consent, provided by the User by ticking the appropriate box, which can be withdrawn at any time.
Commercial communications via WhatsApp Business are also based on consent, given by the User when selecting the relevant box, and can be withdrawn at any time.
For communications about the UAX Alumni Club, processing is based on UAX’s legitimate interest in promoting this initiative to support students and recent graduates in their job search during their final year.
c) Managing the admission process: Data processing for this purpose is based on the application of pre-contractual measures requested by the User.
d) Managing event registrations and seat reservations: Data processing for this purpose is based on the application of pre-contractual measures requested by the User.
e) Handling visit requests: Data processing for this purpose is based on consent, provided by the User by ticking the appropriate box, which can be withdrawn at any time.
f) Handling requests for credit transfers: Data processing for this purpose is based on the application of pre-contractual measures requested by the User, as well as the execution of the contractual relationship with the interested party.
g) Producing reports, statistics and internal analyses to improve the Website’s services: Data processing for this purpose is based on the legitimate interest of the data controller, as recognised by data protection regulations.
This legitimate interest is to offer Users UAX services of the highest quality and best possible experience.
h) Preventing and controlling the use of the Website for illegal or unauthorised purposes, with or without financial intent: Data processing for this purpose is based on the legitimate interest of the data controller, as recognised by regulations.
This legitimate interest ensures that goods and services are not used for unlawful purposes and, if they are, allows UAX to manage and resolve any illegal activities carried out by the User.
i) Creating a commercial profile based on the information provided by the User to UAX: Data processing for this purpose is based on legitimate interest, using information provided by the User and their activity on the Website to send personalised commercial communications based on the User’s preferences. The User has the right to object to this processing at any time.
j) Conducting quality and satisfaction surveys: Data processing for this purpose is based on legitimate interest, as recognised by data protection regulations.
This legitimate interest is to offer Users UAX services of the highest quality and best possible experience. The information gathered will be deleted once the corresponding statistical report is generated, which will not contain personal data. The User has the right to object to this processing at any time.
k) Complying with legally established obligations: Data processing for this purpose is based on compliance with a legal obligation.
The consents obtained for these purposes are independent, meaning the User can revoke one without affecting the others. Additionally, withdrawing consent will not affect the legality of any processing carried out before the withdrawal.
7. DATA RETENTION
UAX will retain the User’s personal data for the following periods:
a) Data used for handling information requests: Data will be kept for as long as necessary to process the request and, once resolved, for the statute of limitations period applicable to any legal actions arising from the request.
b) Data used for sending commercial communications to the User: Data will be retained until the User objects to the processing or withdraws consent for this purpose.
c) Data used for managing the admission process: Data will be retained for the duration of the contractual relationship with the institution and, where applicable, for the statute of limitations period for legal actions.
d) Data used for managing event registration and seat reservations: Data will be retained for the duration of the contractual relationship with the institution and, where applicable, for the statute of limitations period for legal actions.
e) Data used for handling visit requests: Data will be retained until the User objects to the processing or withdraws consent for this purpose.
f) Data used for producing reports, statistics and internal analyses to improve the Website’s services: Aggregated data will be used to generate reports, statistics and analyses for the period required to process and prepare said reports, statistics and analyses, and once completed, retained for the statute of limitations period applicable to any legal actions arising from the use of this data.
g) Data used for managing credit transfer requests: Data will be retained for the duration of the contractual relationship with the institution and, where applicable, for the statute of limitations period for legal actions.
h) Data used for preventing and controlling the use of the Website for illegal or unauthorised purposes, with or without financial intent: Data will be retained for the necessary period to process and resolve any issues, incidents or illegal activities, and once resolved, for the statute of limitations period applicable to any legal actions arising from these activities.
i) Data used for creating a commercial profile based on the information provided by the User to UAX: Data will be processed for this purpose until the User objects to the processing, but in no case for more than one (1) year.
j) Data used for conducting quality and satisfaction surveys: Data will be retained for the duration of the surveys, and once completed, for the statute of limitations period applicable to any legal actions arising from these activities.
k) Data used to comply with legally established obligations: Data provided to meet obligations related to services offered by UAX will be retained for the legally established periods.
8. WITH WHOM WILL THE USER’S DATA BE SHARED?
All personal data provided by the User through the Website may be shared with:
a) Public Administrations, in cases provided by law, based on the fulfilment of a legal obligation.
b) Courts and Tribunals, in cases provided by law, based on the fulfilment of a legal obligation.
c) Companies within Grupo Guadarrama, if the User has given consent, for the purpose of sending commercial communications about their products and services.
Additionally, UAX may collaborate with third-party service providers who may have access to the User’s personal data and process it on behalf of UAX as part of their service provision. UAX follows strict procedures when selecting providers to ensure compliance with data protection obligations, including signing the appropriate data processing agreements in accordance with Article 28 of the GDPR.
Specifically, UAX receives services from third-party providers operating in, by way of example but not limited to, areas such as legal advice, technology and IT services.
9. INTERNATIONAL DATA TRANSFERS
Some of UAX’s third-party providers may be located in countries outside the European Economic Area, which could involve the international transfer of the User’s personal data.
For example, simply using WhatsApp involves an international data transfer, as communicated to the User when they download WhatsApp from the provider. Communication between the User and UAX via WhatsApp does not result in any additional international data transfer beyond that which occurs when the app is downloaded.
In any case, UAX has ensured that all international data transfers comply with Regulation (EU) 2016/679, the General Data Protection Regulation.
10. COMMERCIAL AND PROMOTIONAL COMMUNICATIONS
One of the purposes for which UAX processes the personal data provided by Users (if they have authorised it or have not objected to the processing) is to send them commercial communications containing information about products, services, promotions, offers, events or news relevant to them.
If the User wishes to stop receiving commercial or promotional communications from UAX, they can unsubscribe by sending an email to the address indicated both in the header of this Policy and in Section 12. EXERCISING RIGHTS, or by clicking on the unsubscribe link at the bottom of the commercial communications they receive.
11. USER RESPONSIBILITY
The User guarantees that they are over fourteen (14) years of age, and that the data provided to UAX is true, accurate, complete and up to date.
The User is responsible for ensuring the accuracy of all data provided and agrees to keep the information updated to reflect their current situation.
Similarly, if the User provides data about third parties, they guarantee that they have informed those third parties about the details contained in this document and have obtained their authorisation to share their data with UAX for the specified purposes.
In any case, the User will be held responsible for any false or inaccurate information provided through the Website and for any direct or indirect damages caused to UAX or third parties as a result.
12. EXERCISING RIGHTS
As the data subject, the User may send a written request to UAX at the address indicated in the header of this Privacy Policy, or via email to dpd@uax.es, at any time and free of charge, to exercise the following rights:
a) Right of Access:
The User has the right to be informed by UAX whether their personal data is being processed and, if so, to access such data and receive information on the purposes of the processing, the categories of data involved, the recipients to whom the data has been disclosed and the anticipated retention period, among other details.
b) Right to Rectification and Erasure:
The User has the right to request the erasure of personal data when the legal requirements are met and to correct inaccurate data when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
c) Right to Restriction of Processing, Withdrawal of Consent and Total or Partial Objection to Processing:
Under certain circumstances (for example, if the accuracy of the User’s data is contested while being verified), the User may request that the processing of their personal data be restricted, in which case the data will only be processed for the purpose of asserting or defending claims.
The User also has the right to withdraw consent and object to the processing at any time, for reasons related to their particular situation, if the processing is based on UAX’s legitimate interest.
d) Right to Data Portability:
The User has the right to receive the personal data they provided to UAX in a structured, commonly used and machine-readable format and to transfer it to another data controller without hindrance from UAX, where legally applicable.
e) Right to Automated Individual Decisions:
In addition to the above rights, if automated decisions, including profiling, are made, the User has the right to request human intervention from UAX, express their point of view and challenge the decision.
f) Other Rights:
When personal data is transferred to a third country or international organisation, the User has the right to be informed about how to access or obtain copies of the appropriate safeguards in place for the transfer.
The User may also file a complaint regarding the protection of their personal data with the Spanish Data Protection Agency via their website at www.aepd.es or by visiting C/ Jorge Juan, 6, 28001 - Madrid, if they believe UAX has violated their rights under applicable data protection regulations.
13. SECURITY MEASURES
UAX will always process the User’s data with complete confidentiality, upholding the required duty of secrecy in accordance with applicable regulations. To this end, UAX will implement the necessary technical and organisational measures to ensure the security of the data and to prevent its alteration, loss, unauthorised processing or access, taking into account the state of the art, the nature of the stored data and the risks to which it is exposed.
14. CHANGES
UAX reserves the right to update its Privacy Policy whenever it deems appropriate, in which case Users will be notified. For this reason, we encourage the User to regularly review this privacy statement to stay informed of the most recent version of UAX’s Privacy Policy.
15. ACCEPTANCE AND CONSENT
The User confirms that they have been informed about the conditions regarding the protection of personal data and accepts the content of this Privacy Policy.
Last updated: September 2024.
+34 91 910 01 70
+34 91 910 01 70