| Basic information on Data Protection | |
| Data Controller | FUNDACIÓN GAIAS EUROPA DE LA COMUNITAT VALENCIANA (hereinafter GAIAS EUROPA) |
| Data Protection Contact | C/ Cronista Carreres, 13 (46003) Valencia dpd@gaiaseuropa.com |
| Websites and Applications | https://gaiaseuropa.com/ Including all your subdomains or sections. |
| Purposes and legal basis | We will use your personal data, among other purposes, to manage your registration as a user, manage the provision of the contracted services, deal with your queries and, if you wish, to send you our personalized communications. We are entitled to process your data for different reasons. Primarily, the basis for this legitimacy lies in the performance of the service contract that you have concluded with us. In other cases, data processing may be based on our legitimate interest as a company or on the consent you have given us. If you would like to find out more about all the purposes for which we process your data or the grounds on which we do so, please see below. |
| Recipients | We will share your personal data with service providers who help or support us, or those with whom we have a legal obligation. |
| Data subjects Rights | You have the right to access, rectify, delete, oppose, request restriction or portability or not to be subject to automated individual decisions regarding your personal data, as explained in detail below. |
| Further information | Further information about the Website can be found at: Legal notice Cookie Policy |
Introduction
In accordance with Regulation (EU) 2016/679 of the Parliament and of the Council of April 2016 on the protection of natural persons with regard to the processing of your personal data and Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights, GAIAS EUROPA informs you of the following: This document contains information about how we collect, process, and protect your data, and how we guarantee your rights in relation to its use and access. At GAIAS EUROPA we consider it vitally important to protect your right to privacy and the protection of your personal data, which is why we want to ensure that you feel safe at all times. In our activity, we process and collect your data in a lawful, fair, and transparent manner, for specific, explicit, and legitimate purposes. GAIAS EUROPA will not process your data for purposes incompatible with these purposes. Furthermore, they will be adequate, relevant, and limited in relation to the purposes for which they are used, accurate, will be kept as long as necessary, and GAIAS EUROPA will adopt appropriate technical or organizational measures to ensure their security. Please read this document carefully to learn more about our Privacy Policy.Identity and contact details of the data controller
Name and identity: FUNDACIÓN GAIAS EUROPA DE LA COMUNITAT VALENCIANA (hereinafter, GAIAS) CIF: G-10934693 Address and Postal Code: Calle Cronista Carreres Nº. 13, Valencia, Spain. Contact details: dpd@gaiaseuropa.comIdentity and contact details of the joint data controller
On occasion, GAIAS will process your personal data as a joint controller or data processor in its relationship with the University of San Francisco de Quito (hereinafter, USFQ) Name and identity: Universidad San Francisco de Quito (hereinafter, USFQ) CIF: 1791836154001 Address and Postal Code: Cumbayá Campus, Diego de Robles s/n, Quito 170901, Ecuador. Contact details: Tel: (+593 2) 297 1700 / P.O.BOX: 170901 For further information regarding the processing of your personal data by USFQ, please refer to its privacy policy.Personal data we process and where they come from
On the occasion of your relationship with us and the activities carried out, the following categories of personal data may be processed:| Data category | Additional information |
| Identifying data, such as first name, surname or identity document (ID card, passport, TIE). | Identifying data may be provided either by the data subject or by a third party during the registration process. This data is used, amongst other purposes, to enrol you in our various programmes, assign a student code, manage the events and activities in which you participate, as well as to arrange your accommodation, visa and medical insurance. |
| In addition, we also need this data to create your user profile, whether you are a teacher or a student, and to grant you access to the platform. | |
| Images, such as photographs and videos. | The images collected are used to promote our activities. |
| Personal characteristics data, such as marital status, family details, language, nationality and/or date of birth | Personal characteristics data are used, amongst other purposes, to complete the participant’s profile and for the necessary management of the services subscribed to. |
| Contact details, such as email address, telephone number and/or full postal address. | Contact details are used to establish communication with students, parents or teachers. |
| Browsing data, such as unique ID, IP | Browsing data is collected automatically as you |
| address, language or cookies. | browse the site. If you would like to know more about what data we collect and for what |
| purposes, please see our cookie policy | |
| Financial data, such as bank account number, account holder name and billing details. | Financial data is used to manage billing and payments for services contracted with us, as well as to comply with legal obligations relating to fraud prevention |
| Preference and opinion data, such as t h a t o b t a i n e d f r o m s u r v e y s , preferences or comments. | Preference and opinion data allows us to improve the quality of the products and services we offer to our users, thanks to the information they provide themselves through various |
| Academic data and data on special educational needs ( where this information is requested on the registration form). | This information will be collected to ensure that our programme is tailored to the needs and academic level of participants. |
| Employment data, such as teaching position or CV. | Employment data is required for recruitment processes. |
| Health data, such as medical conditions, health issues, blood type, allergies and any prescribed or over- the-counter medication. | Health data is used to meet participants’ needs, to take out health insurance and to comply with a legal obligation. |
| Sensitive personal data: criminal records. | Criminal records of legal representatives and students, where legally required, used solely for verification in volunteering programmes and legal requirements relating to guardians and visas, ensuring compliance with applicable |
Purposes of the processing of your personal data
GAIAS EUROPA will process your data for specific, explicit, and legitimate purposes in accordance with any information provided. Depending on the different products or services you use at any given time, we will need to process some data or others, for example, when registering on our website or contracting one of our services. GAIAS EUROPA will take into account the principle of data minimization and will collect and process the data that is necessary and relevant for the purposes set out below. In line with the above, our basis of entitlement will depend on the type of information and may be, among others, the provision of the contracted service, your consent, or legitimate interest (the specific basis of entitlement for each purpose is detailed below).| Purpose | Description |
| Statistical purposes and usability and quality analysis to improve our services | The database is analysed to generate statistics of interest to the sector, but no specific data relating to any data subject is used for this purpose Personal data will be used to compile statistics, always applying the necessary measures to ensure that it is not specific to or identifiable with individual users, such as anonymisation We will process your browsing data for analytical and statistical purposes, that is, to understand how users interact with our website and with the actions we may carry out on other websites and apps, so that we can make improvements |
| Sending commercial communications to customers | Provided you have given us your consent, we will process your data for promotional and advertising purposes regarding our services |
| Sending commercial and transactional communications relating to products or services already contracted | Commercial and transactional communications may be sent to the customer regarding products already purchased, provided you have a contractual relationship with us and the products are related to that relationship. |
| Compliance with legal obligations | It may be necessary for us to process your data in order to manage and comply with the relevant legal requirements |
| Conclusion and performance of the contract | Personal data will be processed to manage and execute the contractual relationship to which you are a party |
| Registration and platform access management | We need your personal data to provide you with the service of using the platform once you wish to formalise your relationship with us. Furthermore, we will process your credentials to grant you access and authenticate your identity to ensure that no unauthorised access occurs |
| Handling of enquiries or requests made via Customer Service or support channels | We only process the personal data that is strictly necessary to manage or resolve your enquiry or request. This data will be used to contact you, verify your enquiry and respond to it |
| Security and fraud prevention | Personal data may be processed to ensure the security of the website and prevent fraud, such as the detection and prevention of illegal activities and the monitoring of suspicious activities |
| Human Resources Management | We may process employment data for the management of applications and recruitment within our staff selection processes. |
| P r o v i s i o n o f educational services | We use the personal data provided to us to provide teaching tailored to your language, specific needs and academic year, where necessary. |
| Communication with parents or legal guardians or persons d e s i g n a t e d b y students of legal age | We may use the contact details of parents or legal guardians to send non-commercial communications regarding the platform or the student’s performance and progress. |
| Use of images for advertising purposes | Provided you have given us your consent, we will use images taken during activities to promote our services. |
| Management of the services offered | We will use the personal data provided to manage the contracted services, such as the enrolment and registration of students in the various training programmes, as well as the processing of visas, accommodation, insurance and any other services associated with the programme. For these purposes, it will be necessary to process identifying, contact, academic and financial data, as well as health data. |
| Management of the v o l u n t e e r i n g programme | Personal data will be processed for the following purposes:
|
Legal Bases for the processing of your personal data
The legal bases that allow us to process your personal data in accordance with the legislation in force are those detailed below:| Purpose | Legal basis |
| Statistical purposes and usability and quality analysis to improve our services | The processing is based on the legitimate interest of the data controller |
| Sending commercial communications to customers | The processing is based on the data subject’s express consent |
| Sending commercial and transactional communications relating to products or services already contracted | The processing is based on the performance of the contract and on the legitimate interest of the data controller, in accordance with Article 21 of the LSSI, which authorises this where there is a prior contractual relationship, and the provider has lawfully obtained the recipient’s contact details and uses them to send commercial communications regarding products or services of its own company that are similar to those initially |
| Compliance with legal obligations | Processing necessary to comply with the legal obligations arising from the legislation in force applicable to the data |
| Conclusion and performance of the contract | Processing necessary for the performance of a contract to which the data subject is a party |
| M a n a g e m e n t o f registration and access to the platform | Processing necessary for the performance of a contract to which the data subject is a party |
| Handling of enquiries or requests made via Customer Service or support channels. | Data processing is necessary for the proper performance of the contract. In the case of pre-booking enquiries, processing will be necessary for the performance of pre-contractual measures. |
| Security and fraud prevention | The processing is based on the data controller’s legitimate interest and compliance with the legal obligations arising from the legislation currently applicable to the data controller |
| Human Resources Management | The processing is based on the data subject’s consent, the performance of a contract, and compliance with the legal obligations arising from the legislation currently applicable to the data controller. |
| P r o v i s i o n o f educational services | Processing necessary for the performance of a contract to which the data subject is a party, as well as the data subject’s consent. |
| Communication with parents or legal guardians or persons d e s i g n a t e d b y students of legal age | Processing necessary for the performance of a contract to which the data subject is a party, and also the data subject’s consent. |
| Use of images for advertising purposes | The processing is based on the data subject’s express consent |
| Management of the services offered | The processing is based on the performance of a contract to which the data subject is a party, on the data subject’s express consent where necessary for the processing of sensitive personal data, and on compliance with legal obligations arising from applicable legislation. |
| Management of the v o l u n t e e r i n g programme | The processing is based on compliance with legal obligations and the public interest, in accordance with the regulations currently applicable to the data controller, particularly regarding the protection of minors and volunteering. |
In relation to the sending of commercial communications and in accordance with Law 34/2002 on Information Society Services and Electronic Commerce (LSSI), GAIAS EUROPA will not send advertising or promotional communications by e-mail or any other equivalent means of electronic communication that have not been previously requested or expressly authorised by the recipients of the same.
However, the provisions of the previous paragraph shall not apply when we have a contractual relationship with you, provided that we have lawfully obtained your contact details and we will use them to send you commercial communications concerning GAIAS EUROPA products or services that are similar to those that were initially contracted by you. In any case, GAIAS EUROPA offers the interested parties the possibility of opposing the processing of their data for promotional purposes by means of a simple and free procedure, both at the time of collecting the data and in each of the commercial communications sent to them.Recipients of personal data
In relation to the recipients of personal data, we inform you that GAIAS EUROPA takes the necessary measures to ensure compliance with the principles of data protection and privacy with the third parties with whom it maintains your relationships, and that its main purpose is to comply with the duty of care in such activities. The communication of personal data to third parties is subject to adequate data protection measures and is based on an appropriate legal basis. GAIAS EUROPA ensures that third parties with whom it shares personal data comply with applicable data protection laws and regulations and implement appropriate data protection and security measures to ensure the privacy and security of personal data. In order to fulfill the purposes indicated in this Privacy Policy, it is necessary that, on certain occasions, third parties provide us with support in the services we offer. Among these third parties, depending on their nature, we can find:- Public authorities, regulators or government bodies: These entities will be recipients of the data in cases where this is required by law, local regulations or in compliance with regulatory obligations.
- Service providers: These are companies that provide services to GAIAS EUROPA and may have access to the personal data necessary to provide such services, such as web hosting providers, financial or online payment service providers, email delivery services, customer service providers, HR service providers, or universities and educational organisations with which GAIAS EUROPA has collaboration agreements. GAIAS EUROPA will ensure that it selects providers offering adequate safeguards and that responsibilities regarding personal data are clearly defined.
- Financial institutions: financial institutions that may require access to personal data to process transactions, payments, and other financial services.
- Law enforcement: law enforcement agencies and security forces that may require access to personal data in the performance of your duties and responsibilities.
- Marketing and advertising service providers: marketing and advertising companies that may require access to personal data to carry out personalized advertising and promotional campaigns.
Retention period of your personal data
Personal data provided by the user will be retained for the time strictly necessary to fulfill the purposes for which they were collected, unless a longer retention period is required or permitted by law. In general, they will be kept for as long as there is a contractual relationship with the user and for a limited period of time since the last interaction with the company. Personal data will be deleted or anonymised when they are no longer necessary or relevant for the purposes for which they were collected and are not subject to any legal obligation of retention, and GAIAS EUROPA will always take into account the principle of limitation of the retention period. Your data protection rights GAIAS EUROPA recognizes and guarantees the exercise, free of charge in the cases established in current legislation, at any time and in an effective and accessible manner, of the following rights:- Access. You have the right to access your data, as well as the right to know whether or not your personal data is being processed. In this regard, you may obtain a copy of your personal data, although the exercise of this right may not adversely affect the rights of other individuals and their right to data protection.
- Rectification. You have the right as a data subject to obtain, without undue delay, the rectification of inaccurate data or the completion of incomplete data.
- Limitation. You have the right to obtain the restriction of the processing of your data, provided that one of the following circumstances applies:
- You challenge the accuracy of the data, for a period of time that allows us to verify its accuracy.
- When you prefer the limitation to the deletion of the data.
- When your data is not processed and needs to be deleted, but is needed to make a complaint or respond to a request.
- Where you have objected to the processing, but the legitimate grounds for the objection are being verified.
- Objection. You have the right to object at any time, on grounds relating to your particular situation, to the lawful processing of your personal data.
- Deletion. You have the right to have your data deleted without undue delay, provided that there is a justified reason for this.
- Portability. You have the right as a data subject to receive your personal data in a structured, commonly used and machine-readable format, where technically feasible. This right may not adversely affect the rights and freedoms of another.
- Not to be subject to automated decisions. You have the right as a data subject not to be subject to decisions taken as a result of automated processing, including profiling, which are likely to have a significant impact on you.
How to exercise your rights
Any interested party wishing to exercise any of the rights described above may do so by sending an e-mail to the following address: dpd@gaiaseuropa.com. In accordance with the recommendations established in current legislation and the guidelines of the Spanish Data Protection Agency, we inform you that in the case of minors under 14 years of age, the exercise of these rights will always be carried out by the person with parental authority or by your guardians, and that those over 14 years of age may exercise them fully following the indications described in this section. The Spanish Data Protection Agency provides you with updated information so that you are always fully aware of your data protection rights.Existence of automated decisions or profiling and information on the use of artificial intelligence
GAIAS EUROPA will not carry out automated decision-making or profiling within the meaning of the General Data Protection Regulation (GDPR).Security measures applied to personal data
At GAIAS EUROPA, we are committed to implementing and maintaining appropriate technical and organisational security measures to protect personal data against destruction, loss, alteration, unauthorised disclosure or unauthorised access. Security measures include, amongst others, data encryption, restricted access to personal data, the implementation of robust password policies, the creation of backups and the conduct of regular security assessments. Furthermore, training and awareness-raising are provided to our staff regarding the protection of personal data and information security. However, it is important to bear in mind that no security measure is completely foolproof and that no system can guarantee absolute security of personal data. We therefore cannot guarantee that personal data is completely secure and we accept no liability for any security breaches that may occur, without prejudice to our compliance with our legal obligations regarding data breaches. Minors GAIAS EUROPA informs users that, for the processing of data relating to individuals under the age of 14, as stipulated by the Spanish Data Protection Agency, where the collection and processing of such data is subject to consent, it must be expressly given by your parents or legal guardians. The processing of personal data of children under 14 years of age will be based on theexpress consent given by their parents or legal guardians.
Those over this age may give their own consent for their data to be collected, except in cases where the law requires them to be assisted by their parents or guardians. As the data controller, GAIAS EUROPA will make reasonable efforts to verify that consent has been given or authorised by the holder of parental authority or guardianship over the child, taking into account the cost and the technology available.International data transfers
In this sense, and with the intention of complying with the principle of transparency, we would like to inform you, in accordance with articles 45 and 46 GDPR, that in the event that GAIAS EUROPA transfers personal data that are or will be processed after transfer to a third country or international organization, it will comply with and implement the guarantees set out in the legislation in force to ensure that they are in line with the rights of the data subjects, provided that they are carried out.Changes and updates to our Privacy Policy
GAIAS EUROPA may update and modify our Privacy Policy at any time and whenever we deem it appropriate to accurately reflect our privacy practices. In this regard, we recommend that you consult this Privacy Policy frequently so that you can be aware of any changes or modifications. If you have any questions about our Privacy Policy, you can contact us at: dpd@gaiaseuropa.com.Information about Cookies
In a brief manner, we would also like to inform you that we use cookies to facilitate your navigation on the Platform and to understand how you interact with Us. Please read our Cookie Policy to learn more about the cookies we use, their purpose, and other information of interest.