Last updated: 27 February 2026 · Applies to: collachamp-aguxwg2y.manus.space
In accordance with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 (LOPDGDD), the data controller responsible for processing your personal data through the COLLA Knowledge Arena platform is:
| Organisation | SEBA — Social Education & Business Academia |
| Platform | COLLA Knowledge Arena |
| Website | collachamp-aguxwg2y.manus.space |
| Data Protection Contact | [email protected] |
| Registered Territory | Catalonia, Spain (EU) |
| Supervisory Authority | Agència Espanyola de Protecció de Dades (AEPD) — aepd.es |
We collect only the minimum personal data necessary to provide the COLLA Knowledge Arena service. The categories of data we may collect are as follows:
| Data Category | Examples | Source | Required? |
|---|---|---|---|
| Contact Information | Name, email address, school/organisation name | Provided by user via contact or registration forms | Yes (for form submission) |
| Usage Data | Pages visited, time on site, navigation paths, browser type, IP address (anonymised) | Automatically collected via analytics cookies (with consent) | Optional |
| Preference Data | Language selection, quiz results, theme preference | Stored locally in browser (localStorage) | Optional |
| Communication Data | Content of messages sent via the contact form | Provided by user | Yes (for contact) |
| Device & Technical Data | Browser version, operating system, screen resolution | Automatically collected for security and compatibility | Essential |
We do not collect sensitive personal data (special categories under GDPR Art. 9) such as health data, biometric data, racial or ethnic origin, political opinions, or religious beliefs.
| Purpose | Description | Legal Basis (GDPR) |
|---|---|---|
| Service Delivery | Providing the COLLA Knowledge Arena platform, including the teacher dashboard, student quiz, and competition features. | Art. 6(1)(b) — Contract performance |
| Contact Form Responses | Responding to enquiries submitted via the Pilot page contact form. | Art. 6(1)(b) — Pre-contractual steps / Art. 6(1)(a) — Consent |
| Analytics & Improvement | Understanding how visitors use the site to improve content and navigation (anonymised, aggregated data only). | Art. 6(1)(a) — Consent |
| Legal Compliance | Complying with applicable laws, regulations, and court orders. | Art. 6(1)(c) — Legal obligation |
| Security & Fraud Prevention | Protecting the platform against unauthorised access, abuse, and technical attacks. | Art. 6(1)(f) — Legitimate interest |
| Pilot Programme Management | Managing school participation in the Tortosa pilot, including coordinating with school directors and the Consistori. | Art. 6(1)(b) — Contract / Art. 6(1)(f) — Legitimate interest |
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law. The following retention periods apply:
| Data Type | Retention Period | Reason |
|---|---|---|
| Contact form submissions | 3 years from last contact | Limitation period for contractual claims under Spanish law |
| Analytics data (Google Analytics) | 26 months (Google default) | Statistical analysis and service improvement |
| Cookie consent records | 12 months | Proof of consent under GDPR Art. 7(1) |
| Browser localStorage data | Until user clears browser data | User preference persistence; no server-side storage |
| Pilot programme correspondence | 5 years from programme end | Institutional accountability and audit requirements |
We do not sell, rent, or trade your personal data to third parties for commercial purposes. We may share data with the following categories of recipients only where necessary and under appropriate safeguards:
| Recipient | Purpose | Safeguard |
|---|---|---|
| Google LLC (Analytics) | Anonymised site usage analytics | Data Processing Agreement (DPA) + EU–US Data Privacy Framework |
| Pilot School Directors | Coordinating participation in the Tortosa pilot programme | Joint controller agreement; data limited to programme coordination |
| Ajuntament de Tortosa | Institutional reporting on pilot outcomes (aggregated, anonymised data only) | Data sharing agreement; no individual-level data shared |
| Legal Authorities | Compliance with court orders or legal obligations | Only where legally required; minimum data disclosed |
Under the GDPR, LOPDGDD, and other applicable regulations, you have the following rights with respect to your personal data. To exercise any of these rights, please contact us at [email protected]. We will respond within 30 calendar days.
| Right | GDPR Article | What It Means |
|---|---|---|
| Right of Access | Art. 15 | Request a copy of the personal data we hold about you and information about how it is processed. |
| Right to Rectification | Art. 16 | Request correction of inaccurate or incomplete personal data. |
| Right to Erasure | Art. 17 | Request deletion of your personal data where there is no compelling reason for its continued processing. |
| Right to Restriction | Art. 18 | Request that we restrict processing of your data in certain circumstances. |
| Right to Data Portability | Art. 20 | Receive your personal data in a structured, machine-readable format and transmit it to another controller. |
| Right to Object | Art. 21 | Object to processing based on legitimate interest or for direct marketing purposes. |
| Right to Withdraw Consent | Art. 7(3) | Withdraw consent at any time without affecting the lawfulness of prior processing. |
| Right to Lodge a Complaint | Art. 77 | Lodge a complaint with the AEPD (aepd.es) or your national supervisory authority. |
COLLA Knowledge Arena is designed for secondary school students aged 12–18 in supervised educational settings. Under Article 8 GDPR and Article 7 LOPDGDD, the age of digital consent in Spain is 14 years. For students under 14, parental or guardian consent must be obtained by the participating school as part of the institutional onboarding process.
We do not knowingly collect personal data directly from children under 14 without verifiable parental consent. The platform does not require students to create accounts or submit personal data to use the core competition and quiz features. Any data collected in school deployments is governed by a joint controller agreement with the participating institution.
If you believe a child under 14 has submitted personal data without appropriate consent, please contact us immediately at [email protected] and we will delete the data promptly.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include:
No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours as required by GDPR Art. 33.
Our primary operations are based within the European Economic Area (EEA). Where personal data is transferred to third countries (e.g., the United States for Google Analytics), we ensure appropriate safeguards are in place:
| Transfer Destination | Recipient | Safeguard Mechanism |
|---|---|---|
| United States | Google LLC (Analytics) | EU–US Data Privacy Framework (adequacy decision, July 2023) + Standard Contractual Clauses |
We use cookies and similar technologies to enhance your experience on the Site. For detailed information about the cookies we use, their purposes, duration, and how to manage your preferences, please refer to our Cookie Policy.
We may update this Privacy Policy from time to time to reflect changes in our data practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you via the cookie consent banner or email.
We encourage you to review this policy periodically. Continued use of the Site after changes are posted constitutes your acknowledgement of the revised policy.
For any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact our Data Protection contact:
| Organisation | SEBA — Social Education & Business Academia |
| [email protected] | |
| Response Time | Within 30 calendar days (GDPR Art. 12) |
If you are not satisfied with our response, you have the right to lodge a complaint with the competent supervisory authority:
We use cookies to improve your experience on COLLA.
Essential cookies keep the site working. Analytics cookies (optional) help us understand usage. By continuing, you agree to our Cookie Policy and Privacy Policy. Compliant with GDPR · LOPDGDD · RGPD.