1. Legal notice on privacy and cookies

 

Last update el 07/03/2024

The joint owners of the web pages under the esic.edu domain are ESIC Universidad and ESIC Business & Marketing School. Both entities are independent and are part of the ESIC network.

1.1. ESIC Universidad (ESIC University)

Identification data:

• Name: ESIC Universidad (Fundación de Estudios Superiores e Investigación ESIC).
• NIF: G87046124.
• Institutional and fiscal address: Camino de Valdenigriales, s/n (Edif. ESIC), 28223, Pozuelo de Alarcón, Comunidad de Madrid, España.
• Brand and domain: ESIC University | esic.edu | esic.university

Contact information:

• Contact form
• Email: info.madrid@esic.university
• Email for data privacy: arco.lopd@esic.edu
• Telephone: (+34) 914 524 100

Special legislation and codes of conduct:

• Ley 4/2019, de 20 de marzo, de reconocimiento de la universidad privada "ESIC Universidad".
• Código de Leyes Educativas - BOE.
• Políticas de cumplimiento y códigos de conducta internos de ESIC.
• Código ético de ESIC

Additional information:

• Inscripción: Registro de Fundaciones de la Comunidad de Madrid, Hoja 715, Tomo CCXXXV, folios 301 y siguientes.
• IAE: 931.5 (Enseñanza de Educación Superior) y 936 (Investigación Científica y Técnica).
• CNAE: 8543 (Educación universitaria).
• ISIC: 853 (Higher Education).

 

1.2. ESIC Business & Marketing School

Identification data:

• Denominación: Escuela de Estudios Superiores ESIC Sacerdotes del Sagrado Corazón de Jesús PP.RR., escuela de educación superior creada, en el año 1965, por la Congregación de Sacerdotes del Sagrado Corazón de Jesús (PP. Reparadores / Dehonianos).
• NIF: R2800828B
• Institutional and fiscal address: Avenida de Juan XXIII, 12, 28224, Pozuelo de Alarcón, Comunidad de Madrid, España.
• Brand and domain: ESIC Business & Marketing School | esic.edu
• Department brand: Instituto de la Economía Digital – ICEMD.

Contact information:

• Contact form
• Email: info.madrid@esic.edu
• Email for data privacy: arco.lopd@esic.edu
• Telephone: (+34) 917 444 040

Special legislation and codes of conduct:

• Código de Leyes Educativas - BOE.
• Políticas de cumplimiento y códigos de conducta internos de ESIC.
• Código ético de ESIC

Additional information:

• Public registry: Registro de Entidades Religiosas del Ministerio de Justicia Nº 003159 (789-/12-SE-B).
• IAE: 932 (Enseñanza no reglada de formación y perfeccionamiento profesional y educación superior).
• CNAE: 8543 (Educación universitaria).
• ISIC: 8530 (Higher Education).

 

2. ESIC data protection and cookies notice

In this section, we provide information on how ESIC protects your data.

The responsible party or parties for each processing activity are indicated in the section corresponding to the Record of Processing Activities (ROPA).

2.1. General information on personal data protection

To exercise your data protection rights, contact ESIC by writing to arco.lopd@esic.edu. The email address of ESIC's data protection officer is dpd@esic.edu.

If you do not wish to receive communications by email in future, you can deregister on the link that you will be provided with in each email you receive from ESIC. And if you are registered at ESIC, you can exercise some of your rights from your user panel.

The main rights that you can exercise are:

• The right to request access to the personal data: we will let you know whether or not we are processing your data and, where that is the case: which data, how we obtained them, what we are processing them for, whether we have communicated them, the conservation period… We will let you know what other rights you have and inform you of the possibility of filing a claim at the Spanish Data Protection Agency;
• The right to ask for their rectification or erasure, for you to correct them or you can ask us to stop processing or keeping them;
• The right to request the limitation of their processing, in which case ESIC will only keep the data for legally appropriate purposes such as, for example, so that you can use them for a claim;
• The right to oppose the processing. You may ask ESIC to stop processing the data in the manner you indicate, unless the data processing has to continue for imperative legitimate reasons or in order to exercise or defend possible claims;
• The right to the portability of the data. If you want to export your data for them to be processed by a third party, ESIC will facilitate that portability for you.

 

If you have given consent for a particular purpose, you have the right to withdraw it at any time, without it affecting the lawfulness of the processing based on consent prior to its withdrawal.

 

To exercise your rights, there are templates, forms and additional information at your disposal on the website of the Spanish Data Protection Agency. You can contact the Agency if you believe there is a problem with the way in which ESIC is processing your data.

2.2. Information on cookies and other tracers used by ESIC

Via its applications and websites, ESIC uses cookies and other tracers for different purposes. Cookies are files that are generated in your computer when you browse one of ESIC’s applications or websites. These files can store information about how you browse or simply remind that you are a registered user. ESIC or third parties can have access to the information contained in them, so it is important for you to decide whether or not you want to accept these processing operations. In addition to cookies, ESIC also uses these other tracers to obtain data about users: (1) tracking pixel: this consists of an image that is sent from ESIC to your browser when you open an email sent by ESIC or go into a website of ESIC, which lets ESIC know data about the opening of the email or access to the website; (2) finger print: this is an IT solution that makes it possible to analyse browsing by the user when they ask ESIC for a file, download it onto their computer or browse ESIC’s website.  

Hereinafter, we call any kind of tracer used by ESIC “cookies”.

 

Details about cookies in ESIC applications or websites

A.- Technical cookies (its own)

• Purpose: Identifier of the user as a new visitor
  • Data processed: start of session Identifier
  • Duration of the processing: 40 years or, at the most, until the user’s browser’s cookie is eliminated
• Purpose: Reminder of the user’s response to the cookies banner
  • Data processed: Banner response identifier
  • Duration of the processing: 37 years or, at the most, until the cookie is eliminated from the user’s browser

  B.- Technical cookies (of third parties)

• reCAPTCHA (Google). Purpose: anti-spam security
  • Data processed: This website has Google’s reCAPTCHA API implemented for the purpose indicated. This system lets Google collect software and hardware information, as well as application and device data, and sends them to Google for it to analyse them. The information is used to enhance the reCAPTCHA service and general security. It will not be used for publishing personalised Google ads.
  • o Duration of the processing: The conservation periods are established by Google for each type of datum according to the reason for collecting it. For example, Google keeps the details of the height and width of the browser and the IP address for a maximum of nine months, whereas the information in the cookies is eliminated after 18 months.
  • Further information: https://policies.google.com/technologies/retention
• WAF. Purpose: security
  • o Data processed: This website has a firewall and antimalware service implemented that prevents and mitigates attacks against the website and against data both in transit and at rest, for the purpose of which it collects information about the software and hardware used for browsing and actions on the website such as SQL injection attempts or brute force attacks. The system implemented can block the user by IP or by the user name used when it recognises specific patterns identified as malicious or potentially damaging.
  • Duration of the processing: 90 days

  C.- Analysis cookies (third party)

• Purpose: Distinguishing individual users in Google Analytics, of Google Ltd
  • Data processed: IP, port, type of file requested and language and character settings, as well as the website of origin and the operating system.
  • o Duration of the processing: the conservation periods are established by Google for each type of datum according to the reason for collecting it. For example, Google keeps the details of the height and width of the browser, as well as the IP address for a maximum of nine months; whereas the information in the cookies is eliminated after 18 months.
  • Further information: https://policies.google.com/technologies/retention

 

Cookies on ESIC sites

ESIC has profiles on the social networks (for example, Instagram) indicated in the legal notice and, in addition, it has integrated some third-party contents (YouTube videos, for example) in its applications and websites. These actions imply collaboration by ESIC with the controllers of these other sites for initially obtaining user data for advertising or statistical purposes. ESIC is joint controller of the processing for initially obtaining user data, together with the title-holders of the social networks indicated and linked in the «legal notice» of this website. In connection with this processing, the title-holders of the social networks are the principal joint controllers for the purpose of receiving requests to exercise rights from data subjects.  

How to erase cookies or change their setting

Users can restore or change their cookies preferences at any time on the cookies control panel, pressing here. To erase cookies from your browser, configure it as indicated in its instructions:

• Safari
• Microsoft Edge
• Google Chrome
• Firefox

If you wish, you can install the Google Analytics browser opt-out add-on to disable the use of your personal data.

If you would like to, you can install the disable add-on for Google Analytics browsers, to disable the use of your personal data.
For further information on how ESIC processes your data by means of cookies, read the security processing, analytics and advertising profiling activities of ESIC’s ROPA.

2.3. Records of Processing Activities (ROPA)

Access this link to see the Records of Processing Activities (RoPA).

2.4. Information security and privacy policy

2.4.1. OBJECT
The purpose of this Policy is to establish the general guidelines that determine ESIC's commitment to ensure the protection of the services, information and personal data that are managed in its business processes.

2.4.2. SCOPE
This policy applies both to people and organizations that, in one way or another, are part of ESIC (University and Business School) and also to those others that interact with it.

2.4.3. PRINCIPLES OF SECURITY OF INFORMATION AND PERSONAL DATA
ESIC carries out its work by providing quality teaching services and added value in the field of higher education. To carry out this purpose, it carries out business processes that require the management of information and personal data through computer services that are supported by an information system.
ESIC is aware of the need to guarantee that the information and personal data it manages, as well as the services it manages, must receive adequate protection to comply with legal compliance requirements, avoid unauthorized access to information and data personal, preserve its integrity and ensure that information, personal data and services will be available when necessary. The protection that must be applied in the processing of personal data to guarantee the rights and freedoms of the people involved is especially relevant for ESIC.

The fundamental principles that will govern the protection of the security of information and personal data will be the following:

• Comprehensive security. Requiring the inclusion and coordination of all human, material, technical, legal and organizational elements related to the ESIC information and privacy system.
• Risk-based security. Analyzing the impacts and probabilities of materialization of the risks that may threaten the information and privacy system and taking measures to treat them at levels that do not affect the achievement of business objectives.
• Monitoring, surveillance, detection, response and conservation measures, establishing tools and processes that continuously monitor the operation of the information system, detect anomalies and threats, prevent their materialization and, if they finally occur, make it possible to recover the affected information and return to the initial situation.
• Training and awareness. Selecting people with the appropriate capabilities to intervene in the system processes, training them to improve these capabilities and raising awareness throughout the company of the need for a proactive posture in defense of the security of information, personal data and services.
• Legal compliance. Analyzing in detail the legal framework in which the company's activities are framed and establishing the necessary measures to comply with the corresponding legal obligations, giving special importance to all those related to the protection of personal data and respect for the rights and freedoms of the people involved in the processing of said data.
• Continuous improvement. Providing the system with mechanisms for regular review of its operation, analyzing measures to correct any dysfunctions that arise and actively seeking opportunities to improve its design and operation.

2.4.4. IMPLEMENTATION OF THE INFORMATION SECURITY AND PRIVACY MANAGEMENT SYSTEM
In order to comply with the above principles, ESIC has decided to implement an Information Security and Privacy Management System that, by analyzing the risks relevant to information security and privacy, determines what treatments are necessary to limit the impact and the probability that they can materialize, through the application of appropriate safeguards.

This risk analysis process will integrate the risks to the rights and freedoms of individuals that may arise when processing their personal data and, if these risks are relevant, will include a specific assessment of the impact, as determined by current legislation.
These risk analysis and treatment processes will be adapted to the internal and external context of ESIC, and the legal framework to which the company is subject due to the nature of its activities.

The set of processes that develop the Information Security and Privacy Management System will be adequately documented.

In order for the operation of the Security and Privacy Management System to fulfill its purpose and the assigned security and privacy objectives to be met, the ESIC organic structure will have the required positions, as well as specific applicable roles, assigning them the responsibilities that are necessary. In this context, a Compliance, Information Security and Privacy Committee will be created that will be constituted as the collegiate transversal body for the supervision and direction of the Information Security and Privacy Management System.

2.4.5. REVIEW AND CONTINUOUS IMPROVEMENT
ESIC undertakes to arbitrate review mechanisms for the proper functioning of the Information Security and Privacy Management System and to establish security and privacy objectives whose achievement will reflect the principle of continuous security improvement.

These objectives will be obtained from the reviews that are carried out regularly to evaluate the system processes, from the non-conformities coming from internal and external audits that are scheduled, as well as from the own initiative of all the actors involved when they perceive dysfunctions. or opportunities for improvement.

The security and privacy objectives will have designated responsible parties, sufficient resources and plausible achievement deadlines. Its development and execution will be reviewed frequently.

2.4.6. CORPORATE COMMITMENT
Achieving the objectives of the information security and privacy management system requires a total commitment from the company to guarantee its execution and the improvement of the processes and activities that it entails. This commitment will be reflected in the dissemination and communication of these guidelines to all of the company's employees and to those external people and organizations that require their knowledge. This document will be published in a medium accessible to all those involved. This communication will be complemented with internal awareness actions that facilitate the integration of this system into ESIC's business objectives.

 

3. Law applicable and avenues for resolving conflicts

This is an unofficial English translation of ESIC's legal notice, privacy policy, and cookies policy. The original text, which prevails for both application and interpretation, and in case of conflict, is the one written in Spanish. It will remain accessible via the Internet at https://www.esic.edu/aviso-legal. The content of the original text and, where applicable, this unofficial translation, should be interpreted in accordance with Spanish regulations.

If you would like further information or wish to report a fault or ask a question, please contact ESIC via the addresses indicated at the beginning of this notice.