Privacy Policy
From CENTRO UNIVERSITARIO DE LA DEFENSA EN LA ESCUELA NAVAL MILITAR we understand that it is essential to maintain a transparent relationship with you, therefore, below, we present our Privacy Policy, so that at all times you are properly informed about how we collect and securely treat any data you provide us.
Your data will be treated in accordance with current legislation and, in particular, in accordance with the provisions of Regulation (EU) 2016/679 of April the 27th, 2016 (GDPR) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Also with regard to the Organic Law 3/2018, of December 5th, on the Protection of Personal Data and Guarantee of Digital Rights. A careful reading of our Privacy Policy will provide you with the necessary information to know what destination we will give to the data you provide us.
1. WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR DATA?
If you, or an authorized person, have provided us with your data, we inform you that CENTRO UNIVERSITARIO DE LA DEFENSA EN LA ESCUELA NAVAL MILITAR, CIF: ESS2800646H is responsible for the processing of the same. These data will be treated in accordance with the provisions of current regulations on the protection of personal data.
It is possible that there are other controllers in the processing that we carry out, in that case we will always inform who is responsible for the processing of the same, as well as their identification data.
The Website may include hyperlinks or links that allow access to third party websites other than https://cud.uvigo.es, and therefore are not operated by CENTRO UNIVERSITARIO DE LA DEFENSA EN LA ESCUELA NAVAL MILITAR. The owners of such websites will have their own data protection policies, being themselves, in each case, responsible for their own processing and their own privacy practices.
From CENTRO UNIVERSITARIO DE LA DEFENSA EN LA ESCUELA NAVAL MILITAR we are committed to the fulfillment of the obligation of secrecy of personal data and its duty to keep them. For that we adopt the necessary measures to avoid its alteration, loss, treatment or unauthorized access in accordance with the established in the Regulation.
2. DO WE HAVE A DATA PROTECTION OFFICER (DPO)?
Yes, due to the nature of the data we process, we have a Data Protection Officer to ensure compliance with current data protection regulations. Our designated DPO is that of the Ministry of Defense .You can contact him through dpd@mde.es.
3. WHERE DO WE REPORT?
From CENTRO UNIVERSITARIO DE LA DEFENSA EN LA ESCUELA NAVAL MILITAR we inform through the web page https://cud.uvigo.es in the section corresponding to the privacy policy. More information in “Legal Notice”.
4. WHAT PERSONAL DATA DO WE PROCESS?
The personal data we process are:
- Those that you choose to provide voluntarily.
- The data derived from the communications that you maintain with us.
- The information corresponding to your own navigation in the case of Online Services, (IP address or information derived from cookies or similar devices (you can see our Cookies Policy on the web).
- Information that is available in sources accessible to the public, to which we can legitimately access.
- The data derived from the contractual or pre-contractual relationship you have with us, including your image, always informing you in this case of the possibility of capturing your image.
- The data that third parties provide us about you, having a legitimate basis for it or having obtained your consent to do so.
- The data of third parties that you provide us, with the prior consent of the third party in question.
For further information, please refer to the activity log section of this privacy policy.
5. HOW DO WE PROCESS THE DATA?
At CENTRO UNIVERSITARIO DE LA DEFENSA EN LA ESCUELA NAVAL MILITAR we always treat your personal data in strict compliance with current legislation. In addition, we inform you that we have the appropriate technical and organizational measures to ensure an optimal level of security, guaranteeing that only authorized persons will have access, that we will keep them intact, avoiding any intentional or accidental loss and that we have reinforced the data processing systems and services.
However, since the CENTRO UNIVERSITARIO DE LA DEFENSA EN LA ESCUELA NAVAL MILITAR cannot guarantee the impregnability of the Internet or the total absence of hackers or others who fraudulently access personal data, therefore it undertakes to communicate without undue delay when there is a breach of security of personal data that is likely to involve a high risk to the rights and freedoms of natural persons. In accordance with Article 4 of the GDPR, a breach of security of personal data means any breach of security leading to the accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or to unauthorized disclosure of or access to such data.
The operations, management and technical procedures that we carry out in an automated or non-automated way and that make possible the collection, storage, modification, transfer and other actions on personal data, are considered personal data processing.
6. WHAT IS THE LEGITIMACY OF THE TREATMENT?
The basis for the legitimacy of the processing of Personal Data shall be the one resulting from the contractual or pre-contractual relationship, the employment relationship or any other required for the processing of data, such as express consent.
7. HOW DO WE MANAGE ELECTRONIC COMMUNICATIONS?
In accordance with the provisions of Law 34/2002 of July 11th, 2002, on Information Society Services and Electronic Commerce, and Directive 2002/58/EC, we inform you that you may receive communications and information of a commercial nature through this electronic communication system (e-mails, automated response messages from forms and other communication systems) when you have given us your consent or when they are commercial communications regarding products or services similar to those previously provided by the party responsible for the processing of your data.
In the event that you do not wish to receive communications and information of this nature, you can notify us by this same means indicating in the subject “BAJA COMUNICACIONES” so that your personal data will be removed from our database. Your request will be acted upon within 1 month of being sent. In the event that we do not receive an express reply from you, we will understand that you accept and authorize our company to continue sending the aforementioned communications.
In the case of receiving such communications by these means, we inform you that the messages are addressed exclusively to the addressee and may contain privileged or confidential information. If you are not the intended addressee, we notify you that unauthorized use, disclosure and/or copying is prohibited under current legislation.
8. HOW LONG DO WE KEEP YOUR DATA?
The personal data relating to natural persons that CENTRO UNIVERSITARIO DE LA DEFENSA EN LA ESCUELA NAVAL MILITAR we collect by any means, will be kept as long as the interested party does not request its deletion. Likewise, they will be kept as long as the relationship that originated the processing of the data is maintained, respecting in any case the legal periods of conservation. At the end of this period, the personal data will be deleted from all CENTRO UNIVERSITARIO DE LA DEFENSA EN LA ESCUELA NAVAL MILITAR systems.
9. WILL YOUR DATA BE COMMUNICATED TO THIRD PARTIES?
There will be no assignment, transmission or transfer of personal data, except those already reported, which are not the result of a legal obligation. If we are requested by the Public Administration or the Autonomous Institutions in the scope of the functions expressly attributed to them by law, your data will be transmitted.
If there is an assignment, transmission or transfer of personal data outside the above cases, you will be previously informed so that, if necessary, you can give us your consent.
This processing on behalf of third parties is regulated in a written contract or in any other legally admissible form that allows proof of its existence and content, expressly specifying that the processor will process the data in accordance with our instructions and will not apply or use them for any purpose other than that stated in the contract, nor communicate them, even for storage, to other people.
10. WHAT ARE YOUR RIGHTS?
Data protection regulations grant you the following rights:
- Access rights: It is the User’s right to obtain confirmation of whether or not the CENTRO UNIVERSITARIO DE LA DEFENSA EN LA ESCUELA NAVAL MILITAR is processing their personal data and, if so, to obtain information about their specific personal data and the processing that CENTRO UNIVERSITARIO DE LA DEFENSA EN LA ESCUELA NAVAL MILITAR has carried out or will carry out, as well as, among others, the information available on the origin of such data and the recipients of the communications made or planned of the same.
- Right of rectification: It is the User’s right to have his/her personal data that proves to be inaccurate or, taking into account the purposes of the processing, incomplete, amended.
- Right to suppression: ((“the right to be forgotten”): It is the User’s right, unless otherwise provided by law, to obtain the deletion of his/her personal data when they are no longer necessary for the purposes for which they were collected or processed; the User has withdrawn his/her consent to the processing and there is no other legal basis for the processing; the User objects to the processing and there is no other legitimate reason to continue the processing; the personal data have been processed unlawfully; the personal data must be deleted in compliance with a legal obligation; or the personal data have been obtained as a result of a direct offer of information society services to a minor under 14 years of age. In addition to deleting the data, the Data Controller shall, taking into account the technology available and the cost of its implementation, take reasonable steps to inform controllers who are processing the personal data of the data subject’s request for the deletion of any link to such personal data.
- Right to limitation of treatment: It is the User’s right to limit the processing of their personal data. The User has the right to obtain the limitation of the processing when they contest the accuracy of their personal data; the processing is unlawful; the Controller no longer needs the personal data, but the User needs it to make claims; and when the User has objected to the processing.
- Right to data portability: In the event that the processing is carried out by automated means, the User shall have the right to receive from the Data Controller their personal data in a structured, commonly used and machine-readable format, and to transmit them to another Data Controller. Whenever technically possible, the Controller shall transmit the data directly to such other controller.
- Right of objection: It is the right of the User not to have his or her personal data processed or to stop the processing of such data by the CENTRO UNIVERSITARIO DE LA DEFENSA EN LA ESCUELA NAVAL MILITAR.
- Right not to be subject to a decision based solely on automated processing, including profiling: This is the User’s right not to be subject to an individualized decision based solely on automated processing of their personal data, including profiling, unless otherwise provided for by applicable law.
If you would like more information regarding the processing of your data, rectify those that are inaccurate, oppose and/or limit any processing that you consider unnecessary, or request cancellation of the processing when the data is no longer necessary, you can write to CENTRO UNIVERSITARIO DE LA DEFENSA EN LA ESCUELA NAVAL MILITAR through the following channels:
- Electronic Headquarters of the Ministry of Defense: https://sede.defensa.gob.es/
- Public Administration Registries in person.
- E-mail of the data protection officer (Ministry of Defense): dpd@mde.es, through a document signed from the VALIDE platform with electronic ID or any other recognized certificate.
The exercise of rights must be performed by the user himself. However, they may be executed by a person authorized as legal representative of the authorized person. In this case, documentation must be provided to prove this representation of the interested party.
Likewise, we would like to inform you that you can withdraw the consent given without affecting the lawfulness of the processing already carried out, by sending your request through the channels indicated in the previous paragraph.
11. WHAT IS THE PURPOSE AND BASIS OF LEGITIMACY FOR DATA PROCESSING AND HOW LONG WILL THE DATA BE KEPT?
The purposes of the data processing carried out by any or all of the Data Controllers listed above are detailed below.
| PROCESSING ACTIVITY | PURPOSE OF PROCESSING | BASIS OF LEGITIMIZATION | STORAGE PERIOD |
| Labor management | Personnel management for the formalization of an employment contract, file control, payroll management | Contractual relationship | 5 years from the end of the contract |
| Tax and accounting management | Processing necessary for the fulfillment of tax and accounting obligations | Contractual relationship
Legal obligation for the data controller |
5 years from the end of the contract
The time necessary to meet legal obligations |
| Contact management | Data processing in order to maintain communications with interested parties | Express consent of the data subject
Contractual relationship Public interest or exercise of public powers |
5 years from the end of the contract
Until the cancellation and/or opposition by the holder Until the relevant loss of use |
| Occupational risk prevention | Compliance with current legislation on occupational risk prevention and health surveillance | Contractual relationship
Legal obligation for the data controller |
Until the end of the contractual relationship
The period of time legally established by specific regulations |
| Video surveillance | Capture of images by the video surveillance system and/or alarm system with image capture, to protect the assets of the entity | Public interest or exercise of public powers | Maximum 1 month |
| Organization of events and activities | Management and coordination of activities and events related to the activity of the entity. Control of attendance and participants. | Express consent of the data subject
Contractual relationship |
Until the cancellation and/or opposition by the holder
The time necessary to meet legal obligations |
| Multimedia management | Image and/or video processing for dissemination in the media and social networks and promotion of activities | Express consent of the data subject | Until the cancellation and/or opposition by the holder
Until the relevant loss of use |
| Management of the provision and selection of jobs | Selection of personnel and filling of positions through public calls for applications | Contractual relationship
Legal obligation for the responsible party Public interest or exercise of public powers |
The time required to meet legal obligations |
| Labor control | Control of employee attendance at work (vacations, absenteeism, time recording) | Contractual relationship
Legal obligation for the responsible party |
Until the end of the contractual relationship |
| Internal management of the organization | Management of the governing body, commissions, internal notifications, control of internal expenses | Contractual relationship
Public interest or exercise of public powers |
Until the end of the contractual relationship |
| Management of judicial and administrative archives | Management and administration of legal proceedings of the administrative documentation of the entity, its employees and third parties related to it | Legal obligation for the responsible party
Public interest or exercise of public powers |
The time necessary to meet legal obligations |
| Public administration recruitment management | Analysis of compliance with the clauses and requirements established in the administrative specifications of public contracting procedures, reports on suppliers, contracting and payments | Contractual relationship
Public interest or exercise of public powers |
Until the relevant loss of use
Until the end of the contractual relationship |
| Management of training courses | Processing of the data necessary for the training of employees, students and interested personnel | Legal obligation for the responsible party
Public interest or exercise of public powers |
Until the end of the contractual relationship |
| Access control | Recording of entrances and exits to the facilities or to a specific area or position | Contractual relationship
Public interest or exercise of public powers |
Until the cancellation and/or opposition by the holder
Until the relevant loss of use Until the end of the contractual relationship |
| Administrative management of students | Students’ data for contact, internship management, class management, etc | Express consent of the data subject
Legal obligation for the data controller Public interest or exercise of public powers |
Until the cancellation and/or opposition by the holder |
| Academic management of students | Student’s data in order to be able to create the academic record according to the current regulations on the subject | Legal obligation of the responsible party
Public interest or exercise of public authority |
Until the cancellation and/or opposition by the holder |
| Management of student evaluation through telematic testing | To be able to manage and carry out academic evaluations telematically by means of tools, forms and videoconferencing systems with the possibility of recording the content of the test | Legal obligation of the responsible party
Public interest or exercise of public authority |
The period of time legally established by specific regulations |
| Management of online training actions | Organization, registration of users and realization of training actions through videoconferences, and recording of the same (meetings, webinars, training) | Contractual relationship
Legal obligation for the responsible party Public interest or exercise of public powers |
The time necessary to meet legal obligations |
| Registration management | The purpose is the management of the entry and exit registry of documents of the agency, in the terms provided in the article of the law 39/2015, of the common administrative procedure of public administrations | Legal obligation for the responsible party | The period of time legally established by specific regulations |
| Incident management | Management of computer incidents of users of different services | Public interest or exercise of public powers | Until the relevant loss of use |
| Management of library funds and other academic work | Management of library users, control of loans, control of the repository of academic works: master’s theses, bachelor’s degree theses, other publications | Express consent of the data subject
Contractual relationship Public interest or exercise of public powers |
Until the cancellation and/or opposition by the holder |
| Management of stays abroad (exchanges) | Management of all the procedures for interested parties to carry out stays in other entities located abroad, or receiving interested parties for the same purpose | Express consent of the data subject
Public interest or exercise of public powers |
The time necessary to meet legal obligations |
| Promotion and management of R&D and transfer | Management of the data of researchers and collaborators necessary for the management and processing of R&D projects | Legal obligation for the responsible party
Public interest or exercise of public powers |
Until the cancellation and/or opposition by the holder
The period of time legally established by specific regulations |
| Transparency management | Management necessary to publish and respond to requests for information in compliance with Law 19/2013, of December 9, 2013, on transparency, access to public information and good governance. | Legal obligation for the data controller | The period of time legally established by specific regulations |
| Social action | Management of candidates and recipients of financial aid | Contractual relationship | The time necessary to meet legal obligations |
| Management of collaboration agreements | Data necessary for the establishment of collaboration agreements, management of activities included in the same, participants | Contractual relationship
Legal obligation for the responsible party Public interest or exercise of public powers |
The time necessary to meet legal obligations |
| Employee training | Processing of data necessary for the training of employees and interested staff | Legal obligation for the responsible party
Public interest or exercise of public powers |
Until the end of the contractual relationship |
12. ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY
It is necessary that the User has read and agrees with the conditions on the protection of personal data contained in this Privacy Policy, as well as to accept the processing of their personal data so that the Data Controller can proceed in the manner, during the periods and for the purposes indicated. The use of the Web Site will imply the acceptance of the Privacy Policy of the same.
CENTRO UNIVERSITARIO DE LA DEFENSA EN LA ESCUELA NAVAL MILITAR reserves the right to modify its Privacy Policy, according to its own criteria, or motivated by a legislative, jurisprudential or doctrinal change of the Spanish Data Protection Agency. Changes or updates to this Privacy Policy will not be explicitly notified to the User. The User is recommended to consult this page periodically to be aware of the latest changes or updates.
This Privacy Policy was updated to adapt to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and to Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights.
- Register of Processing Activities
- Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data.
- Organic Law 3/2018, of December 5th, on the Protection of Personal Data and guarantee of digital rights.
This Privacy Policy document has been revised as of : 22/11/22
