This document explains the data protection policy of the Blanquerna Foundation, where the NetEduProject is afiliated. It is based on the principles of the General Data Protection Regulation (EU) 2016/679 of the European Council of 27 April 2016. We fully assume the spirit of this European regulation that reinforces the rights and provides guarantees to individuals regarding the processing of their data, object that matches perfectly with our commitment to continuous improvement of our educational services. We go over the fundamentals of our data protection policy.
Who is responsible for the processing of personal data?
The charge of data processing is the Blanquerna Foundation, residing at Passeig de Sant Gervasi, 47 Barcelona (CP 08022), CIF Via Augusta, 390, 08017 Barcelona, CIF R5800622B, tel. 932 53 30 00, firstname.lastname@example.org, registered in the Register of Foundations of the Generalitat of Catalonia with the number 000286 (103/SE/F).
Blanquerna Foundation is a center of higher education founder of the Ramon Llull University.
What role has the Data protection Officer?
The Data Protection Officer (DPO) is the person who oversees compliance with our policy of data protection, ensuring that are treated properly and protects the rights of individuals. Its duties include the care of any questions, suggestions, complaints or claims of people who are treated data. You can contact the Data Protection Officer, which is common to the three institutions, addressing in writing to our postal address and telephone number, or email address directly email@example.com.
For which purposes we treat data?
We treat personal information when thinking about all rights of the people and always in proportion. This means that the data may require adequate, relevant and limited compliance with the explicit purpose that motivated the acquisition; only the data necessary to enable the provision of educational and training services are our mission. In some cases specific data is required, specifically for the tools management by users, to participate in the assessments, applying for the learning programs and regarthing the users from our website. No data received will be used for any purposes incompatible with those listed.
For the tools management, users share public data from their organizations as the location and website. Also, users respond to a survey for enabling the analysis. The answers are treated statistically and is decoupled from the data identifying the person who answers. To participate in the assessments, surveys collect perceptions and opinions by organization and community members that are gathered by Likert scale questions. The answers are treated statistically without identifying the person who answers. The only contact information we have from respondents are their names and Emails, and will be deleted once the analysis is closed by the user and tool manager.
The learning journeys in the NetEdu project will record the data of the people who pre-register and then register, in order to let the record and, based on this, provide educational services of higher education. The data provided and the resulting academic ability to track and serve as the basis for evaluation. The management of the transcript of the student is the most important data processing. The student data are also used for purposes of administration, identifying them as service users, to facilitate access to these services, send information of interest, processing and issuing titles, and finally made monitoring of employment. Users will receive Information on activities and services with their explicit authorization, once the tool use and analysis are finished, we will use their emails to send information about our services and activities.
Also, we obtain data from other channels such as receiving e-mails, participate in our blogs with comments, subscribing to the blog, or through our social networking profiles. In all cases, the data are used only for the purposes that justify explicit collection and treatment.
In most cases the data comes directly from users and respondents and obtain mainly through the forms prepared for this purpose.
What is the legal legitimacy for the treatment of the data?
Data processing that we perform have different legal bases, depending on the nature of each treatment. We classify the main data processing we make following the legal basis of Article 6.1 of the General Data Protection Regulation.
All data we obtain is based on consent. When we send information about our activities and services we use contact with the explicit consent of the person who will receive. It is also based on the consent we obtain navigation data of the person who visits our site, you consent may be revoked at any time by uninstalling cookies.
For the provision of educational services. Once our students get admitted Blanquerna Foundation services Educational services the student is a contractual relationship with obligations of each party, the right of students to receive a good education and the right and obligationBlanquerna Foundation treat your data. This treatment has its legal basis in Law 6/2001 of 23 December, on universities, the Law 1/2003 of 19 February universities in Catalonia and its implementing regulations.
In compliance with legal requirements. The provision of higher education determines who we fulfill different rules involving data processing. In this regard, the Blanquerna Foundation reports data of his students at the University Ramon Llull Foundation, procedures for recognition and issuance of securities corresponding to the courses taught. It is also in compliance with legal obligations (tax laws) that communicate data to the tax authorities. It would also be in compliance with legal obligations that data will inform courts or bodies and security forces if required.
Who communicate data?
As a general rule only communicate data on legal compliance obligations. In the previous sections we explained our data communications students needed to make possible the provision of educational services, and our customers and suppliers in the development of economic and trade relations. The contact details of students can be disclosed to other institutions of our group as long as the student has authorized.
Data transfers take place outside the European Union (international transfer) for the management of international mobility of students and to respond to job offers for non-European companies. In both cases the treatment is based on the consent of the student.
In another sense, certain tasks to get the services of companies or individuals that contribute their experience and expertise, which sometimes have access to personal data. Under the terms of the General Data Protection Regulation is not an actual transfer of data but a custom treatment. Only companies that are contracted services ensure compliance with this regulation. When hiring formalized its confidentiality obligations and monitors their performance. It may be the case of hosting services data servers, or computer support services to law firms, accounting or tax.
How long do we keep the data?
The data retention time is determined by different factors. Affects mainly the preserve that data continue to be required to meet the purposes for which they were collected in each case. Secondly preserved to address potential liabilities for the treatment of data by Blanquerna Foundation, and to meet any requirement of the government or the courts.
Consequently the data to be kept for the time necessary to preserve its legal value or information to prove compliance and legal obligations, but not for a period than is necessary for the purposes of treatment ( “limitation period preservation “requirement of the General data Protection Regulation). In the case of information that certifies the training received by students data are kept permanently preserving the rights of these students.
If the data are treated exclusively based on the consent of the person concerned are kept until this person does not revoke this consent. Regarding survey respondents, name and email are deleted once the analysis is finished by the user manager.
What rights do people have about the data we try?
As provided for in the General Data Protection Regulation, persons who deal data have the following rights:
To know if it is. Any person has, first, whether the right to treat their data, regardless of whether there has been a prior relationship.
To be informed on the collection. When the data obtained from the person concerned, at the time of providing the information must be clear at the end that will be used, who will be responsible for processing and the main issues arising from this treatment.
To access. Law includes very broad know preciselywhat personal data are processed, what is the purpose for what it is, communications in others it will (if applicable) or the right to obtain a copy or know the deadline conservation.
To ask for rectification. Is the rightto rectify inaccurate data to be processed by us.
To ask for the deletion. Incertain circumstances there is a right to request the deletion of data when, among other reasons, are no longer necessary for the purposes for which they were collected and justified treatment.
To apply for limited treatment. And also on certain circumstances recognizes the right to request the limitation of data processing. In this case no longer be processed and kept only for the exercise or defense of claims, according to the General Data Protection Regulation.
A portability. In the cases provided for in the legislation recognizes the right toown personal data in a structured format commonly used machine-readable, and to transmit it to another data controller if so decided by the person concerned.
To refuse the treatment. A person can adduce reasons related to their particular situation, the reasons that lead them to stop treating the data onthe degree or measure which could lead to damage, except for legitimate reasons or exercise or defense against claims.
Unless receive information. Serve immediately requests not to continue receiving information on our activities and services, when these shipments were based solely on the consent of the person who is receiving.
How can we defend the rights of exercise?
The rights can be exercised just by sending a request to the Blanquerna Foundation to the address or other contact information listed in the header.
If no satisfactory response has been obtained in the exercise of rights, you may lodge a complaint with the Catalan Data Protection Authority, through the forms or other channels accessible from its website (www.apd.cat).
In all cases, whether to submit complaints, request clarifications or send suggestions, you may contact the Data Protection Officer by e-mail to firstname.lastname@example.org.