683 17 81 94
Skip to content
Colegio Andolina
Back to home

Privacy Policy

At Colegio Andolina we respect your privacy and are committed to protecting your personal data in accordance with current regulations

Last update: January 2026
PRIVACY POLICY In compliance with the provisions of the European Data Protection Regulation, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, concerning the protection of personal data, its processing and the free movement of such data, and Organic Law 3/2018, of 5 December, on Personal Data Protection and the guarantee of digital rights, we hereby provide you with the following information regarding the processing of your personal data. Who is responsible for processing your data?  Identity: COLEGIO ANDOLINA SOCIEDAD COOPERATIVA ASTURIANA  Tax ID: F33986522  Postal Address: Camino del Barreo 203 Cefontes (Cabueñes), Gijón, 33394, Asturias  Telephone: 683 17 81 94  Email: info@colegioandolina.org  DPO Contact: lopd@colegioandolina.org For what purpose do we process your personal data? The data collected will be processed for the following purposes: • Commercial offering and management of products and services. • Internal use, performance of operations, and administrative, economic and accounting management arising from the relationship with the data subject (commercial and/or contractual relationship). • Review and management of applications for admission as a member, as a user/collaborator, and the creation of cooperative statistics for internal use. • In the event of admission: for the creation of the user account in the Controller’s systems; maintenance, development and/or monitoring of compliance with the cooperative relationship once the application has been accepted. • Management of the enrolment process of the minor or minors; monitoring and communication of the progress of the minor or minors, as well as activities, behaviours and/or events arising from school activity; handling of your queries and requests; quality control. • Administrative, economic and accounting management associated with the provision of our services and/or with the relationship with the data provider. • Management of registrations for events and/or activities organised by and/or involving the Controller. • Handling of your queries and requests: Management of responses to enquiries, complaints or incidents, requests for information, resources and/or activities. • Quality control of our products and services, management of the quality of processes and activities, as well as the evaluation of satisfaction/perception and performance results of the organisation’s different stakeholders. • Provision of supporting evidence for campaigns, activities, promotions, competitions, projects and grants in which the organisation participates. • Compliance Management (applicable legal regulations, as well as internal mandatory regulations): investigation, monitoring and auditing of controls established to prevent criminal offences, including access controls to facilities, as well as controls related to the use of images captured by video surveillance systems, for the investigation of accidents and/or incidents that may occur, as well as regulatory breaches, crimes or unlawful behaviour. • Assessment of financial solvency and creditworthiness in order to confirm the economic viability of the requested transaction, as well as, where appropriate, communication and management associated with the recovery of the amounts agreed for the provision of the service. • Consultation of advertising exclusion systems that may affect your activity, excluding from processing the data of persons who have expressed their objection or refusal through consultation of the advertising exclusion systems published by the competent supervisory authority. • Associated management, including prior communication where necessary, which may arise from the development of any operation involving structural modifications of companies or the contribution or transfer of a business or business activity branch, provided that the processing is necessary for the successful completion of the operation and, where appropriate, guarantees the continuity of service provision. • Statistical and historical purposes that enable us to improve the commercial strategy of our products and services. • The management and auditing of the organisation’s management systems and compliance systems for processes and facilities. • Dissemination of our best practices relating to the services we have provided to you and/or the publication and/or communication of graphic material that may include the image of the data subject and/or staff under their responsibility in corporate communication media (including, but not limited to, website, social media, newsletters, activity reports, feature articles, media presence) and/or other public media (sector publications and/or reports in printed press, TV, etc.), as dissemination of the results of the activity, promotion and publicity, management of campaigns, activities and events and/or as proof of technical solvency for requests for supporting evidence in tender processes, technical offers, projects and grants in which the Controller participates, to the extent that you have unequivocally consented to this. • Contact and sending of personal communications, invitations to events, greetings on special dates, sending of quality and satisfaction surveys, as well as to periodically inform you of updates, news and corporate information, information on the publication of grants, competitions and rates of other products and services of the organisation, in order to assess the quality of our processes and offer you products and services that may be of interest to you by telephone, written or electronic means, depending on the communication channels provided, to the extent that you have unequivocally consented to this. • Profiling, to the extent that you have unequivocally consented to it, “in order to offer you products and services according to your interests, as well as to improve your user experience, we will create a ‘profile’ based on the information provided. No automated decisions will be made based on that profile.” • Communication of your personal data to private/public entities, depending on the contracted service/product, for the proper management of the provision of services agreed between the parties, to the extent that you have consented to this. In addition, to the extent that you are a supplier/collaborator of the organisation, we also process your data for the following purposes: • Internal use, commercial and relational management, execution of operations and administrative, economic and accounting management arising from the relationship with the supplier/collaborator. • Communications and enquiries regarding commercial offers and/or the development of the requested service: requests for quotations, fulfilment times, order confirmation, terms and conditions, order confirmation, etc. • Management of contracting and provision of services by the supplier/collaborator, as well as compliance with contractual and regulatory requirements linked to the organisation or requested operation. • Management of the selection, approval and contracting of suppliers/collaborators and verification of regulatory compliance. • Management of responses to enquiries, complaints or incidents, requests for information, resources and/or activities that may be made by the data subject and/or a third party related to the organisation in relation to the work and/or services provided by the supplier/collaborator to the organisation. • Promotion and dissemination of the Organisation: the preparation, publication and communication of statistics, activity reports and information associated with the communication and transparency of its activity, as well as the recording and publication of informative material, communication and management of campaigns, activities, events, competitions and/or the recording and publication, in the organisation’s communication media (including website and social media) and/or other public media, of videos, recordings and photos associated with the activities carried out by the organisation that may include the image of the data subject in the performance of their duties “in order to provide stakeholders with information about the organisation”, in cases where the data subject has unequivocally consented. • Management of the quality of processes and activities, as well as the evaluation of satisfaction/perception and performance results of the organisation’s stakeholders. Conducting surveys. • Management of contact with the data subject through the communication channels provided by the data subject (email and/or telephone) in order to manage notices and coordinate actions by persons related to the organisation. In cases where the data subject unequivocally consents, the use and sharing of private contact details (email and private telephone numbers) with persons related to the organisation and with third parties requesting them may be carried out. • The management and auditing of management systems and/or occupational safety management and regulatory compliance of the organisation’s processes and facilities, as well as the reservation of the right to carry out periodic audits at your facilities as part of the agreements reached in the commercial relationship, in cases where the data subject unequivocally consents. • Demonstrating the Organisation’s regulatory compliance to a third party that requires it: communication to third parties of data relating to the data subject required by them in order to comply with the coordination of business activities, demonstrate the organisation’s regulatory compliance and the third party’s internal regulations and/or manage access to facilities. In cases where the data subject unequivocally consents, the communication of such information/documentation required by the third party that is not explicitly included in the established legal or regulatory obligations, but rather in the third party’s internal regulations, may be carried out. • Provision of supporting evidence for campaigns, activities, promotions, competitions, projects and grants in which the organisation participates. • Contact and sending of personal communications, invitations to events, greetings on special dates, sending and management of quality and satisfaction surveys, as well as to periodically inform you of updates, news and corporate information, through the communication channels provided, to the extent that you have unequivocally consented to this. To the extent that you have provided us with your CV in order to become part of COLEGIO ANDOLINA SOCIEDAD COOPERATIVA ASTURIANA, the uses and purposes for which we process your data are: • Internal use for staff selection processes, for inclusion in the Job Bank and for the offering and management of possible employment or collaboration opportunities that may arise. • Management of competency assessment of candidates and persons in selection and/or internal promotion for job positions. • Use of your CV in technical proposals for projects in which your incorporation is being considered, if you have unequivocally consented to this. • Compliance Management (applicable regulations as well as internal mandatory rules): investigation, monitoring and auditing of controls established by the organisation. • Management of contact with the data subject through the communication channels provided (email and/or telephone) in order to manage notices and coordinate actions for the management of the selection process by persons related to COLEGIO ANDOLINA SOCIEDAD COOPERATIVA ASTURIANA and/or third parties contracted to carry out selection processes for candidates for vacancies or jobs. • The performance of tests and/or aptitude certificates that may be required for staff selection purposes, which will be optional, shall be understood as an expression of the user’s consent for the inclusion of the data provided, as well as, where appropriate, its assessment, in the database of the Job Bank of COLEGIO ANDOLINA SOCIEDAD COOPERATIVA ASTURIANA, and its automated processing for the purpose of carrying out that selection. As a consequence of access to the facilities that may be required for the performance of such tests and/or aptitude certificates, processing associated with the security of such facilities may be carried out through access records. • Management of visits to the facilities, as well as safety and regulatory compliance therein, investigation of possible incidents or accidents, management of related insurance and management of warnings or sanctions for breaches of safety rules. All data requested by the Controller are necessary for the effectiveness of the purposes described. Concealment of information or failure to provide it may affect the results of our services or make it impossible to provide them. What is the legal basis for processing your data? The legal basis for processing your data is as follows:  The performance of a contract and/or request by the data subject. The data requested are necessary for its proper performance.  Compliance with a legal obligation: administrative, commercial, tax, fiscal, accounting, civil and financial regulations, and consumer protection legislation, as well as the regulations inherent to the contracted transaction/service and those applicable to the relevant sector.  Satisfaction of a legitimate interest of the Controller: processing of data as parties to a commercial relationship and/or contract, which are necessary for its maintenance or fulfilment, fraud prevention, cases of legitimate interest in which the controller could be an injured party and the processing and communication of the data of the defaulting party to third parties is necessary in order to manage regulatory compliance and defend the interests of the controller, the legitimate interest in direct marketing authorised by the LSSICE (sending electronic commercial communications regarding products or services similar to those contracted by a client with whom there is a prior contractual relationship), as well as cases of legitimate interest in specific processing operations provided for in the LOPDGDD (Article 19. Processing of contact data and data of sole traders; Article 20. Credit information systems; Article 21. Processing related to certain commercial transactions (corporate restructuring or business transfers); Article 23 Advertising exclusion systems; Article 24 Internal whistleblowing systems).  Finally, the express consent of the data subject granted unequivocally through data protection clauses. Such consent may be withdrawn at any time. How have we obtained your data?  From the data subject themself, father, mother and/or their legal representative.  From third parties with whom the Controller maintains a commercial or service provision relationship.  From third parties at the request of the data subject.  From public bodies related to the purpose of the contracted service provision. What categories of data do we process? The types of data requested are: • Identification data • Employment details • Academic and professional data • Personal circumstances • Social circumstances • Commercial information • Economic, financial and insurance data • Transactions relating to goods and services • We may also collect data about your visit to our website, as described in the cookie policy available on this website. The School does not collect data considered especially sensitive, such as race or ethnic origin, political opinions or religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, biometric or genetic data, except in exceptional cases related to students (allergies, illnesses, etc.), when strictly necessary, and with the prior consent of the data subject, father, mother or legal guardian, or under a legal basis justifying such processing. It is the responsibility of each data subject to ensure that the data provided are true, accurate, complete and up to date, and they alone shall be responsible for any direct or indirect damage that may arise as a consequence of failure to comply with this obligation. If the data provided by a User belong to a third party other than the person providing the data, the user must inform that third party of the aspects contained in this Privacy Policy and obtain their authorisation to provide their data to COLEGIO ANDOLINA SOCIEDAD COOPERATIVA ASTURIANA. How long do we keep your data? Your data will be kept for the period strictly necessary for the purposes for which they were collected and, in any event, in accordance with the periods established by the applicable legislation, without prejudice to their retention for making them available to the competent authorities and to deal with claims. In such case, the data will be kept blocked until the end of the limitation period, after which they will be deleted. If the processing of the data derives from the express consent of the data subject, the data will be processed as long as the data subject does not exercise their rights. To which recipients may your data be disclosed? Your data will not be sold, rented or made available to third parties, except to data processors, for legal compliance or by express authorisation. Thus, your data may be communicated or transferred to:  Organisations or persons contracted by the Controller for the provision of services linked to the purposes of processing (by way of example: debt collection and credit insurance entities, management, accounting and/or compliance auditors, IT maintenance companies, other professionals providing services in collaboration with the organisation, companies managing staff selection processes). These third-party service providers of the Controller will access the user’s personal data in their capacity as data processors. In any case, the communication of data to third parties is carried out only when they prove that they have a Personal Data Protection System in accordance with the requirements of current legislation/regulations on the matter.  Bodies or authorities of the Public Administration with powers in matters relating to the purposes of processing: AEAT, Department of Education, Courts and Tribunals, public registries, etc.  Third parties expressly authorised by the data subject.  Financial Institutions: direct debit of receipts and/or collection management of bills and other payment methods.  Law Enforcement Agencies: to the extent required by a justified right for the investigation of a regulatory breach and/or similar matter.  Media for the promotion/publication of the organisation’s activities (public and/or private, such as websites, social media, newspapers, etc.). What are your rights? You have the right to obtain confirmation as to whether or not we are processing personal data concerning you. Data subjects have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request their deletion when, among other reasons, the data are no longer necessary for the purposes for which they were collected. In certain circumstances, data subjects may request the restriction of the processing of their data, in which case we will only keep them for the exercise or defence of claims. Likewise, and for reasons relating to their particular situation, data subjects may object to the processing of their data, in which case the Controller will cease to process the data, except for compelling legitimate grounds or for the exercise or defence of possible claims. By virtue of the right to data portability, data subjects have the right to obtain the personal data concerning them in a structured, commonly used and machine-readable format and to transmit those data to another controller. If you have given consent for any specific purpose, the user has the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. Where should you go to exercise your rights? If you wish to exercise your rights, you must contact the channel established for the exercise of rights by the Controller (info@colegioandolina.org), in order to respond to your request, and/or by written communication addressed to the postal address indicated in this Privacy Policy. What information is required to exercise your rights? To exercise your rights, we need to verify your identity and the specific request you are making, so we ask you for the following information: • Documented information (letter/email) of the request specifying the petition. • Proof of identity as the holder of the data subject to the exercise of rights (name, surname of the data subject and photocopy of the data subject’s ID and/or of the person representing them, as well as the document proving such representation, where appropriate). • Address for notification purposes, date and signature of the applicant (in the case of a written communication), or full name and surname (in the case of email), or validation of the request in the private area of the communication channel with a personal authentication key proving your identity. • Where the Controller has reasonable doubts concerning the identity of the natural person making the request, it may request additional information necessary to confirm the identity of the data subject. What is the General Procedure for Exercising your rights? Once the required information has been received, we will respond to your request in accordance with the Controller’s general procedure for the exercise of rights: • The Controller shall provide the data subject with information on action taken on a request under Articles 15 to 22 (Rights of the data subject), and in any event within one month of receipt of the request. • That period may be extended by a further two months where necessary, taking into account the complexity and number of the requests. • The Controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. • Where the data subject makes the request by electronic means, the information shall be provided by electronic means where possible, unless the data subject requests otherwise. • If the Controller does not take action on the request of the data subject, it shall inform them without delay and at the latest within one month of receipt of the request of the reasons for not taking action and of the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy. • The information provided shall be free of charge, except for a reasonable fee for administrative costs. • The Controller may refuse to act on the request, but shall bear the burden of demonstrating the manifestly unfounded or excessive nature of the request. AEPD forms for the exercise of rights • Form for exercising the right of access. • Form for exercising the right to rectification. • Form for exercising the right to erasure. • Form for exercising the right to object. • Form for exercising the right to data portability. • Form for exercising the right to restriction of processing. What complaint channels are available? If you believe that your rights have not been duly respected, you have the right to lodge a complaint with the competent data protection authority (www.agpd.es). International data transfers It is possible that some of our service providers process personal data in a third country outside the territory of the European Union (as a general rule, data are processed and/or stored within the EU). In such case, our organisation will apply all measures and controls available to it to protect your personal data. The main measures adopted in such cases are the signing of standard contractual clauses approved by the European Commission, adherence to international agreements, and the request for approved and recognised certifications or codes of conduct. Platforms and providers offering the greatest guarantees in this regard have been selected. Likewise, the information collected through third-party cookies may be subject to this type of processing. You can obtain more information about these transfers in our Cookie Policy. In any case, if you have any complaint or become aware of any misuse or bad practice by these companies, we ask that you inform us so that we may adopt appropriate measures through our Data Protection Officer (lopd@colegioandolina.org). User responsibility The user who provides us with their data guarantees that they are over 14 years of age and that the data provided to the Controller are true, accurate, complete and up to date. For these purposes, the user confirms that they are responsible for the truthfulness of the data communicated and that they will keep such information duly updated so that it reflects their real situation, being responsible for false and inaccurate data they may provide, as well as for any direct or indirect damages that may arise therefrom. Likewise, to the extent that the user provides personal data of third parties, they are obliged to inform such third parties and obtain their consent for such processing. Confidentiality and security in data processing The data managed by our company will be treated with the utmost confidentiality and reserve. Our company has established all technical and organisational means within its reach to prevent the loss, misuse, alteration, unauthorised access to or copying of the data provided. In relation to the personal data to which the Controller may have access as a consequence of the contracted services, we inform you that the appropriate confidentiality clauses have been signed with staff. COLEGIO ANDOLINA SOCIEDAD COOPERATIVA ASTURIANA undertakes to maintain secrecy regarding the information to which it has access, not to disclose or publish it, either directly or through third persons or companies, nor make it available to third parties, except where legally required, communication to suppliers with whom the corresponding Data Processing Agreement has been signed and/or with the authorisation of the client/data subject. This confidentiality obligation is indefinite in nature and shall remain in force after termination of the contract for any reason whatsoever. COLEGIO ANDOLINA SOCIEDAD COOPERATIVA ASTURIANA undertakes to communicate and enforce on the staff under its authority and contracted on its behalf the obligations established regarding confidentiality and data protection. Changes to the Privacy Policy The Controller reserves the right, at any time, to make any modifications, variations, deletions or cancellations in the content and in the way it is presented that it deems appropriate, and we therefore recommend that you consult our privacy policy whenever you consider it appropriate. If you do not agree with any of the changes, you may exercise your rights in accordance with the procedure described in this Privacy Policy. If you need further information regarding any of the points indicated in this Privacy Policy, you may contact the Data Protection Officer by email addressed to the DPO: lopd@colegioandolina.org.
Chat with us!