University of Oviedo, with registered office at C/ SAN FRANCISCO, 3 - Oviedo 33007 (ASTURIAS) and company number Q3318001I, hereinafter "the DATA CONTROLLER" is responsible for the processing of the User's personal data and hereby notifies the User that such details will be processed in accordance with the provisions of the EU's GDPR Regulation 2016/679 of 27 April 2016 in relating to the protection of individuals with regard to processing personal data and on the free movement of such data. Accordingly, we provide the following information regarding the processing of data:
Purpose of the processing
At the time when the data is collection you will be informed of the purposes of the processing, which could include:
- Teaching and academic management - in particular enrolment management, the preparation of qualification reports and their publication, the preparation of personal certificates, issuing of degrees, the management of work placements in companies and institutions, and in general tasks necessary for providing the functions of a Higher Education Public Service.
- Management of research related to Teaching and Research Staff's activity and research contracts.
- Management of staff for the purposes required to maintain labour relations and compliance with relevant legal regulations, both for Teaching and Research Staff as well as for Administration and Services Staff.
- Financial and asset management - in particular the processing and management of signed agreements and requests for services offered by the University of Oviedo.
- Management of job applications and offers and, where appropriate, the resulting selection process, including preparing lists of vacancies.
- Services for the university community, including health and safety, library, transportation, sports and international relations services as well as institutional email and access to online services.
- Request for information, enquiries or suggestions, as well as presenting the applications and incoming mail addressed to the University of Oviedo.
Data retention criteria
Data will be retained for as long as there is a mutual interest in maintaining the purpose of the processing. When it is no longer necessary for that purpose, it will be deleted in accordance with the appropriate security measures to ensure that the data is pseudonymised or fully destroyed.
Communication of data
The Data Controller agrees processing services with third-party Data Processors in order to be able to provide their services. Specifically, the Data Controller has signed agreements with the following service providers:
- Microsoft (email service).
- Telecable (data and communications network service)
With the exception of the aforementioned organisations, your data will not be transferred to other third parties. If for any reason it is necessary to communicate such data to third parties, you will be informed beforehand and, where appropriate, your consent will be requested and the reason for transferring your data and the identity of the third party to whom it is to be sent will be specified.
All of the above, with the exception of situations under which there is a legal requirement to disclose said data to a third party or with the consent of the interested party.
Anyone providing us with their data is entitled to the following related rights:
- Right of access
- Right to rectification or erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Right to revoke consent
- Right to file a complaint with the Competent Authority - in this case, the Spanish Data Protection Agency, especially if you have not obtained satisfaction in exercising your rights. You can contact the Spanish Data Protection Agency by telephoning 901 100 099 or 912 663 517 or by visiting them in person at address C/ Jorge Juan, 6. – 28001 Madrid
The rights listed "a" to "f" above can be exercised by sending an application form that you can download here or by sending an email t o email@example.com,clearly indicating which right you wish to exercise and providing a copy of your identity document to prove your identity.
If you would like more information about your rights, we suggest that you visit the Spanish Data Protection Agency website.
Contact details for exercising your rights:
- UNIVERSITY OF OVIEDO
- Company tax number: Q3318001I
- C/ SAN FRANCISCO, 3 33007 Oviedo (ASTURIAS)
All data collected come from the interested party.
Data Protection Officer (DPO):
In order to guarantee the security of your data, The DATA CONTROLLER has appointed a Data Protection Officer who can be contacted by emailing: firstname.lastname@example.org.
Obligatory or optional nature of information provided by the user
By completing the corresponding boxes and entering data into fields marked with an asterisk (*) in the contact form or downloaded forms, Users expressly, freely and unequivocally accept that their data is necessary for the provider to handle their request. Other data that they provide is done so voluntarily. The User guarantees that the personal data provided to the DATA CONTROLLER are accurate and is responsible for notifying of any changes.
The DATA CONTROLLER expressly informs and guarantees users that their personal data will not be transferred under any circumstances to third parties, and that whenever personal data is transferred in any way, the express, informed and unequivocal consent of the Users will be requested beforehand. All details requested through the website are mandatory, as they are necessary for providing the User with an optimal service. If not all details are provided, no guarantee is given that the information and services provided will be completely tailored to your needs.
Pursuant to current data protection regulations, the DATA CONTROLLER complies with all the provisions of GDPR regulations for the processing of personal data under his/her responsibility and, manifestly, with the principles described in Article 5 of the GDPR, and states that they are to be processed in a lawful, fair and transparent manner in relation to the interested party and in ways that are suitable, relevant and limited to that necessary in regard to the purposes for which they are processed.
The DATA CONTROLLER guarantees that he/she has implemented appropriate technical and organisational policies to implement the security measures established by the GDPR for the purpose of protecting the rights and freedoms of Users, and has provided them with adequate information so that they are able to exercise them.