ASSMA
ES EN

ASSMA

Privacy policy

Last update: 2026-04-27

1. Who is the controller

The controller for processing operations carried out through this Site and in the direct relationship with ASSMA is Research Group ASSMA (University of La Laguna), with tax ID Q3818001D, registered address at Molinos de Agua, s/n, 38270 San Cristóbal de La Laguna, Tenerife, Spain and privacy contact at reglamentopd@assma.es.

No specific ASSMA Data Protection Officer contact is published in this version. Privacy communications are managed through reglamentopd@assma.es, without prejudice to any DPO or institutional data-protection channel that may correspond to the University of La Laguna.

2. What this policy covers

This Policy explains how ASSMA processes personal data when you browse the Site, contact us, ask for information, or use services for which the operator is directly responsible.

When you use the ASSMA platform in the context of a school, university, research project or client entity, the main processing of data from students, participants or authorised staff will normally be carried out on behalf of that entity as controller. In those cases ASSMA will typically act as a processor on behalf of that entity, except for its own operations required by law, contract or service security.

3. Data we process as controller

  • Identification and contact data, when you contact us or request a demo.
  • Professional and organisational data, when you contact us on behalf of a school, university or entity.
  • Technical data for navigation, security and functioning of the Site.
  • Data needed to manage incidents, rights requests or legal requirements.

4. Purposes and legal bases

  • Handling queries, requests for information, demos and communications related to ASSMA.
  • Site security, abuse prevention, incident logging and defence against unauthorised access.
  • Compliance with legal obligations, rights requests and regulatory enquiries.

The applicable legal bases are, depending on the case, your consent, the application of pre-contractual measures at your request, the fulfilment of legal obligations and the legitimate interest in the security, integrity and defence of the service.

5. Platform processing on behalf of client entities

The ASSMA platform may process data such as educational context, list number, PIN or functional credentials, answers to questionnaires, session progress, aggregated reports and other data necessary for the delivery of the service.

In those cases, the client entity that decides the purpose of the project, the affected group, the protocol and the access to results is the controller. ASSMA will process data following the documented instructions of that entity and under the applicable processor agreement.

If you are a student, participant, family member or staff member of a client entity and you want to exercise rights over the main processing through the platform, you should preferably contact that entity. You may also write to us and we will facilitate the corresponding request.

6. Minors and special category data

ASSMA may support projects involving minors and data of particular sensitivity, including mental health, psychometric evaluation or well-being indicators. In those cases, the responsible entity must inform specifically about the processing, its legal basis, access controls, applicable safeguards and, where appropriate, the system for informing and authorising parents or guardians.

ASSMA will not use platform data for its own purposes incompatible with the controller's instructions, nor for behavioural advertising.

7. Recipients and providers

Providers that deliver hosting, infrastructure, support, security, maintenance, communications or operational services may access personal data to the extent necessary for their role, always under the corresponding contractual framework.

The data provided through ASSMA is hosted on OVHcloud infrastructure, on servers located within the European Union; for the current ASSMA deployment, the indicated location is Italy. General information requests are handled at info@assma.es, privacy matters at reglamentopd@assma.es, and technical platform support may also be handled through darioperezglez@gmail.com where necessary to resolve incidents.

8. International transfers

The main hosting declared for ASSMA is located within the European Union. Some auxiliary services, such as remote font loading, video embedding or email services, may involve third-party providers subject to their own technical and contractual conditions. If any operation implies an international transfer, it will take place only when a valid legal basis under Chapter V of the GDPR exists and will be disclosed where legally required.

9. Retention

Contact data and general requests will be kept for the time necessary to handle the request and, afterwards, for the periods needed to address any related liabilities.

Security, incident, rights-exercise and compliance data will be kept for the time needed for its purpose and, where applicable, for the statutory limitation periods.

Data processed through the platform on behalf of client entities will be kept according to the contract with the controller, the project protocol and the applicable regulations. Upon termination of the service, data will be returned, deleted or blocked according to the contractual and legal framework.

10. Rights

You may exercise your rights of access, rectification, erasure, objection, restriction and portability, as well as withdraw consent when that is the legal basis of the processing, by writing to reglamentopd@assma.es.

The request must allow us to reasonably identify the applicant and the right being exercised. If we have well-founded doubts about your identity, we may ask for strictly necessary additional information to verify it.

You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) if you consider that the processing does not comply with the applicable law.

Notice for representatives of minors: because the ASSMA platform typically operates with strongly pseudonymised data (without names), requests regarding records of minors should preferably be channelled through the educational entity holding the key that links the list number to the student's actual identity.

11. Changes

ASSMA may update this Policy when necessary due to legal, technical, contractual or product changes. In case of significant modifications, reasonable measures will be taken to inform affected individuals when appropriate.