1. Legal, privacy and cookies notice
Updated on 07/03/2024
The co-owners of the web pages under the domain esic.edu are ESIC University and ESIC Business & Marketing School. Both entities are independent and are part of the ESIC network.
1.1. ESIC University (ESIC University)
Identifying data:
- Name: ESIC Universidad (Fundación de Estudios Superiores e Investigación ESIC).
- TAX ID: G87046124.
- Institutional and fiscal address: Camino de Valdenigriales, s/n (Edif. ESIC), 28223, Pozuelo de Alarcón, Community of Madrid, Spain.
- Trademark and domain name: ESIC University | esic.edu | esic.university
Contact information:
- Contact Form
- E-mail address: info.madrid@esic.edu
- Phone number: (+34) 914 524 100
Special legislation and codes of conduct:
- Law 4/2019, of March 20, 2009, on the recognition of the private university "ESIC Universidad".
- Code of Education Laws - BOE.
- Compliance policies and internal codes of conduct at ESIC.
- ESIC Code of Ethics
Additional information:
- Registration: Registry of Foundations of the Community of Madrid, Page 715, Volume CCXXXV, folios 301 and following.
- IAE: 931.5 (Higher Education Teaching) and 936 (Scientific and Technical Research).
- CNAE: 8543 (University education).
- ISIC: 853 (Higher Education).
1.2. ESIC Business & Marketing School
Identifying data:
- Name: Escuela de Estudios Superiores ESIC Sacerdotes del Sagrado Corazón de Jesús PP.RR., a school of higher education created, in the year 1965, by the Congregation of Priests of the Sacred Heart of Jesus (PP. Reparadores / Dehonians).
- TAX ID NUMBER: R2800828B
- Institutional address: Avenida de Juan XXIII, 12, 28224, Pozuelo de Alarcón, Community of Madrid, Spain.
- Tax address: Calle de Evaristo San Miguel, 10, 28008 Madrid, Community of Madrid, Spain.
- Brand and domain name: ESIC Business & Marketing School | esic.edu
- Branding of one of its departments: Institute of the Digital Economy - ICEMD.
Contact information:
- Contact Form
- E-mail address: info.madrid@esic.edu
- Phone number: (+34) 917 444 040
Special legislation and codes of conduct:
- Code of Education Laws - BOE.
- ESIC's internal compliance policies and codes of conduct.
- ESIC Code of Ethics
- Registration: Registry of Religious Entities of the Ministry of Justice No. 003159 (789-/12-SE-B).
- IAE: 932 (Non-regulated education and training and higher education).
- CNAE: 8543 (University education).
- ISIC: 8530 (Higher Education).
2. ESIC Data Protection and Cookie Notice
In this section, we offer you information on how ESIC protects your data.
The person or persons jointly responsible for each processing operation are indicated in the corresponding section of the Register of Processing Activities (RAT).
2.1 General information on personal data protection
To exercise your data protection rights, please contact ESIC by writing to their Data Protection Officer (dpd@esic.edu) or to any of the addresses listed in the legal notice of this website.
Si deseas dejar de recibir comunicaciones por email, podrás darte de baja a través del enlace que se te ofrecerá en cada uno de los emails que recibas de ESIC. Y si estás registrado en ESIC, puedes ejercitar algunos de tus derechos desde tu panel de usuario.
The main rights you can exercise are:- Derecho a solicitar el acceso a los datos personales: Te indicaremos si estamos tratando o no tus datos y, en su caso: qué datos, cómo los hemos obtenido, para qué los tratamos, si los hemos comunicado, el plazo de conservación… Además, te informaremos sobre los demás derechos que te asisten y sobre la posibilidad de que presentes una reclamación ante la AEPD.
- Right to request rectification or deletion, so that you can correct them or you can ask us to stop processing and keeping them.
- Right to request the limitation of its processingIn this case, ESIC will only keep the data for the legally appropriate purposes, for example, so that you can use it for a claim.
- Right to object to the processing. You can ask ESIC to stop processing the data in the way you indicate, unless for compelling legitimate reasons or the exercise or defense of possible claims they have to continue to be treated.
- Right to data portability. In case you want to export your data to be processed by a third party, ESIC will facilitate this portability.
In the event that consent has been given for a specific purpose, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on the consent prior to its withdrawal.
To exercise your rights, you have at your disposal models, forms and more information on the web site of the Spanish Data Protection AgencyYou can contact them if you consider that there is a problem with the way in which ESIC treats your data.
2.2 Information about cookies and other trackers used by ESIC
ESIC, through its applications and websites, uses cookies and other trackers for different purposes. Cookies are files that are generated in your terminal when you browse through any of ESIC's applications or websites. These files can store information about the way you navigate or simply remember that you are a registered user. ESIC or third parties may have access to the information contained in these files, so it is important that you decide whether or not you want to accept these treatments. In addition to cookies, ESIC uses these other trackers to obtain user data: (1) tracking pixel: consists of an image that is sent from ESIC to your browser when you open an email sent by ESIC or enter an ESIC website, which allows ESIC to know data about the opening of the email or access to the web; (2) finger print: is a software solution that allows to analyze user navigation when the user requests a file from ESIC, loads it on your terminal or browses the ESIC website.Hereinafter, we refer to any type of tracker used by ESIC as "cookies".
Details about cookies in ESIC applications and websites:
A.- Technical Cookies (own):- Purpose: User identifier as a new visitor.
- Data processed: Login identifier.
- Duration of processing: 40 years or, at the most, until the cookie is deleted from the user's browser.
- Purpose: Reminder of the user's response to the cookie banner.
- Data processed: Banner response identifier.
- Duration of processing: 37 years or, at the most, until the cookie is deleted from the user's browser.
- reCAPTCHA (Google). Purpose: anti-spam security
- Data processed: This website has implemented the Google reCAPTCHA API for the indicated purpose. This system allows Google to collect software and hardware information, as well as application and device data, and sends it to Google for analysis. This information is used to improve the reCAPTCHA service and overall security. It will not be used to serve personalized ads from Google.
- Duration of processing: The retention periods are set by Google for each type of data depending on the reason for collection. For example, Google retains data on browser height and width and IP address for a maximum of nine months, while cookie information is deleted after 18 months.
- More information: https://policies.google.com/technologies/retention
- WAF. Purpose. security
- Data processed: This website has implemented a firewall and anti-malware service that prevents and mitigates attacks against the web and against data both in transit and at rest, for which it collects information about the software and hardware used for navigation and actions towards the web such as SQL injection attempts or brute force attacks. The implemented system can block the user by IP or by username used when it recognizes specific patterns identified as malicious or potentially harmful.
- Duration of treatment: 90 days
- Purpose: Distinction of unique users in Google Analytics, from Google Ltd.
- Data processed: IP, port, type of file requested and language and character settings, as well as the originating website and operating system.
- Duration of processing: The retention periods are set by Google for each type of data depending on the reason for collection. For example, Google retains data on browser height and width and IP address for a maximum of nine months, while cookie information is deleted after 18 months.
- More information: https://policies.google.com/technologies/retention
Social Cookies on ESIC sites
ESIC has profiles on the social networks (e.g. Instagram) indicated in the legal notice and has also integrated into its applications and websites some third-party content (e.g. YouTube videos). These actions involve a collaboration of ESIC with those responsible for these other sites for the initial collection of user data for advertising or statistical purposes. For the processing corresponding to the initial collection of user data, ESIC is co-responsible along with the owners of the social networks indicated and linked in the "legal notice" of this website. In relation to this processing, the owners of the social networks are the main co-responsible parties for the purpose of receiving requests for the exercise of rights by the interested parties.How to delete cookies or change your cookie settings
At any time, the user may reset or change their cookie preferences through the cookie control panel by clicking here. To delete cookies from your browser, please configure it as indicated in the instructions: If you wish, you can install the Google Analytics Opt-out Browser Add-on to disable the use of your personal data.Para más información sobre la forma en que ESIC trata tus datos por medio de las cookies, lee las actividades de tratamiento de seguridad, de analítica y de perfilado publicitario, del RAT de ESIC.
2.3 Registro de Actividades del Tratamiento
Accede aquí para ver el documento Registro de Actividades del Tratamiento2.4 Information Security and Privacy Policy
1. PURPOSE
The purpose of this Policy is to establish the general guidelines that determine ESIC's commitment to ensure the protection of services, information and personal data managed in its business processes.
2. SCOPE
This policy applies both to people and organizations that, in one way or another, are part of ESIC (University and Business School) and also to those others that interact with it.
3. INFORMATION AND PERSONAL DATA SECURITY PRINCIPLES
ESIC develops its work by providing quality teaching services and added value in the field of higher education. To achieve this purpose, it carries out business processes that require the management of information and personal data through computer services that are supported by an information system.
ESIC is aware of the need to ensure that the information and personal data it manages, as well as the services it handles, must receive adequate protection to meet legal compliance requirements, prevent unauthorized access to information and personal data, preserve their integrity and ensure that the information, personal data and services will be available when needed. Of particular relevance to ESIC is the protection that must be applied in the processing of personal data to guarantee the rights and freedoms of the individuals involved.
The fundamental principles that will govern the protection of the security of personal information and data will be the following:
- Integral security. Requiring the inclusion and coordination of all human, material, technical, legal and organizational elements related to ESIC's information and privacy system.
- Risk-based security. Analyzing the impacts and probabilities of materialization of risks that may threaten the information and privacy system and taking measures to address them at levels that do not affect the achievement of business objectives.
- Monitoring, surveillance, detection, response and preservation measures, establishing tools and processes that continuously monitor the operation of the information system, detect anomalies and threats, prevent their materialization and, if they finally occur, make it possible to recover the affected information and return to the initial situation.
- Training and awareness. Selecting people with the right skills to intervene in the system's processes, training them to improve these skills and making the whole company aware of the need for a proactive stance in defense of the security of information, personal data and services.
- Legal compliance. Analyzing in detail the legal framework in which the company's activities are framed and establishing the necessary measures to comply with the corresponding legal obligations, giving special importance to all those related to the protection of personal data and respect for the rights and freedoms of the persons involved in the processing of such data.
- Continuous improvement. Providing the system with mechanisms for regular review of its performance, analyzing measures to correct any dysfunctions that arise and actively seeking opportunities to improve its design and operation.
4. IMPLEMENTATION OF THE INFORMATION SECURITY AND PRIVACY MANAGEMENT SYSTEM
In order to meet the above principles, ESIC has decided to implement an Information Security and Privacy Management System which, by analyzing the relevant risks to information security and privacy, determines which treatments are necessary to limit the impact and probability that they may materialize, through the application of appropriate safeguards.
Este proceso de análisis de riesgos integrará los riesgos a los derechos y libertades de las personas que pudiera producirse al tratar sus datos personales y, si estos riesgos fueran relevantes, incluirá una evaluación específica del impacto, tal y como determina la legislación vigente.
Estos procesos de análisis y tratamiento de riesgos se adaptarán al contexto interno y externo de ESIC, y al marco legal al que está sujeta la empresa por la naturaleza de sus actividades.
The set of processes that develop the Information Security and Privacy Management System will be properly documented.
In order that the operation of the Security and Privacy Management System fulfills its purpose and the assigned security and privacy objectives are met, ESIC's organizational structure will have the required positions, as well as specific applicable roles, assigning them the necessary responsibilities. In this context, a Compliance, Information Security and Privacy Committee will be created as the collegiate transversal body for the supervision and management of the Information Security and Privacy Management System.
5. REVISIÓN Y MEJORA CONTÍNUA
ESIC se compromete a arbitrar mecanismos de revisión del adecuado funcionamiento del Sistema de Gestión de la Seguridad de la Información y Privacidad y a establecer objetivos de seguridad y privacidad cuya consecución plasmará el principio de mejora continua de la seguridad.
Estos objetivos se obtendrán de las propias revisiones que se llevan a cabo con regularidad para evaluar los procesos del sistema, de las no conformidades provenientes de auditorías internas y externas que se programen, así como de la propia iniciativa de todos los actores implicados cuando perciban disfuncionalidades u oportunidades de mejora.
Security and privacy objectives shall have designated responsible parties, sufficient resources and plausible timeframes for achievement. Their development and implementation shall be reviewed frequently.
6. CORPORATE COMMITMENT
The achievement of the objectives of the information security and privacy management system requires a total commitment from the company to guarantee its execution and the improvement of the processes and activities involved. This commitment will be embodied in the dissemination and communication of these guidelines to all employees of the company and to those external people and organizations that require their knowledge. This document will be published in a medium accessible to all those involved. This communication will be complemented with internal awareness actions to facilitate the integration of this system in ESIC's business objectives.
2.5 Applicable regulations and dispute resolution procedures
This legal, privacy and cookies notice is written in Spanish, will remain accessible through the Internet on this website and must be interpreted in accordance with Spanish regulations.
For more information, to report a bug or to ask a question, please contact ESIC at the addresses indicated at the beginning of this notice.