Privacy Policy

Last updated: 6 November 2024

Confidentiality and security are core values at Nflow Institute (“Nflow”, “we”, “us”). We are committed to protecting your privacy at all times and to only collect information that is necessary for the purposes described below. This policy explains:

  • Who is responsible for processing your data.
  • What personal data we collect and for what purposes.
  • How long we keep your data.
  • The legal bases that allow us to process your data.
  • With whom we share your data.
  • Your rights and how to exercise them.
  • The security measures we apply.

1) Data Controller

Controller: Nflow Institute
Email: admissions@nflow.institute
Registered address: (please insert your full legal address)
Phone: (please insert phone number)

2) Purposes of Processing

We process basic identification and contact data, and other information you voluntarily provide to us through our websites, forms, events, or communications. We do not intentionally collect special categories of personal data. We use your data for the following purposes:

  • To communicate with you and respond to inquiries submitted via our website or other channels.
  • To provide and manage access to courses, programs, events, and related services.
  • To manage enrolments, payments, invoicing, and accounting.
  • To send informational and/or commercial communications about activities, initiatives, or programs that may be of interest (you may opt out at any time).
  • To improve our website, services, content, and user experience, including basic analytics.
  • To manage your account/registration in restricted areas of the website (where applicable).
  • To assess and manage job applications and, where appropriate, carry out recruitment processes.
  • To perform statistical studies and keep your information up to date.
  • To process course reservations and related administrative tasks.
  • To comply with legal obligations and enforce our terms and policies.

3) Data Retention

We will keep your personal data for as long as necessary to fulfill the purposes described above and to comply with legal or regulatory obligations during the applicable limitation periods. We periodically review the data we hold and delete or anonymize information that is no longer needed.

4) Legal Bases

The legal bases for processing your data may include: (i) your consent (e.g., to receive communications), (ii) the performance of a contract or pre-contractual steps (e.g., managing enrolments), (iii) compliance with legal obligations, and (iv) our legitimate interests (e.g., to improve our services and ensure website security), provided such interests are not overridden by your rights. Providing personal data may be necessary to process your request or provide services; if you do not provide it, we may be unable to fulfill your request. You must be at least 16 years old, or have sufficient legal capacity, to provide consent.

5) Data Disclosure and Service Providers

Your data is confidential and will not be shared with third parties except (a) when necessary to provide our services or to achieve the purposes described above (e.g., payment, hosting, analytics, communications, marketing automation, or training platforms), (b) when required by law or by competent authorities, or (c) with your prior consent. Where third parties process data on our behalf, we sign data-processing agreements to ensure appropriate safeguards and compliance.

Where relevant, banking entities may receive data to manage payments and refunds. We may also share anonymized, aggregated data for statistical or commercial purposes; such data does not allow direct or indirect identification.

6) International Transfers

If we store or process data outside the European Economic Area, we will ensure appropriate safeguards are in place (e.g., adequacy decisions, Standard Contractual Clauses, or equivalent mechanisms) to protect your data. You can contact us to obtain a copy of the relevant safeguards.

7) Your Rights

You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You also have the right to:

  • Access your personal data and request correction of inaccurate information.
  • Request deletion of your data when it is no longer necessary or when other conditions apply.
  • Request restriction of processing in certain circumstances.
  • Object to processing on grounds relating to your particular situation.
  • Request data portability in the cases provided by law.

To exercise your rights, please write to admissions@nflow.institute with the subject “Personal Data” and indicate which right you wish to exercise. If you believe your rights have not been respected, you may file a complaint with your local supervisory authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD).

8) Accuracy of Data

You are solely responsible for the accuracy and correctness of the personal data you provide to us. You agree to keep it updated and accurate, and you release us from any responsibility for inaccurate, outdated, or incorrect data.

9) Security Measures

We process your personal data under strict confidentiality and apply appropriate technical and organizational security measures to protect it against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

10) Changes to this Policy

We may update this Privacy Policy to reflect legal changes or improvements to our practices. Please review it periodically. If we make material changes, we will provide a prominent notice or contact you as required by law.

11) Contact

For any questions about this policy or about how we process your data, contact us at admissions@nflow.institute.

If this policy is available in multiple languages and there is any discrepancy, the English version shall prevail to the extent permitted by law.