Data Protection Policy - RGPD

This document explains the data protection policy of the Institut Químic de Sarrià CETS Private Foundation and its associates (IQS Tech Transfer SAU and IQS Fundació Empreses). It is based on the principles of the General Data Protection Regulation (EU) 2016/679 of the European Council of 27 April 2016. We fully assume the spirit of this European regulation that reinforces the rights and provides guarantees to individuals regarding the processing of their data, object that matches perfectly with our commitment to continuous improvement of our educational services. We go over the fundamentals of our data protection policy.

  • Who is responsible for the processing of personal data?
  • What role has the Data Protection Officer?
  • For which purposes we treat data?
  • What is the legal legitimacy for the treatment of the data?
  • Who communicate data?
  • How long do we keep the data?
  • What rights do people have about the data we try?
  • How can we defend the rights or exercise?
  • Specific data protection policies

                                                                                                                                                                     

Who is responsible for the processing of personal data?

The charge of data processing is the Institut Químic de Sarrià CETS Private Foundation(IQS), residing at Via Augusta, 390, 08017 Barcelona - CIF G58022849, tel. (+34) 93 267 20 00, email pd@iqs.edu registered in the Register of Foundations of the Generalitat of Catalonia with the number 88.

IQS has created the following institutions that complement its services and functions. These institutions are:

  • IQS Tech Transfer SAU - CIF A58010901 with registered office at Via Augusta 390, 08017 Barcelona, ​​Spain, pd@iqs.edu e-mail address and telephone number (+34) 93 267 20 00.
  • IQS Fundació Empreses, CIF G08283459, with registered office at Via Augusta 390, 08017 Barcelona, ​​Spain, pd@iqs.edu e-mail address and telephone number (+34) 93 267 20 00.

 

IQS is a center of higher education founder of the Ramon Llull University.

 

What role has the Data Protection Officer?

The Data Protection Officer (DPO) is the person who oversees compliance with our policy of data protection, ensuring that are treated properly and protects the rightsof individuals. Its duties include the care of any questions, suggestions, complaints or claims of people who are treated data. You can contact the Data Protection Officer, which is common to the three institutions, addressing in writing to our postal address and telephone number, or email address directly dpoiqs@iqs.edu.

 

For which purposes we treat data?

We treat personal information when thinking about all rights of the people and always in proportion. This means that the data may require adequate, relevant and limited compliance with the explicit purpose that motivated the acquisition; only the data necessary to enable the provision of educational services is our mission. In some cases, more data are required, for example to find out opinions or assessments of our services. Then the answers are treated statistically and is decoupled from the data identifying the person who answers.

The IQS is primarily for personal data for the following purposes:

1. Education, employment and promotion of economic activity.

2. Management administrative, economic and commercial.

3. Attend to queries and requests.

4. Perform quality control on our activities, products and services.

5. Send personal communications and newsletters on activities, products and services.

6. Carry out opinion surveys for participating in rankings and compile statistics.

7. Compliance with rules to prevent money launderingand terrorist financing.

 

No data received will be used for any purposes incompatible with those listed.

 

What are the main aims of data processing?

Academic management. The IQS records the data of the people who pre-register and then register, in order to let the record and, based on this, provide educational services of higher education. The data provided and the resulting academic ability to track and serve as the basis for evaluation. The management of the transcript of the student is the most important data processing. The student data are also used for purposes of administration, identifying them as service users, to facilitate access to these services, send information of interest, processing and issuing titles, and finally made monitoring of employment (more information this treatment and purpose).

Contact. We take data for dealing with inquiries from people who use contact forms on our website. They are used only for sending related information with this purpose.

Recruitment. Collect and guard the resumes we addressed those interested in working with us, and also we treat personal information in the development process of recruitment, in order to analyze the adequacy of the profile of the candidates on the basis of vacancies or new creation. Our approach is kept for a maximum of one year data also people who do not end up being contracted for short term there is a new vacancy or new job. However, in the latter case, immediately delete data if you ask the person concerned.

Information activities and services. With the explicit authorization of each student, upon completion of their studies use data send contact information on our services and activities. Also with your permission we get the information, activities or services of other institutions in our group. These data are also reach those who, despite not having registered in IQS, you ask.

Customer services. We register new clients that hire our services and manage the additional data that may be caused as a result of the business relationship with these customers. In the recruitment process will require essential information, among which should include bank details (account number or creditcard) which will be communicated to banks that manage the collection (solely be used for this purpose). This relationship involves other treatments, such data include accounting, billing or send information to the tax authorities.

Information for our customers. While there is a contractual relationship with our clients we use your contact information to inform itself of this relationship, information can be distributed later, once the contract if the customer agrees to receive it.

Data management from our suppliers. Recording and processing data providers who obtain goods or services. Data can be act as self-employed persons andrepresentatives of legal entities data. We obtain the data necessary to maintain the business relationship, the intended solely for that purpose and we own use of this kind of relationship.

CCTV. Access to our facilities reported, when applicable, the existence of surveillance cameras by the approved label. The cameras recorded images of the only points on which it is justified to ensure the safety of goods and people and images are used solely for this purpose.

Users of our website. The navigation system and software that enables the operation of our website collect data normally generated in the use of Internet protocols. This category of data between other IP address or domain name of the computer used by the person who connects to the site. This information is not associated with specific users and used for the sole purpose of obtaining statistical information onthe use of the website.  Our site uses cookies (cookies) to facilitate navigation and provide us with informationabout our users and their interests (more information Policy cookies).

Other channels of data collection. Also, obtain data relationships through classroom and other channels such as receiving e-mails, participate in our blogs with comments, subscribe to the blog, or through our social networking profiles. In all cases, the data are used only for the purposes that justify explicit collection and treatment.

 

How do we get the data?

In the previous section we referred to some of the origins of the data in question. In most cases the data comes directly from stakeholders and obtain mainly through the forms prepared for this purpose. We get also open days in the briefings we make in schools and through participation in trade fairs where we present our offer.

In developing the relationship with the students, the teachers and service providers to generate other data that are incorporated into the systems of IQS.

A limited volume of data may come from public authorities responsible for higher education and other academic institutions.

 

What is the legal legitimacy for the treatment of the data?

Data processing that we perform have different legal bases, depending on the nature of each treatment. We classify the main data processing we make following the legal basis of Article 6.1 of the General Data Protection Regulation.

For the provision of educational services. Once our students get admitted IQS services Educational services the student is a contractual relationship with obligations of each party, the right of students to receive a good education and the right and obligation IQS treat your data. This treatment has its legal basis in Law 6/2001 of 23 December, on universities, the Law 1/2003 of 19 February universities in Catalonia and its implementing regulations.

In accordance with a pre relationship. This is the case of the data of people interested in the teaching offer of IQS. But other reasons similar legitimacy, treat the data potential customers and suppliers with whom we have relationships prior to the signing of a contract. It is also the case of the data processing people who have sent us their resume or participating in selection processes.

Pursuant to a contract. Case relationships with our customers and suppliers and all actions and uses data that these business relationships entail.

In compliance with legal requirements. The provision of higher education determines who we fulfill different rules involving data processing. In this regard, the IQS reports data of his students at the University Ramon Llull Foundation, procedures for recognition and issuance of securities corresponding to the courses taught. It is alsoin compliance with legal obligations (tax laws) that communicate data to the tax authorities. It would also be in compliance with legal obligations that data will inform courts or bodies and security forces if required.

Based on consent. When we send information about our activities and services we use contact with the explicit consent of the person who will receive. It is also based on the consent we obtain navigation data of the person who visits our site, you consent may be revoked at any time by uninstalling cookies.

For legitimate interest. The images we obtain the surveillance cameras are treated the legitimate interests of our institution to preserve its assets and facilities. Our legitimate interest justifies also treating the data we get from contact forms, as well as people who register to comment on blog.

 

Who communicate data?

As a general rule only communicate data on legal compliance obligations. In the previous sections we explained our data communications students needed to make possible the provision of educational services, and our customers and suppliers in the development of economic and trade relations. The contact details of students can be disclosed to other institutions of our group as long as the student has authorized.

Data transfers take place outside the European Union (international transfer) for the management of international mobility of students and to respond to job offers for non-European companies. In both cases the treatment is based on the consent of the student.

In another sense, certain tasks to get the services of companies or individuals that contribute their experience and expertise, which sometimes have access to personal data. Under the terms of the General Data Protection Regulation is not an actual transfer of data but a custom treatment. Only companies that are contracted services ensure compliance with this regulation. When hiring formalized its confidentiality obligations and monitors their performance. It may be the case of hosting services data servers, or computer support services to law firms, accounting or tax. You can get detailed information on the identity of these companies addressing pd@iqs.edu.

 

How long do we keep the data?

The data retention time is determined by different factors. Affects mainly the preserve that data continue to be required to meet the purposes for which they were collected in each case. Secondly preserved to address potential liabilities for the treatment of data by IQS, and to meet any requirement of the government or the courts.

Consequently the data to be kept for the time necessary to preserve its legal value or information to prove compliance and legal obligations, but not for a period than is necessary for the purposes of treatment ( "limitation period preservation "requirement of the General data Protection Regulation). In the case of information that certifies the training received by students data are kept permanently preserving the rights of these students.

In certain cases, such as data contained in the records and billing, tax law requires keep them until they prescribe responsibilities in this matter. Regulatory foundations specifies certain details of accounting nature will remain ten years (compliance with Law 10/2010 of 28 April).

If the data are treated exclusively based on the consent of the person concerned are kept until this person does not revoke this consent.

Finally, in the case of images taken by surveillance cameras is kept for a month at most, although in the case of incidents that are kept justify the time necessary to facilitate the activities of bodies and security forces or judicial organs.

The regulations governing the preservation of public documents and the opinions of the qualifying commissions are a benchmark in determining when deciding to maintain or deletion of data.

 

What rights do people have about the data we try?

As provided for in the General Data Protection Regulation, persons who deal data have the following rights:

To know if it is. Any person has, first, whether the right to treat their data, regardless of whether there has been a prior relationship.

To be informed on the collection. When the data obtained from the person concerned, at the time of providing the information must be clear at the end that will be used, who will be responsible for processing and the main issues arising from this treatment.

To access. Law includes very broad know preciselywhat personal data are processed, what is the purpose for what it is, communications in others it will (if applicable) or the right to obtain a copy or know the deadline conservation.

To ask for rectification. Is the rightto rectify inaccurate data to be processed by us.

To ask for the deletion. Incertain circumstances there is a right to request the deletion of data when, among other reasons, are no longer necessary for the purposes for which they were collected and justified treatment.

To apply for limited treatment. And also on certain circumstances recognizes the right to request the limitation of data processing. In this case no longer be processed and kept only for the exercise or defense of claims, according to the General Data Protection Regulation.

A portability. In the cases provided for in the legislation recognizes the right toown personal data in a structured format commonly used machine-readable, and to transmit it to another data controller if so decided by the person concerned.

To refuse the treatment. A person can adduce reasons related to their particular situation, the reasons that lead them to stop treating the data onthe degree or measure which could lead to damage, except for legitimate reasons or exercise or defense against claims.

Unless receive information. Serve immediately requests not to continue receiving information on our activities and services, when these shipments were based solely on the consent of the person who is receiving.

 

How can we defend the rights or exercise?

The rights can be exercised just by sending a request to the IQS to the address or other contact information listed in the header.

If no satisfactory response has been obtained in the exercise of rights, you may lodge a complaint with the Catalan Data Protection Authority, through the forms or other channels accessible from its website (www.apd.cat).

In all cases, whether to submit complaints, request clarifications or send suggestions, you may contact the Data Protection Officer by e-mail to dpoiqs@iqs.edu.

-----------------------------

 

Specific data protection policies

- Process of registration.

- Sending information. 

- Policy cookies.