1. Legal, privacy and cookies notice
Updated on 07/03/2024
The co-owners of the web pages under the domain esic.edu are ESIC University and ESIC Business & Marketing School. Both entities are independent and are part of the ESIC network.
1.1. ESIC University (ESIC University)
Identifying data:
- Name: ESIC Universidad (Fundación de Estudios Superiores e Investigación ESIC).
- TAX ID: G87046124.
- Institutional and fiscal address: Camino de Valdenigriales, s/n (Edif. ESIC), 28223, Pozuelo de Alarcón, Community of Madrid, Spain.
- Trademark and domain name: ESIC University | esic.edu | esic.university
Contact information:
- Contact Form
- E-mail address: info.madrid@esic.edu
- Phone number: (+34) 914 524 100
Special legislation and codes of conduct:
- Law 4/2019, of March 20, 2009, on the recognition of the private university "ESIC Universidad".
- Code of Education Laws - BOE.
- Compliance policies and internal codes of conduct at ESIC.
- ESIC Code of Ethics
Additional information:
- Registration: Registry of Foundations of the Community of Madrid, Page 715, Volume CCXXXV, folios 301 and following.
- IAE: 931.5 (Higher Education Teaching) and 936 (Scientific and Technical Research).
- CNAE: 8543 (University education).
- ISIC: 853 (Higher Education).
1.2. ESIC Business & Marketing School
Identifying data:
- Name: Escuela de Estudios Superiores ESIC Sacerdotes del Sagrado Corazón de Jesús PP.RR., a school of higher education created, in the year 1965, by the Congregation of Priests of the Sacred Heart of Jesus (PP. Reparadores / Dehonians).
- TAX ID NUMBER: R2800828B
- Institutional address: Avenida de Juan XXIII, 12, 28224, Pozuelo de Alarcón, Community of Madrid, Spain.
- Tax address: Calle de Evaristo San Miguel, 10, 28008 Madrid, Community of Madrid, Spain.
- Brand and domain name: ESIC Business & Marketing School | esic.edu
- Branding of one of its departments: Institute of the Digital Economy - ICEMD.
Contact information:
- Contact Form
- E-mail address: info.madrid@esic.edu
- Phone number: (+34) 917 444 040
Special legislation and codes of conduct:
- Code of Education Laws - BOE.
- ESIC's internal compliance policies and codes of conduct.
- ESIC Code of Ethics
- Registration: Registry of Religious Entities of the Ministry of Justice No. 003159 (789-/12-SE-B).
- IAE: 932 (Non-regulated education and training and higher education).
- CNAE: 8543 (University education).
- ISIC: 8530 (Higher Education).
2. ESIC Data Protection and Cookie Notice
In this section, we offer you information on how ESIC protects your data.
The person or persons jointly responsible for each processing operation are indicated in the corresponding section of the Register of Processing Activities (RAT).
2.1 General information on personal data protection
To exercise your data protection rights, please contact ESIC by writing to their Data Protection Officer (dpd@esic.edu) or to any of the addresses listed in the legal notice of this website.
If you wish to stop receiving communications electronically, you can unsubscribe through the link provided in each of the messages you receive from ESIC. And if you are registered on the ESIC website, you can exercise some of your rights from your user panel.
The main rights you can exercise are:- Right to request access to personal data: We will tell you whether or not we are processing your data and, if so: what data, how we have obtained them, why we are processing them, if we have communicated them and the conservation period, among others. In addition, we will inform you about your other rights and the possibility of filing a complaint with the AEPD.
- Right to request rectification or deletion, so that you can correct them or you can ask us to stop processing and keeping them.
- Right to request the limitation of its processingIn this case, ESIC will only keep the data for the legally appropriate purposes, for example, so that you can use it for a claim.
- Right to object to the processing. You can ask ESIC to stop processing the data in the way you indicate, unless for compelling legitimate reasons or the exercise or defense of possible claims they have to continue to be treated.
- Right to data portability. In case you want to export your data to be processed by a third party, ESIC will facilitate this portability.
In the event that consent has been given for a specific purpose, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on the consent prior to its withdrawal.
To exercise your rights, you have at your disposal models, forms and more information on the web site of the Spanish Data Protection AgencyYou can contact them if you consider that there is a problem with the way in which ESIC treats your data.
2.2 Information about cookies and other trackers used by ESIC
ESIC, through its applications and websites, uses cookies and other trackers for different purposes. Cookies are files that are generated in your terminal when you browse through any of ESIC's applications or websites. These files can store information about the way you navigate or simply remember that you are a registered user. ESIC or third parties may have access to the information contained in these files, so it is important that you decide whether or not you want to accept these treatments. In addition to cookies, ESIC uses these other trackers to obtain user data: (1) tracking pixel: consists of an image that is sent from ESIC to your browser when you open an email sent by ESIC or enter an ESIC website, which allows ESIC to know data about the opening of the email or access to the web; (2) finger print: is a software solution that allows to analyze user navigation when the user requests a file from ESIC, loads it on your terminal or browses the ESIC website.Hereinafter, we refer to any type of tracker used by ESIC as "cookies".
Details about cookies in ESIC applications and websites:
A.- Technical Cookies (own):- Purpose: User identifier as a new visitor.
- Data processed: Login identifier.
- Duration of processing: 40 years or, at the most, until the cookie is deleted from the user's browser.
- Purpose: Reminder of the user's response to the cookie banner.
- Data processed: Banner response identifier.
- Duration of processing: 37 years or, at the most, until the cookie is deleted from the user's browser.
- reCAPTCHA (Google). Purpose: anti-spam security
- Data processed: This website has implemented the Google reCAPTCHA API for the indicated purpose. This system allows Google to collect software and hardware information, as well as application and device data, and sends it to Google for analysis. This information is used to improve the reCAPTCHA service and overall security. It will not be used to serve personalized ads from Google.
- Duration of processing: The retention periods are set by Google for each type of data depending on the reason for collection. For example, Google retains data on browser height and width and IP address for a maximum of nine months, while cookie information is deleted after 18 months.
- More information: https://policies.google.com/technologies/retention
- WAF. Purpose. security
- Data processed: This website has implemented a firewall and anti-malware service that prevents and mitigates attacks against the web and against data both in transit and at rest, for which it collects information about the software and hardware used for navigation and actions towards the web such as SQL injection attempts or brute force attacks. The implemented system can block the user by IP or by username used when it recognizes specific patterns identified as malicious or potentially harmful.
- Duration of treatment: 90 days
- Purpose: Distinction of unique users in Google Analytics, from Google Ltd.
- Data processed: IP, port, type of file requested and language and character settings, as well as the originating website and operating system.
- Duration of processing: The retention periods are set by Google for each type of data depending on the reason for collection. For example, Google retains data on browser height and width and IP address for a maximum of nine months, while cookie information is deleted after 18 months.
- More information: https://policies.google.com/technologies/retention
Social Cookies on ESIC sites
ESIC has profiles on the social networks (e.g. Instagram) indicated in the legal notice and has also integrated into its applications and websites some third-party content (e.g. YouTube videos). These actions involve a collaboration of ESIC with those responsible for these other sites for the initial collection of user data for advertising or statistical purposes. For the processing corresponding to the initial collection of user data, ESIC is co-responsible along with the owners of the social networks indicated and linked in the "legal notice" of this website. In relation to this processing, the owners of the social networks are the main co-responsible parties for the purpose of receiving requests for the exercise of rights by the interested parties.How to delete cookies or change your cookie settings
At any time, the user may reset or change their cookie preferences through the cookie control panel by clicking here. To delete cookies from your browser, please configure it as indicated in the instructions: If you wish, you can install the Google Analytics Opt-out Browser Add-on to disable the use of your personal data.For more information on how ESIC treats your data through cookies, please read the security, analytics and advertising profiling processing activities in ESIC's Register of Processing Activities (RAT).
2.3 Treatment Activity Log (RAT)
Click here to see the document Treatment Activity Record (RAT)2.4 Information Security and Privacy Policy
1. PURPOSE
The purpose of this Policy is to establish the general guidelines that determine ESIC's commitment to ensure the protection of services, information and personal data managed in its business processes.
2. SCOPE
This policy applies both to people and organizations that, in one way or another, are part of ESIC (University and Business School) and also to those others that interact with it.
3. INFORMATION AND PERSONAL DATA SECURITY PRINCIPLES
ESIC develops its work by providing quality teaching services and added value in the field of higher education. To achieve this purpose, it carries out business processes that require the management of information and personal data through computer services that are supported by an information system.
ESIC is aware of the need to ensure that the information and personal data it manages, as well as the services it handles, must receive adequate protection to meet legal compliance requirements, prevent unauthorized access to information and personal data, preserve their integrity and ensure that the information, personal data and services will be available when needed. Of particular relevance to ESIC is the protection that must be applied in the processing of personal data to guarantee the rights and freedoms of the individuals involved.
The fundamental principles that will govern the protection of the security of personal information and data will be the following:
- Integral security. Requiring the inclusion and coordination of all human, material, technical, legal and organizational elements related to ESIC's information and privacy system.
- Risk-based security. Analyzing the impacts and probabilities of materialization of risks that may threaten the information and privacy system and taking measures to address them at levels that do not affect the achievement of business objectives.
- Monitoring, surveillance, detection, response and preservation measures, establishing tools and processes that continuously monitor the operation of the information system, detect anomalies and threats, prevent their materialization and, if they finally occur, make it possible to recover the affected information and return to the initial situation.
- Training and awareness. Selecting people with the right skills to intervene in the system's processes, training them to improve these skills and making the whole company aware of the need for a proactive stance in defense of the security of information, personal data and services.
- Legal compliance. Analyzing in detail the legal framework in which the company's activities are framed and establishing the necessary measures to comply with the corresponding legal obligations, giving special importance to all those related to the protection of personal data and respect for the rights and freedoms of the persons involved in the processing of such data.
- Continuous improvement. Providing the system with mechanisms for regular review of its performance, analyzing measures to correct any dysfunctions that arise and actively seeking opportunities to improve its design and operation.
4. IMPLEMENTATION OF THE INFORMATION SECURITY AND PRIVACY MANAGEMENT SYSTEM
In order to meet the above principles, ESIC has decided to implement an Information Security and Privacy Management System which, by analyzing the relevant risks to information security and privacy, determines which treatments are necessary to limit the impact and probability that they may materialize, through the application of appropriate safeguards.
This risk analysis process will integrate the risks to the rights and freedoms of individuals that could occur when processing their personal data and, if these risks are relevant, will include a specific impact assessment, as determined by current legislation.
These risk analysis and treatment processes will be adapted to ESIC's internal and external context, and to the legal framework to which the company is subject due to the nature of its activities.
The set of processes that develop the Information Security and Privacy Management System will be properly documented.
In order that the operation of the Security and Privacy Management System fulfills its purpose and the assigned security and privacy objectives are met, ESIC's organizational structure will have the required positions, as well as specific applicable roles, assigning them the necessary responsibilities. In this context, a Compliance, Information Security and Privacy Committee will be created as the collegiate transversal body for the supervision and management of the Information Security and Privacy Management System.
5. REVIEW AND CONTINUOUS IMPROVEMENT
ESIC undertakes to set up mechanisms to review the proper functioning of the Information Security and Privacy Management System and to establish security and privacy objectives whose achievement will reflect the principle of continuous improvement of security.
These objectives will be obtained from the reviews that are carried out regularly to evaluate the system processes, from the non-conformities resulting from internal and external audits that are programmed, as well as from the initiative of all the actors involved when they perceive dysfunctions or opportunities for improvement.
Security and privacy objectives shall have designated responsible parties, sufficient resources and plausible timeframes for achievement. Their development and implementation shall be reviewed frequently.
6. CORPORATE COMMITMENT
The achievement of the objectives of the information security and privacy management system requires a total commitment from the company to guarantee its execution and the improvement of the processes and activities involved. This commitment will be embodied in the dissemination and communication of these guidelines to all employees of the company and to those external people and organizations that require their knowledge. This document will be published in a medium accessible to all those involved. This communication will be complemented with internal awareness actions to facilitate the integration of this system in ESIC's business objectives.
2.5 Applicable regulations and dispute resolution procedures
This legal, privacy and cookies notice is written in Spanish, will remain accessible through the Internet on this website and must be interpreted in accordance with Spanish regulations.
For more information, to report a bug or to ask a question, please contact ESIC at the addresses indicated at the beginning of this notice.