LEGAL NOTICE AND PRIVACY POLICY

PRIVACY POLICY

 

Introduction

This Privacy Policy has been developed taking into account the provisions of the Organic Law on the Protection of Personal Data in force, as well as the Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the movement of such data, hereinafter the GDPR.

The purpose of this Privacy Policy is to inform the holders of personal data, in respect of which information is being collected, of the specific aspects relating to the processing of their data, including the purposes of the processing, the contact details for exercising the rights to which they are entitled, the retention periods for the information and the security measures, among other things.

 

Data Controller

In terms of data protection COLEGIO INTERNACIONAL EL SABIO, S.L., must be considered the Data Controller, in relation to the files/processing identified in this policy, specifically in the Data Processing section.

The following are the identification details of the owner of this website:

Data Controller: COLEGIO INTERNACIONAL EL SABIO, S.L.

Postal address: Calle Alemania, 2 – 11408 – Jerez de la Frontera – Cádiz.

E-mail address: rgpd@sagehostel.com

 

Data processing

The personal data requested, where appropriate, will consist only of those data that are strictly necessary to identify and deal with the request made by the owner of the data, hereinafter the data subject. Such information shall be processed in a fair, lawful and transparent manner in relation to the data subject. Furthermore, personal data will be collected for specific, explicit and legitimate purposes, and will not be further processed in a manner incompatible with those purposes.

The data collected from each data subject shall be adequate, relevant and not excessive in relation to the relevant purposes for each case, and shall be updated whenever necessary.

The data subject shall be informed, prior to the collection of his/her data, of the general points regulated in this policy so that he/she may give express, precise and unequivocal consent to the processing of his/her data, in accordance with the following aspects.

 Purposes of the processing.

The explicit purposes for which each of the processing operations are carried out are set out in the informative clauses included in each of the data collection methods (web forms, paper forms, announcements or posters and informative notes).

However, the personal data of the interested party will be processed for the sole purpose of providing them with an effective response and attending to the requests made by the user, specified next to the option, service, form or data collection system used by the owner.

Legitimation

As a general rule, prior to the processing of personal data, COLEGIO INTERNACIONAL EL SABIO, S.L. obtains the express and unequivocal consent of the owner of the data, by means of the incorporation of informed consent clauses in the different information collection systems.

However, in the event that the consent of the data subject is not required, the legitimate basis for the processing on which COLEGIO INTERNACIONAL EL SABIO, S.L. relies is the existence of a law or specific regulation authorising or requiring the processing of the data subject’s data.

 

Addressees

As a general rule, COLEGIO INTERNACIONAL EL SABIO, S.L. does not proceed to the transfer or communication of data to third parties, except for those legally required. However, if necessary, the interested party is informed of such transfers or communications of data through the informed consent clauses contained in the different ways of collecting personal data.

 

Origin

As a general rule, personal data are always collected directly from the data subject; however, in certain exceptions, data may be collected through third parties, entities or services other than the data subject. In this regard, this will be communicated to the data subject through the informed consent clauses contained in the different information collection channels and within a reasonable period of time, once the data have been obtained, and at the latest within one month.

 Storage periods

The information collected from the data subject will be kept for as long as it is necessary to fulfil the purpose for which the personal data were collected, so that, once the purpose has been fulfilled, the data will be cancelled. Said cancellation will give rise to the blocking of the data, which will only be kept at the disposal of the Public Administrations, Judges and Courts, in order to attend to any possible liabilities arising from the processing, during the period of limitation of these, after which time the information will be destroyed.

A título informativo, a continuación se recogen los plazos legales de conservación de la información en relación a diferentes materias:

 

DOCUMENT DEADLINE LEGAL REFERENCE
Documentation of a labour or social security nature

 

 4 years Article 21 of Royal Legislative Decree 5/2000, of 4 August, approving the revised text of the Law on Offences and Penalties in the Social Order.

 
Accounting and tax documentation for commercial purposes 6 years Art. 30 Commercial Code

 
Accounting and fiscal documentation for tax purposes 4 years Articles 66 to 70 General Tax Law

 
Building access control 1 month AEPD Instruction 1/1996
Video surveillance

 

 1 month Instruction 1/2006 of the AEPD

Organic Law 4/1997

 

Navigation data.

In relation to the browsing data that may be processed through the website, in the event that data subject to the regulations are collected, we recommend that you consult the Cookies Policy published on our website.

Rights of data subjects.

The data protection regulations grant a series of rights to the interested parties or data subjects, users of the website or users of the profiles of the social networks of COLEGIO INTERNACIONAL EL SABIO, S.L.

These rights granted to the interested parties are as follows:

  • Right of access: the right to obtain information on whether their own data is being processed, the purpose of the processing being carried out, the categories of data being processed, the recipients or categories of recipients, the period of conservation and the origin of said data.

 

  • Right of rectification: the right to obtain the rectification of inaccurate or incomplete personal data.

 

  • Right of erasure: the right to obtain the erasure of data in the following cases:
    • When the data are no longer necessary for the purpose for which they were collected.
    • When the owner of the data withdraws consent
    • When the data subject objects to the processing
    • When the data must be erased in compliance with a legal obligation
    • When the data have been obtained by virtue of an information society service on the basis of Art. 8(1) of the European Data Protection Regulation.

 

  • Right to object: the right to object to a particular processing operation based on the data subject’s consent.

 

  • Right of restriction: the right to obtain the restriction of the processing of data when any of the following events occur:
    • Where the data subject contests the accuracy of the personal data, for a period of time that allows the company to verify the accuracy of the data.
    • Where the processing is unlawful and the data subject objects to the erasure of the data.
    • When the company no longer needs the data for the purposes for which they were collected, but the data subject needs them for the formulation, exercise or defence of claims.
    • Where the data subject has objected to the processing while it is being verified whether the legitimate reasons of the company prevail over those of the data subject.
    • Right to portability: the right to obtain the data in a structured, commonly used and machine-readable format and to transfer it to another controller where:
    • Processing is based on consent
    • The processing is carried out by automated means.

 

  • The right to lodge a complaint with the competent supervisory authority.

The interested parties may exercise the afore mentioned rights by writing to COLEGIO INTERNACIONAL EL SABIO, S.L. to the following address: rgpd@sagehostel.com indicating in the subject line the right they wish to exercise.

In this regard, COLEGIO INTERNACIONAL EL SABIO, S.L. will deal with your request as soon as possible and taking into account the deadlines laid down in the regulations on data protection.

Security

The security measures adopted by COLEGIO INTERNACIONAL EL SABIO, S.L. are those required, in accordance with the provisions of Article 32 of the RGPD. In this regard, COLEGIO INTERNACIONAL EL SABIO, S.L., taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, has established the appropriate technical and organisational measures to ensure the level of security appropriate to the existing risk.

In any case, COLEGIO INTERNACIONAL EL SABIO, S.L. has implemented sufficient mechanisms to:

  1. Guarantee the permanent confidentiality, integrity, availability and resilience of the processing systems and services.
  2. Restore the availability and access to personal data quickly, in the event of a physical or technical incident.
  3. Regularly verify, evaluate and assess the effectiveness of the technical and organisational measures implemented to ensure the security of the processing.
  4. Pseudonymise and encrypt personal data, where appropriate.