Privacy policy
Universia Holding, S.L. ("Universia" or the "Data Controller") informs the guests of the event –"5th Universia International Rectors' Summit in Valencia"- (hereinafter "Users" or in the singular "User" and the "Event") about its policy on personal data protection, which details the data processing in the portal accessible through the following domains: www.encuentrointernacionalrectoresuniversia.com, www.encuentrointernacionalrectoresuniversia.com/en and www.encuentrointernacionalrectoresuniversia.com/pt, and through the mobile apps called "Universia International Rectors' Summit" available for iOS and Android (hereinafter, jointly or independently, the "Portal").
This Privacy Policy sets out the purposes for which we process Users' personal data, the grounds for lawful processing, the periods for which we retain the data, the entities or bodies to which it is disclosed, the rights that may be invoked and other matters we consider relevant so that Users are aware of what we do with their data when they register for the Event.
When we refer to "personal data", this means all information that Users provide to us directly (the "Data"). Each User must provide only required data, marked with an asterisk, in each case. This is necessary to register for the Event. This data can be provided directly by Users who complete the registration form.
This Privacy Policy will be available for consultation at the bottom of the Portal's website and the mobile app's home page.
1. DATA CONTROLLER
Identity of the Data Controller:
Universia Holding, S.L
An entity registered with the Mercantile Registry of Madrid in 2005, at volume 16547, Folio 107, Sheet number M-28189, Entry: 4, with corporate tax number: B82976515. (Hereinafter the "Data Controller").
Data controller contact details:
Postal address: Ciudad Grupo Santander. Avda de Cantabria s/n, 28660 Boadilla del Monte (Madrid)
Contact email address for privacy purposes: gestionderechosarco@universia.net
Data Protection Officer contact email address: dpo@universia.net
2. WHICH DATA WE PROCESS AND ITS ORIGIN
We process Data that Users provide to us through the Portal, both during registration and later when they complete their profile. Data is therefore collected directly, since the User has provided Universia with this information by filling in the registration form and subsequently their profile.
In particular, we receive the following data: (i) identification data: identity document (ID or passport), address, telephone/whatsapp, first and last name; (ii) Personal characteristics data: date of birth and nationality; (iii) Employment data: occupation, jobs; (iv) Health data: data on intolerances, i.e. allergies or any other type of food intolerance or restriction.
Finally, we inform Users that we obtain information about browsing habits through cookies. For more information on this subject, we recommend that Users consult our Cookies Policy
3. PURPOSES AND LEGAL BASES FOR PROCESSING
Managing the registration of Users for the Event and access to the Portal. To manage the participation of Users who want to register for the Event, the Data Controller will process their Data. Universia will process the Data for all the processing necessary to allow the User's identification and access to their private area within the Portal and to allow the User to participate in the Event.
What legal basis legitimises this processing?
The legal basis that enables this processing is the conclusion of a contract that comes into being with the acceptance of the General Terms and Conditions of Use that regulate the registration of Users for the Event.
Transferring data to Global Business Travel Spain SLU ("GBT") in order to manage the Event's services. The Data Controller will transfer strictly required Data to GBT so that the latter may provide services essential to the registration and participation of Users at the Event –""5th Universia International Rectors' Summit In Valencia". GBT will become Data Controller when it receives the data.
Specifically, GBT will process data transferred by Universia to manage accommodation, transport, or travel services (airline, train, sea, hire car, chauffeur), visa processing should any of the Users so require. GBT will also control access to the facilities where the Event will take place, through the management of accreditations.
Universia also will share with GBT any health data relating the User's food intolerances and/or dietary restrictions that the User has expressed. This is to allow GBT to take the appropriate precautions for the Event's catering service and meal plan, and to protect the User's health and well-being.
What legal basis legitimises this processing?
We must distinguish between two legitimate bases in this processing activity depending on the personal data being transferred.
One, the contract that is made with Users after they have accepted the General Terms and Conditions of Use constitutes the basis for the legalisation and consent to the processing of their employment and identification Data. This contractual document governs registration of the User for the Event through the Portal, and it also implies the provision by GBT of services to manage the procedures necessary for Users' attendance and participation with the agreed amenities.
Two, the basis for legitimacy justifying the transmission of data related to food intolerances or restrictions is the Users' explicit consent in the relevant field. In this case, consent is necessary given the sensitive nature of the information collected. Universia understand that GBT must be aware of this information in order to control the meal plan offered to these Users during the Event, as a measure to protect their health and well-being. GBT will only use this Data to carry out the monitoring activities described in this section and will consequently apply strict security measures to ensure a higher level of protection.
Sending of academic communications by any means, including electronic means. Our aim is to provide Users with interesting content at all times. To this end, Universia will send its own communications of an academic nature, which may deal with other summits similar to the Event, activities in the academic field, courses, scholarships, training, content, workshops and other topics in this field.
What legal basis legitimises this processing?
The legal basis that enables this personal data processing is that it is of legitimate interest to the Data Controller. The Data Controller has a particular interest in ensuring that its Users are aware of the various functionalities or opportunities that Universia offers in relation to the academic and university environment.
At Universia, we have carried out a weighting analysis to assess whether we can indeed carry out this processing based on our legitimate interest. Users can ask us to do so via the contact details provided. However, some of the main conclusions of this analysis are listed below: sending commercial communications is a genuine interest for us that is entirely legitimate; it is proportionate, as there are no less intrusive measures that allow us to develop our interest in making you aware of the opportunities we offer; and it does not represent any harm to you, but rather means that we will send you offers, announcements or academic content that we believe may be of interest to you; you can object to it at any time and from the outset; and furthermore, it is a common practise in the industry.
Resolution of User queries. Universia will processes the Data in order to handle and manage any requests for information, doubts or other requests sent by the User through the contact form, as well as the resulting actions and operations.
What legal basis legitimises this processing?
This processing is carried out based on Universia's legitimate interest in adequately addressing the concerns raised by Users and increasing satisfaction with the services it provides, as well as, where applicable, in compliance with any legal obligations that may apply in relation to customer service. Users may request a copy of the weighting analysis carried out via Universia's contact details above.
We have carried out a weighting analysis to assess whether we can actually carry out this processing based on our legitimate interest. Users can ask us to do so via the contact details provided. However, some of the main conclusions from this analysis are as follows: the resolution of doubts and queries represents a genuine interest for us that is entirely legitimate, it is proportionate as there are no less intrusive measures that allow us to develop our interest without processing Users' data in a lawful manner, it does not represent any harm to you (on the contrary, it allows for fluid communication with Universia), the processing of the data is not unbalanced, and furthermore, it is commonplace in the industry.
Exchanging messages and networking with other guests at the Event using the function provided.
The Processor will process the Data of those Users that belong to an academic group (defined in section 3 of the General Terms and Conditions) and activate the networking function, in order to include them in the contact directory so that the rest of the members of said group can see their contact details and contact them to arrange meetings or share opinions during the Event.
The Data that will be processed for this purpose are: name, surnames, university, country, email address and mobile number/WhatsApp (the latter will be optional).
What legal basis legitimises this processing?
The legal basis for this data processing is the express consent provided by the User by activating the networking function. If the User does not initially provide their consent, or provides it but then revokes it, they will still be considered Users and their attendance at the Event will not be affected. Compliance with legal obligations. Lastly, Universia may process Data to comply with applicable legal obligations. For example, obligations of a fiscal nature, compliance with judicial requirements, etc.
What legal basis legitimises this processing?
The legitimate basis for this processing is that we are required to process your Data in order to comply with our legal obligations.
4. DATA RETENTION PERIOD
The data provided will be retained for a period of 1 (one) year from the end of the Event. During this time, we may send you our own communications of an academic nature relating to other summits similar to the Event, activities related to the academic sector, training, workshops, and other relevant topics connected with this sector.
When the contractual relationship comes to an end, or if the User exercises their right to erasure, their personal data will be blocked for the periods established by law in order to comply with any obligations arising from its processing, to formulate, assert and/or defend any claims, insofar as this is permitted by applicable law, or to make the data available to judges and courts or the competent authorities. Universia will retain the User data in a blocked form for the duration of this additional period. This means that we will not use it for the original purposes, but only for the purposes described in this paragraph and during the limitation periods for any liability claims that may exist. After this additional period has expired, we undertake to stop processing all Data.
Universia also informs you that GBT (the company that receives Users's data under the framework of this Event to manage accommodation, transport and catering services as well as access to the Event) will only retain the personal data received for as long as it is necessary to properly manage the services related to the Event. Once this period has expired, the data will remain blocked for the established legal period and will be subsequently deleted.
5. DATA RECIPIENTS
User Data will be shared with the following entities:
GBT. The Data Controller will transfer the Data to GBT. GBT will be responsible for managing the services related to running and managing the Event (accommodation, transport and travel, visa processing, meal plan and control of access to the facilities where the Event is held). Users may consult which specific Data is transferred to the above Recipients in Section 3.2 of this Privacy Policy.
To ensure full transparency to Users, Universia provides them with the necessary information to identify the company to which their personal data is transferred:
Corporate name: GLOBAL BUSINESS TRAVEL SPAIN, SLU
Registered office: Via de los Poblados 1, edificio Alvento, bloque D. 6 planta. 28033 Madrid
Link to Privacy Policy: www.privacy.amexgbt.com/ and www.amexglobalbusinesstravel.com/digitalterms/
Public authorities and bodies so that they may fulfil their duties. We may sometimes share information with public authorities or bodies as required by law in order to enable them to carry out their duties. For example, tax authorities or courts of law may use your dData for their own purposes.
Academic groups. The Processor will make those Users belonging to an Academic Group, and who have activated the networking function, visible to the rest of the members of said group so that they can stay in contact for the purpose of the Event.
Service providers. Service providers are entities that help us with various different matters relating managing the Service, such as technological infrastructure, storage, sending commercial communications, or User support. At Universia, we ensure that all of our service providers who may have access to your Data are bound by confidentiality agreements and are required to comply with applicable data protection regulations. We have signed agreements with these service providers that regulate the use of your Data, limiting this to the provision of the Service and the security measures they must adopt to protect your Data. The providers we work with never use your Data for their own purposes. They only use it to help us provide the Service to you.
Some of these service providers are located outside of or may access Users' Data from outside of the European Economic Area. We have therefore put appropriate safeguards in place to ensure that the Data is processed with a level of protection equivalent to that in the European Economic Area. In particular, such transfers may be covered by the adoption of standard contractual clauses approved by the European Commission and supplemented by additional measures where appropriate.
Users may consult which specific Data is transferred to the above Recipients in Section 3 of this Privacy Policy.
6. RIGHTS OF DATA SUBJECTS
Users are entitled to access their Data, as well as to request the rectification of any inaccurate data, the limitation of its processing or, where appropriate, request it be deleted when, among other reasons, the data is no longer necessary for the purposes for which it was collected, as well as not be subject to automated individual decisions. In certain circumstances and for reasons relating to their own specific situation, data subjects may object to the processing of their data. Universia will cease to process the data, except in the event of compelling legitimate reasons, or for conducting or defending against potential claims.
Users will also be entitled to request the portability of their data where this is technically possible.
Data subjects may contact us at the following email address gestionderechosarco@universia.net to exercise their rights or send a letter by post to Ciudad Grupo Santander, Avda de Cantabria s/n, Santander Universities, 28660 Boadilla del Monte (Madrid), Spain, attaching a copy of their ID.
Data subjects are entitled to lodge a complaint with the Spanish Data Protection Agency at Calle Jorge Juan 6, 28001, Madrid or its online address www.aepd.es
7. AMENDMENT OF THE PRIVACY POLICY
We reserve the right to amend this Privacy Policy in accordance with applicable law at any time. However, we will inform Users of any significant changes that could have a material impact on their privacy well in advance. We will publish the amended Privacy Policy on our Portal, where Users will be able to check the date of the latest update. We may require Users to provide consent again depending on the nature of the changes we make.
Date of latest update 16/02/2023