At IESE, we care about the confidentiality and security of all our users. For this reason, we are committed to guaranteeing your privacy at all times and to only collecting information when strictly necessary.

Our Privacy Policy regulates how we process the personal information of all users who access or contact IESE through our website or via email.

Below, you’ll find all pertinent information about our Privacy Policy in relation to the personal data we process and answers to the following frequently asked questions:


Who processes my data?

IESE Business School, Universidad de Navarra (R-3168001J)
21 Pearson Avenue
08034 Barcelona (Spain)

Data Protection Officer (DPO):


For what purpose, and on what legal basis, is my personal data processed?

All personal data requested by IESE is necessary for our online activity to function and for us to efficiently offer you our services. If you do not provide it, it may prevent us from contacting you or processing your request(s). IESE reserves the right of not responding to or processing requests that do not include the requested personal data. Users must be at least 14 years old to consent to the collection of their personal data or, where appropriate, have the sufficient legal capacity to contract.

To this end, you guarantee the veracity of the personal data provided to IESE through the website or by e-mail, and IESE may periodically ask you to review and update the personal data that we keep about you.

In the following sections we describe the different purposes for which your personal information is processed at IESE and the legal basis for this processing:



Purpose: to provide you with a way to contact us and answer your questions, requests for information or suggestions. Also, to send you communications about our products, services and activities by any means (including electronic means such as email, SMS or WhatsApp) if you check the corresponding terms of agreement box.

Legitimacy: the express consent that you have given us to respond to your questions, requests for information or suggestions, as well as to send you advertising and commercial information about our products, services and activities by any means, including electronically, if you check the terms of agreement box. The processing may also be legitimized on the basis of the pre-contractual or contractual relationship that may exist between you and IESE.



Purpose: to enable the contracting of products or services offered through the website (courses, seminars, etc.), as well as their subsequent execution. Also to send you communications about our products, services and activities by any means (including electronic means, such as email, SMS or WhatsApp), provided that you check the corresponding acceptance box.

Legitimacy: the pre-contractual or contractual relationship that may exist between you and IESE, as well as the express consent you have given for us to send you advertising and commercial information about our products, services and activities by any means (including electronic means) if you tick the acceptance box.


How long does IESE keep my data?

The conservation period of your personal data is set according to the duration of your relationship with IESE and the periods established by law.

Specifically, we will keep your personal data until it is no longer necessary for the indicated purpose, until you revoke the corresponding consent or until the end of the period required to comply with legal obligations.

When your relationship with IESE ends, we will proceed to delete your personal data as soon as we have taken all the necessary steps to complete any obligation derived from that relationship.

Notwithstanding the above, your personal data will be kept and correctly protected, while responsibilities may derive from the execution of our contractual or pre-contractual relationship, as well as for the compliance with other legal obligations in charge of IESE. Thus, IESE will adopt technical and organizational measures to prevent the processing of your personal data (including its visualization) except if it is necessary to disclose it to judges and courts, the Public Prosecutor’s Office or the competent Public Administration. In particular, in the case of data protection authorities, in the event of any responsibilities derived from the processing of such personal data, and only for the limitation period of such responsibilities.


What are my rights and how can I exercise them?

Right of access

You can request confirmation from us to determine if IESE is processing your personal data and, in that case, you have the right to access your personal data and certain legally stipulated information it contains.


Right to rectification

You have the right to request the rectification of your personal data if it is incorrect or incomplete.


Right to erasure

You may request the erasure of your personal data when, among other reasons, it is no longer necessary for the purposes for which it was collected.


Right to restriction of processing

In certain circumstances, you may request a restriction of processing of your personal data. In these cases, we will process the data, with the exception of its conservation, only with your consent or for the establishment, exercise or defense of legal claims, for the protection of the rights of another natural or legal person or for reasons of important public interest at a national or European level.


Right to data portability

Under certain circumstances, you have the right to receive personal data concerning you that you have provided to IESE and to transmit it directly to a new controller.


Right to object

You may object to the processing of your personal data. In this case, IESE will stop processing the data unless we can prove legitimate and imperative reasons for its processing that prevail over your own interests, rights and freedoms, or for the formulation, exercise or defense of possible claims.


Other rights recognized by current legislation

You can exercise your rights by writing to the IESE Data Protection Officer with proof of your identity. Send e-mail claims to, or in writing, to the following postal address: 21 Pearson Avenue, 08034, Barcelona (Spain).


You may also revoke consent that you have previously given us at any time. To do so, please contact IESE at the email or postal address indicated above. The revocation of these consents does not, in any case, condition the lawfulness of processing based on prior consent to their revocation.


Finally, you will also have the right to submit a complaint to the supervisory authority if we do not respond to your request within one month of its submission, as well as to obtain further information on your rights concerning the protection of personal data. To do so, you can contact:

Agencia Española de Protección de Datos
Jorge Juan Street, 6, 28001, Madrid (Spain)


Can IESE transfer my personal data to third parties?

IESE may transfer the personal data that you have provided to us to third parties, if there is a specific obligation to do so. If so, we must transfer this information to public authorities in order to comply with their requirements and applicable legislation.


How is the security of my personal data guaranteed at IESE?

At IESE we apply appropriate policies and technical and organizational measures to safeguard and protect your personal data against undesirable actions, such as illegal or unauthorized access, accidental loss or destruction, damage, and illegal or non-authorized use and disclosure.

In addition, we take all reasonable precautions to guarantee that IESE employees who have access to your personal data have received the necessary training to process them with the appropriate caution.


Can I update my personal data?

When there is a change in your personal data, please inform us as soon as possible to keep our database updated. Otherwise, we will not be able to take responsibility for the veracity of these personal data.

We are not responsible for the Privacy Policy regarding the personal data you may share with third parties through the links available on our website.

This Privacy Policy can be modified in order to adapt it to changes that occur on our website, as well as by consequence of legislative or jurisprudential modifications that may appear, so it is necessary to read it each time you provide your personal data through this website or by e-mail.


More information and contact

If you have any questions regarding the processing of your personal data at IESE, please contact us by e-mail at or by writing to us at the following address: 21 Pearson Avenue, 08034 Barcelona, Spain.