Privacy policy

Identity: Fundación Universidad de Oviedo
CIF: G33532912
Postal address for the purpose of notifications and summons: C/ Principado 3, 4ª planta, 33007 Oviedo
E-Mail: info@il23oviedo.es
DPD contact: info@il23oviedo.es

For what purpose do we process your personal data?

The personal data that we process responds to the following purposes:

  • Attention to your queries and requests: Management of Response to Queries, Claims or Incidents, Requests for technical or corporate information, Resources and/or Activities, made by email, telephone, contact form and/or instant messaging.
  • Contact with the interested party through the means of communication provided (mail, postal address and/or telephone) to manage the queries derived from the relationship between the parties.
  • Offer and Commercial Management of the products and services offered by the Responsible. Contact with the interested party for the request of data that is necessary, to manage the design and proposal of products and/or services.
  • Internal use, carrying out operations and administrative, economic and accounting management derived from the commercial relationship and/or provision of services.
  • Analysis of Profiles, to the extent that you have unequivocally consented "In order to be able to offer you products and services in accordance with your interests, as well as improve your user experience, we will prepare a "profile" based on the information provided. No automated decisions will be made based on said profile.
  • Consult the advertising exclusion systems that could affect its performance, excluding from the treatment the data of those affected who have expressed their opposition or refusal to it through the consultation of the advertising exclusion systems published by the competent control authority.
  • Associated management, including its communication in advance, that could derive from the development of any operation of structural modification of companies or the contribution or transfer of business or branch of business activity, provided that the treatments were necessary for the good end of the operation and guarantee, where appropriate, continuity in the provision of services.
  • Dissemination of our best practices referring to the services we have provided and/or the publication and/or communication of graphic material that may incorporate the image of the owner and/or personnel under his charge in corporate media and/or other media of public communication to the extent that you have unequivocally consented to it.
  • Procurement management and provision of organization services, as well as compliance with contractual and regulatory requirements linked to the organization and/or the requested operation.
  • Sending commercial communications about products or services like those contracted by the client with whom there is a prior contractual relationship, legitimized in accordance with article 21 of the LSSICE.
  • Quality control of our products and services, quality management of processes and activities, as well as the evaluation of the results of satisfaction/perception and performance of the organization's interest groups.
  • Contribution of evidence justifying campaigns, activities, promotions, contests, projects and subsidies in which the organization participates.
  • Management of Regulatory Compliance (applicable regulations, as well as mandatory internal regulations): Investigation, monitoring and auditing of controls established for the prevention of crimes, being able to establish controls for access to facilities, video surveillance, information systems and printing of documentation for all personal data under the responsibility of the organization and therefore for all the information systems of said entity, as well as the controls that the entity may establish for the investigation of accidents and/or incidents that may occur, as well as breaches of rules, crimes or illegal behavior.
  • Assessment of Patrimonial Solvency and Credit to confirm the economic viability of the requested operation, as well as, where appropriate, the communication and management associated with the claim of the amounts agreed for the provision of the service.
  • Statistical and historical purposes that allow us to improve the commercial strategy of our products and services, your data being previously anonymized.
  • The management and audit of the management systems and regulatory compliance of the organization's processes and facilities.
  • The contact and sending of personal communications, invitations to events, congratulate you on special dates, conduct quality and satisfaction surveys, as well as to inform you periodically of news, news and corporate information, and provide you with offers of products and services of interest by telephone. , written or electronic, in case you have consented and/or requested.
  • And in case you have consented, for the purposes described in the additional consents.
How long do we keep your data?
  • The data provided will be kept as long as the relationship of legality of treatment is maintained, its deletion is not requested by the interested party after formalized termination in writing of the relationship with the interested party, with the exception of its conservation for the formulation, exercise or defense of claims of the data controller or with a view to protecting the rights of another natural or legal person and/or for reasons of legal obligation.
  • In any case, at the end of the relationship, the Data of the interested party will be duly blocked, as provided in the current data protection regulations.
  • Accounting and Fiscal Documentation - For Tax purposes: The accounting books and other mandatory record books according to the applicable tax regulations (IRPF, VAT, IS, etc.), as well as the documentary supports that justify the entries recorded in the books (including the computer programs and files and any other proof that has fiscal significance), must be kept, at least, during the limitation period of Fiscal Crimes - General Tax Law and Penal Code, 10-year prescription for infractions.
  • Accounting and Fiscal Documentation - For Commercial purposes: Books, correspondence, documentation and justifications concerning your business - Commercial Code - 6 years.
  • Solvency files: Data referring to certain, overdue and payable and unclaimed debts -LOPD – 5 years.
  • The data processed for the remission of commercial communications will be kept until the consent granted is revoked.
  • Therefore, the data will be kept as long as the commercial relationship is in force, based on the conservation terms established by the current regulations indicated above, as well as the legal or contractual terms established for the exercise or prescription of any liability action for breach of contract by the interested party or the Organization (Civil Code establishes a period of 5 years to be able to carry out an action for civil liability, a period that runs from the date on which compliance with the obligation can be demanded).
What is the legitimacy for the processing of your data?

The processing of your data is legitimized in:

  • Compliance with the request you make to us. The data requested is necessary for the correct provision of the request made.
  • The legal basis for the treatment of your data is the fulfillment of the request that you make to us. The requested data is necessary for the correct provision of the same.
  • The execution of a contract, request, offer, order and/or commercial contract, for which the data provided may be communicated to third parties that provide us, where appropriate, specific products and/or services that are necessary for the management of the Provision of contracted services, to adequately attend, where appropriate, to the guarantees and responsibilities of the products and services it provides.
  • Comply with a legal obligation: Administrative, commercial, tax, fiscal, accounting, civil and financial regulations, and legislation for the defense of consumers and users, as well as the regulations inherent to the contracted operation and those associated with the sector.
  • Satisfy a legitimate interest of the Controller: Data processing as part of a commercial relationship and/or contract, which are necessary for its maintenance or compliance, fraud prevention, cases of legitimate interest in which the controller could be a harmed party and if necessary the treatment and communication of the data of the breach to third parties in order to manage regulatory compliance and the defense of the interests of the person in charge of treatment as well as the legitimate interest of direct marketing enabled by the LSSICE (sending of commercial electronic communications about products or services similar to those contracted by the client with whom there is a prior contractual relationship), as well as cases of legitimate interest of specific treatments contemplated in the LOPDGDD.
  • The consent of the interested party that he has provided us unequivocally through formal means and/or by checking the boxes enabled for this purpose in the data protection clauses enabled in the base document that has regulated the commercial relationship depending on the contact channel. .
To which recipients can your data be communicated?
  • Organizations or persons directly contracted or with which there is a collaboration agreement with the Treatment Manager for the provision of services related to the purposes of treatment (with an illustrative and non-limiting nature): Legal, Tax and Accounting Advice, Management Entities of Credit Collection and Insurance, Management, Accounting and/or Regulatory Compliance Auditors, Computer Maintenance, Suppliers, Courier/Transportation Companies, Video Surveillance/Alarm Companies, other professionals/companies necessary for the execution of certain services.
  • Organizations or bodies of the Public Administration with competences in the matters object of the purposes of the treatment, to meet their obligations in the cases that are required in accordance with the legislation in force at any time, as well as for the management of the provision of services.
  • Third parties that have been expressly authorized by the data owner.
  • Financial Entities: Transfer and/or management of payment effects.
  • State Security Forces and Bodies and the Judiciary, to the extent that it is required.
  • Collaborators or promoters of events, projects and subsidies in which the organization participates, for the technical or economic justification of the same.
  • Media for the promotion/publication of the organization's activities (public and/or private, such as web pages, social networks, newspapers, etc.).
Under what guarantees are your data communicated?

The communication of data to third parties is carried out to entities that accredit the provision of a Personal Data Protection System in accordance with current legislation.

User responsibility

The user:

  • You guarantee that you are over eighteen (18) years of age and that the data you provide to the Data Controller is true, exact, complete and up-to-date. For these purposes, the user is responsible for the veracity of all the data that he communicates and will keep the information provided properly updated, in such a way that it responds to his real situation.
  • It guarantees that it has informed the third parties of which it provides its data, in case of doing so, of the aspects contained in this document. Likewise, it guarantees that you have obtained your authorization to provide your data to the Data Controller for the purposes indicated.
  • You will be responsible for any false or inaccurate information that you provide through the Website and for any direct or indirect damages that this causes to the Data Controller or to third parties.
What are your rights?

You have the right to obtain confirmation as to whether we are processing personal data that concerns you.

Interested persons have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

In certain circumstances, the interested parties may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defense of claims.

In certain circumstances and for reasons related to their situation, the interested parties may oppose the processing of their data, in which case the Data Controller will stop processing the data, except for compelling legitimate reasons, or the exercise or defense of possible claims.

By virtue of the right to portability, the interested parties have the right to obtain the personal data that concerns them in a structured format of common use and mechanical reading and to transmit them to another person in charge.

If you have granted consent for a specific purpose, you have the right to withdraw your consent at any time, without affecting the legality of the treatment based on the consent prior to its withdrawal.

Where to go to exercise your rights?

If you wish to exercise your rights, please go to the channel established for the exercise of rights by the data controller (EMAILDPDCLIENTE) so that we can respond to your request in a managed manner.

What information is required to exercise your rights? To exercise your rights, we need to prove your identity and the specific request you make of us, for which we request the following information:

  • Documented information (written/email) of the request in which the request is specified.
  • Proof of identity as the owner of the data object of the exercise (Name, surname of the interested party and photocopy of the DNI of the interested party and/or of the person representing him, as well as the document accrediting such representation.
  • Address for the purposes of notifications, date and signature of the applicant (in the case of writing), or full name and surname (in the case of email), or validation of the application in the private area of the communication channel with a personal password for authentication of his identity.
  • When the data controller has reasonable doubts regarding the identity of the natural person making the request, they may request that the additional information necessary to confirm the identity of the interested party be provided.

What is the General Procedure for the Exercise of your rights? Once the required information is received, we will proceed to respond to your request in accordance with the general procedure for the exercise of rights of the Data Controller:

  • The data controller shall provide the data subject with information regarding its actions based on a request pursuant to articles 15 to 22 (Rights of the data subject), and, in any case, within one month of receipt of the data subject. application.
  • Said term may be extended by another two months if necessary, considering the complexity and number of requests.
  • The person in charge will inform the interested party of any of said extensions within a month from the receipt of the request, indicating the reasons for the delay.
  • When the data subject submits the request by electronic means, the information will be provided by electronic means where possible, unless the data subject requests that it be provided in another way.
  • If the person responsible for the treatment does not process the request of the interested party, he will inform him without delay, and no later than one month after receipt of the request, of the reasons for his non-action and of the possibility of filing a claim with an authority of control and of exercising judicial actions.
  • The information provided will be free of charge, except for a reasonable fee for administrative costs.
  • The data controller may refuse to act on the request, although it will bear the burden of demonstrating the manifestly unfounded or excessive nature of the request.
What claim channels are there?

If you consider that your rights have not been duly addressed, you have the right to file a claim with the competent data protection authority (www.agpd.es).

How have we obtained your data?

Your data has been obtained through any of the following:

  • Through the interested party or his legal representative.
  • Through third parties with which the data controller maintains a commercial relationship or the provision of services.
  • Through public bodies related to the purpose of the provision of contracted services.
  • Through third parties at the request of the contracting party.
What category of data do we process?

Identification and contact data (name, surname, telephone or email, etc.); business information data; economic, financial data and/or payment conditions; Other types of data: name, surname and NIF of legal representative, contact details of people in the organization involved or related to the service object of the contract/request.

The data structure that we process may contain specially protected data, the processing of which is necessary for the proper execution of the products/services contracted by the interested party, and which will be processed by the organization as data processor. In general, said data is dissociated and/or anonymized.

How is your personal data stored securely?

Fundación Universidad de Oviedo takes all necessary measures to keep your personal data private and secure. Only authorized persons from Fundación Universidad de Oviedo, as well as authorized personnel from contracted third parties/collaborators for the provision of certain services (who have the legal and contractual obligation to keep all information securely) have access to your personal data. All Fundación Universidad de Oviedo personnel who have access to your personal data are required to undertake to respect the data protection regulations, as well as the Privacy Policy and any instructions, communications, codes or similar that are prepared and provided for to your knowledge, and to all third parties who have access to your personal data who sign the relevant confidentiality commitments / data processor contracts.

Fundación Universidad de Oviedo follows strict criteria for the selection of service providers in order to comply with your obligations in terms of data protection and undertakes to sign the corresponding data processing contract with them through which it will impose, among other things, the following obligations: apply appropriate technical and organizational measures; treat personal data for the agreed purposes and only following the documented instructions of Fundación Universidad de Oviedo and delete or return the data to the user once the provision of services has ended. These agreements do not affect your rights under data protection law. For more information on these agreements, please do not hesitate to contact us.

Privacy Policy Changes

Fundación Universidad de Oviedo reserves the right to make, at any time, as many modifications, variations, deletions or cancellations in the contents and in the way they are presented as it deems appropriate, as we recommend that you consult our privacy policy whenever you consider pertinent. If you do not agree with any of the changes, you can exercise your rights in accordance with the procedure described by sending an email to EMAILDPDCLIENTE.

Confidentiality and information of third parties who provide us with personal data.

With the acceptance and/or validation of the process that serves as the basis for the formalization of your relationship with Fundación Universidad de Oviedo, you expressly consent to the processing of data in accordance with the provisions of the clause and additional information on data protection and undertake to inform and have the consent of third parties who provide us with personal data for said treatment.

Likewise, the user agrees to inform the owners of the data expressly, precisely and unequivocally of whom they transfer information to Fundación Universidad de Oviedo - within the month following the communication of the data to Fundación Universidad de Oviedo-, of the data processing carried out.

Version: 2.0
Date: 11/01/2024