Campus Virtual Insa

Data Protection and Privacy Policy (GDPR Compliance)

Controller: INSA Business, Marketing & Communication School (hereinafter “INSA”), located in Barcelona (Spain).
Reglamento (UE) 2016/679 (GDPR) y a la Ley Orgánica 3/2018 (España)

1. Purpose of the Data Processing

The personal data provided by the student during the admission and enrollment process, as well as any data subsequently supplied or generated during the academic relationship, will be processed by INSA for the following purposes:

To manage the student’s admission, enrollment, and participation in INSA programs and activities.

To provide access to the virtual campus, user area, and related digital platforms.

To send information related to academic programs, schedules, events, and institutional communications.

To send newsletters, promotional or informational communications about INSA’s programs, services, or collaborating entities—by any channel, including electronic means (e.g., email, SMS, messaging services).

To conduct surveys to assess the quality of our academic and administrative services.

To manage participation in events, contests, or special offers organized by INSA or its partners.

To maintain and strengthen the relationship with INSA alumni and conduct loyalty or follow-up actions after the end of the academic relationship.

To develop academic, professional, or marketing profiles based on information provided by the data subject, always within the scope of INSA’s legitimate interests and without automated decision-making with legal effects.

2. Legal Basis

The processing of data is carried out under the following legal bases:

Performance of a contract: management of academic and administrative services related to the student’s enrollment and participation.

Legal obligations: compliance with educational and fiscal regulations applicable to INSA.

Consent: sending of commercial or promotional information, participation in surveys, events, and image rights management.

Legitimate interests: maintenance of the academic community and alumni network.

3. Data Retention

Data will be stored for the duration of the academic relationship and subsequently retained for the period required to comply with legal obligations or until the data subject requests erasure, provided such erasure is legally permissible.

4. Data Disclosure

No personal data will be transferred to third parties except:

To service providers who process data on behalf of INSA under data processing agreements (e.g., hosting, cloud services, educational platforms).

When legally required or authorized by the data subject.

5. International Data Transfers

If any international data transfer occurs, it will be performed in compliance with Articles 44–49 of the GDPR, ensuring adequate protection through standard contractual clauses or equivalent safeguards.

6. Rights of the Data Subject

You may exercise your rights of access, rectification, erasure, restriction, portability, and objection by written request to:

INSA Business, Marketing & Communication School
Attn: Data Protection Officer (DPO)
Email: info@insabarcelona.com

If you consider that your rights have not been properly addressed, you may file a complaint with the Spanish Data Protection Agency (AEPD).

7. Withdrawal of Consent

You may withdraw your consent at any time by contacting INSA, without affecting the lawfulness of processing carried out before withdrawal.

8. Additional Information

Further details about our privacy and data protection practices can be found in the “Data Protection” section of our website: https://insabarcelona.com

By clicking “Accept”, I give my express consent and provide my electronic signature for this policy.