Processing of (personal) data by the entity in charge of the online application process
Basic information about protection of personal data of Schiller International University
CONTROLLER OF TREATMENT DATA CONTROLLER
KIP SIU LLC, Spanish Branch, tax ID number: W4004652F, located in Madrid (Spain), at Calle Serrano 156, (PC-28002). Telephone + 34 914 48 24 88. Hereinafter, SCHILLER INTERNATIONAL UNIVERSITY.
PURPOSE OF TREATMENT AND PRESERVATION
The purpose will be the appropriate organization and/or provision and/or disclosure and/or communication and/or promotion of the services and/or products offered by the educational centers that are part of the SCHILLER INTERNATIONAL UNIVERSITY campuses in Madrid, Paris, Heidelberg and Tampa (Florida).
The personal data processed will be stored for as long as the holder of the data ‘DATA SUBJECT’ remains linked to one of the SCHILLER INTERNATIONAL UNIVERSITY educational establishments for contractual reasons (for example: student, employee, service or product provider); for contact reasons (for example: parent, guardian, former student, ex-teacher, ex-employee, consultant) and for as long as the deletion is not requested by the person concerned; for legitimate reasons of the ‘DATA CONTROLLER’; and in any case, it will be stored for as long as it is necessary to comply with legal obligations.
Once the reason for which the data was collected or accessed has concluded, it will be deleted in accordance with the provisions of the regulations on the protection of personal data, which will imply, where appropriate, its blocking, without access, so that it can only be made available at the request of the corresponding authorities with powers to require its communication (for example: Judges and Courts, the Ombudsman, the Public Prosecutor's Office or the competent Public Administrations) and, during the period of limitation of the actions that may arise; after this period has expired, it will be completely deleted.
LEGITIMIZATION OF TREATMENT
Depending on the type of data processing required, the basis for legitimation may be
- By unequivocal consent of the Data Subject;
- By contractual commitment;
- By legitimate interest of the Data Controller;
- For compliance with legal obligations;
RECIPIENTS OF ASSIGNMENTS OR TRANSFERS
Certain personal data required to provide the services offered by SCHILLER INTERNATIONAL UNIVERSITY may be shared with:
- The educational centers that are part of the Organization, university campuses in Madrid, Paris, Heidelberg, Tampa.
- Our suppliers, when required by the activity, in which case we will inform the recipients, the purpose and the conservation period of their data when required by the activity.
- Law enforcement agencies and public administration in general, when required in compliance with a legal obligation.
A complete list of the Data Processors can be obtained by sending a request to the Data Controller at SCHILLER INTERNATIONAL UNIVERSITY, which can be accessed by sending an e-mail to: dpo@schiller.edu
International data transfers are made to the United States of America, the Data Controller guarantees that the processing of personal data by the Data Processors (suppliers) is performed in accordance with EU Regulation 2016/679 on the Protection of Personal Data (hereinafter GDPR) and they provide an essentially equivalent level of protection.
RIGHTS OF INTERESTED PERSONS
The holders of personal data have the right to freely exercise their rights to access, rectify or cancel the personal data that we collect; they also have the right to limit or object, at any time, the processing of their personal data and to request the portability of such data, as well as not to be subjected to automated decision making.
To exercise your rights you must send a letter requesting the exercise of the specific right, addressed to the Data Controller to which you can access by sending an email to the address: dpo@schiller.edu
SOURCE OF THE DATA
The data that we treat have been provided to us:
- Directly by the interested party.
- By third parties.
ADDITIONAL INFORMATION
Any doubt, question or comment about issues relating to the processing of your personal data may be sent to us by addressing your communication to the attention of the Data Protection Officer. dpo@schiller.edu
You can find more information about the processing of personal data in the following section.
You can also consult the following addresses on the subject. For Spain at https://www.aepd.es/; for France at https://www.cnil.fr; for Germany at https://www.baden-wuerttemberg.datenschutz.de; for the United States of America at the Official Authority for the Protection of Personal Data of its State.
KIP SIU LLC, Spanish Branch, tax ID number: W4004652F, located in Madrid (Spain), at Calle Serrano 156, (PC-28002). Telephone + 34 914 48 24 88. Hereinafter, SCHILLER INTERNATIONAL UNIVERSITY.
PURPOSE OF TREATMENT AND PRESERVATION
The purpose will be the appropriate organization and/or provision and/or disclosure and/or communication and/or promotion of the services and/or products offered by the educational centers that are part of the SCHILLER INTERNATIONAL UNIVERSITY campuses in Madrid, Paris, Heidelberg and Tampa (Florida).
The personal data processed will be stored for as long as the holder of the data ‘DATA SUBJECT’ remains linked to one of the SCHILLER INTERNATIONAL UNIVERSITY educational establishments for contractual reasons (for example: student, employee, service or product provider); for contact reasons (for example: parent, guardian, former student, ex-teacher, ex-employee, consultant) and for as long as the deletion is not requested by the person concerned; for legitimate reasons of the ‘DATA CONTROLLER’; and in any case, it will be stored for as long as it is necessary to comply with legal obligations.
Once the reason for which the data was collected or accessed has concluded, it will be deleted in accordance with the provisions of the regulations on the protection of personal data, which will imply, where appropriate, its blocking, without access, so that it can only be made available at the request of the corresponding authorities with powers to require its communication (for example: Judges and Courts, the Ombudsman, the Public Prosecutor's Office or the competent Public Administrations) and, during the period of limitation of the actions that may arise; after this period has expired, it will be completely deleted.
LEGITIMIZATION OF TREATMENT
Depending on the type of data processing required, the basis for legitimation may be
- By unequivocal consent of the Data Subject;
- By contractual commitment;
- By legitimate interest of the Data Controller;
- For compliance with legal obligations;
RECIPIENTS OF ASSIGNMENTS OR TRANSFERS
Certain personal data required to provide the services offered by SCHILLER INTERNATIONAL UNIVERSITY may be shared with:
- The educational centers that are part of the Organization, university campuses in Madrid, Paris, Heidelberg, Tampa.
- Our suppliers, when required by the activity, in which case we will inform the recipients, the purpose and the conservation period of their data when required by the activity.
- Law enforcement agencies and public administration in general, when required in compliance with a legal obligation.
A complete list of the Data Processors can be obtained by sending a request to the Data Controller at SCHILLER INTERNATIONAL UNIVERSITY, which can be accessed by sending an e-mail to: dpo@schiller.edu
International data transfers are made to the United States of America, the Data Controller guarantees that the processing of personal data by the Data Processors (suppliers) is performed in accordance with EU Regulation 2016/679 on the Protection of Personal Data (hereinafter GDPR) and they provide an essentially equivalent level of protection.
RIGHTS OF INTERESTED PERSONS
The holders of personal data have the right to freely exercise their rights to access, rectify or cancel the personal data that we collect; they also have the right to limit or object, at any time, the processing of their personal data and to request the portability of such data, as well as not to be subjected to automated decision making.
To exercise your rights you must send a letter requesting the exercise of the specific right, addressed to the Data Controller to which you can access by sending an email to the address: dpo@schiller.edu
SOURCE OF THE DATA
The data that we treat have been provided to us:
- Directly by the interested party.
- By third parties.
ADDITIONAL INFORMATION
Any doubt, question or comment about issues relating to the processing of your personal data may be sent to us by addressing your communication to the attention of the Data Protection Officer. dpo@schiller.edu
You can find more information about the processing of personal data in the following section.
You can also consult the following addresses on the subject. For Spain at https://www.aepd.es/; for France at https://www.cnil.fr; for Germany at https://www.baden-wuerttemberg.datenschutz.de; for the United States of America at the Official Authority for the Protection of Personal Data of its State.
Personal Data Protection Policy
Protecting the personal data we collect and process on behalf of our students, employees, suppliers and third parties is our priority. As an individual, you have the right to data privacy and how your personal data is used as part of our business operations.
By means of this notice, SCHILLER INTERNATIONAL UNIVERSITY informs you about the Personal Data Protection Policy that applies to the processing of personal data we collect from you.
In accordance with the regulations in force on the Protection of Personal Data, of the European Parliament and the Council, of 27 April 2016, on the protection of individuals regarding with the processing of personal data and the free movement of such data and repealing Directive 95/46/EC, hereinafter ("General Data Protection Regulations" or "GDPR"), we inform you of the following:
Definitions.
“Personal Data” means: any information relating to an identified or identifiable natural person (‘DATA SUBJECT’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“Special categories of personal data” means: any personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
“Processing” means: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Data Controller” means: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
“Data Processor” means: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
1. Who is responsible for processing your data?
The responsible for the processing of personal data collected through service proposals, agreements or contracts; applications; forms; educational platform; web site; social networks; blog; chat; or by any other means will be SCHILLER INTERNATIONAL UNIVERSITY that will incorporate them into automated files whose ownership and responsibility will be held for the specific purposes for which they were collected in each case.
For the purposes of our data protection policy, the contact address is dpo@schiller.edu
2. What kind of data can we have about you and how have we obtained it?
Depending on the relationship we have with you, the following types of data may be available to us:
If your personal data is modified, it will be your obligation to provide us, in each case, with the updated data.
Our Service does not address anyone under the age of 18 (“Children”).
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
Information for United States residents regarding their personal information.
In order to comply with your requests, for access to our educational platform, or website or other services we must verify your identity to prevent unauthorized access to your data.
We do not use your personal data for sale in connection with our services.
3. For what purpose do we process your data?
The data will be treated in our files, with the purpose, depending on the case, of the integral management of the services of SCHILLER INTERNATIONAL UNIVERSITY in its private and public professional relations, as well as in the legally required obligations.
We may use your data to perform some of the following actions, which are not limited to, but may include:
i. Administrative and economic management, invoicing, accounting and legal obligations,
ii. Educational management of students and teachers,
iii. Management of employees, contacts, suppliers, alumni, ex-teachers, candidates in selection processes, volunteers, interns, visitors, family members, participants, guests, others,
iv. Management of stay and accommodation of students and/or teachers in different locations where we offer our training services,
v. Management of complementary and/or extra-university activities,
vi. Management of student and/or teacher departures from university campuses,
vii. Management of other activities organized or sponsored by SCHILLER INTERNATIONAL UNIVERSITY on any of its campuses or outside them.
viii. Management of the sale of merchandising products offered by SCHILLER INTERNATIONAL UNIVERSITY on any of its campuses or outside of them.
ix. Management of activities organized or sponsored by SCHILLER INTERNATIONAL UNIVERSITY for events, congresses, conferences, courses or online; as well as any activity related to educational or cultural activities in general.
x. Management of communication and promotion of SCHILLER INTERNATIONAL UNIVERSITY in publications: magazines or press (on line/paper), official or third party social networks; official or third party web page, official or third party blog, news letter; for promotional, advertising, divulging or informative purposes related to the educational or cultural activity, upon request of explicit permission from the interested party.
xi. Management of the surveillance of facilities, persons and goods.
The data collected will be stored under the confidentiality and security measures established by law. The refusal to provide the requested data, as well as the non-authorization to process them could result in the impossibility of providing certain services and not being able to access them.
The data included in our files will not be used for commercial purposes under any circumstances, except with your prior consent.
4. How long will we store your data?
We will store your personal data for the time required to perform the objectives of the activities indicated in this Privacy Policy or those that may arise in the future; to fulfill the legitimate objectives of the person responsible for the processing of personal data, to comply with a legal obligation or until you ask us to cancel it and this can be done if the legal requirements are met.
5. What is the basis of legitimacy for the processing of your data?
Depending on the purpose for which the processing of your personal data is aimed, it will be necessary to have a type of data and a specific processing that may involve, among others, the following actions: Collection; Registration; Structuring; Modification; Conservation; Extraction; Consultation; Communication by transmission; Diffusion; Interconnection; Comparison; Limitation; Suppression; and Destruction of the data. In such cases, the basis of legitimacy for such processing may be:
- The maintenance of the business, contractual, administrative management or other relationship, the performance of complementary activities to comply with the service requested or offered by SCHILLER INTERNATIONAL UNIVERSITY.
- The observance of legal requirements or requests for information from law enforcement agencies, judicial authorities (judges and courts), public administrations (tax, education, health, etc.), or the competent national data protection authorities.
- SCHILLER INTERNATIONAL UNIVERSITY's legitimate interest in analyzing the use of its Web Site, social networks, blogs, educational platforms, promotional communications, newsletters, its functionalities and services; the protection of your interests and defense of your rights against third parties in case of controversy or third party claims, and in general, the development of the service and management of products offered by SCHILLER INTERNATIONAL UNIVERSITY.
- SCHILLER INTERNATIONAL UNIVERSITY's legitimate interest, when the regulations allow it - except for its express refusal - to communicate or notify you of information with promotional or non-promotional content related to SCHILLER INTERNATIONAL UNIVERSITY, as well as promotions and offers about its activities, services and products.
- The legitimate interest guaranteeing the security of our website, social networks, blogs, educational platforms, newsletters, communications and systems to prevent or detect fraud, security incidents or other crimes.
-The unequivocal consent of the interested party for the management of services or products, complementary or not, demanded by him or that we can offer him, such as: management of organized or sponsored activities - attendance to events, congresses, conferences, courses or other activities related to the cultural or educational activity or any other that may be offered in the future by SCHILLER INTERNATIONAL UNIVERSITY; management for transport procedures, location of residence or other needs for your stay in any of our campuses. The fulfillment of online forms for newsletters and other services.
With your consent we will be able to offer you a service adapted to your needs. You can choose not to do so for some of the purposes indicated, however, we must always treat your data for the maintenance of the service provided. Within each corresponding section of our web site, you will be asked for your consent - when it is about treatments that require it - you will have a functionality (click box) that will allow you to complete in an express and unequivocal way the communication of your consent.
6. To which recipients will your data be communicated?
The personal data may be communicated to third parties, provided that this communication responds to a requirement for the development of the legal relationship to be established, whether it results from a legal or contractual obligation, or from your prior consent. For example: Tax Agency, banks, agencies and/or public administration with competence in the field of education (centers, institutions, organizations, foundations, universities, our campus) or others.
International data transfer.
In order to perform certain processes, for example data storage in cloud systems, personal data is processed on servers that are both within the territory of the European Economic Area (EEA) - and therefore do not have the status of international data transfer under GDPR - and within the territory of the United States of America -considered as an international data transfer under GDPR-; in these cases the Data Controller guarantees that the processing of your personal data involving an international transfer of data will be performed in accordance with European Union Regulation 2016/679 on the Protection of Personal Data (GDPR), for which reinforced security measures and Standard Contractual Clauses (According to EU COMMISSION DECISION of 5 February 2010 for the transfer of personal data to processor established in third countries under Directive 95/46/EC of the European Parliament and of the Council) with our suppliers are in place to certify that any data transferred outside the EU is adequately protected, and they provide an essentially equivalent level of protection.
7. What are your rights as an interested party in the processing of personal data?
At any time, you may exercise the following rights free of charge against SCHILLER INTERNATIONAL UNIVERSITY:
- Right of access: This is the right of the interested party to obtain confirmation from the Data Controller as to whether or not personal data concerning him are being processed, and in the event that the processing is confirmed, access to the data and information available to him must be provided.
- Right to rectification: The person concerned shall have the right to obtain from the Data Controller without undue delay the rectification of the personal data concerning him when such data prove to be inaccurate. In view of the purposes for which the data have been processed, the data subject shall have the right to have the personal data supplemented where they are incomplete, in particular by providing an additional statement.
- Right to restriction of processing: It is the right to obtain from the Responsible of the Treatment the limitation of the treatment of personal data.
- Right to erasure ("right to be forgotten"): It refers to the right of the data subject to obtain from the Data Controller the erasure of personal data concerning him without undue delay, and the Data Controller shall be under the obligation to erasure personal data without undue delay when the requirements of Article 17 of the Regulation are met.
- Right to data portability: This consists of the right to receive the personal data concerning you, which you have provided to a Data Controller, in a structured, machine-readable format and to transmit them to another Data Controller without being prevented by the Data Controller to whom the data were provided.
- Right to object: The data subject may object at any time, on grounds relating to his particular situation, to personal data concerning him being processed for the fulfilment of a public interest or for the satisfaction of a legitimate interest, including the profiling on the basis of such provisions.
The exercise of the above rights is subject to certain exemptions, to safeguard the public interest (for example, the prevention or detection of crimes) or our interests (for example, the maintenance of a legal obligation). We will attempt to comply with your request as soon as reasonably possible. Requests to exercise these rights may be granted in whole, in part or denied, depending on the scope and nature of the request and applicable law. When required by applicable law, we will notify you if we deny your request and will notify you of the reasons why we cannot comply with your request.
No discrimination or penalties will occur for exercising your rights under this Privacy Policy.
You can exercise the rights indicated by sending an e-mail to dpo@schiller.edu. To do so, you must provide a photocopy of your official document of nationality or valid passport, indicating the reason and the right you intend to exercise. The photocopy of the above-mentioned documentation may be replaced provided that the identity is accredited by any other legally valid means.
In any case, all requests must be accompanied by:
- Request in which the application is specified (Year requested or information to be accessed). If it does not refer to a specific file, you will be provided with all the information in your name. If you request information from a specific file, only the information in this file will be provided. If you request information about a third party, it will never be provided. If you request it by phone, you will be instructed to do so in writing and will be informed of how you can do so and the address to which you must send it. You will never be provided information over the phone.
- Address for notification purposes.
- Date and signature of the applicant.
- Supporting documents of the petition that you submit.
If you consider that despite your request, your personal data or your inquiry have not been treated properly, you can go before competent authority in matters of Personal Data Protection, in Spain before the AEPD (www.aepd.es), in France CNIL (www.cnil.fr), in Germany (www.baden-wuerttemberg.datenschutz.de), in the United States of America the one corresponding to the State of Florida.
8. Social Networks and Links.
Through the social networks where you have a SCHILLER INTERNATIONAL UNIVERSITY account you can choose to share information. This means that the information that is shared, with name and preferences will be visible to visitors of your personal pages. Our recommendation is that you carefully read the privacy policies of third parties on social networks, which will be applicable to the treatment that they make of your personal data.
Regarding the user's opinions expressed through the web site or other participation tools that may be created, such as blogs, social networks, etc., we inform you that SCHILLER INTERNATIONAL UNIVERSITY shall not be responsible for the comments, nor for the contents that attempt against the honor, the privacy or the own image of third parties.
Our website may contain links to other websites belonging to third parties. Please be advised that SCHILLER INTERNATIONAL UNIVERSITY is not responsible for the privacy, content or security practices employed by such other web sites which are not governed in any way by this Privacy Policy. We recommend that you carefully read the privacy policies of any third-party web site not owned by SCHILLER INTERNATIONAL UNIVERSITY.
9. Cookies.
The use of our website allows us to collect certain information that is considered as personal data by the applicable regulations on the subject (an identifiable natural person is one whose identity can be determined directly or indirectly by means of a name, an identification number, location data or an online identifier), therefore, through cookies that are installed on your computer, or other tracking technologies, when you visit our website we collect personal information. When necessary, you will be asked for your consent to our use of cookies. For more information on the use of cookies by SCHILLER INTERNATIONAL UNIVERSITY you may consult our Cookie Policy section.
10. Security measures.
Under the protection of the applicable regulations on personal data protection we respect your privacy and we are committed to keep your personal data safe, as well as to manage them according to our legal obligations on privacy and security, to guarantee the confidentiality, integrity, availability and permanent resilience of the processing systems and services.
To this purpose, we will have the necessary technical, physical and organizational measures to protect your personal data against misuse, destruction, loss, alteration, disclosure, acquisition, accidental, illegal or unauthorized access, all in accordance with the technical possibilities of the moment and the demand that their protection requires.
However, you are aware that security measures on the Internet are not impregnable and therefore we inform you that SCHILLER INTERNATIONAL UNIVERSITY is not responsible for unauthorized or intentional access that is beyond our control.
11. Applicable legislation.
These Conditions shall always be governed by the provisions of European legislation on the protection of personal data and privacy as well as by the rules applicable in each territory in terms of privacy, consumers and users.
12. Versions of Privacy Policy.
SCHILLER INTERNATIONAL UNIVERSITY reserves the right to modify its Privacy Policy at its discretion due to a change in regulations or organizational practice. Such modifications will be published on this web site, providing the user with the necessary resources to access to them. In any case, the relationship with users will be governed by the rules provided at the specific time of access to this website.
By means of this notice, SCHILLER INTERNATIONAL UNIVERSITY informs you about the Personal Data Protection Policy that applies to the processing of personal data we collect from you.
In accordance with the regulations in force on the Protection of Personal Data, of the European Parliament and the Council, of 27 April 2016, on the protection of individuals regarding with the processing of personal data and the free movement of such data and repealing Directive 95/46/EC, hereinafter ("General Data Protection Regulations" or "GDPR"), we inform you of the following:
Definitions.
“Personal Data” means: any information relating to an identified or identifiable natural person (‘DATA SUBJECT’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“Special categories of personal data” means: any personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
“Processing” means: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Data Controller” means: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
“Data Processor” means: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
1. Who is responsible for processing your data?
The responsible for the processing of personal data collected through service proposals, agreements or contracts; applications; forms; educational platform; web site; social networks; blog; chat; or by any other means will be SCHILLER INTERNATIONAL UNIVERSITY that will incorporate them into automated files whose ownership and responsibility will be held for the specific purposes for which they were collected in each case.
For the purposes of our data protection policy, the contact address is dpo@schiller.edu
2. What kind of data can we have about you and how have we obtained it?
Depending on the relationship we have with you, the following types of data may be available to us:
- Identification data (e.g. name and surname, identity card, passport, Social Security/Mutuality number, postal address, e-mail address, telephone number, handwritten signature, fingerprint, image/voice, electronic signature). Online identification data (IP).
- Data on personal characteristics (marital status, family data, date of birth, place of birth, age, sex, nationality, native language).
- Data on social circumstances (e.g. characteristic of accommodation/housing, property or possessions, hobbies and lifestyle, membership of clubs or associations, licenses, permits or authorizations).
- Academic and professional data (e.g. curriculum vitae, training/degree, student background, professional experience, membership in professional associations or colleges, qualifications, results, objectives, achievements).
- Employment details data (e.g. profession, job position, non-economic payroll data, employee background).
- Economic, financial and insurance data (e.g. income and rent, investments and assets, credits, loans and guarantees, banking data, pension and retirement plans, economic data of payroll, data of tax deductions and taxes, insurance, mortgages, subsidies and benefits, credit history, credit card).
- Data on transactions of goods and services (e.g. goods and services provided by the affected party, goods and services received by the affected party, financial transactions, compensation and indemnification).
- Commercial information data (e.g. activities or businesses, commercial licenses, subscriptions to publications or media, literary, artistic, scientific or technical creations).
- Health data (e.g. food intolerances, allergies, disabilities, handicaps).
If your personal data is modified, it will be your obligation to provide us, in each case, with the updated data.
Our Service does not address anyone under the age of 18 (“Children”).
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
Information for United States residents regarding their personal information.
In order to comply with your requests, for access to our educational platform, or website or other services we must verify your identity to prevent unauthorized access to your data.
We do not use your personal data for sale in connection with our services.
3. For what purpose do we process your data?
The data will be treated in our files, with the purpose, depending on the case, of the integral management of the services of SCHILLER INTERNATIONAL UNIVERSITY in its private and public professional relations, as well as in the legally required obligations.
We may use your data to perform some of the following actions, which are not limited to, but may include:
i. Administrative and economic management, invoicing, accounting and legal obligations,
ii. Educational management of students and teachers,
iii. Management of employees, contacts, suppliers, alumni, ex-teachers, candidates in selection processes, volunteers, interns, visitors, family members, participants, guests, others,
iv. Management of stay and accommodation of students and/or teachers in different locations where we offer our training services,
v. Management of complementary and/or extra-university activities,
vi. Management of student and/or teacher departures from university campuses,
vii. Management of other activities organized or sponsored by SCHILLER INTERNATIONAL UNIVERSITY on any of its campuses or outside them.
viii. Management of the sale of merchandising products offered by SCHILLER INTERNATIONAL UNIVERSITY on any of its campuses or outside of them.
ix. Management of activities organized or sponsored by SCHILLER INTERNATIONAL UNIVERSITY for events, congresses, conferences, courses or online; as well as any activity related to educational or cultural activities in general.
x. Management of communication and promotion of SCHILLER INTERNATIONAL UNIVERSITY in publications: magazines or press (on line/paper), official or third party social networks; official or third party web page, official or third party blog, news letter; for promotional, advertising, divulging or informative purposes related to the educational or cultural activity, upon request of explicit permission from the interested party.
xi. Management of the surveillance of facilities, persons and goods.
The data collected will be stored under the confidentiality and security measures established by law. The refusal to provide the requested data, as well as the non-authorization to process them could result in the impossibility of providing certain services and not being able to access them.
The data included in our files will not be used for commercial purposes under any circumstances, except with your prior consent.
4. How long will we store your data?
We will store your personal data for the time required to perform the objectives of the activities indicated in this Privacy Policy or those that may arise in the future; to fulfill the legitimate objectives of the person responsible for the processing of personal data, to comply with a legal obligation or until you ask us to cancel it and this can be done if the legal requirements are met.
5. What is the basis of legitimacy for the processing of your data?
Depending on the purpose for which the processing of your personal data is aimed, it will be necessary to have a type of data and a specific processing that may involve, among others, the following actions: Collection; Registration; Structuring; Modification; Conservation; Extraction; Consultation; Communication by transmission; Diffusion; Interconnection; Comparison; Limitation; Suppression; and Destruction of the data. In such cases, the basis of legitimacy for such processing may be:
- The maintenance of the business, contractual, administrative management or other relationship, the performance of complementary activities to comply with the service requested or offered by SCHILLER INTERNATIONAL UNIVERSITY.
- The observance of legal requirements or requests for information from law enforcement agencies, judicial authorities (judges and courts), public administrations (tax, education, health, etc.), or the competent national data protection authorities.
- SCHILLER INTERNATIONAL UNIVERSITY's legitimate interest in analyzing the use of its Web Site, social networks, blogs, educational platforms, promotional communications, newsletters, its functionalities and services; the protection of your interests and defense of your rights against third parties in case of controversy or third party claims, and in general, the development of the service and management of products offered by SCHILLER INTERNATIONAL UNIVERSITY.
- SCHILLER INTERNATIONAL UNIVERSITY's legitimate interest, when the regulations allow it - except for its express refusal - to communicate or notify you of information with promotional or non-promotional content related to SCHILLER INTERNATIONAL UNIVERSITY, as well as promotions and offers about its activities, services and products.
- The legitimate interest guaranteeing the security of our website, social networks, blogs, educational platforms, newsletters, communications and systems to prevent or detect fraud, security incidents or other crimes.
-The unequivocal consent of the interested party for the management of services or products, complementary or not, demanded by him or that we can offer him, such as: management of organized or sponsored activities - attendance to events, congresses, conferences, courses or other activities related to the cultural or educational activity or any other that may be offered in the future by SCHILLER INTERNATIONAL UNIVERSITY; management for transport procedures, location of residence or other needs for your stay in any of our campuses. The fulfillment of online forms for newsletters and other services.
With your consent we will be able to offer you a service adapted to your needs. You can choose not to do so for some of the purposes indicated, however, we must always treat your data for the maintenance of the service provided. Within each corresponding section of our web site, you will be asked for your consent - when it is about treatments that require it - you will have a functionality (click box) that will allow you to complete in an express and unequivocal way the communication of your consent.
6. To which recipients will your data be communicated?
The personal data may be communicated to third parties, provided that this communication responds to a requirement for the development of the legal relationship to be established, whether it results from a legal or contractual obligation, or from your prior consent. For example: Tax Agency, banks, agencies and/or public administration with competence in the field of education (centers, institutions, organizations, foundations, universities, our campus) or others.
International data transfer.
In order to perform certain processes, for example data storage in cloud systems, personal data is processed on servers that are both within the territory of the European Economic Area (EEA) - and therefore do not have the status of international data transfer under GDPR - and within the territory of the United States of America -considered as an international data transfer under GDPR-; in these cases the Data Controller guarantees that the processing of your personal data involving an international transfer of data will be performed in accordance with European Union Regulation 2016/679 on the Protection of Personal Data (GDPR), for which reinforced security measures and Standard Contractual Clauses (According to EU COMMISSION DECISION of 5 February 2010 for the transfer of personal data to processor established in third countries under Directive 95/46/EC of the European Parliament and of the Council) with our suppliers are in place to certify that any data transferred outside the EU is adequately protected, and they provide an essentially equivalent level of protection.
7. What are your rights as an interested party in the processing of personal data?
At any time, you may exercise the following rights free of charge against SCHILLER INTERNATIONAL UNIVERSITY:
- Right of access: This is the right of the interested party to obtain confirmation from the Data Controller as to whether or not personal data concerning him are being processed, and in the event that the processing is confirmed, access to the data and information available to him must be provided.
- Right to rectification: The person concerned shall have the right to obtain from the Data Controller without undue delay the rectification of the personal data concerning him when such data prove to be inaccurate. In view of the purposes for which the data have been processed, the data subject shall have the right to have the personal data supplemented where they are incomplete, in particular by providing an additional statement.
- Right to restriction of processing: It is the right to obtain from the Responsible of the Treatment the limitation of the treatment of personal data.
- Right to erasure ("right to be forgotten"): It refers to the right of the data subject to obtain from the Data Controller the erasure of personal data concerning him without undue delay, and the Data Controller shall be under the obligation to erasure personal data without undue delay when the requirements of Article 17 of the Regulation are met.
- Right to data portability: This consists of the right to receive the personal data concerning you, which you have provided to a Data Controller, in a structured, machine-readable format and to transmit them to another Data Controller without being prevented by the Data Controller to whom the data were provided.
- Right to object: The data subject may object at any time, on grounds relating to his particular situation, to personal data concerning him being processed for the fulfilment of a public interest or for the satisfaction of a legitimate interest, including the profiling on the basis of such provisions.
The exercise of the above rights is subject to certain exemptions, to safeguard the public interest (for example, the prevention or detection of crimes) or our interests (for example, the maintenance of a legal obligation). We will attempt to comply with your request as soon as reasonably possible. Requests to exercise these rights may be granted in whole, in part or denied, depending on the scope and nature of the request and applicable law. When required by applicable law, we will notify you if we deny your request and will notify you of the reasons why we cannot comply with your request.
No discrimination or penalties will occur for exercising your rights under this Privacy Policy.
You can exercise the rights indicated by sending an e-mail to dpo@schiller.edu. To do so, you must provide a photocopy of your official document of nationality or valid passport, indicating the reason and the right you intend to exercise. The photocopy of the above-mentioned documentation may be replaced provided that the identity is accredited by any other legally valid means.
In any case, all requests must be accompanied by:
- Request in which the application is specified (Year requested or information to be accessed). If it does not refer to a specific file, you will be provided with all the information in your name. If you request information from a specific file, only the information in this file will be provided. If you request information about a third party, it will never be provided. If you request it by phone, you will be instructed to do so in writing and will be informed of how you can do so and the address to which you must send it. You will never be provided information over the phone.
- Address for notification purposes.
- Date and signature of the applicant.
- Supporting documents of the petition that you submit.
If you consider that despite your request, your personal data or your inquiry have not been treated properly, you can go before competent authority in matters of Personal Data Protection, in Spain before the AEPD (www.aepd.es), in France CNIL (www.cnil.fr), in Germany (www.baden-wuerttemberg.datenschutz.de), in the United States of America the one corresponding to the State of Florida.
8. Social Networks and Links.
Through the social networks where you have a SCHILLER INTERNATIONAL UNIVERSITY account you can choose to share information. This means that the information that is shared, with name and preferences will be visible to visitors of your personal pages. Our recommendation is that you carefully read the privacy policies of third parties on social networks, which will be applicable to the treatment that they make of your personal data.
Regarding the user's opinions expressed through the web site or other participation tools that may be created, such as blogs, social networks, etc., we inform you that SCHILLER INTERNATIONAL UNIVERSITY shall not be responsible for the comments, nor for the contents that attempt against the honor, the privacy or the own image of third parties.
Our website may contain links to other websites belonging to third parties. Please be advised that SCHILLER INTERNATIONAL UNIVERSITY is not responsible for the privacy, content or security practices employed by such other web sites which are not governed in any way by this Privacy Policy. We recommend that you carefully read the privacy policies of any third-party web site not owned by SCHILLER INTERNATIONAL UNIVERSITY.
9. Cookies.
The use of our website allows us to collect certain information that is considered as personal data by the applicable regulations on the subject (an identifiable natural person is one whose identity can be determined directly or indirectly by means of a name, an identification number, location data or an online identifier), therefore, through cookies that are installed on your computer, or other tracking technologies, when you visit our website we collect personal information. When necessary, you will be asked for your consent to our use of cookies. For more information on the use of cookies by SCHILLER INTERNATIONAL UNIVERSITY you may consult our Cookie Policy section.
10. Security measures.
Under the protection of the applicable regulations on personal data protection we respect your privacy and we are committed to keep your personal data safe, as well as to manage them according to our legal obligations on privacy and security, to guarantee the confidentiality, integrity, availability and permanent resilience of the processing systems and services.
To this purpose, we will have the necessary technical, physical and organizational measures to protect your personal data against misuse, destruction, loss, alteration, disclosure, acquisition, accidental, illegal or unauthorized access, all in accordance with the technical possibilities of the moment and the demand that their protection requires.
However, you are aware that security measures on the Internet are not impregnable and therefore we inform you that SCHILLER INTERNATIONAL UNIVERSITY is not responsible for unauthorized or intentional access that is beyond our control.
11. Applicable legislation.
These Conditions shall always be governed by the provisions of European legislation on the protection of personal data and privacy as well as by the rules applicable in each territory in terms of privacy, consumers and users.
12. Versions of Privacy Policy.
SCHILLER INTERNATIONAL UNIVERSITY reserves the right to modify its Privacy Policy at its discretion due to a change in regulations or organizational practice. Such modifications will be published on this web site, providing the user with the necessary resources to access to them. In any case, the relationship with users will be governed by the rules provided at the specific time of access to this website.
Latest version: March 2021