Privacy Policy

In compliance with these principles, our data protection policy is constructed and communicated in accordance with the applicable regulations, especially in relation to EU Regulation 2016/679 of the European Parliament and of the Council, regarding the protection of natural persons in with regard to the processing of personal data and the free circulation of these data, and by which Directive 95/46 / CE (hereinafter, RGPD) and Law 3/2018, of December 5, of Data Protection and Guarantee of Digital Rights.

RED LEAF, SL has adopted the technical and organizational measures necessary to guarantee the confidentiality and security of personal data, avoiding its alteration, loss, treatment or unauthorized access in accordance with the provisions of the applicable regulations, maintaining, in In any case, with the level of security appropriate to the level of the data processed.

RED LEAF, SL manages data of individuals in the performance of a professional position or function, as well as personal data in the private sphere. Both categories have been addressed in establishing this privacy policy. The entity can act as RESPONSIBLE or as MANAGER OF THE TREATMENT. The privacy policy addresses and covers both types of action.

This policy may vary over time due to possible legislative changes or other business management reasons.

Who is RESPONSIBLE FOR THE TREATMENT of your data?

Data protection officer :  Contact DPD via e-mail: ggonzalez@afianza-ac.es . You can also contact him through the contact details indicated above.

Purpose of the treatment

For what purpose do we process your personal data?

We treat the information that our clients and other interested persons provide us with the following purposes:

1. PURPOSES OF A CONTRACTUAL NATURE: to facilitate the management of the provision of the agreed services, maintain the commercial relationship, as well as any other service that is hired later.
2. PURPOSES BASED ON THE CONSENT OF THE INTERESTED PARTY: For marketing purposes, to offer its own products or services or those of third parties related to the services of courses abroad.
3. PURPOSES BASED ON LEGITIMATE INTEREST, under the provisions of article 19 of the LOPDGDD (Organic Law 3/2018 of December 5) and article 6.1.f) of EU Regulation 2016/679, regarding data from contact, function or positions performed by the natural persons who provide services in a legal entity, referring only to the data necessary for their location and to maintain relationships of any kind with the legal entity in which the affected person provides their services.

The data are treated as RESPONSIBLE FOR THE TREATMENT, when they are collected and processed by us.

The data is treated as TREATMENT MANAGER, when the firm processes the data to provide a service to a third entity that is responsible for the data.

How long will we keep your data?

The personal data provided will be kept,

1. During the time required to fulfill the purpose for which they are collected, or for which the contractual relationship requires, including the time necessary, in accordance with applicable regulations, to comply with the obligations and relevant actions that may arise from it. .
2. The period of conservation of the data related to the student's academic record will be 10 years. This is established by art. 2 and 6 of Organic Law 6/2001, of December 21, on Universities and regulations on files and documentation.
3. As long as its deletion is not requested by the interested party.

being blocked when the first of the three events mentioned above occurs.

From that moment, it will be at the exclusive disposal of Judges and Courts, the Public Prosecutor's Office or the competent Public Administrations, in particular the data protection authorities, for the attention of possible responsibilities arising from the treatment, during the limitation period. of this. Once the aforementioned period has elapsed, the data will be deleted.

Is profiling done?

Profiling is not done.

Lawful Treatment

What is the legitimacy for the processing of your data?

As RESPONSIBLE FOR THE TREATMENT, the legal basis for the processing of your data is based on:

1. In the contractual relationship and execution of the contract signed with us.
2. In the event that you have expressly given your consent, the legal basis is that consent.
3. In the legitimate interest, under article 19 of the LOGPGDD.

As MANAGER OF THE TREATMENT, it corresponds to the entity that has hired us as the service provider, in its capacity as RESPONSIBLE FOR THE TREATMENT, to establish the legitimation and treatment model.

Recipients

To which recipients is your data communicated?

The data is communicated to our collaborators who perform services as subcontractors, collaborating legal firms in charge of the treatment.

By virtue of Commission Decision 2002/2 / EC of December 20, 2001, with respect to entities subject to the scope of Canadian data protection law, controllers and processors may make international transfers of data. data to that country without the need for an authorization from the Spanish Agency for Data Protection as long as the data processing complies with the provisions of the RGPD and other applicable regulations.

In relation to any other transfer of your personal data to countries outside the EEA, the firm will implement the appropriate specific measures to ensure an adequate level of protection of your personal data.

Rights

What are your rights?

1. Anyone has the right to obtain confirmation about whether we are treating personal data that concerns them, or not.
2. Interested persons have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which they were collected.
3. In certain circumstances provided for in article 18 RGPD, the interested parties may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defense of claims.
4. Interested parties may object to the processing of their data for marketing purposes, including profiling. The Foundation will stop processing the data, except for compelling legitimate reasons or the exercise or defense of possible claims.
5. By virtue of the right to portability , the interested parties have the right to obtain the personal data that concern them in a structured format of common use and mechanical reading and to transmit them to another person in charge.

How can the rights be exercised?

By writing to the addresses indicated above. 

What ways of claim exist?

In case you understand that the Foundation has not correctly resolved your request, you can go to request the protection of the Spanish Agency for Data Protection, whose data you can consult at www.agpd.es "

Data categories 

What categories of data do we process?

1. Identifying data.
2. Data about your role or professional activity.
3. Health data
4. Economic-financial information.

Special categories of articles 9 and 10 of the RGPD can be dealt with. In these cases, RED LEAF meets the requirements of articles 9 and 10, and explicit consent is collected.

Personal data is treated confidentially in accordance with the privacy and security policies established by RED LEAF.

The data received or collected are those necessary to fulfill the indicated purposes.

Origin

How have we obtained your data?

As RESPONSIBLE FOR THE TREATMENT, the personal data that we process comes from the information that you provide us when you request services or resources, access our website, or establish any type of relationship with us, directly or indirectly.

As MANAGERS OF THE TREATMENT, the data comes from the RESPONSIBLE FOR THE TREATMENT, or we collect them for him during the provision of the service contracted with the RESPONSIBLE.