CEDEI International Programs

Privacy Notice and Personal Data Protection

Last updated: January 15, 2026

The Centro de Estudios Internamericanos – CEDEI, headquartered in the city of Cuenca, Republic of Ecuador, hereby informs personal data subjects and their legal representatives about the processing of personal data it carries out, in compliance with the Organic Law on Personal Data Protection (Ley Orgánica de Protección de Datos Personales – LOPDP) and other applicable regulations.

The purpose of this Privacy Notice is to guarantee the principle of transparency, especially when the processing involves personal data of children and adolescents, in accordance with their best interests and enhanced protection.

Data Controller
The Data Controller responsible for processing your personal data is:

Legal Name: Fundación Centro de Estudios Interamericanos (CEDEI)
Tax ID (RUC): 0190122489001
Address: Gran Colombia 11-02 and General Torres, Cuenca, Ecuador
Phone: (+593) 7-2832-002

Data Protection Officer (DPO) Contact Information
If you wish to contact our Data Protection Officer regarding the exercise of rights, inquiries, incidents, or other matters, you may do so through:
Email: dpo@cedei.org

Our Records of Processing Activities
CEDEI processes personal data belonging to the following categories of data subjects:

  • Students and participants in academic programs.
  • Host families.
  • Faculty members, coordinators, and academic staff.
  • Applicants (administrative and teaching staff).
  • Employees and former employees.
  • Suppliers.
  • Clients and institutional representatives.
  • Prospective clients and business contacts.
  • Users of technological platforms and the institutional website.

The Personal Data We Collect
Depending on your relationship with CEDEI, the following categories of personal data may be processed:

Identification Data:
First and last names, national ID/passport number, date of birth, nationality, image, tax ID (RUC), signature, address, email address, phone number, place of residence, place of birth, postal code, permanent postal address, current postal address, country, and city.

Academic and Professional Data:
Academic records, certificates, language proficiency, education, and job position.

Personal Characteristics:
Marital status, nationality, preferences.

Health Data:
Information on allergies, medication, diets, and relevant medical conditions (especially for international programs and to ensure student well-being).

Economic, Financial, and Insurance Data:
Information required to process payments.

Legal Representative Data:
Names, contact information, and identification data of

Employment Details:
Position, duties, employment start date, type of contract, salary, work modality, workplace modality and address, contract details (date, province, canton), working hours, and payment method.

Technical Browsing and IT Data:
IP address, cookies, and usage data from our educational platforms (see Cookies Policy).

Consent Data:
Information regarding consent or refusal for data processing, rights exercised, authorized cookies, and acceptance of privacy policies and terms of service.
CEDEI may also process images and audiovisual recordings (image and voice) generated during virtual educational activities.
CEDEI does not use images or recordings for facial recognition, biometric identification, or automated identity verification.

Sensitive Data
CEDEI will only process sensitive personal data when strictly necessary and based on a valid legal ground, applying enhanced security measures. If such data is not necessary, it will neither be requested nor processed.

Processing of Personal Data of Children and Adolescents
CEDEI processes personal data of children and adolescents within the framework of its educational and training programs.
Such processing is carried out:

  • In accordance with the best interests of the child or adolescent.
  • Exclusively for educational, academic, and institutional purposes.
  • With the consent of the parent or legal representative, when required.
  • Applying enhanced security measures to protect the information.
  • CEDEI will not use minors’ personal data for purposes other than those informed or for unauthorized uses.

If you are a parent or legal guardian and become aware that we have collected and stored minors’ data without proper consent, please contact us so that we may proceed with its deletion.

Where We Obtain Your Data
We may obtain your data through technical data capture and security procedures (e.g., when browsing our website) and through your own declaration when performing an explicit action (e.g., completing a registration form or accepting or rejecting cookies).

Why We Process Your Data
We process your data because you have expressly consented to it, because you have entered into a contract with our organization or your business or institution, or because we have a legitimate interest in storing it, always safeguarding your fundamental right to privacy. Additionally, we may be required to store and process data due to public interest or legal obligations.

Purposes of Data Processing

  • Processing registration, admission, and enrollment in our programs.
  • Organizing and delivering English programs and international programs.
  • Managing academic progress, evaluations, and issuance of certificates.
  • Coordinating logistics for exchange programs, including accommodation and transportation.
  • Recording and managing your consent (or refusal) for data processing.
  • Communicating relevant information about academic activities, cultural events, and Foundation news.
  • Conducting satisfaction surveys to improve service quality.
  • Ensuring the security of information systems.
  • Sending commercial or marketing communications about new programs and offers.
  • Publishing images or testimonials on our website or social media.

With Whom We Share Your Data
Your personal data will not be sold or rented. It will only be shared with third parties when strictly necessary:

Educational institutions abroad: For the management of international and exchange programs.

Host families: To coordinate student stays in exchange programs.

Service providers: Such as academic management platforms, transportation services, or insurance providers, acting as Data Processors under appropriate contracts.

Public authorities: In compliance with legal obligations or court orders.

International Data Transfers
CEDEI will not sell, rent, or disclose personal data to third parties without the data subject’s express consent, except in the following cases:

  • International transfers to universities and educational institutions abroad to fulfill contractual relationships, with appropriate safeguards.
  • Transfers to countries without an adequate level of protection, carried out with your explicit consent when necessary for program execution.
  • Sharing data with technology service providers supporting CEDEI’s operations, ensuring adequate data protection measures.
  • Audits, investigations, or requests from competent authorities.

Please note that when we respond to your emails or send files via cloud or server services you have contracted, you may be sharing personal data and authorizing third parties such as Google (Gmail), Microsoft (Skype, Hotmail, Outlook), WhatsApp, Telegram, or their business partners to access and store such data. We recommend reviewing their privacy policies.

How We Protect Your Data
CEDEI has implemented appropriate technical, organizational, and administrative security measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include access controls and passwords, encryption, anti-malware systems, firewalls, SSL connections, data minimization principles, confidentiality clauses, proportionality principles, backup and recovery systems, staff training and awareness, and contracts with data processors and/or joint controllers, among others.

Data Retention Period We will retain your personal data for the duration of the contractual or academic relationship and, subsequently, for the time necessary to comply with legal obligations and the statute of limitations for possible liabilities. Once these periods have expired, the data will be securely deleted.

Cookies and Similar Technologies
The processing of data through cookies or similar technologies is governed by CEDEI’s Cookies Policy, available on its official digital channels.

Your Rights and How to Exercise Them
As a data subject, you have the following rights:

  • Access: To know what data we hold about you, its categories, legal basis, recipients, purposes, and processing activities.
  • Rectification and Updating: To correct inaccurate or incomplete data.
  • Deletion: To request deletion when data is no longer necessary.
  • Objection: To object to processing or withdraw consent.
  • Portability: To receive your data in a compatible format.
  • Suspension of Processing: To request temporary cessation of processing.
  • Not to be subject to automated decisions: Including profiling or automated decision-making processes.
    To exercise your rights, you can send a request to dpo@cedei.org. We undertake to respond and comply with your rights within the period established by law. If you believe that your rights have not been respected, you have the right to file a complaint with the Personal Data Protection Superintendence.

Supervisory Authority
Country: Ecuador
Authority: Personal Data Protection Superintendence
Address: Government Financial Management Platform, Yellow Block, Quito D.M.
Email: datospersonales@spdp.gob.ec
Phone: (+593 2) 299-6100 ext. 1723
Website: https://spdp.gob.ec/

Security Incidents and Data Breaches
Under our proactive accountability approach, we adopt all reasonably necessary technical and organizational measures to protect your information. However, the internet and electronic communications involve inherent cyber risks. Human error, software failures, unauthorized access, theft, or cyberattacks may result in security incidents or data breaches.
In the event of incidents or breaches that may pose risks to your rights and freedoms, involve sensitive data, facilitate identity theft, or result in fraud, reputational damage, or loss of confidentiality, CEDEI is obliged to notify the supervisory authority and, where applicable, affected individuals within the legally established timeframe. We maintain an incident log documenting detection details, type and origin of the incident, affected systems and data, and corrective measures implemented.

Full Privacy Policy
This Privacy Notice is informative and complements CEDEI’s Privacy and Personal Data Protection Policy, available through the institution’s official channels.

Scroll to Top