By Elen Evans

STEM Ginger Education

Nature-based projects through English

Privacy Policy

Who is the Controller of personal data?

STEM Ginger Education

Elen Evans

NIE: X8001465H

Head office address: Plaça Sant Agustí Vell, 16, 2º1ª, 08003 Barcelona


How did we obtain your data?

You have provided them to us: either on-line or off-line, by visiting our website or by requesting our services in order to maintain the legal-commercial relationship with you or to send you information about our services for the educational community.

When you provide us with personal data, you warrant that you are entitled to provide this information and that it is true, accurate, accurate and up-to-date, that it is not confidential, that it does not violate any contractual restrictions or third party rights and that you undertake not to impersonate other users.

Web forms where we collect personal data:

– Web contact form: name, surname, email.

– Form to leave comments on the Blog: name, surname, e-mail, web.

– Registration and access to the Forum: name, surname, e-mail, username, password.

We have collected it automatically: if you have provided the data to us via this website or any of its subdomains and/or microsites, we collect information, for example, when you access the site, when you fill in any form with personal data, when you upload information or content (e.g. on our blog), or when you communicate with us directly by email.

Where our website has links to social networks, when you choose to interact with us through a social network, we cannot be responsible for the privacy settings chosen by you and the social network may report your IP address or which page you are visiting on our website and may set a cookie to enable them to function properly. Your name will appear in the “likes” you give or in the comments you make on our page on a social network. If you do not want your personal data associated with those “likes” or comments to appear, please configure your privacy settings to prevent this by pseudonymising your data, for example by giving yourself a “nickname” or alias that does not reveal your name and surname.

If you log in to one of these social networks during your visit to our website, the social network may add this information to your profile and this information will be transferred to the social network. If you do not want this data transfer to take place, please log out of your social network session before entering our websites or mobile applications, as we have no influence on this data collection and transfer via social connectors.

If as a user, through our official page on a social network, you decide to publish and/or share texts, photos, videos and other types of information and/or content, you will be solely responsible for ensuring that such content complies with the corresponding legal regulations.

In any case, we may remove from this website and our social media pages, any content published when we detect that it has violated current legislation, and the terms indicated in this Privacy Policy and in the General Conditions of use contained in our Legal Notice.

Social Networks are not hosted directly on our services. Your interactions with them are governed by their policies and not ours. Please read the privacy policies of those social networks for detailed information about the collection and transfer of personal data, your rights and privacy settings.

How old do I have to be to use this website?

Anyone who provides data through the forms on this website and accepts its processing declares that they are over 14 years of age, and access to and use of the portal by minors of this age is prohibited without the consent and supervision of their parents, guardians or legal representatives. If at any time, we detect that a minor under 14 years of age has provided personal data, we will proceed to cancel them. Likewise, parents or guardians may in any case contact to block the access account of minors under 14 years of age in their care who have registered by falsifying their identity.

What should you know before sharing third party data?

With respect to other people’s data, you must respect their privacy, taking special care when publishing their personal data. We remind you that, as a user, only provide and consent to the processing of your personal data, but not third parties, if you provide us with third party data is making a transfer of personal data, being your responsibility to have the express prior consent of those third parties to use them and provide them to us, you are responsible for informing them of the inclusion of their data in our treatments.

The publication of third party data without their consent may infringe, in addition to data protection regulations, the right to honour, privacy or self-image, rights whose protection is governed by the provisions of Organic Law 1/1982, of 5 May, on the civil protection of the right to honour, personal and family privacy and self-image.

What are the purposes for which we use the personal data we collect?

We may process data for different purposes, for example:

  1. For the process of contracting our services and products.
  2. To respond to your enquiry in order to clarify the doubts and questions you have raised.
  3. To contact you by any means you have not indicated, e-mail, telephone, etc.
  4. In connection with the information collected automatically by the website, based on your browsing as a user, we create anonymous and aggregated information about your behaviour, for the purpose of segmentation and anonymous profiling.

This interaction helps us to: improve the performance of the website, promote a more personalised experience, measure and monitor the efficiency of the website, manage the website, so as to ensure that it becomes increasingly secure and transparent.

  1. Conduct opinion and/or satisfaction surveys and send you, by means of electronic communications, information about our training activities, products and/or services (including advertising and/or commercial communications for the purposes of art. 21 LSSICE 34/2002). If we already have a prior contractual relationship, we will send such communications on the basis of our legitimate interest ( 6 par. 1 letter f RGPD). If we do not have a prior contractual relationship, we will only send you such communications if you authorise us to do so by ticking the option (opt-in) expressly included for this purpose in the relevant forms (Art. 6 par. 1 letter a GDPR). The electronic communications that we send you will include, in the communication itself, the option to stop receiving them.
  2. We may take photographs and/or videos of the activities, or events that we organise and/or promote, in order to report on them, document them, and form part of the photographic/videographic memory of our training project.

How long will we keep your personal data?

We will keep your personal data for as long as you do not request their deletion. Even if requested, we may keep them for the necessary time and limit their processing (blocking them), only to comply with the legal/contractual obligations to which we are subject and/or during the legal periods foreseen for the prescription of any responsibilities on our part and/or the exercise or defence of claims arising from the relationship maintained.

What grounds do we use to process your data?

The legal grounds are those that enable us to process your personal data lawfully and lawfully. There are different grounds or legal bases that allow us to process your data in a lawful and lawful manner:

  1. This may be the legal-commercial relationship between the parties, in the case of a user of our educational community, a customer or potential customer.
  1. It may also be your consent if you have made a request to us via our website. This consent is given unequivocally when you provide us with your data on-line or off-line, this being considered a clear affirmative act that manifests this consent. The provision of the requested data is obligatory as it is essential to deal with your request; if you do not provide it, we will not be able to carry it out. You may withdraw this consent at any time by sending us an e-mail to that effect to This withdrawal means that we will not be able to provide you with the requested services or deal with your queries or requests.
  1. As stated in Recital 47 of the GDPR (European General Personal Data Protection Regulation 2016/ 679 of 27-4-2016), a legal basis for processing your data is also our legitimate interest to:

Inform you of our activities, products and/or services (including by electronic communications) or those of third parties with whom we have signed a collaboration agreement. If we already have a prior contractual relationship, we will send you such communications on the basis of our legitimate interest. Otherwise, we will only send you these types of communications if you give us your consent by ticking the option expressly included for this purpose on the corresponding forms. In any case, the electronic communications that we send you will include, in the communication itself, the option to stop receiving them in the future.

In any case, we consider the indicated processing of your data to be proportionate and to have a minimal impact on your privacy, but your interests, rights or freedoms will always prevail over our legitimate interests, so if you do not wish us to process your data for these purposes, please send us an e-mail to that effect to and we will do so, and we may keep them blocked for the formulation, exercise or defence of claims. The withdrawal of your consent to process your data for these purposes does not condition the processing of your data for the other purposes described in the privacy policy.

To whom may we disclose the personal data you provide to us?

Your personal data will not be transferred to third parties, unless:

  1. Let us have your express authorisation.
  2. Third parties are suppliers who provide products and services to us (Processors) and the communication is a requirement to fulfil our obligations arising from a service or contract with you.
  3. A law or regulation with the status of law requires us to communicate data to bodies (AEAT, etc.).
  4. The communication was strictly necessary to ensure compliance with our terms of use, rights or ownership.

 How do we use corporate social media?

The purpose of tools such as Facebook, Twitter, LinkedIn, Instagram, etc. or other social networks is to give visibility and dissemination to the activities we carry out. These tools store personal data on the servers of the respective services and are governed by their own privacy policy. We recommend that you read and review the terms of use and privacy policy of the social network at the time of registration, taking into account the different configuration possibilities in relation to the degree of privacy of the user profile on the social network.

We reserve the right to remove from our social networks any information posted by third parties that violates the law, incites to do so or contains messages that violate the dignity of persons or institutions. We also reserve the right to block or report the profile author of these messages.

Social Networks in which is present:

 Do we make international transfers of your personal data?

An international data transfer occurs when personal data that are processed by a controller or processor in the European Economic Area (EU countries, Iceland, Liechtenstein and Norway) are sent to a third country or international organisation outside the European Economic Area.

Our suppliers who may have access to personal data for the purpose of providing us with services ancillary to our business (hosting, housing, software as a service, remote backups, computer support or maintenance services, e-mail managers, sending e-mails and e-mail marketing, file transfer, etc.), have their data processing centres within the European Economic Area or in countries with the same level of adequacy as established by the European Commission and the European Data Protection Committee.

If suppliers are outside the European Economic Area and outside the list of countries with an adequate level of protection we will use appropriate safeguards such as standard contractual clauses (STCs) approved by the EU Commission.

Our data processors with cloud services:

As processors, we have the following service providers:

  1. Google Ireland Limited, based at Google Building Gordon House, Barrow St, Dublin 4, Ireland, provides web analytics and global internet services, email, cloud storage, advertising. You can consult the privacy policy and other legal aspects of the company in the following link: and
  2. Facebook Ireland Ltd., located at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, provides social media interaction, social analytics, advertising services. You can consult the privacy policy and other legal aspects of the company at the following link and
  3. Instagram, a product provided by Facebook Ireland Ltd., provides social media interaction services, social analytics, advertising. You can consult the privacy policy and other legal aspects of the company at the following link
  4. Twitter International Company, located at One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, provides social media interaction, social analytics, advertising, etc. services. The privacy policy and other legal aspects of the company can be viewed at the following link
  5. Indicate the server hosting details of the website and the forum.

 What rights can you exercise?

These are known as ARCO-POL rights, which can be exercised by sending an e-mail to:

You may, where appropriate, exercise your rights of access, rectification, deletion, limitation and opposition to their processing, as well as not to be subject to decisions based solely on the automated processing of your data, at the postal or email address indicated at the beginning of this privacy policy; in both cases by written and signed request attaching a copy of your ID card or passport or other valid document that identifies you. In the event of modification of your data, you must notify us at the same address, and this company declines all responsibility in the event of failure to do so.

Right of access: You can ask us what personal data we are processing and even ask us for a copy of this data.

Right of rectification: You can ask us to rectify inaccurate personal data or to complete incomplete personal data, including by means of an additional declaration.

Right to erasure (right to be forgotten): You can ask us to erase your personal data when: they are no longer necessary for the purposes for which they were collected, you withdraw your consent, there has been unlawful processing of your personal data or in compliance with a legal obligation.

Right to restriction of processing: You can ask us to restrict the processing of your data, in which case we will only keep it for the purpose of exercising or defending claims.

Right to object: You may object to the processing of your data if such processing is based on the legitimate interest of the data controller or is for advertising purposes.

Once we have received any of the above requests, we will respond to you within the legally established deadlines. You can complain to the Spanish Data Protection Agency. If you would like more information about the rights that you can exercise and to request model forms for exercising your rights, please visit the website of the Spanish Data Protection Agency,

What categories of data do we process?

The GDPR establishes two categories of personal data, those known as identifying data and those known as special categories: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or health data, biometric data, data concerning life or sexual orientation.

The categories of data we process are identification data, we do not process data considered as special categories of data (genetic, biometric, etc.).