INTRODUCTION 

At Barcelona SAE, we believe that privacy is important for our customers and we take protecting your privacy seriously: the following paragraphs outline our policies for doing so. Our Policy covers the treatment of all personal information that the company collects when you interact with our website and customer database, submit information through our forms, and/or participate in our programs. This policy is further subject to the company’s Terms and Conditions posted on the website.

There are two important clarifications as you begin to read. First, this document will varyingly refer to “the company” which is a reference to Barcelona SAE, the company with whom you are interacting. Next, for the purposes of this document the term ‘you’ or ‘customer’ refers to you the individual, whether you are a student or teacher of a participating university who is interested in, planning to or already participating in our programming. Please continue to read our Privacy Policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information (PII).

THE INFORMATION WE COLLECT

We collect two types of information: personal information that you provide to us and non-personal information automatically collected through automated means.

PERSONAL INFORMATION

Wherever possible, personal information is collected directly from you, although there may be occasions when information is collected about you from third parties, such as host or partner universities, with the prior approval of the individual or a publicly maintained record. If you are registered with us, you can access content and services that we offer only to registered users. Registered users also have the option of changing or deleting the data specified during registration at any time. We are also able to provide you with information about the personal data we hold about you at any time.

If you do not want to provide us with your Personal Information, you are not required to do so; however, while you may still access the Website, certain services may not be available to you. By providing your Personal Information to us via the Website, you consent to receive information and updates from us, our representatives or our authorized third party service providers (except where prohibited by law).

Personal information that we might collect includes:

• Your contact details to communicate with you, such as  your email address, mailing address, and phone number.
• Your academic information, such as your transcript and educational background to forward to our affiliated institutions so that you may further your education.
• Your health and medical information, to ensure your specific needs are addressed (e.g. allergies, prescriptions, disabilities, etc).
• Your national identification information (i.e. social security number), passport, and related data to fulfill international immigration regulations, register you with the proper local institutions and authorities, and organize logistics essential to your program.

NON-PERSONAL INFORMATION

When you access our website, information of a general nature is automatically recorded. We use web analytics tools that rely on cookies, web beacons, and other automated tracking technologies to help us analyze how users interact with our website, how we can improve our website, how we can personalize your website experience and provide you with information we believe may be of interest to you. This information does not individually identify you as a person. Anonymous information of this kind is statistically evaluated by us to optimize our Internet presence and the underlying technology.

Non-personal information that we might collect automatically includes:

• The type of web browser you are using
• The operating system you are using
• The name of your  internet service provider
• Your anonymous IP address in our access and error logs

Our website uses third party tracking technologies like Google Analytics and Google Conversion Tracking. In both cases these technologies rely on the use of “cookies” and “web beacons.” A cookie is a small amount of data which is sent to your browser from a web site’s computers and stored on your computer’s hard drive.

Most browsers automatically accept cookies as the default setting. You can modify your browser setting to reject our cookies or to prompt you before accepting a cookie by editing your browser options. However, if a browser is set not to accept cookies or if a user rejects a cookie, some portions of the website and services may not function properly.

A web beacon is an electronic image, also called a “gif,” that may be used on our web pages to deliver cookies, count visits and compile statistics on usage and campaign effectiveness or in our emails to tell if an email has been opened and acted upon.

To better understand how Google may use the information collected through Google Analytics to evaluate Users’ and Visitors’ activity on our Site see Google Analytics Privacy and Data Sharing. You can obtain more information about cookies by visiting http://www.allaboutcookies.org.

HOW WE COLLECT YOUR INFORMATION

As stated above (The Information We Collect), we collect your information for:

• Operations: To operate, maintain, enhance and provide all the features of our programming to provide the services and information that you request.
• Improvements: We use the information, not including customer data, to understand and analyze the usage trends and preferences of our visitors and users, to improve our products, services, website, and to develop new products, services, features, and functionality.
• Communications: For administrative purposes such as customer service, to address intellectual  property infringement, right of privacy violations, or defamation issues related to the customer data or personal data posted on the service or to provide updates on promotions and events, relating to products and services offered by us and by third parties we work with.

None of the information we gather is sold, rented, traded, modified, or shared with any third parties who are not directly involved in the delivery of your program. This information is used only internally by company administrators and administrators of any company partners in the locations where you sign up so that they may better understand your needs and provide a better service.

Occasionally, at our discretion, we may include or offer third party products or services on our website. As an example, if you purchase any product or service available through the Website, you may be transferred to a website operated by a third party processor and be required to provide financial and other Personal Information to that third party processor.

As another example, you may decide to connect with us through various social media tools, such as Facebook or Twitter, that are provided by third parties. Any collection, processing, or use of information by such a third party is subject to that third party’s terms of use and privacy policy. We only work with companies who adopt the same practices and standards as we do; however, those companies remain responsible for their internal enforcement of those practices and standards.

Please check the privacy statements of these other websites for more information about their policies on collection and use of personal information. We seek to protect the integrity of our site and welcome any feedback about these sites.

SHARING YOUR INFORMATION

We at the company abide by the requirements laid out by Privacy Shield and GDPR which outlines the situations in which an organization may disclose personal information to a third party. Only as needed, and within specified limited purposes consistent with the consent provided, we may share your personal information with:

• Our internal staff
• Technical consultants
• Host or home universities and institutions

As well as other third parties such as:

• Transit or travel authorities
• Hotels
• Homestay partners
• Landlords
• Venues
• Medical professionals
• Legal authorities

Personal information may be disclosed where an individual has consented to the disclosure, or when the disclosure is done in the best interest of the individual such as in the case of a medical emergency, a serious and imminent threat to a person’s life, health or safety, a requirement under law or authorized by law, or a requirement for an enforcement body.

The company establishes contracts with all third party organizations affirming that they will abide by the same regulations and principles as the company. Furthermore, the third party organizations will only process the provided information for the limited and specified purposes consistent with the consent provided by you. In these situations the company remains accountable for personal data, as well as liable to relevant data protection authorities if any third parties engages in activities that are inconsistent with these policies and all appropriate legal frameworks unless the company is able to prove that it was not responsible for the event that caused the damage.

This means that they will take all reasonable efforts to protect your data, but also not use, share, or alter the provided personal information in any way that was not previously and explicitly consented to by you. The company will not share your personal data with any third-party or organization that you do not agree to.

Our agents and representatives will inform you of what data is shared, and to whom. You may request through your program advisor or coordinator that your information not be shared to a particular outside organization. You may also write your requests to our EU Data Protection Representative at ge@dpr.eu.com.

The company is committed to cooperate with European Data Protection Authorities, and will disclose information as required in response to any lawful requests made by public authorities, including to meet national security or law enforcement requirements.

KEEPING YOUR INFORMATION SECURE

In alignment with GDPR Article 32 and section 4 of the Privacy Shield framework the company takes all reasonable and appropriate measures to protect your data from unauthorized access, disclosure, loss, use, modification, or other misuse.

The company also consistently destroys hard copies of personal information that is no longer required. This destruction is undertaken by secured means. When in digital form, your personal information is contained within secured networks (i.e. HTTPS, AES Encryption, etc) and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Stripe’s secure connection.

GDPR INFORMATION RIGHTS AND PRACTICES

As of May 25th, 2018, all European Union residents and citizens are granted personal privacy as a fundamental human right. This also applies to our participants while they are residing in Europe during our  various programs. As such, under these regulations, the company will not hold onto participant data for longer than is legally necessary and only for as short as possible to protect individual privacy as well as business interests.

You also have the right to rectify any mistakes or incomplete information that may have been provided in order to ensure accurate and complete records. You may also object to the processing of data relating to themselves except in the cases of a specific legal obligation. The company agrees to not collect more personal data than necessary for its legitimate business interest of providing safe and rewarding international programs. All customers have the right to revoke consent to the onward transfer of their personal information or to be forgotten, so long as there is no conflicting legitimate business or individual interest.

In addition customers may request to have a copy of their personal data sent to them. All of these rights are afforded free of charge. However, we are not responsible for removing your personal information from the lists or systems of any third party who has previously been provided your information in accordance with this policy. Once data is no longer relevant to our legitimate business purposes, it is pseudonymized or anonymized based on the kind and calibre of information. The information that we keep exists strictly for analytical purposes to better serve the interests of future customers.

YOUR ACCESS TO YOUR DATA

The company recognizes your rights to access your personal data, and will take all reasonable steps to ensure that personal information is accurate. To aid this, you may request to see and correct any mistakes present in your record. You have the right to request that your personal details be removed from our records (a.k.a., “opt out”), provided there is no legal requirement or legitimate business interest relating to the purpose for which they were collected or processed.

Such requests need to be made in writing to our Data Protection Representative, who then will investigate the validity of the request and proceed to take all reasonable steps, including technical measures, to inform controllers that are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

Requests for removal will not be honored in the cases of the following:

• The removal impinges on the “right of freedom and expression”
• There is a corresponding legal obligation which requires processing or holding of financial or medical
  records
• Reasons of public interest in the area of public health
• For archiving purposes in the public interest, scientific, historical research, or statistical purposes
• For the establishment, exercise or defense of legal claims

You may opt out of receiving promotional emails or text messages from us at any time by following
the instructions in those emails or text messages. If you opt out, we may still send you non-promotional
communications, such as messages about your account or our ongoing business relations, as well as
emergency communications regarding our programs abroad.

CHANGE OF OUR PRIVACY POLICY

We reserve the right to modify this Privacy Policy from time to time to ensure that it complies with current legal requirements or to implement changes to our services in the Privacy Policy. Any modification will be effective immediately upon posting on this website. You are responsible for regularly reviewing this Policy so that you will be apprised of any changes. You can determine when this policy was last revised by referring to the “LAST UPDATED” legend at the top of this Policy.

DATA PROTECTION QUESTIONS AND CONCERNS

The company complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. The company has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

The company is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). If an individual believes that their personal information has not been dealt with in accordance with the company’s policies or applicable laws and regulations, they may lodge a complaint to the Data Protection Authority in writing via email listed below. Acknowledgement will be made within 7 working days of receiving the complaint and a response provided within 30 days. If the result of this does not satisfy the need you may also invoke binding arbitration.

For any questions regarding the company’s compliance of personal information privacy requirements, or to request removal of personal data, please contact our Data Protection Representative by email to DPR Group at ge@dpr.eu.com or by contacting them on our online webform at https://www.datarep.com/ge?dpr. Only communication related to GDPR concerns should use the preceding email address or web link. 

In compliance with the Privacy Shield Principles, Barcelona SAE commits to resolve complaints about our collection or use of your personal information. Global Educators is committed to cooperate with EU data protection authorities (DPA’s) and will comply with the advice given by such authorities in regard to human resources and non-human resources data transferred from the EU.

EXTERNAL LINKS

• https://www.privacyshield.gov
• https://gdpr-info.eu/