INTRODUCTION
COLEGIO LEGAMAR, S.L. reserves the right to modify this Policy in order to adapt it to legislative developments, jurisprudential criteria, industry practices, or the entity’s interests. Any modifications will be announced in advance, so that there is full knowledge of its content. To be able to provide certain services, it is necessary to manage your personal data. To this end, they will be incorporated into the corresponding processing activities of COLEGIO LEGAMAR, S.L. and will be processed for the specific purpose of each processing, mainly in accordance with the regulations established by Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights (LOPD-GDD).
- GENERAL INFORMATION
DATA CONTROLLER
The Data Controller is COLEGIO LEGAMAR, S.L., with NIF B28666741, with address at Ctra. Leganés-Fuenlabrada Km. 1.5 28914 Leganés – Madrid, and phone number (+34) 916 933 812.
Contact details of the Data Protection Officer:
Email: secretaria@colegiolegamar.com
Postal Address: Ctra. Leganés-Fuenlabrada Km. 1.5 28914 Leganés – Madrid
PURPOSE
The purpose of the collection and processing of personal data, through electronic forms and questionnaires, is to manage and attend to requests for information, questions or suggestions, or to arrange interviews related to information on pre-registrations, registrations or enrollments for the studies offered by the school. The data will also be used for the periodic sending of newsletters when you have previously given us your consent.
LEGAL BASIS
The legal basis that legitimizes us to process your personal data are as follows: (i) the consent given by you through the signing or acceptance of the relevant forms, for one or more specific purposes (II) Legal obligation in compliance with Law 1/2006, of March 7, Consumer and User Defense Law.
DATA RETENTION PERIOD
We will retain your personal data for the corresponding period to maintain a service history and efficiently manage our services, and the interested party does not request their deletion. Even if deletion is requested, they will be kept blocked for the necessary time, limiting their processing, only for one of these purposes: to comply with legal/contractual obligations of any kind that we are subject to and/or during the legal periods provided for the prescription of any responsibilities on our part and/or the exercise or defense of claims arising from the relationship maintained with the data subject to ensure that the data in our files, computerized and/or on paper, always correspond to reality, efforts will be made to keep them updated. To this end, the User must make the changes directly when enabled or communicate them, by reliable means, to the corresponding area or department of COLEGIO LEGAMAR, S.L.
Furthermore, the user has the right to withdraw their consent at any time.
RECIPIENTS
The personal data will not be transferred or communicated to third parties, except in cases necessary for the development, control, and fulfillment of the expressed purposes, in the cases provided by law.
SECURITY MEASURES
The entity will adopt in its information system the appropriate technical and organizational measures, complying with the principle of proactive responsibility, to ensure the security and confidentiality of the stored data, thus avoiding its alteration, loss, processing, or unauthorized access; taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of the processing, as well as variable probability and severity risks associated with each of the processing activities.
RIGHTS OF THE DATA SUBJECT
You may exercise the rights of access, rectification, deletion, limitation, portability, or, where applicable, opposition. For these purposes, you must submit a written request to COLEGIO LEGAMAR, S.L., with address at Ctra. Leganés-Fuenlabrada Km. 1.5 28914 Leganés – Madrid or by sending a written request to the email secretaria@colegiolegamar.com. In the request, you must specify which of these rights you are requesting, as well as your identifying details. In case you act through a representative, legal or voluntary (e.g., when the holders of parental authority or guardianship act on behalf of a minor under 14 years old or when acting as the legal representative of a person with functional diversity), you must also provide a document that accredits the representation.
In case you consider that any of your rights have been violated, you can file a complaint with the Spanish Data Protection Agency through its electronic headquarters (www.aepd.es).
2. SPECIFIC INFORMATION
- Why do we process your contact personal data?
Your personal data will be processed solely for the purpose of managing and processing the information and investigations of the reported alleged facts, or, where applicable, to respond to the inquiry raised, as well as to adopt, if applicable, protection measures and/or retaliation prevention, all in compliance with the provisions of the Internal Information System Protocol.
- What is the legal basis that legitimizes the processing of your personal data?
That is, what condition justifies or enables us to process your personal data? The legal basis for the processing of your personal data in the management of the Internal Information System will be established in art. 6.1.c of the GDPR, insofar as the processing is necessary for the fulfillment of a legal obligation applicable to the data controller, in accordance with the provisions of Law 2/2023, of February 20, regulating the protection of persons who report regulatory breaches and the fight against corruption, and Law 10/2010, of April 28, on the prevention of money laundering and the financing of terrorism.
- How long do we keep your personal data?
The data will be kept in the system for three months from the introduction of the data, in cases where no investigation actions have been initiated. However, they may be retained for the purpose of providing evidence of the operation of our crime prevention model. Communications that have not been processed may only be recorded in anonymized form.
In cases where investigation actions have been initiated, they will be kept for the necessary periods to investigate the reported facts in another information system and until the case is resolved (including judicial procedures if applicable).
Likewise, personal data that are necessary for COLEGIO LEGAMAR to exercise its rights in terms of legal defense and/or for the exercise of appropriate disciplinary actions, or to be made available to the State Security Forces and Bodies or the competent judicial authorities in accordance with current legislation, may be kept in the information system.
Similarly, personal data will be safeguarded to be provided to the Spanish Data Protection Agency, if necessary, and/or public authorities, to address possible responsibilities that may arise and only during the applicable legal prescription periods.
- Who can be assignees or recipients of your personal data?
We inform you that your identity will always be kept confidential, that it will not be communicated to the persons to whom the reported facts refer, nor to third parties unrelated to the management and processing of the communication, except when necessary to adopt corrective measures in the entity or to process sanctioning or criminal procedures, if applicable, in which case it must be communicated to the competent authorities in the matter.
Personal data processed in the Internal Information System may be communicated to the judicial authority, the Public Prosecutor’s Office, the State Security Forces and Bodies, or the competent administrative authority, in the context of an investigation carried out by them or within the framework of a judicial process. They may also be communicated to the competent state or regional whistleblower protection authorities.
In the event of outsourcing the management of the internal information system, the information provided through the online enabled channel may be processed by the external third party, as a data processor, in accordance with the provisions of Article 6 of Law 2/2023, of February 20, regulating the protection of persons who report regulatory breaches and the fight against corruption.
No international data transfers are planned by assignment or processing commission.