1. Data Processor identity
The information provided by the USER through any of the WEBSITE forms will be included in one or more data files, under the responsibility of CAMBRIDGE UNIVERSITY PRESS (hereinafter, the COMPANY), an organisation registered in the Register of Foundations (registration number 250CUL-EXT), with the following details:
- Corporate address: C/ José Abascal 56, 1º - 28003 Madrid (Spain).
- Fiscal ID Number: W0064249F
- Contact email: firstname.lastname@example.org
2. The purpose of data processing
The COMPANY will process information provided by the USER for the following purposes:
- To manage the contractual or commercial relationship between the COMPANY and the USER.
- To provide services requested by the USER.
- To manage, handle, provide, expand and improve the services the USER has decided to sign up for or register for, including online courses.
- To send out information on modifications to products or services hired by the USER.
Furthermore, in marking the corresponding box on the form, the USER authorises their data to be processed for the following additional purposes:
- To send out information on new products or services similar to those originally subscribed to or services that may be of interest, in any format, including in an electronic format and even when the commercial relationship between the COMPANY and the USER has concluded.
The legal grounds which legitimise all previous data processing shall be the consent of the USER. For the purposes indicated, data will be stored indefinitely, or until the USER exercises the right to delete, oppose and/or limit the processing of their data.
In addition, the USER grants the COMPANY authorisation to receive confirmation of notifications, sent by email, which have been received and read, and using images included in these emails, which generate statistical data when downloaded. Nevertheless, USERS can block this confirmation by deactivating the automatic download of images in their email settings. The links included in emails are linked to the email address of the USER, which means the COMPANY has information on the access to the said links. The USER can block this function by refraining from directly accessing the link.
3. Recipients of information
The data the USER has given to the COMPANY will not be communicated to third parties, unless:
- The transfer of information is legally authorised.
- Data processing relates to the free and legitimate acceptance of a legal relationship, the development, compliance and control of which involves the need to connect this data processing to third party files, for instance banks, for the invoicing of products or services hired, or courier companies sending the products chosen.
- The data has been requested by an Ombudsman, Public Prosecution Office, Judges or Courts, or Spain’s Court of Auditors, in exercising their corresponding duties.
4. The obligatory or optional nature of the requested information
Obligatory data on each form will be identified from the said form.
The refusal to supply this information will prevent the service hired by the USER from being effectuated.
5. Exercising rights
In making their data available, the USER agrees to having expressly read and accepted the processing of their personal data, in accordance with that indicated above. Nevertheless, the USER can revoke this consent at any time, in addition to exercising their rights to access, rectify, delete, oppose and limit the processing and transfer of their data, when the aforementioned rights are applicable, by writing to the address indicated above, supplying a photocopy of their ID Card or a similar ID document and confirming their request.
Additionally, if USERS feel their data has not been handled correctly, they have the right to file a complaint to the Spanish Data Protection Agency (C/ Jorge Juan, 6. 28001 – Madrid www.aepd.es).
6. The USER’S commitments
The USER must be aged 14 or over and guarantee that the information they provide is accurate and correct.
The USER agrees to inform THE COMPANY of any modification to the information provided by sending an email to email@example.com, identifying themselves as WEBSITE USER and specifying the information to be changed.
The USER also agrees to save the passwords and login codes confidentially, and to inform the COMPANY, as soon as possible, of any loss, theft or unauthorised access. Should this communication not occur, the COMPANY will be exempt from all responsibility corresponding to the incorrect use by unauthorised third parties of the said passwords and login codes.
7. Third party data provided by the USER
If for any reason the USER provides the personal data of third parties, they must guarantee that the third party in question has been informed beforehand, obtaining their consent to communicate this information to the COMPANY.
The USER must ensure that third parties are aged 14 or over and that the information provided is accurate and correct.
The COMPANY will verify the permission of third parties by sending an initial, non-commercial email requesting confirmation of their consent, granted to the USER sending their data.
Should any responsibility for the non-fulfilment of these conditions correspond to the USER, they will be liable for this non-compliance.
8. Cookies and tracking cookies
We use the following cookies:
- Technical cookies: necessary or suitable for providing certain services. If these cookies are deactivated, the Website content will not be received correctly.
- Analytical cookies: for the monitoring and statistical analysis of USERS’ general browsing. If deactivated, the WEBSITE will continue to operate, notwithstanding that the information collected by these cookies in the use of our website and the content allows our services to be improved.
More specifically, the COMPANY uses:
- Google Analytics cookies, which aim to generate a unique user ID and are used to count the number of times a user visits the site, in addition to the date of their first and last visit. These cookies are retained for 26 months.
- Facebook cookies, which aim to gain an idea of aspects such as IP addresses, web browser information, page location, user data and page browsing. For more information, please refer to Facebook’s cookies policy.
The legal grounds legitimising information attained with cookies is through user consent.
The information obtained via cookies is stored in EU-established Google servers, which do not guarantee sufficient data protection. That said, Google does adhere to the Privacy Shield and also has authorisation from Spain’s Data Protection Agency (AEPD) to transfer personal data to the USA.
With regard to Facebook, the data is operated by Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).
The USER also accepts the processing of IP addresses, which enable the COMPANY to compile data for statistical purposes, for instance: date of the first visit, number of visits, date of the last visit, the URL and the domain location, the browser used and the screen resolution. The IP information is used according to the technological requirements of enabling a connection to the service via the internet. This data is retained for 1 month.
The USER can revoke this consent at any time, and exercise their rights to access, rectify, delete, oppose and limit the processing and transfer of their data, when the aforementioned rights are applicable, by writing to the address indicated above, supplying a photocopy of their ID Card or a similar ID document and confirming their request. Additionally, if USERS feel their data has not been handled correctly, they have the right to file a complaint to the Spanish Data Protection Agency (C/ Jorge Juan, 6. 28001 – Madrid www.aepd.es).
Nevertheless, the USER making the request must be identified and linked to the data obtained from cookies. In some cases, this identification may not always be possible, unless the USER can certify their ID.
9. Security measures
The COMPANY has adopted the necessary technical and organisational measures to guarantee the security of personal data and to avoid it being altered, lost, processed or accessed without authorisation, taking into consideration the state of the technology, the nature of the stored data and the risks of it being exposed, be it from human actions or the physical or natural environment.
However, the USER must be aware that the security measures on the internet are not impenetrable.