Urban Sustainability Strategy Privacy Policy

This privacy policy (hereinafter, 'Privacy Policy') informs you about the data processing carried out regarding users (the 'Users') who purchase courses ('Courses') from EIT Urban Mobility and RMIT Europe. If you have any questions or would like to receive more information in this regard, please contact us at europe@rmit.edu.au

1. WHO ARE THE DATA CONTROLLERS OF YOUR DATA?

The data controllers are the ones who decide the purpose for which your personal data is processed, in this case, are EIT KIC Urban Mobility S.L ('EIT Urban Mobility') with NIF B67513630 and registered office at Torres Glòries, Diagonal 211 Barcelona (08018) and contact address: info@eiturbanmobility.eu and Royal Melbourne Institute of Technology Spain S.L. with NIF B65886012 and registered office at Cornerstone Complex Building A, Floor 1, c/Bilbao, 72, 08005 Barcelona (jointly, the 'Controllers').

2. WHAT DATA ARE PROCESSED BY THE CONTROLLERS?

Personal data ('Data') is any information about an identified or identifiable natural person (the 'Data Subject') The Personal Data that the Controllers process comes from the information that you as a User provide when you fill in the Course registration.

The form indicates the data that is mandatory, with an asterisk. Data that are not marked as mandatory by an asterisk are optional. Only the Data necessary for each purpose are collected. Please note that if you do not provide the mandatory information, the Controllers may not be able to deal with your query or request or to manage the processing. 

It is your responsibility to provide accurate data and keep them updated, so the Controllers reserve the right to exclude Users who provide false, incorrect or unauthorised information from purchasing and/or register of the Courses, without prejudice to the right of the Responsible Parties to take the corresponding legal action.

3. FOR WHAT PURPOSE DO WE PROCESS YOUR PERSONAL DATA?

The Controllers will process your Data for the following purposes:

A. PURCHASE OR REGISTER OF COURSES. When you purchase or register to a Course, the Controllers may use your Data to manage the purchase and the training, to process the registration for the Course, to send you notifications about the same, as well as to comply with the applicable legal obligations. The Controllers will also process your Data to contact you in relation to the purchase and/or register to the Course.

B. IMAGE CAPTURE. When you attend the Course, the classes may be recorded and posted on the student's training profile. Although the recording focuses on the teaching staff, images and/or voices of the students interacting with them may be captured. We can also collect pictures of your participation in the Course, when you provide your consent by posing in the photos. Please note that by registering for any of the Courses, you authorise the capture and/or recording of your image or any other personal identification element by means of photography and/or video and/or any other means of capturing images that may be used. Likewise, the Controllers may reproduce and publish the image free of charge and with the right to transfer it to third parties, in any photographic and/or video formats, as well as by any other means of image fixation, in our internal channels (such as the platform where the Courses are given), and our external channels (such as our social media or website).

C. MARKETING. In case you wish to receive communications of EIT Urban Mobility and RMIT Europe and you give your consent by filling the corresponding forms. EIT Urban Mobility and RMIT Europe will process your Data for the purpose of managing the delivery of such communications.

4. WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR DATA?

The legal basis for the processing of your Data for the purchase and/or register to the Courses is the execution of the contract and the fulfilment of legal obligations (such as, for example, tax reporting.). 

The legal basis for sending commercial communications in case you consent it, is the consent you have given by registering on the corresponding forms to keep you informed about the Controllers' initiatives and compliance with its legal obligations.

The legal basis for the processing of your Data in relation to the capture of image and voice during the development of the Courses and interactions is the consent you have given through the registration in the corresponding forms and/or by purchasing the Course. 

Remember that you can revoke your consent at any time. You may also object to continue receiving commercial communications in the manner indicated in the footer of each communication.

5. HOW LONG WILL BE YOUR DATA KEPT?

Your Data will be kept for the period of time necessary for the purpose for which they were collected, and specifically: 

a. In relation to the purchase and/or register to the Courses, your Data will be kept for the time necessary to provide you the Course and to allow you to access the materials of it during the period indicated when you make the purchase, and thereafter will be kept blocked for the legally prescribed retention periods. 

b. In relation to the images collected during the development of the Courses, they will be kept until you request their deletion. Please note that images that have already been published and/or incorporated into Course's or promotional materials at the time of the request may not be deleted retroactively.

c. In relation to the delivery of communications, the Data will be processed until you revoke your consent or object to the processing and/or for a maximum of two years. 

Once the Data are no longer necessary for the purpose for which they are processed, they will remain blocked for the sole purpose of meeting any liability or obligations that may arise from the processing thereof.

6. WHO ARE THE DATA RECIPIENTS?

Your Data may be communicated to service providers that assist the Controllers in carrying out their business, for example, IT tools, technical support services, payment providers, financial services, etc. It may also be communicated to partners involved in the Courses and/or the provision of other services, some of which might be located outside the European Economic Area ('EEA'). 

When your Data may leave the EEA, they will maintain the same level of protection based on compliance with the provisions of European data protection law. In this regard, international transfers of Data will be made (i) to countries with an adequate level of protection declared by the European Commission (ii) on the basis of the provision of adequate safeguards (standard contractual clauses or binding corporate), or (iii) by virtue of authorisation by the competent supervisory authority or under other conditions provided for in the regulations. 

To receive more information about international transfers of Data or to obtain confirmation or a copy of the safeguards used, you may contact at info@eiturbanmobility.eu.

In cases where it is necessary to comply with EIT Urban Mobility's legal obligations, the Data may be communicated to the Public Administration and the State Security Forces and Corps.

7. SECURITY MEASURES

The Controllers are committed to keep your personal data secure, taking all reasonable measures to do so. The Controllers will implement all necessary organisational and technical measures in accordance with the regulations in force against any unauthorised access and modification, disclosure, loss or destruction. We demand and legally bind our service providers who may handle your personal data to do the same.

8. WHAT ARE YOUR RIGHTS?

As the owner of your Data, you may request confirmation from the Controllers regarding whether your Data are being processed and, if so, access to it. You can also request the rectification of inaccurate Data or, where appropriate, request its deletion when, among other reasons, the Data is no longer necessary for the purposes for which it was collected. 

In certain circumstances, you may request the limitation of the processing of your Data, in which case the Controllers will only retain them for the purpose of legal proceedings or the defence of claims. 

You may revoke your consent at any time, but please note that it will not be retroactive unless otherwise required by law, and your data may be kept blocked for the prescription periods established by the applicable regulations.

You may also oppose the processing of your data, in which case we will not process your data, except for compelling legitimate reasons or for processing possible complaints.

To exercise the aforementioned rights, please contact us, attaching a copy of a document proving your identity, to the europe@rmit.edu.au. To help us process your request, please indicate 'Data Protection' in the subject line. 

Likewise, if you have any questions regarding the exercise of your rights, before contacting the Supervisory Authority, we remind you that, if you wish, you can consult them directly by writing to the Controllers. You also have the right to lodge a complaint to the competent data protection authority (in Spain, www.aepd.es) in the event that you become aware of or consider that an event may involve a breach of the applicable data protection regulations.