Privacy Policy


In accordance with the provisions of article 11 of Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the guarantee of digital rights (hereinafter LOPDPGDD) and article 13 of the General Regulation on the Protection of Personal Data. Data 2016/679 we inform you of:

1.1.- Identification of those responsible:

The person in charge of the treatment is the Sacred Heart School of Sarrià, with address at Carrer Sagrat Cor n. 25 of Barcelona.

The data protection delegate is CIPDI Tractament de la Informació SL, domiciled in Mataró, carrer Sant Agustí n. 1 1º 1ª. You can contact the delegate at dpd@cipdi.com

1.2.- Purposes of treatment and legal basis

1.2.1.- General purpose

The data you provide to us in the forms that you will find on the website, those that you send us to our e-mail address and those that can be generated while maintaining contact with the controller will be incorporated, as you provide them to us, into a database owned by the controller.

We will use the data to provide you with the services you request from us and to send information about our activities by e-mail or postal address.

The legal basis for this treatment will be the contractual relationship you maintain with the controller and the consent you give when accepting this notice.

1.2.2.- Image processing.

The data controller documents the public events he organizes with photographs and videos in order to disseminate them on his website or other spaces for public dissemination of information such as: the website itself, social networks where the controller of the treatment has a profile created and publications in own or in press. You can obtain more information about this section by consulting the website of the data controller or by contacting the DPO.

The treatment of these images is legitimized with the consent of those affected or in application of article 8 of LO 1/1982 on the protection of the right to honor, privacy and self-image.

1.3.- Categories of recipients.

To comply with the above purposes will have access to your data:

  • Personnel duly authorized by the management of the data controller.
  • The suppliers needed to meet their demand.
  • The public administration in the field of its competences.

You can expand this information by consulting the DPO

1.4.- International data transfer.

The controller uses the following platforms that may involve data transfers outside the Schengen area:

I.- Google (G-Suite). The controller has signed an agreement with Google, in accordance with the resolution of the Spanish Data Protection Authority of June 22, 2017. For more information on the privacy policies of G-Suite you can visit the following links:


II.- Social networks that are announced on our website

1.5.- Term of conservation of the information.

The data controller will retain your information until you revoke the consent given by accepting this clause.

1.6.- Rights as affected

You have the right to access, rectify, delete, object to the processing of your data, to limit the processing, to request the portability of the data, not to be subject to automated individual decisions and to revoke the consent you give.

To exercise these rights, you can write to the addresses of the controller in this legal notice with the text “DATA PROTECTION” in the subject.

1.7.- Right of claim.

The competent body to find out about the correct application of the rules on information processing is the Spanish Data Protection Authority, domiciled at Calle Jorge Juan n. 6 of Madrid.

1.8.- Obligations of the affected party.

The data subject must provide truthful and up-to-date information in all data collection processes, being solely responsible for the breach of this obligation.

The data collection forms indicate the data that must be provided, depending on the demand made by the affected party. Failure to provide this data may make it impossible to participate in the activity or provide the service requested.

1.9.- Elaboration of profiles

In order to achieve the objectives of the data controller and, above all, to provide more personalized, careful and effective care to the user, it is sometimes necessary to draw up profiles of the recipients of the services. Under no circumstances is profile processing exclusively automated.


It is understood that the user accepts the conditions set by pressing the ‘ACCEPT’ button found on all data collection forms, or by sending an e-mail.

Personal data is stored in the general administration database of the data controller, which, in any case, guarantees the technical and organizational measures to preserve the integrity and security of the information it processes.


The general database is equipped with the mandatory security document and has established all the technical means at its disposal to prevent the loss, misuse, alteration, unauthorized access and theft of the data you provide us. The processing of personal data is in accordance with the regulations established in Organic Law 3/2018 on data protection and guarantee of digital rights and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 .