Privacy policy

Who is the person responsible for the processing of personal data?

Rector Triadó Street, 94 Entlo., 08014 Barcelona, Spain

EAS Barcelona, as responsible for the Website, in accordance with the provisions of Regulation (EU) 2016/679 of 27 April 2016 (RGPD), Organic Law 3/2018 of 5 December (LOPDGDD) and other legal regulations in force regarding the protection of personal data, and by Law 34/2002 of 11 July, of Services of the Information Society and Electronic Commerce (LSSICE), informs you that it has implemented the necessary technical and organisational security measures to guarantee and protect the confidentiality, integrity and availability of the data entered.

How did we get your data?
You have provided them to us: either on-line or off-line, when you request our services in order to maintain the legal-commercial relationship with you or to send you information about our products, services and/or promotions.

When you provide us with personal data, you guarantee that you are entitled to provide this information and that it is true, accurate and up-to-date, that it is not confidential, that it does not violate any contractual restrictions or third party rights and that it undertakes not to impersonate other users.

Web forms on which we collect personal data

  1. Contact form: name, surname, email, telephone.
  2. Forms for posting comments on our blog: name, email, website.
  3. Pre-registration form for courses: name, date of birth, email.

We have obtained them automatically: if you have provided us with data through this website or any of its sub-domains and/or microsites, we collect information, for example, when you access the page, when you fill in any form with personal data, when you upload information or content (for example, on our blog), or when you communicate with us directly by email.

When you visit our website, data is sent from your browser to our server, to optimize our services and improve your user experience, for example, when you access the site or when you log in through third party services such as social networks. Such data may be collected and stored automatically by us or by third parties on our behalf. This data may include:

-the  user’s IP address
-the  date and time of the visit
-the URL of the site from which the user comes
-pages visited on our website
-Information  on the browser used (type and version of the browser, operating system, etc.)

We may process and record such uses, sessions and related information, either independently or with the help of third party services, including through the use of cookies and other tracking technologies such as flash cookies and web analytics.

In the event that our website has social network connectors, when you choose to interact with us through a social network, we cannot be responsible for the privacy settings chosen by the user. The social network may report your IP address or what page you are visiting on our website and may set a cookie to allow it to function properly. Your name will appear in the likes you give or in the comments you make on our social network page. If you do not want your personal data associated with these likes or comments to appear, you can configure your privacy to avoid this, for example by pseudonymizing your data with a “nickname” or alias that does not reveal your name.

If you log in to one of these social networks during your visit to our website, the social network will be able to add that information to your profile and that information will be transferred to the social network. If you do not want this data transfer to take place, please exit your social network session before entering our websites or mobile applications, as it is not in our power to influence this data collection and transfer through social connectors.

If as a user, through our official website in a social network, you decide to publish and/or share texts, photos, videos and other type of information and/or content you will be solely responsible for ensuring that this content complies with the corresponding legal regulations.

In any case, we may remove from this website and from our social network pages, any content published when we detect that you have violated the legislation in force, and the terms indicated in this privacy policy and in the general conditions included in our Legal Notice.

Social Networks are not directly hosted by our services. Your interactions with them are governed by their policies and not by ours. Please read the privacy policies of these social networks for details on the collection and transfer of personal data, your rights and your privacy settings.

To check that the forms on this website are used by people, and not by automated means, we use Google’s “reCAPTCHA” technology. By using this technology, information about the hardware and software of the device used by the user is collected and sent to Google for analysis, in accordance with the Privacy Policy (of Google) and the Terms of Use (of Google).

How old do I have to be to use this website?

Whoever provides the data through the forms on this website and accepts its treatment declares to be over 14 years old, and access and use of the portal is forbidden to minors. If, at any time, we detect that a child under 14 has provided personal data, we will proceed to cancel the data. Likewise, parents or guardians may in any case contact EAS Barcelona to block the access account of minors in their care who have registered by falsifying their identity.

What do you need to know before sharing third party data?

With respect to other people’s data, you should respect their privacy by taking special care when publishing your personal data. We remind you that, as a user, you only facilitate and consent to the processing of your personal data, but not that of third parties. If you provide us with the data of third parties, you are making a transfer of personal data, and it is your responsibility to have the prior and express consent of these third parties to use and provide us with this data, you are responsible for informing them of the inclusion of their data in our processing.

The publication of third party data without their consent may, in addition to data protection regulations, infringe the right to honour, privacy or one’s own image, rights whose protection is governed by the provisions of Organic Law 1/1982, of 5 May, on the civil protection of the right to honour, personal and family privacy and one’s own image.

What purposes do we give to the personal data we collect?

We may process the data for various purposes, for example:

  1. To answer your query in order to clarify your doubts and questions.
  2. Make the prescription to the requested courses.
  3. To contact you by the means you have not indicated, e-mail, telephone, etc.
  4. In relation to the information automatically collected by the website, based on your navigation as a user, we create anonymous and aggregated information on your behaviour, segmentation effects and development of anonymous profiles.

This interaction helps us to: improve the performance of the website, promote a more personalised experience, measure and monitor the efficiency of the website, manage the website, so as to ensure that it becomes increasingly secure and transparent.

  1. Carry out opinion and/or satisfaction surveys and send you, by means of electronic communications, information about our activities, products and/or services (including advertising and/or commercial communications for the purposes of article 21 LSSICE 34/2002). If we already have a previous contractual relationship, we will send these communications on the basis of our legitimate interest (Art. 6 par. 1 letter f RGPD). If we do not have a previous contractual relationship, we will only send you this type of communication if you authorise us to do so by marking the option (opt-in) which is expressly included for this purpose in the corresponding forms (Art. 6 par. 1 letter a RGPD). The electronic communications that we send you will include, in the communication itself, the option to stop receiving them.
  2. We may take photographs and/or make videos of the activities or events that we organise and/or promote, in order to inform about them, document them and form part of the company’s photographic/video memory.

How long will we keep your personal data?

We will keep your personal data as long as you do not ask us to delete them. Even if you have requested it, we may keep it for the necessary time and limit its processing (blocking), only to comply with the legal/contractual obligations to which we are subject and/or during the legal periods foreseen for the prescription of any responsibilities on our part and/or the exercise or defence of claims derived from the relationship maintained.

What are the grounds for legitimizing the processing of your data?

The grounds for legitimacy are those that allow and enable us to process your personal data legally. There are different legal grounds that allow us to process your data in a legal and lawful way:

  1. This may be the existing legal-market relationship (contract, pre-contract, etc.) between the parties, in the case of a student or potential student.
  2. It can also be your consent if you have made a request to us through our website, or if you have attended one of our courses, seminars or events. This consent is given unequivocally when you provide us with your data online or offline, and such provision is considered a clear affirmative act of consent. The provision of the requested data is obligatory as it is essential to meet your request; if you do not provide it, we will not be able to carry it out. You may withdraw this consent at any time by sending us an e-mail to this effect to Such withdrawal implies that we will not be able to provide you with the requested services or to attend to your queries or requests.
  3. As set out in recital 47 of the GPRD (European General Regulation on Personal Data Protection 2016/679 of 27 April 2016), it also provides a legal basis for processing your data in our legitimate interest: To inform you of our activities, products and/or services (including by means of electronic communications) or those of third parties with whom we have signed a collaboration agreement. If we already have a previous contractual relationship, we will send such communications on the basis of our legitimate interest. Otherwise, we will only send you such communications if you give us your consent by checking the option expressly included for this purpose in the corresponding forms. In any case, the electronic communications that we send you will include, in the communication itself, the option to stop receiving them in the future.

In any case, the indicated treatment of your data is considered to be proportionate and has a minimum impact on your privacy, but your interests, rights or freedoms will always prevail over our legitimate interest. Therefore, if you do not wish us to treat your data for these purposes, please send us an e-mail to that effect to and we will do so, and you may keep them blocked for the formulation, exercise or defence of claims. The withdrawal of your consent to process your data for these purposes does not condition the processing of your data for the other purposes described in the privacy policy.

To whom may we communicate the personal data you provide?

Your personal data will not be transferred to third parties, except that

  1. We have your express permission.
  2. The third parties are suppliers that provide us with products and services (processors) and the communication is a requirement to fulfil our obligations arising from a contract or pre-contract with you.
  3. A law or regulation with the status of a law requires us to communicate data to entities (AEAT, etc.)
  4. The communication was strictly necessary to ensure compliance with our terms of use, rights or ownership.

How do we use corporate social media?

The purpose of tools such as Facebook, Twitter, LinkedIn, Instagram, etc. or other social networks is to give visibility and diffusion to the activities we develop. These tools store personal data on the servers of the respective services and are governed by their own privacy policy. We recommend that you read and review the conditions of use and privacy policy of the social network at the time of registration, taking into account the different configuration possibilities in relation to the degree of privacy of the user profile on the social network.

We reserve the right to remove from our social networks any information published by third parties that violates the law, incites others to do so or contains messages that violate the dignity of persons or institutions. We also reserve the right to block or denounce the author profile of these messages.

Social networks on which EAS Barcelona is present:

Do we carry out international transfers of your personal data?

An international transfer of data occurs when personal data that are processed by a data controller or processor in the European Economic Area (EU countries, Iceland, Liechtenstein and Norway) are sent to a third country or international organisation outside that territory.
Our suppliers who may have access to personal data, with the aim of providing services ancillary to our activity (hosting, housing, software as a service, remote backup, support services or computer maintenance, email managers, sending e-mails and e-mail marketing, file transfer etc …), have their data processing centres within the European Economic Area or in countries with the same level of adequacy as established by the European Commission and the European Data Protection Committee.
Our treatment managers with cloud services:
As data processors, we have contracted the following service providers, having committed themselves to complying with the applicable data protection regulations at the time of contracting:

  1. Google Ireland Limited, based at Google Building Gordon House, Barrow St, Dublin 4, Ireland, provides web analytics and global internet services, email, cloud storage, advertising… You can view the company’s privacy policy and other legal information at the following link: and
  2. Facebook Ireland Ltd., based at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, provides social networking services, social analytics, advertising. You can consult the company’s privacy policy and other legal aspects at the following link and
  3. Instagram product provided by Facebook Ireland Ltd. provides interaction services through social networks, social analytics, advertising. You can consult the privacy policy and other legal aspects of the company at the following link
  4. Twitter International Company, based at One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland
  5. LinkedIn Ireland Unlimited Company, based in Wilton Plaza, Wilton Place, Dublin 2, Ireland, provides social media interaction services, social analytics, advertising. The company’s privacy policy and other legal aspects can be found at the following link
  6. France Dropbox: Ps. la Castellana, nº 259 28046, Madrid, Spain, provides cloud storage services. You can consult the company’s privacy policy and other legal aspects at the following link:


What rights can you exercise?

These are known as ARCO-POL rights, you can exercise them by sending an e-mail to:
You may, when appropriate, exercise your rights of access, rectification, suppression, limitation and opposition to the processing of your data, as well as the right not to be subject to decisions based solely on the automated processing of your data, at the postal or electronic address indicated at the beginning of this privacy policy; in both cases by means of a written and signed request, attaching a copy of your National Identity Document or passport or other valid document that identifies you. In case of modification of your data you must notify it to the same address, this company declines all responsibility in case of not doing it
Right of access: You can ask us what personal data we are processing and even ask for a copy of it.
Right of rectification: You can ask us to rectify inaccurate personal data or to complete those that are incomplete, including by means of an additional declaration.
Right to delete (right to forget): You can ask us to delete your personal data when: they are not necessary for the purposes for which they were collected, you withdraw your consent, there has been an unlawful processing of them or for compliance with a legal obligation.
Right to limit processing: You may ask us to limit the processing of your data, in which case we will only keep them for the exercise or defence of claims.
Right to object: You may object to the processing of your data if such processing is based on the legitimate interest of the data controller or is for advertising purposes.
Once we have received any of the above requests we will respond within the legally established deadlines. You can complain to the Spanish Data Protection Agency. If you would like more information about the rights you can exercise and to request model forms for exercising your rights, you can visit the Spanish Data Protection Agency website,
What categories of data do we process?
The RGPD mainly establishes two categories of personal data, those known as identifying data and those known as special categories: ethnic or racial origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or health data, biometric data, data concerning life or sexual orientation.

The categories of data we process are identification data and academic and training data, we do not process data considered as special categories of data (genetic, biometric, etc.)