Información legal
Last updated: 20 May 2026
This Privacy Policy explains how Universidad Maharishi de Latino-America y el Caribe, formally abbreviated in its statutes as UMLAC, collects, uses, retains, protects and, where appropriate, shares the personal data of people who visit its website, request information, complete forms, take part in admissions processes, enrol in academic programs, use digital platforms or communicate with the university.
UMLAC processes personal data with institutional responsibility, seeking to protect the privacy of applicants, students, faculty, collaborators, website visitors and others who interact with its services.
As its institutional data-protection standard, UMLAC takes as reference the principles of Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR): lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality and accountability.
Universidad Maharishi de Latino-America y el Caribe, formally abbreviated as UMLAC, is the controller of personal data collected through its website, forms, digital platforms, institutional communications and academic services, unless it is expressly stated that a third party acts as an independent controller.
Institutional identity and contact details appear at the end of this policy.
Depending on a person’s relationship with UMLAC, we may collect identification data, contact data, academic data, admission and enrolment data, payment and billing data, digital platform data, communication data, and technical or browsing data.
UMLAC avoids collecting sensitive data unless it is necessary, proportionate and permitted by applicable law. In some cases, data related to particular educational needs, health conditions, academic accommodations or other sensitive information may be processed where provided voluntarily or where necessary for academic, administrative, legal or rights-protection purposes.
In such cases, UMLAC will apply enhanced protection measures and limit access to those who need the information for the relevant purpose.
UMLAC may process personal data to respond to information requests; manage admissions; manage enrolment and registration; provide academic services; administer digital platforms; process payments and administrative obligations; send institutional communications; send informational or promotional communications where there is an appropriate legal basis; comply with legal and institutional obligations; protect security and prevent abuse; and improve services and content.
UMLAC will process personal data on one or more of the following legal bases, as applicable and structured by reference to Article 6 of Regulation (EU) 2016/679: consent; performance of a contractual or pre-contractual relationship; compliance with legal, regulatory, fiscal, accounting or academic obligations; UMLAC’s legitimate interest in operating, protecting and improving its services, provided the person’s fundamental rights do not prevail; protection of rights, security, institutional integrity or prevention of abuse; or any other basis permitted by applicable law.
UMLAC will retain personal data for as long as necessary to fulfil the purposes for which they were collected and to meet legal, academic, administrative, accounting, contractual or archival obligations.
In general, enquiry data may be retained for the time needed to answer and follow up the request; admission data during the relevant process and for a reasonable administrative period; student academic data for the time required for institutional management, certificates, academic archives and regulatory compliance; payment and billing data according to fiscal, accounting and administrative obligations; technical and security logs for a limited period needed for support, security and audit; and promotional-communication data until consent is withdrawn, opt-out is requested or the relevant legal basis ceases to exist.
When data are no longer necessary, UMLAC will seek to delete, anonymise or restrict them in accordance with applicable law and internal policies.
UMLAC may share personal data with providers, platforms or collaborators that supply services needed for institutional, academic, technological, administrative or communication operations. These may include web-hosting and digital-infrastructure providers, virtual classroom and academic-management platforms, email and notification services, security and technical-support providers, payment gateways or financial entities, storage and document-management services, analytics and measurement tools, legal, accounting, academic or administrative advisers, and competent authorities where there is a legal obligation.
UMLAC will seek to ensure that providers process personal data under appropriate instructions, confidentiality obligations and reasonable security measures.
Because digital, academic and technological services are international in nature, personal data may be processed or stored in countries other than the user’s or student’s country of residence. Where international transfers take place, UMLAC will seek to apply appropriate safeguards, including contractual, technical and organisational measures designed to protect personal information.
Under applicable law and the GDPR rights standard, individuals may have the right to request access to their personal data; request correction of inaccurate or incomplete data; request deletion where appropriate; request restriction of processing; object to certain processing; withdraw consent where processing is based on consent; request data portability where applicable; and submit enquiries or complaints related to the processing of their personal data.
To exercise these rights or make privacy enquiries, individuals may write to the Data Protection Officer at dpo@umlac.university. UMLAC may request additional information to verify the requester’s identity before responding.
UMLAC may send electronic communications related to academic processes, admissions, contracted services, payments, security, technical support, institutional changes or information necessary for the relationship with the person. It may also send informational or promotional communications where there is an appropriate legal basis.
UMLAC applies reasonable technical and organisational measures to protect personal data against unauthorised access, loss, alteration, improper disclosure, misuse or accidental destruction. No internet-connected system can be considered absolutely secure. Users should protect their credentials, use strong passwords and report any incident or suspected improper access.
UMLAC’s academic services are primarily directed to adults or to people who meet the relevant admission requirements. If data from minors are collected, UMLAC will do so in accordance with applicable law and, where necessary, with authorisation from parents, legal representatives or responsible persons.
The UMLAC website may use cookies and similar technologies to enable website operation, remember preferences, analyse page use or improve digital services. For more information, users may consult UMLAC’s Cookie Policy.
UMLAC may update this Privacy Policy when necessary for legal, technical, academic, operational or institutional reasons. The current version is the one published on this page.
Thank you for contacting UMLAC. The admissions team will review your request and contact you as soon as possible.