Identity: Fundación Universidad de Oviedo
CIF: G33532912
Postal Address for notifications and summons: C/ Principado 3, 4ª planta, 33007 Oviedo
E-Mail: qem2d@gmail.com
Contacto DPD: qem2d@gmail.com

For what purpose do we process your personal data?

The personal data we process serves the following purposes:

• Attention to your inquiries and requests: Management of responses to inquiries, complaints or incidents, requests for technical or corporate information, resources and/or activities, made via email, telephone, contact form and/or instant messaging.
• Contact with the interested party through the means of communication provided (email, postal address and/or telephone) in order to manage queries arising from the relationship between the parties.
• Offering and commercial management of the products and services offered by the Controller. Contacting the interested party to request any necessary data to manage the design and proposal of products and/or services.
• Internal use, carrying out operations and administrative, economic and accounting management arising from the commercial relationship and/or provision of services.
• Profiling, to the extent you have given us your unequivocal consent. "In order to offer you products and services tailored to your interests and to improve your user experience, we will create a 'profile' based on the information you provide. No automated decisions will be made based on this profile."
• Consult the advertising exclusion systems that may affect your operations, excluding from processing the data of those affected who have expressed their opposition or refusal to the process by consulting the advertising exclusion systems published by the competent supervisory authority.
• Associated management, including prior notification thereof, that may arise from the development of any structural modification operation of companies or the contribution or transfer of a business or branch of business activity, provided that the processing is necessary for the successful completion of the operation and guarantees, where appropriate, the continuity of the provision of services.
• Dissemination of our best practices regarding the services we have provided to you and/or the publication and/or communication of graphic material that may incorporate the image of the owner and/or personnel under his/her charge in corporate media and/or other public media, to the extent that you have given us unequivocal consent.
• Management of the organization's contracting and provision of services, as well as compliance with contractual and regulatory requirements related to the organization and/or the requested operation.
• Sending commercial communications about products or services similar to those contracted by the client with whom there is a prior contractual relationship, legitimized in accordance with Article 21 of the LSSICE.
• Quality control over our products and services, quality management of processes and activities, as well as the evaluation of satisfaction/perception and performance results of the organization's stakeholders.
• Providing evidence to justify campaigns, activities, promotions, contests, projects and grants in which the organization participates
• Regulatory Compliance Management (applicable regulations, as well as mandatory internal regulations): Investigation, monitoring and auditing of controls established for the prevention of crimes, including controls on access to facilities, video surveillance, information systems and printing of documentation for all personal data under the responsibility of the organization and therefore for all information systems of said entity, as well as controls that the entity may establish for the investigation of accidents and/or incidents that may occur, as well as non-compliance with regulations, crimes or illegal behavior.
• Asset and Credit Solvency Assessment to confirm the economic viability of the requested transaction, as well as, where applicable, the communication and management associated with the claim for the agreed amounts for the provision of the service.
• Statistical and historical purposes that allow us to improve the commercial strategy of our products and services, with your data being previously anonymized.
• The management and auditing of the organization's processes and facilities' management and regulatory compliance systems.
• Contacting you and sending you personal communications, event invitations, greeting you on special dates, conducting quality and satisfaction surveys, as well as periodically informing you of new developments, news, and corporate information, and providing you with offers on products and services of interest to you by telephone, in writing, or electronically, if you have consented and/or requested such information.
• To the extent you have provided us with your resume to join the company, we will process your data to manage the job selection process, and if you have given your consent, for the purposes described in the additional consents.

How long do we retain your data?

• The data provided will be retained as long as the lawful processing relationship is maintained, and its deletion is not requested by the interested party after the formal written termination of the relationship with the interested party, with the exception of its retention for the formulation, exercise or defense of claims by the data controller or with a view to protecting the rights of another natural or legal person and/or for reasons of legal obligation.
• In any case, at the end of the relationship, the interested party's data will be duly blocked, as provided for in current data protection regulations.
• Accounting and Tax Documentation - For Tax purposes: Accounting books and other mandatory record books according to the applicable tax regulations (personal income tax, VAT, corporate tax, etc.), as well as the documentary support that justifies the entries recorded in the books (including computer programs and files and any other supporting documents that have tax significance), must be kept for at least the period of limitation for Tax Crimes - General Tax Law and Penal Code, Limitation period for infractions 10 years.
• Accounting and Tax Documentation - For Commercial purposes: Books, correspondence, documentation and justifications concerning your business - Commercial Code - 6 years.
• Solvency Files: Data referring to certain, overdue, demandable and unclaimed debts - LOPD – 5 years
• The data processed for the purpose of sending commercial communications will be retained until you revoke your consent.
• Therefore, the data will be retained as long as the business relationship is in force, based on the retention periods established by the current regulations noted above, as well as the legally or contractually established periods for the exercise or prescription of any liability action for breach of contract by the interested party or the Organization (Civil Code establishes a period of 5 years to be able to carry out an action for civil liability, a period that is calculated from the date on which compliance with the obligation can be demanded).

What is the legitimacy for processing your data?

The processing of your data is legitimized by:

• Compliance with your request. The requested data is necessary for the correct provision of the service.
• The legal basis for processing your data is to fulfill your request. The requested data is necessary for the correct processing of your data.
• The execution of a contract, request, offer, order, and/or commercial agreement, for which the data provided may be communicated to third parties who, where appropriate, provide us with specific products and/or services that are necessary for the management of the contracted service provision, in order to adequately address, where appropriate, the guarantees and liabilities of the products and services supplied.
• Comply with a legal obligation: Administrative, commercial, tax, fiscal, accounting, civil, and financial regulations, and consumer and user protection legislation, as well as regulations inherent to the contracted operation and those associated with the sector.
• Satisfy a legitimate interest of the Controller: Processing of data as part of a commercial relationship and/or contract, which are necessary for its maintenance or fulfillment, fraud prevention, cases of legitimate interest in which the controller could be an injured party and the processing and communication of the data of the non-compliant party to third parties is necessary in order to manage regulatory compliance and the defense of the interests of the data controller, as well as the legitimate interest of direct marketing enabled by the LSSICE (sending commercial electronic communications about products or services similar to those contracted by the client with whom there is a prior contractual relationship), as well as cases of legitimate interest of specific treatments contemplated in the LOPDGDD.
• The consent of the interested party, which they have unequivocally provided to us through formal means and/or by checking the boxes provided for this purpose in the data protection clauses included in the basic document governing the business relationship, depending on the contact channel.

To which recipients can your data be communicated?

• Organizations or individuals directly contracted or with whom a collaboration agreement exists with the Data Controller for the provision of services related to the processing purposes (by way of example and not limitation): Legal, Tax and Accounting Consultants, Debt Collection and Credit Insurance Management Entities, Management, Accounting and/or Regulatory Compliance Auditors, IT Maintenance, Suppliers, Courier/Transportation Companies, Video Surveillance/Alarm Companies, other professionals/companies necessary for the execution of certain services.
• Public Administration bodies or agencies with jurisdiction over the matters covered by the processing purposes, to fulfill their obligations when required by current legislation, as well as to manage the provision of services.
• Third parties who have been expressly authorized by the data owner.
• Financial Institutions: Transfer and/or management of payment instruments.
• State Security Forces and Corps and Judicial bodies, to the extent required.
• Collaborators or promoters of events, projects, and grants in which the organization participates, for the technical or economic justification thereof.
• Media for promoting/publicating the organization's activities (public and/or private, such as websites, social media, newspapers, etc.).

Under what guarantees is your data communicated?

Data is communicated to third parties through entities that demonstrate the availability of a Personal Data Protection System in accordance with current legislation.

User responsibility

You:

• You guarantee that you are over eighteen (18) years of age and that the data you provide to the Data Controller is true, accurate, complete, and up-to-date. For these purposes, the user is responsible for the veracity of all data provided and will keep the information provided appropriately updated so that it reflects your actual situation.
• You guarantee that you have informed any third parties to whom you provide your data, if any, of the information contained in this document. You also guarantee that you have obtained their authorization to provide their data to the Data Controller for the purposes indicated.
• You will be liable for any false or inaccurate information you provide through the Website and for any direct or indirect damages caused to the Data Controller or third parties.

What are your rights?

You have the right to obtain confirmation as to whether or not we are processing personal data concerning you.

Data subjects have the right to access their personal data, as well as to request the correction of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

In certain circumstances, data subjects may request that the processing of their data be restricted, in which case we will only retain it for the purpose of exercising or defending legal claims.

In certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data, in which case the Data Controller will cease processing the data, except for compelling legitimate reasons or to exercise or defend against potential legal claims.

Under the right to data portability, data subjects have the right to obtain the personal data concerning them in a structured, commonly used, machine-readable format and to transmit it to another controller.

If you have given consent for a specific purpose, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent prior to its withdrawal.

Where to go to exercise your rights?

If you wish to exercise your rights, please go to the channel established for the exercise of rights by the data controller. (qem2d@gmail.com) so that we can respond to your request in a managed manner.

What information is required to exercise your rights? To exercise your rights, we need to prove your identity and the specific request you are making, and we therefore request the following information:

• Documented information (written/email) of the request in which the application is specified.
• Proof of identity as the data subject to the exercise (Name, surname of the interested party and photocopy of the ID of the interested party and/or the person representing them, as well as the document proving such representation.
• Address for notifications, date and signature of the applicant (in the case of a written request), or full name and surname (in the case of an email address), or validation of the request in the private area of ​​the communication channel with a personal key to authenticate your identity.
• Where the data controller has reasonable doubts as to the identity of the natural person making the request, they may request the provision of additional information necessary to confirm the identity of the data subject.

What is the General Procedure for Exercising Your Rights? Once we have received the required information, we will proceed to respond to your request in accordance with the Data Controller's general procedure for exercising his or her rights:

• The data controller shall provide the data subject with information regarding its actions based on a request pursuant to Articles 15 to 22 (Rights of the data subject), and in any event within one month of receiving the request.
• This period may be extended by another two months if necessary, taking into account the complexity and number of applications.
• The controller shall inform the interested party of any such extensions within one month of receiving the request, stating the reasons for the delay.
• When the interested party submits the request electronically, the information will be provided electronically whenever possible, unless the interested party requests that it be provided otherwise.
• If the data controller does not comply with the data subject's request, they will inform the data subject without delay, and no later than one month after receiving the request, of the reasons for their failure to act and of the possibility of lodging a complaint with a supervisory authority and taking legal action.
• The information provided will be free of charge, except for a reasonable fee for administrative costs.
• The data controller may refuse to act on the request, although it will bear the burden of demonstrating that the request is manifestly unfounded or excessive.

What avenues for complaint exist?

If you consider that your rights have not been properly respected, you have the right to lodge a complaint with the competent data protection authority. (www.agpd.es).

How did we obtain your data?

Your data has been obtained through one of the following means:

• Through the interested party or his or her legal representative.
• Through third parties with whom the data controller maintains a commercial or service provision relationship.
• Through public bodies related to the purpose of the contracted service provision.
• Through third parties at the request of the contracting party.

What category of data do we process?

Identification and contact information (name, surname, telephone number or email address, etc.); commercial information; economic, financial, and/or payment terms information; other types of information: name, surname, and tax identification number of the legal representative; contact information for individuals within the organization involved in or related to the service covered by the contract/request.

The data structure we process may contain specially protected data, the processing of which is necessary for the proper execution of the products/services contracted by the interested party, and which will be processed by the organization as the data processor. Such data is generally dissociated and/or anonymized.

How is your personal data stored securely?

Universidad Autonoma de Madrid takes all necessary measures to keep your personal data private and secure. Only authorized personnel from Universidad Autonoma de Madrid, as well as authorized personnel from third parties contracted/collaborators to provide certain services (who are legally and contractually obligated to keep all information secure), have access to your personal data. All University of Oviedo Foundation personnel who have access to your personal data are required to comply with data protection regulations, as well as the Privacy Policy and any instructions, communications, codes, or similar documents prepared and provided for your information. All third parties who have access to your personal data are required to sign the relevant confidentiality agreements/data processor contracts.

Universidad Autonoma de Madrid follows strict criteria for selecting service providers in order to comply with its data protection obligations and undertakes to sign the corresponding data processing agreement with them, which will impose, among others, the following obligations: to apply appropriate technical and organizational measures; to process personal data for the agreed purposes and in accordance solely with the documented instructions of Universidad Autonoma de Madrid; and to delete or return the data to the user once the provision of services has concluded. These agreements do not affect your rights under data protection law. For more information about these agreements, please do not hesitate to contact us.

Changes in Privacy Policy

Universidad Autonoma de Madrid reserves the right to make any modifications, changes, deletions, or cancellations to the content and presentation it deems appropriate at any time. We therefore recommend that you consult our privacy policy whenever appropriate. If you do not agree with any of the changes, you may exercise your rights according to the procedure described above by sending an email to qem2d@gmail.com.

Confidentiality and information from third parties whose personal data you provide us

By accepting and/or validating the process that serves as the basis for formalizing your relationship with Universidad Autonoma de Madrid, you expressly consent to the processing of your data in accordance with the provisions of the clause and additional information on data protection, and you undertake to inform and obtain the consent of any third parties whose personal data you provide us with for such processing.

Likewise, the user undertakes to inform, on behalf of and on behalf of Universidad Autonoma de Madrid, in an express, precise and unequivocal manner, the data subjects whose information they provide to Universidad Autonoma de Madrid - within one month of the time the data is communicated to Universidad Autonoma de Madrid - of the data processing carried out.

Version: 1.0
Date: 30/10/2025