Who is in charge of processing personal data?
Address: Parc Tecnològic del Vallès, Avinguda Universitat Autònoma 23, 08290 Cerdanyola del Vallès (Barcelona)
Phone: +34 93 238 14 00
Contact for the Data Protection Officer: firstname.lastname@example.org
The Moodle learning platform is licensed by [NOM EMPRESA LLICENCIANT] and, consequently, the processing of data that it may perform is outside of Fundació Eurecat’s reach, who is only the entity in charge of processing the data it uses to generate and maintain user access to the Platform.
For what purpose and on what basis of legitimacy will we process personal data? What categories of data will we process?
The categories of personal data to be processed are: identifying data, which are provided to the Entity in Charge; academic data; data that the Users themselves specify in their use and enjoyment of the Object. These data are processed by the Entity in Charge for the following purposes:
- To manage the sign-up of and the username and password of the User so that he or she may access the Platform and all its presentations and content. The basis of legitimacy for this the execution of the contract (Article 6.1 GDPR).
- To send information related to the services contracted of the Platform and Object, and to process data to maintain the User’s use and enjoyment of the Platform and Object. The basis of legitimacy for this is legitimate interest (Article 21 of the Spanish LSSICE).
The Entity in Charge will not be able to obtain data related to the browsing habits of the user by means of installing cookies, given that the Platform only utilizes those cookies that are necessary for the Platform to work for him or her. The User is hereby informed that these necessary cookies are exempt from his or her consent, given that they do not have any other purpose.
For how long will we conserve personal data?
Personal data will be conserved for as long as necessary to carry out the purpose for which it has been provided or generated, or until it is requested to be erased. In any case, the data will be eliminated when there is no longer any need to process it and no legal obligations remain linked to it.
Who are the recipients of the personal data?
Personal data will mainly be handled by the Entity in Charge. Notwithstanding the foregoing, personal data may be made accessible to service providers that the Entity in Charge sees fit, only when strictly necessary for the provision of these services, such as the sending of communications or the storage and management of a database. The access to and the possible processing of personal data by service providers will be performed with the legally binding contractual supports that are called for in place, and in no case will any third party sell, supply, rent, or make the data available, or process this data for its own benefit or any other purpose.
For that matter, the User is hereby informed that the Platform is property of third parties and that it has been licensed to the Entity in Charge, and is thus not affected by any legal breach.
The Entity in Charge will be able to divulge personal data if it is legally obliged to do so without the need for user consent. For any other unforeseen situations in which it may be necessary to divulge this personal data, it will need to properly inform the user and receive the express authorization thereof.
Are international data transfers made?
In theory, personal data is not subject to transfer outside of the European Economic Area. Notwithstanding, the Entity in Charge may contract service providers outside of the European Union, or who offer their services elsewhere. For that matter, the Entity in Charge assures that any data processing that is carried out will be done in accordance with what the legislation requires.
Is personal data subject to automated decisions or profiling?
Personal data is not used for automated decisions or profiling measures.
What are your rights with respect to your personal data?
The current legislation in the area of data protection grants a series of rights to interested parties, by reason of the processing of their data, and are summarized here:
- The right to access: the interested party will have the right to know what personal data is being used by the entity in charge and for what purpose.
- The right to amend: the interested party may request the modification of his or her data at any time.
- The right to erase: the interested party may request, at any time, that his or her data be erased from the entity in charge’s files. However, and as we have explained above when talking about the conservation of data, in certain circumstances, in order for the entity to fulfill their duties, the interested party’s right to exercise this may be impeded.
- The right to oppose: the interested party can oppose to the processing of his or her data with regards to any of the purposes for which the entity in charge handles that data, in accordance with the privacy policies applicable to each case.
- The right to limit the handling of data: the interested party may request that the processing of his or her data be limited in the following cases:
- If he or she considers the data to be incorrect or inaccurate.
- If he or she considers that the data is not being handled legitimately but prefers that the processing be limited as opposed to the data being erased.
- If the data is no longer necessary for the purpose for which it was collected but he or she needs it to be conserved while making a legal reclamation.
- If, having exercised the right to oppose to some data processing, he or she has not yet received an answer from the entity in charge.
- The right to the portability of their data: the interested party will have the right to, whenever technically possible and within reason, request that his or her personal data that he or she has provided directly be transferred to another entity in charge of processing that data.
The User may exercise his or her rights within the terms and conditions provided by the current legislation, which were previously detailed, to the business address of the Entity in Charge: Avinguda Universitat Autònoma 23, 08290 Cerdanyola del Vallès (Barcelona), or, via email at: email@example.com.
In the event that you do not obtain a satisfactory answer and wish to fill out a reclamation or obtain more information on privacy, you can consult the authority in control of the Spanish data protection agency: Agencia Española de Protección de Datos (www.agpd.es – C/ Jorge Juan, 6, 28001 Madrid).