Free Evaluation

Privacy Policy

Responsible for the treatment

The Data Controller is MAE Sports and Education S.L.

Privacy principles

From MAE Sports and Education S.L. we are committed to you to work continuously to ensure privacy in the processing of your personal data, and to provide you at all times the most complete and clear information we can. We encourage you to read this section carefully before providing us with your personal information. If you are under fourteen years of age, please do not provide us with your personal information without parental consent.
In this section we inform you about how we treat the data of people who have a relationship with our organization. Starting with our principles:

– We do not ask for personal information, unless it is necessary to provide you with the services you request from us.
– We never share personal information with anyone, except to comply with the law, as necessary to provide the service to you, or with your express permission.
– We will never use your personal data for purposes other than those expressed in this privacy policy.
– Your data will always be treated with a level of protection appropriate to the legislation on data protection, and we will not subject them to automated decisions without expressly informing you.

We have drafted this privacy policy taking into account the requirements of the current data protection legislation:

– Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons (GDPR).
– Organic Law 3/2018 of December 5, 2018, on the Protection of Personal Data and guarantee of digital rights (LOPD).
– Royal Decree 1720/2007, of December 21 (RLOPD).

This privacy policy is dated December 6, 2018.
On the occasion of the modification of processing criteria, in order to make it easier to understand or to adapt it to current legislation, we may modify this privacy policy.
We will update the date of the same, so that you can check its validity.

Treatments we perform

CONTACT TREATMENT
Legal Basis: Consent of the data subject
Purposes of Processing: To fulfill your request, send you information and follow up on the request.
Group: Contact persons, customers, suppliers
Data categories: Name and surname, telephone, email address, etc.
Categories of Recipients: No transfer of data to third parties is contemplated.
International Transfers: International transfers of data are not foreseen.
Deletion Period: The contact data will be kept for an indefinite period of time, or until the interested party requests its deletion.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

TREATMENT OF EMPLOYEES
Legal Basis: GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is a party or for the implementation at the request of the data subject of pre-contractual measures.
GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the controller.
Royal Legislative Decree 2/2015, of October 23, 2015, approving the revised text of the Workers’ Statute Law.

Purposes of Treatment

– Management of contracted personnel.
– Personal file. Time control. Training. Pension plans. Prevention of occupational hazards.
– Issuance of personnel payroll.
– Management of union activity.
Group: Employees
Data categories: – Name and surname, DNI/CIF/identifying document, personnel registration number, Social Security/Mutuality number, address, signature and telephone.
– Special categories of data: health data (sick leave, occupational accidents and degree of disability, without including diagnoses), union membership, for the sole purpose of payment of union dues (if applicable), union representative (if applicable), own and third party proof of attendance.
– Personal characteristics data: Sex, marital status, nationality, age, date and place of birth and family data.
– Family circumstances data: Date of registration and discharge, licenses, permits and authorizations.
– Academic and professional data: Degrees, training and professional experience.
– Detailed employment and administrative career data. Incompatibilities.
– Time and attendance data: date/time of arrival and departure, reason for absence.
– Economic-financial data: Payroll economic data, credits, loans, guarantees, tax deductions, leave of assets corresponding to the previous job (if applicable), judicial withholdings (if applicable), other withholdings (if applicable). Bank details.

Categories of Recipients:
– Entity in charge of risk management
labor.
– General Treasury of the Social Security.
– Trade union organizations.
– Financial entities.
– State Agency of Tax Administration.
– Prime contractors to whom we provide services as subcontractors.

International Transfers: International transfers of data are not foreseen.
Deletion Period: They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from that purpose and the processing of the data.
The economic data of this processing activity will be kept under the provisions of Law 58/2003, of December 17, 2003, General Tax Law.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

TREATMENT OF CARE RIGHTS OF INDIVIDUALS (ARCO)
Legal Basis: GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the controller.
General Data Protection Regulation.
Purposes of the Treatment: To attend the requests in the exercise of the rights established by the
General Data Protection Regulation.
Group: Individuals who request it (employees, customers, suppliers, people in the company, etc.).
contact)
Data Categories: Name and surname, address, signature and telephone number.
Categories of Recipients: They may be communicated to the Supervisory Authority (Spanish Data Protection Agency) in the context of an investigation for the protection of rights initiated by the data subject.
International Transfers: International transfers of data are not foreseen.
Period of Suppression: They will be kept for a period of five years from the time of the request.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

SUPPLIER PROCESSING
Legal Basis: GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is a party or for the implementation at the request of the data subject of pre-contractual measures.
GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the controller.
Royal Legislative Decree 2/2015, of October 23, 2015, approving the revised text of the Workers’ Statute Law.
Law 58/2003, of December 17, 2003, General Tax Law.
Purposes of the Treatment: – Acquisition of products and/or services that we need for the development of our activity.
– Control of subcontractors, if applicable.
Collective: – Suppliers.
– Workers of our suppliers.
Data Categories: – Name and surname, DNI/NIF/identifying document, address, signature and telephone number.
– Employment detail data: job title. Occupational safety training.
– Economic-financial and insurance data: Bank data.
Categories of Recipients: – Financial institutions. (Payment of invoices)
– State Agency of Tax Administration.
International Transfers: International transfers of data are not foreseen.
Period of Suppression: They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from that purpose and the processing of the data, in accordance with Law 58/2003, of December 17, General Taxation,
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

CUSTOMER TREATMENT.
Legal Basis: GDPR: 6.1.a) The data subject consented to the processing of his or her personal data for one or more specific purposes.
GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is a party or for the implementation at the request of the data subject of pre-contractual measures.
GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the controller.
RGPD: 6.1.f) Processing necessary for the satisfaction of legitimate interests of the data controller.
Royal Legislative Decree 2/2015, of October 23, 2015, approving the revised text of the Workers’ Statute Law.
Law 58/2003, of December 17, 2003, General Tax Law.
Purpose of Processing: Intermediation between students and U.S. colleges/universities
Group: Customers
Data Categories: – Name and surname, DNI/NIF/identifying document, address, signature and telephone number.
-Academic data.
– Economic-financial and insurance data: Banking data
Categories of Recipients: – Financial institutions.
– State Agency of Tax Administration.
-U.S. colleges, colleges and universities
International Transfers: The international transfer of data to the USA is foreseen.
Period of Suppression: They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from that purpose and the processing of the data, in accordance with Law 58/2003, of December 17, General Taxation,
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

SECURITY BREACH NOTIFICATION PROCESSING
Legal Basis: GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the controller.
General Data Protection Regulation. Articles 33 and 34
Purposes of Processing: Management and evaluation of security breaches that occur in our organization.
Group: Variable: Employees, Customers, Suppliers, Contact Persons (will depend on the security breach)
Data Categories: Variable. (Depending on the security breach)
Categories of Recipients: – Spanish Data Protection Agency.
– State Security Forces and Corps.
International Transfers: International transfers of data are not foreseen.
Deletion Period: They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from that purpose and the processing of the data. The provisions of the archives and documentation regulations shall apply.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

YOUR RIGHTS
You have the right to ask us for a copy of your personal data, to rectify inaccurate data or complete them if they are incomplete, or delete them if they are no longer necessary for the purposes for which they were collected.
You also have the right to limit the processing of your personal data and to obtain your personal data in a structured and readable format.
You may object to the processing of your personal data in certain circumstances (in particular, where we do not have to process it in order to comply with a contractual or other legal requirement, or where the purpose of the processing is direct marketing).
Once you have given us your consent, you may withdraw it at any time. At that time we will stop processing your data or, if applicable, we will stop processing your data for that particular purpose. If you choose to withdraw your consent, this will not affect any processing that you have
took place while his consent was in effect.
These rights may be limited; for example, if in order to comply with your request we have to disclose information about another person, or if you ask us to delete certain records that we are required to maintain by law or for a legitimate interest, such as the
exercise of defenses to claims. Or even in those cases where the right to freedom of expression and information must prevail.
You can contact us by any of the means indicated in the Data Controller section of this privacy policy, providing a copy of a document proving your identity (usually the DNI).
Another of your rights is the right not to be subject to a decision based solely on automated processing, including profiling that produces legal effects or affects you.
In the event of any violation of your rights, such as, for example, if we have not complied with your request, you have the right to file a complaint with the Data Protection Supervisory Authority. This may be the one in your country (if you live outside Spain) or the Spanish Data Protection Agency (if you live in Spain).

Additional information

Processing of your data outside the European Economic Area.
For the indicated treatments we may use the services of the following providers outside the European Economic Area, but covered by the Privacy Shield agreement, approved by the data protection authorities of the European Union.

Facebook/ Instagram (FB Messenger): Social networking and communications More information:
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC

Google (Drive / Mail …): Cloud Services More information:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI

Whatsapp: Mobile instant messaging More information:
https://www.privacyshield.gov/participant?id=a2zt0000000TSnwAAG

Links to third party websites.

Our website may, on occasion, contain links to other websites. It is your responsibility to ensure that you read the data protection policy and legal conditions that apply to each site.

Third-party data.

If you provide us with data of third parties, you assume the responsibility of informing them in advance in accordance with the provisions of Article 14 of the GDPR.

Facebook Instagram Twitter Youtube
Services
Menu
Contact
MAE Sports & Education SL in the framework of the ICEX Next Program, has been supported by ICEX and co-financed by the European FEDER fund.
The purpose of this support is to contribute to the international development of the company and its environment.
International educational agent accredited by:​
Official partner:
  • © 2022 MAE Sports and Education. All rights reserved