This privacy policy, within the framework of the University’s Security Policy approved by its Governing Council, aims to make known the way in which the University of Alicante protects the personal data it processes in the context of the activities it carries out and complies with the regulations in force in this area.
The University of Alicante has a record of all personal data processing activities it carries out published in its Electronic Headquarters, specifically in the Privacy section along with this Privacy Policy.
With the aim of offering the data subject or holder of personal data this information in a simple way in its relationship with the University, in accordance with Articles 13 and 14 of the EU Regulation 2016/679 General Data Protection Regulation (GDPR), an information model based on two layers has been adopted whereby, when personal data is collected, the first layer of information or basic clause is included which informs about:
- The identification of the data controller, i.e. the University of Alicante;
- The purpose for which the processing is carried out;
- The legitimacy of the treatment;
The possible transfers of data and recipients within the framework of the processing; - Basic information about your rights in the field of personal data processing;
- The appropriate indications to be able to consult the extended information contained in the second layer of the informative model.
With regard to the second layer or extended information, this will inform in addition to the above on:
- The identification and contact details of the data controller and management.
- The categories of personal data processed.
- The detailed purpose for which the processing is carried out.
- Detailed information on the legitimacy of the processing.
- Security measures that the University adopts to ensure the confidentiality, integrity, availability, authenticity and traceability of the personal data processed.
- The period of time for which the University will keep the data and the reasons for this.
- If applicable, recipients of the data transfers, as well as the specific purpose of each of these transfers.
- Details of the rights of the data subject with regard to the processing of personal data by the University and how to exercise them before the University.
- Where appropriate, the channel for obtaining personal data if they do not come from the data subject.
To facilitate access to all the information concerning each of the processing of personal data by the University, together with this Privacy Policy you can consult the Register of Processing Activities, which for each activity includes the following information in accordance with Article 30 of the GDPR:
- Name of the processing activity
- Purpose of the processing activity
- Legal basis of the processing activity
- Categories of data subjects
- Categories of data processed
- Data transfer
- Purpose of the data transfer
- International transfer of personal data
- Data retention period
Through the Register of Processing Activities you will be able to access both the basic clause and the extended information of each processing activity.
Below, we determine the aspects of general application to all processing of personal data and identify which particularities should be consulted at the level of each processing activity according to what has just been expressed.
Who is the Controller of the processing of personal data?
Identification Postal Address Data Controller
University of Alicante
CIF: Q-0332001-G
Carretera San Vicente del Raspeig, S/N.
03690 San Vicente del Raspeig (Alicante)
gerencia@ua.es
What personal data do we process and for what purpose?
The data processed and the purpose for which they are processed will depend on each processing of personal data and should be consulted in the information contained in the Register of Processing Activities accessible through the E-Office, Privacy section.
What is the legitimacy of the processing of personal data?
The processing of personal data by the AU may be carried out for the following purposes:
Execution of a contract
Fulfillment of a legal obligation
Mission in the public interest or exercise of public authority
Consent of the data subject
In the Register of Processing Activities you can consult which is the specific legitimacy that in each case enables the University of Alicante to process personal data.
What security measures do we apply in the processing of personal data?
The University is responsible for implementing appropriate security measures and other obligations under the legislation on protection of personal data in accordance with the National Security Scheme, Royal Decree 3/2010.
In this sense, the University of Alicante has a Privacy Policy and an Information Security Policy that can be consulted in its electronic headquarters, in the regulations section: https://seuelectronica.ua.es/es/normativa.html.
To which recipients are the personal data communicated?
If any, it will be recorded in the Register of Processing Activities in the information that characterizes each processing of personal data identifying the recipients of personal data and the purpose of the session.
What are the rights of data subjects?
The data subject has the right to access his/her personal data, to request the rectification of inaccurate data, to request their cancellation and deletion, to oppose their processing, including profiling, to limit until a certain date the processing of data and to data portability, in electronic format.
To do so, you must submit an application addressed to the University Management at the General Registry of the UA, as established by Law 39/2015, of October 1, of the Common Administrative Procedure of Public Administrations. The channels for submitting the application are in person at the University’s registry offices identified at https://sar.ua.es/es/registro/ or telematically at the UA Electronic Registry located at the University’s Electronic Headquarters accessible at https://seuelectronica.ua.es/ .
Likewise, the data subject has the right to file a complaint with the Supervisory Authority for data protection in Spain, specifically, the Spanish Data Protection Agency (AEPD) through the mechanisms established by the same. More information is available at www.aepd.es.
Below is a summary table with the definition of each of the rights that the data subject has over his/her personal data:
Access
Consult the personal data being processed.
Rectification
Modify personal data when it is inaccurate.
Deletion
Request the deletion of personal data.
Opposition
Request that personal data not be processed.
Limitation of processing
Request limitation to the processing of personal data in the following cases:
- While the challenge to the accuracy of the data is being checked.
- When the processing is unlawful, but the data subject objects to the erasure of his or her data.
- When the University does not need to process the data, but you need them for the exercise or defense of claims.
- Where the data subject has objected to the processing of his or her data for the performance of a task carried out in the public interest or for the fulfilment of a legitimate interest, while verifying whether the legitimate grounds for processing outweigh those of the data subject.
Portability
The data subject may obtain, in electronic format, personal data held by the University in structured format so that it can be transmitted to another entity and incorporated into its information systems.
Objecting to profiling
The interested party may refuse that, on the basis of the personal data provided to the University, profiles are created to which information considered to be of interest to him/her may be sent manually or automatically.
File a complaint before the AEPD
If the interested party considers that there has been an abuse in the processing of their personal data, they may file a complaint with the nearest Data Protection Control Authority, in Spain, the Spanish Data Protection Agency (www.aepd.es).
How long will we keep the data?
The retention period will be defined for each of the processing operations in accordance with the applicable regulations in each case or, in the event that the processing is carried out on the basis of the data subject’s consent, until the data subject revokes such consent.
This information can be consulted for each processing of personal data can be consulted for each processing of personal data in the Register of Processing Activities.
How did we obtain the data?
In the event that the data comes from sources other than the University itself, the source of the information obtained will be indicated in the Register of Processing Activities.