Legal Notice

INSA Business, Marketing & Communication School in Spain (hereinafter “INSA”), with Tax ID (CIF) B58714593, located in Barcelona (Spain), as a training and higher education institution, sets out in this section its Corporate Privacy Policy regarding the personal data that users may provide through any of INSA’s channels.

This Privacy Policy may be modified in accordance with legislative or self-regulatory requirements; therefore, users are advised to review it periodically.

Privacy Policy

INSA’s Privacy Policy is governed by compliance with the applicable legislation on personal data protection:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter “GDPR”),

• Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (LSSI-CE),

• Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD).

INSA is committed to safeguarding the privacy of personal data collected through its corporate website and associated web platforms, ensuring and protecting users’ data in the same manner as information obtained through any other institutional channel.

In accordance with the principle of accountability, this policy shall apply whenever users complete any form on any course page and/or website where personal data is collected, without prejudice to the specific “Privacy Clause” applicable to each individual form.

Who is RESPONSIBLE for data processing?

INSA Business, Marketing & Communication School (INSA)
Registered Office: Carrer Torrent de l’Olla 208, Barcelona, Spain
Telephone: +34 93 280 66 96
Data Protection Officer (DPO): dpo@insabarcelona.com

For what PURPOSE do we process your data?

The personal data processed will be those provided by the user through online forms or during the enrollment process in any of our academic programs, for the following purposes:

• To manage subscription requests and information inquiries made through INSA’s website or other recruitment channels.

• To process admission procedures and enrollment in academic programs.

• To manage the academic and administrative relationship with students and participants.

• To provide registered users with access to and use of their private user area.

• To conduct satisfaction surveys or evaluations related to academic activities.

• To send periodic newsletters containing information, news, updates, and relevant academic content, through electronic or other communication channels including, but not limited to, email, SMS, MMS, messaging platforms, chat, or similar means.

• To send information regarding products and services offered by INSA and, where applicable, by collaborating third parties.

• To conduct opinion surveys among registered users who voluntarily participate.

• To manage participation in information sessions, training sessions, or educational webinars organized by INSA or in collaboration with academic or business entities linked to its educational activities, where the data subject has provided consent.

What is the data retention period?

In compliance with the principle of storage limitation, personal data collected by INSA will be processed only for the time necessary to fulfill the purposes for which it was collected.

In general terms:

• Data will be retained for the duration of the contractual or academic relationship.

• Thereafter, it will be retained only for the period required to comply with legal obligations and liabilities arising from the processing.

• In the case of promotional communications or newsletters, data will be retained until the data subject objects or withdraws consent.

Source of the data

The data processed by INSA is provided directly by the data subject.

If you subscribe to informational channels or register through partner websites, you will be required to provide essential personal data necessary to manage the requested services (such as name, surname, email address, postal address, etc.).

You may also voluntarily provide additional data for informational, service-related, or activity-related purposes strictly linked to INSA’s educational activities.

What is the LEGAL BASIS for processing your data?

The legal basis for processing personal data will depend on the specific purpose for which it was collected.

In general:

• Processing is based on the data subject’s consent (Art. 6(1)(a) GDPR) where required for sending informational communications or for participation in voluntary activities organized by INSA.

• Processing may be based on the performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR) where necessary for managing information requests, admissions, enrollment procedures, and academic or administrative relationships.

• Certain processing activities may be based on compliance with legal obligations applicable to INSA (Art. 6(1)(c) GDPR).

• Additionally, INSA may process certain data on the basis of its legitimate interest (Art. 6(1)(f) GDPR) when necessary to ensure the proper functioning of academic activities, system security, fraud prevention, or service improvement, provided that such interest does not override the fundamental rights and freedoms of the data subject and after conducting the appropriate balancing test.

The data subject may withdraw consent at any time without affecting the lawfulness of processing based on consent prior to its withdrawal by contacting dpo@insabarcelona.com.

Who are the RECIPIENTS of the data?

INSA does not transfer personal data to third parties unless required by law or agreed with the user.

Data may be accessed by service providers acting as data processors (e.g., technology providers, hosting services, academic management platforms, electronic communication providers), always under contractual agreement and following INSA’s instructions.

INSA uses technology providers located within the European Union or adhering to the EU–US Data Privacy Framework.

No third party shall access personal data directly without the data subject’s explicit consent where required.

What are your RIGHTS?

Data subjects have the following rights:

• Access

• Rectification

• Erasure

• Restriction of processing

• Objection

• Data portability

How can you exercise your rights?

You may exercise your rights by submitting a written request to:

INSA
Carrer Torrent de l’Olla 208
Barcelona, Spain

Or by email to: dpo@insabarcelona.com

You must identify yourself and specify your request, attaching a copy of your ID or equivalent identification document.

You also have the right to lodge a complaint with the competent supervisory authority (Spanish Data Protection Agency – www.aepd.es) if you believe that your data protection rights have been violated.

Your cooperation is important

INSA continuously monitors, within its capabilities, the proper use of personal data under its responsibility. If you become aware or suspect any misuse of your personal data, please notify us promptly at dpo@insabarcelona.com.

All data provided must be accurate and up to date. The data subject is responsible for informing INSA of any changes.

Data security measures

INSA undertakes to implement the necessary technical and organizational measures to ensure the security of personal data and to prevent its alteration, loss, unauthorized processing, or access, in accordance with GDPR and LOPDGDD requirements.

Use of cookies

A cookie is a small text file downloaded to the user’s device when accessing a website.

INSA’s website uses its own and third-party cookies for technical, analytical, and advertising purposes.

Users may accept, reject, or configure cookies through the consent banner displayed upon accessing the website.

Analytical and advertising cookies are activated only after obtaining the user’s consent.

For more information, please consult the corresponding Cookies Policy.

Minors

In relation to personal data of minors under 14 years of age, parental or legal guardian consent is required.

INSA will never use minors’ data for purposes inappropriate to their age and will allow parents or guardians to exercise their rights on behalf of the minor.

Website Terms of Use

A user is any person who accesses and uses this website. Access and use imply acceptance of these conditions.

General Conditions

Users agree to use the website in accordance with applicable law, good faith, public order, and these terms.

The publication or dissemination of content that:

• Threatens public order or security,

• Violates human dignity or non-discrimination principles,

• Harms the protection of youth or children,

• Infringes intellectual or industrial property rights,

• Is contrary to applicable law,

is strictly prohibited.

Specific Conditions

In the event of registration or access to restricted areas, users are responsible for providing truthful information and safeguarding their access credentials.

Users undertake not to:

• Cause damage to INSA’s systems or those of third parties,

• Introduce viruses or malicious software,

• Access restricted accounts or systems without authorization,

• Manipulate data or website content.

INSA reserves the right to remove any content that violates the law or these terms.

INSA shall not be responsible for opinions expressed by users in participation spaces where available.