Privacy Policy

In compliance with the principle of transparency and the duty to inform established by EU and national data protection regulations, COLEGIO INTERNACIONAL DE SEVILLA SAN FRANCISCO DE PAULA hereby informs interested parties about the circumstances and conditions of the processing of their data, as well as their rights.

Who is responsible for processing your data?

Identity: COLEGIO INTERNACIONAL DE SEVILLA SAN FRANCISCO DE PAULA,
Tax ID: B‑41067414
Post Address: Alcázares, 8 street, 41003 Sevilla (Spain)
Phone number: 954 22 43 82
Email address: sfpaula@sfpaula.com
Data Protection Officer: dpo@adhocasesoreslegales.com

Why do we process your personal data?

At COLEGIO INTERNACIONAL DE SEVILLA SAN FRANCISCO DE PAULA, we process the personal data of data subjects for the following purposes:

  • To provide teaching services and manage relationships with students, their parents, guardians or legal representatives.
  • To manage the employment relationship with our employees.
  • To manage job vacancies at our centres and the relationship with candidates.
  • Maintaining and managing commercial relationships with our product and service suppliers.
  • Ensuring the safety of people, property and facilities.
  • Responding to queries made by users via the contact form on our website.
  • Manage the payment of monthly fees or other services contracted through the payment gateway enabled on the College's website.

How long do we keep your data?

Personal data will be kept for as long as necessary to fulfil the purpose for which it was collected and to determine any possible liabilities arising from that purpose and the processing of the data. Where applicable, personal data will be kept until its deletion is requested.

What category of data do we collect?

With regard to students, current regulations authorise educational centres to collect personal data for teaching and guidance purposes, in relation to their family and social background, personal characteristics or conditions, educational development and results, and circumstances that need to be known in order to educate and guide students.

Furthermore, taking into account the aforementioned purposes, the following categories of data are processed by the Centre, as appropriate:

  • Identifying data: name and surname, postal and e-mail address, identity document and image.
  • Other personal data: date and place of birth, age, gender, nationality and mother tongue.
  • Academic data: education and qualifications.
  • Family data..
  • Health data, if applicable.
  • Professional data: professional experience, membership of professional bodies and associations.
  • Bank details.
  • Commercial information data: activities, businesses and business licences.
  • Financial data necessary for the management of payments through the payment gateway (which, in any case, are processed directly by the bank and are not accessible by the College).

What is the legal basis for the processing of your data?

The legal basis for the processing of your personal data will be related to the purpose for which it was collected. In this regard, the processing will be legitimised by one of the following conditions:

  • The performance of the teaching service contract.
  • The performance of the service provision contract.
  • Compliance with a legal obligation.
  • The fulfilment of a mission carried out in the public interest.
  • The fulfilment of a mission carried out in the public interest.
  • With regard to the payment of fees through the payment gateway: the performance of the contract (Art. 6.1.b GDPR) and the legitimate interest in fraud prevention and payment system security (Art. 6.1.f GDPR).

Payment gateway: data processing

The Website incorporates a payment gateway provided by a duly authorised bank (hereinafter, the ‘Entity’), through which the payment of monthly fees and any other payment associated with the services of the College will be managed.

To complete the transaction, the user will be redirected to a secure environment managed entirely by the Entity, where the data necessary to authorise the transaction will be processed.

To this end, please note that:

  • Only the essential identification and financial data (such as card number, expiry date or verification code) will be communicated to the Entity.
  • The School does not have access to the full credit or debit card details under any circumstances.
  • The Entity acts as independent data controller for the financial data processed during the payment process.
  • The sole purpose of such communication is the secure management of the payment of the contracted services.

The Entity's payment gateway complies with the security protocols and standards required by banking regulations to guarantee the protection of user data.

To whom will your data be communicated?

In general, no data will be communicated to third parties unless legally required.

However, for the management of payments made through the website, it will be necessary to communicate the strictly essential data to the Entity, with the aforementioned bank acting as an independent data controller in relation to the financial data it manages.

What are your rights when you provide us with your data?

Data subjects have the right to obtain confirmation as to whether the COLEGIO INTERNACIONAL DE SEVILLA SAN FRANCISCO DE PAULA is processing personal data concerning them.

They also have the right to:

  • Access their personal data.
  • Request the rectification of inaccurate data.
  • Request the deletion of their data when it is no longer necessary.
  • Request the restriction of the processing of their data.
  • Object to the processing for reasons related to your particular situation.
  • Request the portability of your data in a structured, commonly used and machine-readable format.

To exercise these rights, users may send a written communication to the registered office of the College or to the addresses sfpaula@sfpaula.com or dpo@adhocasesoreslegales.com, attaching a copy of their ID card or equivalent document.

With regard to the data processed by the Entity as part of the payment process, users must contact the Entity directly.

Data subjects have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) if they consider that the processing of their data does not comply with the regulations.

 

What security measures do we have in place?

The COLEGIO INTERNACIONAL DE SEVILLA SAN FRANCISCO DE PAULA informs that it has implemented the necessary technical and organisational security measures to guarantee the protection of personal data against alteration, loss, unauthorised processing or access.

Likewise, mechanisms have been established to reinforce the confidentiality and integrity of the information, continuously monitoring, controlling and evaluating the processes to ensure respect for privacy.