Privacy Policy

In compliance with Regulation (EU) 2016/679 (General Data Protection Regulation), Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights, and Organic Law 2/2023, of 22 March, on the University System, we hereby inform users about the processing of their personal data by Euneiz University.

1. DATA CONTROLLER

EUNIEZ University

Tax ID Code: A-01561505

Address: Paseo de la Biosfera, 6, 01013 Vitoria-Gasteiz.

Email: protecciondatos@euneiz.com.

Data Protection Officer (DPO): info@badia-adv.com.

Telephone: (+34) 945 25 50 07

2. DIFFERENTIAL PROCESSING OF PERSONAL DATA

A) ACADEMIC PROCESSING

Purpose:

• Effectively manage the pre-enrolment, admission, enrolment, academic monitoring, and contractual relationship maintenance processes with students.
• Facilitate access to academic and administrative services, such as the intranet, issuing university ID cards, certifications, exam management, and exam schedules.
• Manage national and international mobility programmes, external internships, job boards and job placement initiatives.
• Process grants, scholarships, subsidies and exemptions provided for by law or institutional regulations.
• Manage student participation in university activities, representative bodies and associative networks (including alumni status).
• Prepare the electoral roll in the event of participation in internal elections.
• Send communications about training activities, institutional matters or matters of academic interest related to student status, by any means, including electronic means.

Legal basis for processing:

The processing is lawful in accordance with Article 6.1 of the GDPR, based on:

• The fulfilment of the academic contract entered into with the student (Art. 6.1.b GDPR).
• Compliance with legal obligations in the field of education in accordance with Organic Law 2/2023 on the University System and other applicable regulations (Art. 6.1.c GDPR).

Recipients:

The data may be shared with:

• Public administrations with powers in the areas of education, taxation or administration.
• Organisations belonging to the Euneiz Group, exclusively for administrative and academic management purposes.
• Insurance companies for the provision of compulsory cover.
• Financial institutions for managing tuition payments.
• Companies and institutions collaborating in internship, employment or mobility programmes, only where the student participates voluntarily.

No automated decisions or profiling are envisaged.

Conservation:

The data will be kept for as long as the academic relationship is maintained and, once it has ended, for the periods established by the applicable legislation on education, tax and accounting matters. In the case of the Alumni programme, they will be kept for as long as the person does not request their deletion.

Academic profiling

Euneiz may also use academic profiling techniques based on enrolment history, grades or other objective indicators in order to improve educational support, offer personalised training proposals, facilitate access to tutoring or job placement programmes, and conduct statistical studies.

This profiling does not involve automated decisions with legal or significant effects, but is used exclusively as a tool to support academic decision-making by competent staff.

The student may object to this processing at any time for reasons related to their particular situation by contacting protecciondatos@euneiz.com, pursuant to Article 21 of the GDPR.

International data transfer

As part of academic mobility programmes involving placements at foreign universities, international internships and similar initiatives, students’ personal data may be shared with organisations based outside the European Economic Area (EEA).

Such international data transfers will be necessary for the fulfilment of a contract between the student and Euneiz, such as internship agreements or international mobility agreements, in accordance with the provisions of Article 49.1.b of the General Data Protection Regulation (GDPR). These transfers are not systematic and are only made when the student voluntarily participates in international programmes.

The student will be informed in advance of the identity of the recipient entity and the country of destination, as well as of the possible absence of an adequacy decision or equivalent safeguards under Article 45 of the GDPR.

You can request further information about these transfers by contacting: protecciondatos@euneiz.com

B) INSTITUTIONAL AND COMMUNICATIVE PROCESSING

Purpose:

The personal data of students, university staff or other members of the Euneiz community may be processed for the following institutional purposes:

• Send relevant institutional information, such as announcements, conferences, seminars, university activities, innovation programmes or participation opportunities.
• Share news, updates, achievements and projects promoted by the University, either through internal channels or our own media outlets.
• Encourage the university community to participate in initiatives promoted by Euneiz, at an academic, social and institutional level.

Legal basis for processing:

This processing is based on Euneiz’s legitimate interest in fulfilling its institutional function, in accordance with Article 6.1.f of the GDPR and Article 19 of Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).

‎In any case, consideration will be given to ensuring that the rights or interests of the persons concerned do not prevail, and they may object at any time on grounds relating to their particular situation.‏‏

Recipients:

Personal data will not be transferred to third parties, except in the following cases:

• When the person has voluntarily participated in activities, acts or publications that involve external disclosure.
• When there is a legal obligation or requirement from public authorities.

In the event that images or recordings showing identifiable persons are shared, data protection regulations and, where applicable, legislation on image rights shall apply.

Conservation:

The data will be kept for as long as there is a legitimate interest in processing it and the data subject has not objected to such processing. In the event of opposition, processing will cease immediately, except for compelling legitimate reasons.

C) PROCESSING FOR INFORMATION AND PROMOTIONAL PURPOSES

Purpose:

Euneiz may process the personal data of interested parties for the following purposes:

• Send information or promotional communications related to academic offerings, conferences, open days, institutional events, university services or activities organised by Euneiz.
• Send electronic bulletins, newsletters or invitations via digital media (email, messaging), on paper or other equivalent channels.

These communications will be addressed to individuals who have expressed interest in the academic programmes or institutional activities of the University.

Legal basis for processing:

This treatment is based on:

• The explicit consent of the person concerned, in accordance with Article 6.1.a of the General Data Protection Regulation (GDPR), in the case of persons who do not have a prior relationship with the University.
• In the case of Euneiz students or recent graduates, communications may also be sent pursuant to Article 21.2 of Law 34/2002 on information society services (LSSI), provided that they relate to products or services related to their previous academic training and that the recipient has not previously objected.

Recipients:

The data will not be disclosed to third parties, except in the following cases:

• Legal obligation.
• Processing order to suppliers providing electronic communication services or technological platforms on behalf of Euneiz, under contract in accordance with Article 28 of the GDPR.

Conservation:

The data will be kept for as long as valid consent exists or until the right to object has been exercised. Once this right has been revoked or exercised, the data relating to this processing will be deleted, without prejudice to any legal retention periods that may apply.

Interested parties may object to receiving these communications at any time by clicking on the unsubscribe link included in each message or by writing to: protecciondatos@euneiz.com.

D) VIDEO SURVEILLANCE

Purpose:

Euneiz may process personal data via video surveillance systems for the following purposes:

• Ensure the safety of people, property and facilities.
• Prevent and investigate criminal acts or unlawful conduct that may occur on University premises.
• Control access to buildings, restricted areas or critical points from a security perspective.

The cameras will be located in visible places, properly signposted, and will not be used for purposes other than those described here.

No images will be captured in areas designated for staff rest, bathrooms, changing rooms or other spaces protected by the right to privacy.

The existence of the processing will be indicated by signs placed in the areas under video surveillance, with the corresponding pictogram and the minimum information required by Article 22.4 of the LOPDGDD:

• Identity of the data controller.
• Purpose of the processing.
• Possibility of exercising the rights recognised in data protection regulations.
• Where to obtain further information (e.g. by referring to this privacy policy or to a summary version).

Legal basis for processing:

The treatment is based on:

• The public interest in ensuring the safety of persons, property and facilities, in accordance with Article 6.1.e of the GDPR.
• Euneiz’s legitimate interest as the party responsible for the facilities, in accordance with Article 6.1.f of the GDPR, under the terms of Article 22 of the LOPDGDD.

In the event that contracted security companies are involved, action will be taken in accordance with Law 5/2014 on Private Security and the data processing agreement provided for in Article 28 of the GDPR.

Recipients:

The images may only be accessed by:

• Authorised Euneiz personnel with security duties.
• Security companies contracted in accordance with a data processing agreement.
• State security forces or judicial authorities, in the event of incidents or investigations.

No data will be transferred to third parties, except where legally required or when legitimately requested by competent authorities.

Conservation:

The images captured by the video surveillance systems will be kept for a maximum period of 30 days, unless they must be kept for longer due to the existence of events that could constitute a crime or offence and must be made available to the competent authorities.

3. RIGHTS OF DATA SUBJECTS

Data subjects may exercise the rights recognised in data protection regulations, specifically:

• The right to access your personal data.
• The right to rectify inaccurate or incomplete data.
• The right to erasure (right to be forgotten), where applicable.
• The right to restrict processing, in cases provided for by law.
• The right to data portability, where technically feasible.
• The right to object to the processing of your data for reasons related to your particular situation.
• The right not to be subject to automated individual decisions, including profiling, which have legal effects or significantly affect you, except in cases permitted by law (Article 22 of the GDPR).

To exercise these rights, please contact:protecciondatos@euneiz.com

You may also contact the Data Protection Officer (DPO) at: info@badia-adv.com

In the event of disagreement, you may also file a complaint with the Basque Data Protection Agency: www.avpd.euskadi.eus, avpd@avpd.eus, Tel. 945 016 230

4. ADDITIONAL INFORMATION

You can find more detailed information at:https://www.euneiz.com/politica-privacidad

Text updated in May 2025