At SEIUM, we consider data protection and privacy an essential pillar of trust between the university, its academic community, and its industrial and research partners.
Our commitment is not limited to formal compliance with the European Union’s General Data Protection Regulation (GDPR); it extends to a privacy by design and by default approach, integrating principles of transparency, security, and control across all our educational, administrative, and research processes.
All processing activities are carried out on clear legal bases (consent, contract, legal obligation, public interest, or legitimate interest) and communicated in an accessible way.
Data are collected only for legitimate purposes (admissions, teaching, research, scholarships, employability, and engagement with companies) and are not used for other purposes without consent.
We process only the data that are necessary, avoiding the collection of excessive information.
We periodically review personal data to ensure they are correct and up to date.
Data are kept only for as long as necessary for the stated purpose and to meet legal obligations, and are securely deleted once that period has ended
We apply technical and organisational measures that ensure security against unauthorised access, loss, or alteration.
SEIUM provides a responsive channel, with maximum timeframes of 30 days, and accessible electronic procedures.
In line with the GDPR and Spanish/European regulations, anyone whose data is processed by SEIUM may exercise:
To know what data we hold and what we use them for.
To correct inaccurate or incomplete data.
To request deletion when data are no longer necessary, or when consent is withdrawn.
To request that use of the data be restricted in certain cases.
To receive their data in a structured, transferable format.
To object to processing based on legitimate interests or for marketing purposes.
Depending on the relationship with the university, we may process:
Students and applicants: contact details, academic documentation, assessment results, scholarship and mobility preferences, visas, accessibility needs.
Teaching and research staff: contractual information, academic and professional history, publications, projects, international mobility.
Companies and partners: legal representative details, project contact information, and contractual and compliance documentation.
Given SEIUM’s global nature, some activities may involve international data transfers (mobility programmes, projects with non-European universities and companies).
In these cases:
Data are transferred only where there is an adequate level of protection recognised by the EU (e.g., the United Kingdom, Japan).
If there is no adequate level of protection, Standard Contractual Clauses (SCCs) approved by the European Commission are applied.
Additional measures are always assessed (encryption, pseudonymisation, restricted access).