Privacy Policy

In compliance with Regulation (EU) 2016/679 (General Data Protection Regulation), Organic Law 3/2018 on Personal Data Protection and guarantee of digital rights, and Organic Law 2/2023, of 22 March, on the University System, we inform users about the processing of their personal data by Euneiz University.

1. DATA RESPONSIBLE

Universidad EUNEIZ

VAT Number: A-01561505

Address: Paseo de la Biosfera, 6, 01013 Vitoria-Gasteiz.

E-mail address: protecciondatos@euneiz.com.

Data Protection Delegate (DPD): info@badia-adv.com.

Telephone: (+34) 945 25 50 07

2. DIFFERENTIAL PROCESSING OF PERSONAL DATA


A) ACADEMIC TREATMENT

Purpose:

  • Properly manage the processes of pre-enrolment, admission, enrolment, academic monitoring and maintenance of the contractual relationship with the student.
  • Facilitate access to academic and administrative services, such as the intranet, issuing of the university ID card, certifications, exam management and exam dates.
  • Manage national and international mobility programmes, external internships, employment exchanges and job placement actions.
  • Processing grants, scholarships, bonuses and exemptions provided for by law or institutionally.
  • Manage student participation in university activities, representative bodies and associative networks (including alumni status).
  • To draw up the electoral roll in the event of participation in internal electoral processes.
  • To send informative communications on educational, institutional or academic interest activities related to student status, by any means, including electronic ones.

Legal basis for processing:

The processing is lawful in accordance with Article 6.1 of the GDPR, based on:

  • The execution of the academic contract formalised with the student (art. 6.1.b GDPR).
  • Compliance with legal obligations in educational matters in accordance with Organic Law 2/2023, on the University System, and other applicable regulations (art. 6.1.c GDPR).

Intended recipients:

The data may be communicated to:

  • Public administrations with powers in educational, fiscal or administrative matters.
  • Entities belonging to the Euneiz Group, exclusively for administrative and academic management purposes.
  • Insurance companies for the formalisation of compulsory coverage.
  • Financial institutions for the management of enrolment payments.
  • Companies and institutions collaborating in internship, employment or mobility programmes, only if the student participates voluntarily.

No automated decisions or profiling are foreseen.

Conservation:

The data will be kept for as long as the academic relationship is maintained and, once it has ended, for the periods established by the applicable legislation on educational, fiscal and accounting matters. In the case of the Alumni programme, they will be kept for as long as the person does not request their deletion.

Academic profiling

Euneiz may also use academic profiling techniques, based on enrolment history, grades or other objective indicators, in order to improve educational support, offer personalised training proposals, facilitate access to tutoring or job placement programmes, and carry out statistical studies.

Such profiling does not involve automated decisions with legal or meaningful effects, but is used solely as a tool to support academic decision-making by the relevant staff.

The student may object to this processing at any time on grounds relating to his/her particular situation by contacting protecciondatos@euneiz.com, in accordance with Article 21 of the GDPR.

International transfer of data

In the framework of academic mobility programmes, stays in foreign universities, international internships or similar initiatives, students’ personal data may be communicated to entities located outside the European Economic Area (EEA).

Such international data transfers shall be necessary for the performance of a contract between the student and Euneiz, such as internship agreements or international mobility agreements, in accordance with Article 49.1.b of the General Data Protection Regulation (GDPR). These transfers are not systematic, and are only made when the student voluntarily participates in international programmes.

The student will be informed in advance of the identity of the receiving entity and the country of destination, as well as of the possible absence of an adequacy decision or equivalent safeguards under Article 45 of the GDPR.

Further information on these transfers can be requested from: protecciondatos@euneiz.com


B) INSTITUTIONAL AND COMMUNICATIVE TREATMENT


Purpose:

The personal data of students, university staff or other members of the Euneiz community may be processed for the following institutional purposes:

  • To send relevant institutional information, such as calls for applications, conferences, seminars, university activities, innovation or participation programmes.
  • Disseminate news, novelties, achievements and projects promoted by the University, either through internal channels or its own media.
  • Encourage the participation of the university community in initiatives promoted by Euneiz, both at academic and social or institutional level.

Legal basis for processing:

This processing is based on the legitimate interest of Euneiz to fulfil its institutional function, in accordance with Article 6.1.f of the GDPR and Article 19 of Organic Law 3/2018, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).

In any case, the rights or interests of the persons concerned shall not be overridden, and they may object at any time on grounds relating to their particular situation.

Intended Recipients:

No transfer of personal data to third parties is envisaged, except in the following cases:

  • When the person has voluntarily participated in activities, events or publications involving external dissemination.
  • When there is a legal obligation or requirement by public authorities.


In the case of the dissemination of images or recordings in which identifiable persons appear, data protection regulations and, where applicable, legislation on image rights shall apply.

Conservation:

The data shall be kept for as long as there is a legitimate interest in processing and the data subject has not objected to the processing. In the event of objection, processing shall cease immediately, except for compelling legitimate reasons.

C) PROCESSING FOR INFORMATION AND PROMOTIONAL PURPOSES


Purpose:

The personal data of the persons concerned may be processed by Euneiz for the purpose of:

  • Send informative or promotional communications related to the academic offer, information days, open door sessions, institutional events, university services or activities organised by Euneiz.
  • Send electronic bulletins, newsletters or invitations through digital media (email, messaging), on paper or other equivalent channels.

These communications will be addressed to people who have shown interest in the University’s academic offer or institutional activity.

Legal basis for processing:

This treatment is based on:

  • The explicit consent of the person concerned, in accordance with Article 6.1.a of the General Data Protection Regulation (GDPR), in the case of persons who do not have a previous relationship with the University.
  • In the case of students or recent graduates of Euneiz, communications may also be sent under Article 21.2 of Law 34/2002, of services of the information society (LSSI), provided they deal with products or services related to their previous academic training and that the recipient has not previously objected.

Intended Recipients:

The data will not be communicated to third parties, except in the following cases:

  • Legal obligation.
  • Processing commissioned to suppliers who provide electronic communication services or technology platforms on behalf of Euneiz, under contract in accordance with Article 28 of the GDPR.

Conservation:

The data shall be kept for as long as there is valid consent, or as long as the right of objection has not been exercised. Once this right has been revoked or exercised, the data relating to this processing shall be deleted, without prejudice to any legal retention periods that may be applicable.

Interested parties may opt out of receiving these communications at any time by using the unsubscribe link included in each message or by writing to: protecciondatos@euneiz.com.

D) VIDEO SURVEILLANCE


Purpose:

Euneiz may process personal data by means of video surveillance systems for the purpose of:

  • To guarantee the security of people, property and facilities.
  • Preventing and investigating criminal acts or illicit conduct that may occur on University premises.
  • Control access to buildings, restricted areas or critical points from a security point of view.

The cameras shall be located in conspicuous places, properly marked, and shall not be used for purposes other than those described herein.

Images shall not be taken in places intended for staff rest, toilets, changing rooms or other areas protected by the right to privacy.

Information on the existence of the processing shall be provided by means of signs placed in the video-monitored areas, with the corresponding pictogram and the minimum data required by Article 22.4 of the LOPDGDD:

  • Identity of the data controller.
  • Purpose of the processing.
  • Possibility of exercising the rights recognised in the data protection regulations.
  • Where to obtain further information (e.g. by referring to this privacy policy or a summary version).

Legal basis for processing:

Treatment is based on:

  • The public interest in ensuring the security of persons, goods and facilities, in accordance with article 6.1.e of the GDPR.
  • The legitimate interest of Euneiz as the party responsible for the facilities, in accordance with article 6.1.f of the RGPD, under the terms of article 22 of the LOPDGDD.

In the event that contracted security companies are involved, action will be taken in accordance with Law 5/2014 on Private Security and the contract for the commissioning of processing provided for in Article 28 of the GDPR.

Intended recipients:

The images may only be accessed by:

  • Authorised Euneiz personnel with security functions.
  • Contracted security companies, in accordance with a contract for the processing of data.
  • State security forces or judicial authorities, in the event of incidents or investigations.

No data will be disclosed to other third parties, unless legally obliged to do so or unless required to do so by the competent authorities.

Conservation:

Images captured by video-surveillance systems shall be kept for a maximum period of 30 days, unless they have to be kept for a longer period due to the existence of facts that could constitute a crime or offence and have to be made available to the competent authorities.


3. RIGHTS OF THE PERSONS CONCERNED

Data subjects may exercise the rights recognised in the data protection regulations, specifically:

  • Right of access to your personal data.
  • The right to rectify inaccurate or incomplete data.
  • Right to erasure (right to be forgotten), where applicable.
  • Right to limitation of processing, in the cases provided for by law.
  • The right to data portability, where technically possible.
  • The right to object to the processing of their data on grounds relating to their particular situation.
  • The right not to be subject to automated individual decisions, including profiling, which produce legal effects or significantly affect them, except in cases permitted by law (art. 22 GDPR).

To exercise these rights, please contact: protecciondatos@euneiz.com  

You may also contact the Data Protection Delegate (DPD) at: info@badia-adv.com  

In the event of disagreement, you may also lodge a complaint with the Basque Data Protection Agency: www.avpd.euskadi.eus, avpd@avpd.eus, Tlf. 945 016 230.

4. ADDITIONAL INFORMATION

More detailed information is available at: https://www.euneiz.com/politica-privacidad

Text updated to May 2025

×ATENCIÓ: Cookies no configurades en l'idioma actual. Revisa la teva configuració al plugin, gràcies!