Privacy Policy

Article 1 Preamble

This privacy policy describes the collection, use and disclosure of Users' information, the rights of Users and the obligations of the Controller.

By leaving an application in accordance with the General Conditions located at the link, the User agrees to the terms of the Privacy Policy, as well as to the collection and use of information by the Controller in accordance with the Privacy Policy.

The Controller notifies Users that the processing of data is carried out in accordance with:

- the General Data Protection Regulation of the European Union in relation to Users from member countries of the European Union;

- California Consumer Protection Act (CCPA) for users in California.

Article 2. Terms and definitions

Personal data - any information that relates to an identifiable or identified person.
The data controller is:

Hola Spain OÜ

Reg. Number 16835971

International VAT number EE120666193

Harju Maakond, Tallin, Keslinna Linnaosa, Vesivarava tn 50-201, 10152 Estonia.

User - an individual using the Website, or with whom the controller has an agreement.
Website - website https://studyspain.eu/, through which the User can leave a request. The Website also includes all subdomains of the Website.
Services – services provided by the Controller to the User in connection with the conclusion of the contract according to the General Conditions.
Payment Provider – a legal entity authorized by the Controller to accept payments from the User.
General conditions - the conditions for concluding an agreement with the User, posted on the Website.
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to and stored in a web browser. The file does not contain any information that will identify the User, as well as the visitor to the Website.

Article 3. Data collected by the controller

The table below defines the categories of personal data processed by the Controller:

Article 4. Why the Controller uses the User's personal data

Article 5. Time of collection of personal data by the Controller

Personal data is collected during:

for the purposes specified in paragraphs 1-3, 6 of Article 4, at the time the User provides his data;
for the purposes specified in paragraphs 4-5 of Article 4, at the time of the User's use of the Website.

Article 6. Transfer of the User’s personal data

The Controller does not distribute the User's personal data without his consent. It also does not transfer personal data to third parties without the consent of the User, with the exception of:

service providers to monitor and analyze the use of the Website;
the transfer of the Controller's business through a merger, sale of company assets, financing or acquisition of all or part of the Controller's business to another legal entity;
professional advisers to the extent reasonably necessary for the purposes of risk management, obtaining professional advice, or creating, exercising or defending legal claims, whether in court or administrative, or out of court.

The Controller may engage processors and other controllers in order to fulfill its obligations to the User.

When paying for services in accordance with the General Conditions, the User transfers his data to the Payment Provider. The processing of personal data is carried out by the Payment provider in accordance with its privacy policy, a link to which will be indicated on the payment page.

The Controller does not process any data provided by the User to the Payment Provider, does not collect or store them.

Article 7. Disclosure of personal data of Users

Personal data may be disclosed only in the following cases:

in the event of a transfer of the Controller's business through a merger, sale of company assets, financing or acquisition of all or part of the Controller's business to another legal entity;
in case of receiving a corresponding request from law enforcement agencies;
in other cases established by the legislation of the User's place of residence.

Article 8. Measures taken by the Controller to ensure the security of the User's personal data

The Controller has taken all necessary technical and organizational security measures to protect Users' personal data from accidental or unlawful destruction, loss or alteration, from unauthorized disclosure, abuse or other processing in violation of applicable law.

The controller takes all measures to protect the data, including:

to protect data from accidental loss:
to prevent unauthorized access to data, their use, destruction or disclosure, the Controller encrypts data, restricts employees' access to data.

Article 9. Storage of personal data of Users

The controller stores personal data for as long as it is necessary for the purposes set out in the Privacy Policy.

Cookie storage:

a persistent cookie will be stored in the web browser and will remain valid until its set expiration date, unless deleted by the User before its expiration date;
session cookies are deleted after the User closes the browser window.

The Controller stores and uses the Users' personal data to the extent necessary to fulfill the Controller's legal obligations (including in cases established by law).

Article 10. Deletion of personal data of Users

The Controller deletes the personal data of the Users after achieving the goals of processing personal data or of the termination of the legal grounds for the purposes of processing.

The Controller has the right to store personal data after the purposes of processing have been achieved in the following cases:

to comply with legal obligations;
to prevent fraud;
to fulfill the obligations of the Controller in respect of taxes, accounting and financial reporting.

Article 11. Rights of Users

The right to information and access.

The User can obtain information about his personal data processed by the Controller.

The right to data portability.

The User has the right to receive his personal data from the Controller in a structured, commonly used and machine-readable format. In addition, the User may request the transfer of personal data to another controller if it is technically possible.

The right to delete.

The User has the right to delete personal data processed by the Controller if the personal data is no longer needed for the associated target.

The right to object and restrict.

The User may object to the processing of his personal data and restrict them in certain cases.

The right to Correction.

The User has the right to correct his personal data.

The right to withdraw consent.

If the User has given consent to the processing of his personal data, he can withdraw it at any time.

The right to appeal to the supervisory authority.

The User has the right to file a complaint with the supervisory authority in the place of his residence in the following cases:

The user does not agree with the response to the request provided to him;
The User believes that the Controller violates the law when processing personal data.

The right to opt out of receiving newsletters and promotions.

The cancellation policy is listed here https://studyspain.eu/eng/doc/otkaz.

To exercise their rights, the User may send a request to the Controller at the following address hola@studyspain.eu.

If the User exercises the rights of third parties as an authorized representative, the Controller has the right to request all available information from him.

Article 12 Cookies.

Purposes of Cookies

to determine whether the User is logged into the Website or not;
as part of the security measures used to protect user accounts, including the prevention of fraudulent use of login credentials, as well as to protect the Website and services in general;
to analyze the use of the Website.

Manage Cookies

Most browsers allow you to refuse cookies and delete cookies. The way to do this varies from browser to browser and from version to version. However, the User can obtain up-to-date information on blocking and deleting cookies at these links:

Name

Yandex. Metrics

Google Analytics

Type of processed information

The number of visits to the site, the sources from which the transition to the site was made

Link to privacy policy

https://yandex.ru/legal/confidential/

https://policies.google.com/privacy?hl=ru

Section 13 Rights of California Residents When Collecting Personal Information

The provisions of the CCPA will only apply if the Controller's revenue grows by more than $25 million and there are more than 50,000 California resident users.

The right to access personal data.

The User has the right to request information about how the Controller has collected and used his personal data in the last 12 months:

the categories of personal data collected;
the purpose of obtaining personal data.

The Controller does not store information provided for one-time transactions (session Cookies), and therefore has the right not to provide it to the User.

The right to delete.

The Controller is obliged, at the request of the User, to delete his personal data.

The right to Request Disclosure of Collected Information

Categories of personal data collected by the Controller.
Categories of sources from which the Controller has collected information.
Purpose of collecting information.
Categories of third parties with which the Controller communicates information.
The categories of personal information that the Controller has disclosed for business purposes.
Categories of third parties to whom the information was disclosed for commercial purposes.

Right to object to processing

The user has the right to refuse the processing of personal data in the manner prescribed by the CCPA.

Right to non-discrimination

The user has the right to exercise his rights under Article 13 of the Policy, without discrimination prohibited by the CCPA.

The procedure for exercising the rights of the User

The user exercises his rights by sending a request to the e-mail hola@studyspain.eu.

The Controller may ask the User for information confirming his identity in order to process his request and confirm the User's residence in the state of California.

The type of information processed is specified in Article 3.

The purposes of information processing are specified in Article 4.

Article 14. Final provisions

The Controller does not sell the User's personal data, unless the User has consented to the transfer of his data.

The Controller does not transfer data to countries outside the European Union.

The Controller does not process personal data of children under 14 years of age.

The Controller may update the Privacy Policy.

The privacy policy is written in Spanish, English and Russian. In the event of any discrepancy between the translated and the English version, the English version shall apply.

The invalidation of any condition does not mean the invalidation of the entire Privacy Policy.

The Controller notifies the User of changes to the Privacy Policy by sending notifications by e-mail. The Controller strongly encourages Users to re-read the Privacy Policy from time to time.

The relationship between the Controller and the User is governed by the GDPR (except as provided in Article 13).

The User has the right to send requests to the Controller at the email address: hola@studyspain.eu

Contact details:

Hola Spain OÜ

Reg. Number 16835971

International VAT number EE120666193

Harju Maakond, Tallin, Keslinna Linnaosa, Vesivarava tn 50-201, 10152 Estonia

+34 636 923 413