PRIVACY POLICY – EXTENDED INFORMATION

The Privacy Policy forms part of the General Terms and Conditions governing the following websites:

• https://ispschools.es/
• https://britishschoolmalaga.com/
• https://britishschoolvilareal.com/
• https://altillointernational.com/
• https://fontenebroschool.com/
• https://internacionalaravaca.edu.es/
• https://ladyelizabethschool.com/
• https://laudesanpedro.com/
• https://newtoncollege.es/
• https://palaciodegranda.com/
• https://britishschoolalmeria.com/

VERSION FEBRUARY 2025

In accordance with the current applicable regulations on Personal Data Protection (EU Regulation 679/2016, General Data Protection and Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights) we inform you of the following:

Who is the controller of the data processing?

COLEGIOS LAUDE, S.L.U.

Av. De Europa 24. Puerta A, Bajo A. Edificio Torona (28108 Madrid)

NIF: B84600188

Teléfono: 686 090 053

Email of the Data Protection Delegate: dpo.external@ispschools.com.

You can contact us in any way you wish.

We reserve the right to modify or adapt this Privacy Policy at any time. We recommend that you review it, and if you have registered and access your account or profile, you will be informed of the modifications.

If you are one of the following groups, please see the information below:

• Web or e-mail contacts.

 What data do we collect through the Website?

We may process your IP address, the operating system or browser you use, and even the length of your visit, anonymously. If you provide us with data in the contact form, we will process your identification data and the data you share with us in the form to contact you through the means you have provided, such as email, telephone calls or WhatsApp.

For what purposes will we process your personal data?

To manage the requested service, answer your request, or process your request.

What is the legitimacy for the processing of your data?

The user’s consent or the existence of a contractual relationship between the parties.

How long will we keep personal data?

For as long as you remain connected with us or until you exercise a right that involves the deletion of your data.

• Social Media Contacts.

  What data do we process?

We will process your identification data and the data you share with us within the framework of the social network in question.

For what purposes will we process your personal data?

To manage the requested service, answer your request, or process your request. To create, promote and maintain a community of followers within the social network.

What is the legitimacy for the processing of your data?

The user’s consent or the existence of a contractual relationship between the parties. In this case, the processing is based on the acceptance of a contractual relationship in the corresponding social network environment, and in accordance with its privacy policies, so it is advisable that the user consults them. The data controller will only be able to consult or remove the data in a restricted manner by having a specific profile. This data will be processed for as long as the user allows it through the different interactions that each RRSS allows. Any rectification of the data or restriction of information or publications must be made by the user through the configuration of their profile on the social network itself.

How long will we keep personal data?

For as long as you remain linked to us or until you exercise a right that involves the deletion of your data.

• Processing of CV data of candidates, job applicants/internships.

  What data do we process?

The data controller will collect data from candidates through its job portal accessible from its website. It will process the identification and contact, academic and professional data that the candidate includes when submitting their application.

For what purposes?

• • Selection processes for the recruitment of employees.
  • Summoning for job interviews and evaluation of applications.

  What is the legal basis for the processing?

The legal basis for the processing described above is the existence of a pre-contractual relationship between the parties.

How long will we keep your data?

After one year from the receipt of a curriculum vitae, the Controller will proceed to its secure destruction.

• Processing of data of users of the Educational Platforms.

  What data do we process?

We may process your identification data, contact data, academic data, information relating to permissions, qualifications, etc., all depending on your user profile (student, parent, tutor, teacher, etc.).

For what purposes?

The data included in the educational platforms will be processed by the Data Controller for the purpose of managing the relationship that the Centre has with each User, according to their profile.

What is the basis of legitimacy?

The existence of a contractual relationship between the parties.

How long will we keep the data?

During the existence of the contractual relationship and, once it has ended, during the legal limitation periods established for the exercise of actions.

• Complaints channel

  What data do we process?

 The data you share with us in your report and, if you decide not to make an anonymous report, your identification and contact details.

For what purposes?

The personal data collected through the information channel are processed for the sole purpose of processing the communications or information received, sending the informant the relevant communications on the status of processing or the results of the same, unless the informant has objected to this; and, where appropriate, to carry out all those actions aimed at verifying the verisimilitude of the facts reported to determine their filing, the adoption of the relevant measures or their transfer to the competent authority in each case.

What is the basis for legitimisation?

Compliance with a legal obligation.

How long will we keep the data?

Any personal data that may have been communicated and that refer to conduct that is not included in the scope of application of the law will be deleted immediately. If the information received contains personal data included within the special categories of data, it will be deleted immediately, without the registration and processing of the same and all the information provided or part of it in the event that it is proven to be untruthful, from the moment that this circumstance becomes known, unless this lack of truthfulness may constitute a criminal offence, in which case the information will be kept for the necessary time during the legal proceedings.

The data processed are retained in the information system only for the time necessary to decide whether or not to initiate an investigation into the facts reported. This period may not exceed three months from the receipt of the information, unless, due to its particular complexity, the period has been extended by a further three months. Communications that have not been followed up are kept in anonymised form.

In the event that it is agreed to initiate the relevant investigation, the data will be processed for the duration of the investigation. A register of information is kept at the disposal of the competent judicial authorities in accordance with the requirements and limits set out in Law 2/2023. In no case will data be kept for a period of more than ten years.

• Smoothwall

  What data do we process?

We will process your identification data and, in case a possible threat is detected, the data captured by the application.

For what purposes will we process your personal data?

To safeguard the moral integrity of the students and to enforce the ideology of Colegios Laude S.L.U.

What is the legitimation for the processing of your data?

For employees, the existence of a contractual relationship between the parties, understood within the framework of the employer’s power of management established in the Workers’ Statute and, for students, the public interest in guaranteeing the best interests of the child.

How long will we keep personal data?

While the investigation of the potential threat is being processed.

• OTHER

  Processing of data of third parties.

As a general rule, the Data Controller will only process data provided by the data subjects. In the event of receiving data from third parties, these persons must be informed in advance and their consent must be requested, otherwise Colegios Laude, S.L.U. will be exempt from any liability for failure to comply with this requirement.

Commercial communications by electronic means

If the user has previously given express consent to do so, or when it is covered by the legitimate interest of the responsible, communications of interest will be sent to the email address provided.

Security measures

Colegios Laude, S.L.U. attaches great importance to the security of all personally identifiable information and has adopted an optimal level of security, putting the means and adopting the appropriate technical and organizational measures according to the state of technology to prevent the loss, misuse, alteration, unauthorized access or theft of personal data. For example, our security and privacy policies are periodically reviewed and improved as necessary and only authorised personnel have access to user information. From Colegios Laude, S.L.U. we make efforts and allocate resources to improve every day our pages and their functionality so that users can navigate safely.

Communication to third parties

The personal data of users may be transferred to:

• State Tax Administration Agency and to banks and financial institutions for the collection of the service and other public administrations competent in the matter by virtue of the nature of the entity and the services provided, for the correct fulfilment of the legal obligations of the Data Controller.
• Data processors necessary for the provision of the service, who will have signed a service provision contract that obliges them to maintain the same level of privacy as that of the Data Controller.

In the event that any of the assignments involve an international transfer of data, these will be carried out guaranteeing that the third party companies comply with European policies and regulations on privacy and data protection.

User rights

Data protection regulations recognise a series of rights for the user, which must be respected by the Data Controller:

• To know whether or not their data is being processed.
• To access the personal data being processed.
• To request rectification of the data if it is inaccurate.
• To request the deletion of the data if they are no longer necessary for the purposes for which they were collected or if you withdraw your consent.
• To request the limitation of the processing of the data, in certain cases, in which case they will only be kept in accordance with the regulations in force.
• To data portability, which will be provided in a structured, commonly used or machine-readable format; or it may be sent to the new designated data controller. This is only valid in certain cases.
• To lodge a complaint with the Spanish Data Protection Agency or competent supervisory authority.
• To revoke consent for any processing for which they have consented, at any time.

In order to facilitate the process, and to comply with the principle of data accuracy, if any data is modified, the Data Controller appreciates the communication of such modification.

In order to exercise the aforementioned rights, the user may request a form from the Data Controller, or use those drawn up by the Spanish Data Protection Agency or third parties. The forms may be submitted in person, sent by letter or by e-mail to the address of the Data Protection Delegate: dpo.external@ispschools.com

Depending on the right exercised, the Data Controller will take a maximum of one month to respond from receipt of the request, and two months if the issue is very complex, in which case the user will be notified.

Furthermore, we inform you that you can always go to the Spanish Data Protection Agency (www.aepd.es) to request its protection or file a complaint in relation to the processing of personal data.

Cookies

The Web uses Cookies, if you want more information, you can do so by accessing our Cookies Policy.

Changes to the Privacy Policy

The responsible party may modify or adapt the Privacy and Personal Data Processing Policy, so we recommend that you check it periodically to keep yourself updated.