GDPR: Employees
Who is the personal data controller?
Escola Superior de Comerç Internacional (ESCI-UPF)
Q5856335D
Pg. Pujades, 1, 08003 – BARCELONA
+34 932 954 710
rgpd@esci.upf.edu
Contact details for our data protection officer
Why do we process personal data?
The Escola Superior de Comerç Internacional (ESCI-UPF) processes personal data in order to manage, maintain, develop and control our relationship with our employees, including updating all necessary formalities, such as contracts, pay, tax returns, health and safety, managing and organising work trips, managing training activities in accordance with the company’s training plan for employees, etc., and handling all matters related to controlling and ensuring compliance with all employment obligations and duties, such as employee attendance, assessing achievement and monitoring employees’ use of computing tools and other means made available to them to help them perform their job (internet access, email, etc.), among others.
How long do we keep personal data?
We keep personal data for as long as the interested party remains an employee, notwithstanding any legal obligations to keep the data for a fixed period of time.
Automated individual decision-making and profiling
We do not make any automated decisions.
What is the lawful basis for processing personal data?
The lawful basis for processing personal data is the need to fulfil the obligations of the contract of employment signed by the employee.
Who will we share students’ personal data with?
During the period of time when the interested party’s personal data is being processed, the Escola Superior de Comerç Internacional (ESCI-UPF) will share the data with the social security, tax and healthcare authorities, in accordance with our legal obligations, as well as with banks for the purposes of paying employees’ salaries into their accounts.
In addition, the Escola Superior de Comerç Internacional (ESCI-UPF) may collaborate with third-party service providers, who may require access to users’ personal data in order to provide the service in question. This personal data will be processed under the same legally binding conditions, in accordance with our instructions and the provisions of a previously signed data protection agreement. This agreement will stipulate that personal data be used solely for the agreed purposes, that suitable technical and organisational measures be put in place and that the personal data be erased and returned once the period of service provision is over. We require service providers to have signed up to the EU–US Privacy Shield.
The Escola Superior de Comerç Internacional (ESCI-UPF) selects third-party service providers in accordance with strict criteria designed to ensure that we fulfil our obligations in the field of personal data protection.
What rights do users have once they have provided us with their personal data?
All users have the right to ask the Escola Superior de Comerç Internacional (ESCI-UPF) whether or not we have processed their personal data.
They may also exercise the following rights:
- Right to request access to their personal data;
- Right to ask for their personal data to be corrected;
- Right to ask for their personal data to be erased;
- Right to ask for the processing of their personal data to be restricted;
- Right to object to the processing of their personal data;
- Right to personal data portability;
- Right to withdraw consent;
- Right to information about personal data processing.
To exercise their rights, users should send a written request, together with a copy of their passport or ID card, to:
ESCOLA SUPERIOR DE COMERÇ INTERNACIONAL (ESCI-UPF)
Exercici de Drets i Protecció de Dades
Pg. Pujades, 1
08003 – BARCELONA
Or send an email to: rgpd@esci.upf.edu
Users may contact the Catalan Data Protection Authority (Autoritat Catalana de Protecció de Dades, https://seu.apd.cat) to request further information or to lodge a complaint if, for example, they feel that their personal data rights have not been respected.