Privacy and data protection policy

Privacy and cookies policy
Debla cursos de español S.L. takes data privacy seriously and when we process your personal data or that of your children or wards we are processing it in compliance with the General Data Protection Regulation (GDPR).

Please read this privacy and cookies policy carefully to understand why data is being collected and what we do with that data once in our possession. Further information about data privacy may be found in our terms of business document.

What type of personal data will we collect from you?
The personal data we collect will depend on the nature of the services we are providing and what we are contracted to do for you. Typically where relevant, this might include the following:

1. Contact details (including your name, address, date of birth, and email address)
2. Photographic identification and proof of address documents (to carry out due diligence)
3. Professional information (such as job title, previous positions, and professional experience)
4. Banking and financial details (to establish the source of funds where a transaction is involved)
Where necessary to act in your child or ward’s best interests, we may need to process personal data which is very sensitive in nature such as diversity and health related details. In some circumstances, we may need to share this information with third parties, for example host families. If you volunteer sensitive personal data, you will be allowing us to process it as part of engaging our services.

On what basis can we process your personal data?
Our reasons for processing your personal data are as follows:

1. It is necessary for the performance of a contract to which you are a party, or to take steps prior to entering into a contract with you. The retainer between you and us, which is made up of our terms of business and engagement letter, sets out the terms of the contract and the services we will provide.

2. It is necessary for the purposes of our legitimate interests, except where our interests are overridden by the interests, rights or freedoms of affected individuals (such as you). To determine this, we shall consider a number of factors, such as what you were told at the time you provided your data, what your expectations are about the processing of the data, the nature of the data, and the impact of the processing on you.

3. It is necessary in order to comply with mandatory legal obligations to which we are subject under EU or Spanish law.

What are we going to do with your personal data?
We will hold and use personal data about you to:

Verify your identity and establish the source of funding in any transaction.
Communicate with you during the course of providing our services, for example providing you with advice and dealing with your enquiries and requests.
Prepare documentation to access services and/or complete transactions.
Carry out obligations arising from any contract entered into between you and us as part of your educational, health and social care services.
Statistical purposes so we can analyse figures to help us manage our business and plan strategically for the future.
Seek advice from third parties in connection with the services we provide.
Respond to any complaint or allegation of negligence against us.
Prevent money laundering or terrorist financing in accordance with financial crime regulations.
Improve the products and services we provide.
Customise our website for you.
Send you information about products, services, offers and other things we think might be relevant to you.
How long we keep your personal data for
We will only retain your personal data for as long as is necessary to:

Carry out health, care and educational services.
Establishment or defence of legal claims (for example negligence claims) that could be made against us.
Compliance with legal obligations under EU/UK law (anti-money laundering regulations say your identification and source of funds information must be kept for a minimum period from conclusion of the matter). We will keep your data in accordance with our data retention and erasure policy, a copy of which is available on request.
Who your personal data will be shared with?
We may, when required and necessary, share your personal data with other organisations.

Providers of insurance, health and social care, educational and other related services to you and/or to our organisation.
Councils and other national and local government bodies.
The Department for Education, the Information Commissioner’s Office (ICO) and organisations involved with the preparation, assessment and certification of quality standards for which our organisation is seeking or maintaining accreditation.
Controlling information about you
If you have agreed that we can use your information for marketing purposes, you can change your mind easily, via one of these methods:

Send an email to us.
Write to us.
We will never lease, distribute or sell your personal information to third parties unless we have your permission or we are required to disclose your personal details by law. Any personal information we hold about you is stored and processed under our data protection policy, in compliance with the Data Protection Act 1998.

Security of your personal data
Your data will be held on secure servers within the European Economic Area (“EEA”) with all reasonable technological and operation measures put in place to safeguard it from unauthorised access. Where possible any identifiable information will be encrypted or minimised.

Erasure of personal data
Where we obtained your personal data to fulfil our contractual obligations to you, or if we have a legitimate interest for processing your personal data, we will erase that data as soon as it is no longer necessary to retain it in relation to the purpose for which it was originally collected.

If you are not our client, your personal data may be processed to enable us to provide legal advice to our client and may also be used in legal proceedings on behalf of our client. We are allowed to use your personal data because it is in the legitimate interests of our client (for example under the terms and conditions of a loan agreement) to do so. We may also have to use your personal data to comply with our own legal and regulatory obligations.