1. Legal notice on privacy and cookies
ESIC Business & Marketing School and ESIC University make up the ESIC university ensign. Both institutions are joint owners of ESIC’s applications and websites.
ESIC Business & Marketing SchoolCorporate name:
Escuela de Estudios Superiores ESIC Sacerdotes del Sagrado Corazón de Jesús - Padres Reparadores (ESIC Business & Marketing School and its Digital Economy Institute -- Instituto de la Economía Digital – ICEMD) Tax ID No. (NIF): R2800828B
Registered office: Avd. Valdenigrales, s/n, Pozuelo de Alarcón (28223), Madrid, Spain
Contacto: Ministry of Justice Registry of Religious Entities No. 003159 (789-/12-SE-B)
- Royal Decree 1393/2007, dated 29 October, whereby the planning of official university courses is set out.
- IAE: 932 (Training, career development and bachelor's degrees tuition that is not state regulated)
- CNAE: (National Classification of Economic Activities): 8543 (University education)
- ISIC: 8530 (Higher Education)
ESIC UniversityCorporate name: Fundación de Estudios Superiores e Investigación ESIC
Tax ID No.: G87046124
Registered office: Avd. Valdenigrales, s/n de Pozuelo de Alarcón (28223), Madrid
Contact: Community of Madrid Foundations Register, Page 715, Volume CCXXXV, folios 301 et seq.
- • Act 4/2019, dated 20 March, on recognition of "ESIC Universidad" private university.
- Royal Decree 1393/2007, dated 29 October, whereby the planning of official university education is set out.
- IAE: 931.5 (Higher education tuition); 936 (Scientific and technical research)
- CNAE: 8543 (University education)
- ISIC: 853 (Higher Education)
- (ESIC) Websites:
- Additional (ESIC) domains: esic.es, icemd.es, esichispanica.com, generacionesic.es, plandesarrolloprofesionalesic.com, carreraempresasesic.com, esic.cn
- (ESIC) Mobile applications:
- Social profiles (of ESIC and FESIC):
- ESIC Education https://twitter.com/ESICEducation
- ESIC Madrid https://twitter.com/ESICMadrid
- ESIC Idiomas https://twitter.com/ESICIdiomas
- ESIC Editorial https://twitter.com/EsicEditorial
- ESIC Málaga https://twitter.com/ESICMalaga
- ICEMD - Instituto Innovación de ESIC https://twitter.com/icemd
- ESIC Valencia https://twitter.com/ESICValencia
- ESIC Zaragoza https://twitter.com/esiczaragoza
- ESIC Pamplona https://twitter.com/ESICPamplona
- ESIC Granada https://twitter.com/ESICGranada
- Desafío Junior ESIC https://twitter.com/DesafioJrESIC
- Más ESIC https://twitter.com/Mas_ESIC
- ESIC Sevilla https://twitter.com/ESICSevilla
- ESIC Barcelona https://twitter.com/ESICBarcelona
- ESIC Summer Camp https://twitter.com/ESICSummerCamp1
2. ESIC data protection and cookies noticeESIC offers you a simple data protection document containing the following sections:
- General information about personal data protection
- Information about cookies and other trackers used by ESIC
- ROPA – Records of ESIC processing activities
- Information quality and security policy
2.1 General information on personal data protection
To exercise your data protection rights, contact ESIC by writing to the Data Protection Officer at ESIC (firstname.lastname@example.org) or any of the addresses displayed in the legal notice of this website.
If you do not wish to receive communications by email in future, you can deregister on the link that you will be provided with in each email you receive from ESIC. And if you are registered at ESIC, you can exercise some of your rights from your user panel.The main rights that you can exercise are:
- The right to request access to the personal data: we will let you know whether or not we are processing your data and, where that is the case: which data, how we obtained them, what we are processing them for, whether we have communicated them, the conservation period… We will let you know what other rights you have and inform you of the possibility of filing a claim at the Spanish Data Protection Agency;
- The right to ask for their rectification or erasure, for you to correct them or you can ask us to stop processing or keeping them;
- The right to request the limitation of their processing, in which case ESIC will only keep the data for legally appropriate purposes such as, for example, so that you can use them for a claim;
- The right to oppose the processing. You may ask ESIC to stop processing the data in the manner you indicate, unless the data processing has to continue for imperative legitimate reasons or in order to exercise or defend possible claims;
- The right to the portability of the data. If you want to export your data for them to be processed by a third party, ESIC will facilitate that portability for you.
If you have given consent for a particular purpose, you have the right to withdraw it at any time, without it affecting the lawfulness of the processing based on consent prior to its withdrawal.
To exercise your rights, there are templates, forms and additional information at your disposal on the website of the Spanish Data Protection Agency. You can contact the Agency if you believe there is a problem with the way in which ESIC is processing your data.
Hereinafter, we call any kind of tracer used by ESIC “cookies”.
Details about cookies in ESIC applications or websites:A.- Technical cookies (its own):
- Purpose: Identifier of the user as a new visitor
- Data processed: start of session Identifier
- Duration of the processing: 40 years or, at the most, until the user’s browser’s cookie is eliminated
- Purpose: Reminder of the user’s response to the cookies banner
- Data processed: Banner response identifier
- Duration of the processing: 37 years or, at the most, until the cookie is eliminated from the user’s browser
- reCAPTCHA (Google). Purpose: anti-spam security
- Data processed: This website has Google’s reCAPTCHA API implemented for the purpose indicated. This system lets Google collect software and hardware information, as well as application and device data, and sends them to Google for it to analyse them. The information is used to enhance the reCAPTCHA service and general security. It will not be used for publishing personalised Google ads.
- o Duration of the processing: The conservation periods are established by Google for each type of datum according to the reason for collecting it. For example, Google keeps the details of the height and width of the browser and the IP address for a maximum of nine months, whereas the information in the cookies is eliminated after 18 months.
- Further information: https://policies.google.com/technologies/retention
- WAF. Purpose: security
- o Data processed: This website has a firewall and antimalware service implemented that prevents and mitigates attacks against the website and against data both in transit and at rest, for the purpose of which it collects information about the software and hardware used for browsing and actions on the website such as SQL injection attempts or brute force attacks. The system implemented can block the user by IP or by the user name used when it recognises specific patterns identified as malicious or potentially damaging.
- Duration of the processing: 90 days
- Purpose: Distinguishing individual users in Google Analytics, of Google Ltd
- Data processed: IP, port, type of file requested and language and character settings, as well as the website of origin and the operating system.
- o Duration of the processing: the conservation periods are established by Google for each type of datum according to the reason for collecting it. For example, Google keeps the details of the height and width of the browser, as well as the IP address for a maximum of nine months; whereas the information in the cookies is eliminated after 18 months.
- Further information: https://policies.google.com/technologies/retention
Social cookies on ESIC sitesESIC has profiles on the social networks (for example, Instagram) indicated in the legal notice and, in addition, it has integrated some third-party contents (YouTube videos, for example) in its applications and websites. These actions imply collaboration by ESIC with the controllers of these other sites for initially obtaining user data for advertising or statistical purposes. ESIC is joint controller of the processing for initially obtaining user data, together with the title-holders of the social networks indicated and linked in the «legal notice» of this website. In connection with this processing, the title-holders of the social networks are the principal joint controllers for the purpose of receiving requests to exercise rights from data subjects.
How to erase cookies or change their settingUsers can restore or change their cookies preferences at any time on the cookies control panel, pressing here. To erase cookies from your browser, configure it as indicated in its instructions: Si lo deseas, puedes instalar el complemento de inhabilitación para navegadores de Google Analytics para inhabilitar el uso de tus datos personales.
If you would like to, you can install the disable add-on for Google Analytics browsers, to disable the use of your personal data.
For further information on how ESIC processes your data by means of cookies, read the security processing, analytics and advertising profiling activities of ESIC’s ROPA.
2.3 ROPAAccess this link to see the ROPA document.
2.4 Quality and safety policy for ESIC informationThe entities that make up the ESIC university banner have put in place a quality and security management system, seeking to attain or exceed the expectations of their users, contacts, customers, workers and providers. The processes established are audited by ESIC internally every twelve months and reviewed every time they are enhanced or a relevant fact for ESIC occurs. The main aims of these processes are to:
- Mitigate the risks, maintaining technical and organisational safety measures;
- Guarantee the confidentiality, availability and integrity of the personal data and of industrial secrets;
- Be proactive in complying with the set of rules that apply to carrying out the activity;
- Only choose providers who comply with standards that are better than or similar to these in terms of quality and security;
- Keep a safe record of the assets and their changes;
- Achieve high credibility and trust in third parties and providers;
- Raise the awareness of workers and collaborators as regards physical and logical safety via an ongoing training process.
- a) Physical measures:
- A ‘clean tables’ policy;
- Minimum use of paper or similar support resources;
- A printer with a password and out-trays without access to third parties
- Documentation destruction service;
- Fireproof material for the conservation of data and information on paper
- Classified and labelled documents;
- Workplaces protected with its own and outsourced security measures, with systems that limit or mitigate access by non-authorised persons.
- b) Logical measures:
- At ESIC we always and only use original software, updated and with an official licence;
- Dual use computers have an exclusive profile for professional purposes.
- Disk encryption and, in addition, file encryption;
- Capacity to restore availability of and access to personal data rapidly in the event of a physical or technical incident, thanks to a specific service;
- Firewall and updated systems for protecting the endpoint in all the computers;
- VPN for access from or to university computers;
- For remote access, mobile anchorage is used, other than in trustworthy networks;
- Different passwords in each application, changed periodically;
- 2FA systems in applications and sites on Internet;
- ESIC’s websites have encryption and specific security systems. From time to time, the state of the security measures is checked manually and through forensic solutions designed for these actions;
- Other habitual protection tools: session blocking when use of the device stops, privacy filters for screens when they are going to be used in mobility, screen savers with password blocking, etc.
- d) Organisational, training measures
- e) Compulsory resource management regulations
The e-mail and other instruments for storing data or for communication, and fixed or mobile devices are work tools exclusively facilitated by ESIC for carrying out labour or mercantile duties, according to contract, and may not be used for personal, domestic or professional purposes that are different from those agreed upon. ESIC may make security copies and access the content derived from the use of these media for the sole purposes of controlling compliance with labour obligations, statutory obligations or obligations established by means of a commercial contract and of guaranteeing the integrity of such devices. In any case, accesses will be made in accordance with data protection regulations and ensuring the protection of the privacy of the data subjects concerned.
People who work for ESIC will not be able to allow third parties to access the accounts and devices that they had been entrusted with owing to their labour or mercantile relationship. Once the reason for entrusting them with them has ceased, the credentials will be withdrawn from the user and the content will be eliminated and has to be blocked for the appropriate time. Messages that were received in those accounts for professional use will be rerouted to an organisational account controlled by a designated person.
The controller expresses his/her total commitment to the quality and security management system that he/she has put in place.
2.5 Law applicable and avenues for resolving conflicts
This legal notice concerning privacy and cookies was drafted in Spanish, it will be accessible by Internet on this website and should be interpreted according to Spanish law.
If you would like further information or wish to report a fault or ask a question, please contact ESIC via the addresses indicated at the beginning of this notice.