PRIVACY POLICY AND INFORMATION ON DATA PROCESSING

International Schools Database, S.L. (hereinafter as "Expatistan" or the "Provider") with Spanish Tax number B56199540 and registered office at Avda. Professor López Piñero, 8-28, Valencia, Spain as the provider (hereinafter as the "Provider") of the service (hereinafter as the "Service") under the contract on the use of the Service or the services related to comparing costs of living in different cities and countries, providing salary calculations and providing services for HR professionals (hereinafter as the "Contract") associated with website www.expatistan.com (hereinafter as the "Website") hereby informs you about the manner and scope of processing the personal data of the users of the Service (hereinafter as the "User"), including the scope of the User's rights in relation to such processing. This privacy policy is also applicable to the situation before concluding the Contract, e.g. when the User only uses the Website with an intent to conclude the Contract (including the cookies policy).

For any questions about privacy and the exercise of your rights, please use the email address:

  • gerardo@expatistan.com

1. 1. For what purpose, under what title and on what basis do we process personal data?

1.1. Definition of personal data

"Personal Data" shall mean any information concerning an identified or identifiable natural person. This includes, but is not limited to, name, surname, first name, postal and email address and telephone number.

1.2. Purpose for the use of your data

1.2.1. Conclusion and performance of the Contract

We conclude Contracts in particular with people who are looking for cost-of-living comparisons with different cities and for salary calculations and with HR professionals who are looking for information about cost-of-living. We process personal data for the purpose of concluding and implementing the Contract. To be able to do this, we need:

  • identification and contact details of the person acting on behalf of a User who is a legal person (name, surname, email, phone, type of employment or other relationship with the User),
  • identification and contact details of the User - natural person (name, surname, city you want to move to, IP address, email address and login credentials, e.g. an email and a password),
  • data from communication with the User (e.g. requests by the Users for password recovery, information on the conclusion of the Contract),
  • financial information (such as credit card information or information about PayPal or any other account, net income information, address for invoicing).

The processing of such personal data follows directly from the Contract and is necessary for the fulfilment of our contractual obligations.

The legal title for the processing of these data is the conclusion and performance of the Contract at the request of the User as a contracting party.

1.2.2. Contact form or emails

We receive emails from potential users and users asking for more information. In those cases, we might need to use your data to be able to respond to the queries raised and to contact the user to resolve the doubts or questions raised. To be able to do this, we need:

  • identification and contact details of the person acting on behalf of a User who is a legal person (name, surname, email, phone),
  • identification and contact details of the User - natural person (name, surname, email address, information on your personal preferences)

1.3. Compliance with legal obligations

We must process personal data where it is required to do so by law. For this purpose, we process personal data in particular to the extent required by the relevant legal regulations in connection with our obligation to keep accounting records and in the performance of related tax obligations, or for the performance of obligations.

Data will be retained for as long as necessary to comply with the relevant legal obligations or for the time necessary to answer the questions posed through our contact form as established in clause 4.

1.4. Legitimate interests of the Provider

In justified cases, we may also process personal data on the basis of a legal title, which is the protection of our legitimate interests. However, we always carefully assess and ensure that the interest in processing your data for this purpose does not unreasonably interfere with your privacy.

Identification of persons acting on behalf of contracting party of the Contract: These are typically members of statutory bodies, employees or other authorised persons who, although not a party to the Contract, enter into the Contract on behalf of the User, communicate with us and otherwise act for the User. We need the personal data of such persons in order to communicate and deal with the User through them for the purpose of entering into and continuing to perform the Contract. For these persons, we generally process name, surname, email, telephone number, delivery address, details of employment or other relationship with the contracting party and data from communications with them.

Proof of acceptance of the terms and conditions: The Contract is concluded by electronic means and thus we store the data necessary to identify the User as a contracting party in order to have a time stamp as proof of the conclusion of the Contract and of the agreement to our terms and conditions in a specific wording in case of later doubts or disputes.

Defence and exercise of legal claims: We also process personal data for the purpose of protecting our legitimate interest, which is to ensure the possibility of defending us in any legal disputes, court proceedings or inspections by state authorities or other public authorities. We process this data in order to be able to prove, if necessary, that we have acted in accordance with our contractual obligations and the law.

Analysis and improvement of the Service: In order to protect our legitimate interests, we also process the data of Users (and visitors) of the Website and Service for the purpose of protecting our legitimate interest - analysing the use of the Service and further improving it. For these purposes, we collect and further process data on the activity of registered Users within the Website (logging the activity of Users). For this purpose, we may also process, within the scope of our legitimate interest, data of registered and unregistered visitors of the Website portal obtained by means of so-called cookies or other similar technologies that store data on or retrieve data from the visitor's device; the terms of use of cookies and similar technologies by the Provider are governed by specific terms and conditions, the text of which is available on the Website.

Contact form or email: The legitimate basis on which the data will be processed lies in the execution of the requested pre-contractual measures and/or the consent given.

1.5. Sending commercial messages

In the case of Users with whom we have entered into a Contract and in connection with which we have obtained their email and/or telephone number, or in the case of other persons who have actively and voluntarily subscribed to our commercial messages (e.g. on the Website), we may process the personal data of these persons in the scope of email and telephone number for the purpose of sending information and news about our services and products (commercial messages).

The processing of personal data for the purpose of sending commercial messages is, in the case of persons who have actively subscribed to the commercial messages themselves (regardless of whether they are Users or not), based on their consent, which was given just by subscribing to commercial messages.

The processing of personal data for the purpose of sending commercial messages is based on our legitimate interest. The User has the possibility to refuse further commercial messages at any time, free of charge, by following the procedure indicated in each commercial message sent, or within the User’s account, or by contacting us at any time at the contact email indicated above in this document.

1.6. Non-mandatory personal data

Expatistan will inform all users of the non-obligatory nature of the collection of certain personal data, except in the fields indicated to the contrary. However, failure to provide such data may prevent Expatistan from providing all those Services linked to such data, releasing us from any liability for the non-provision or incomplete provision of these Services.

It is the user's obligation to provide truthful data and keep them updated, so Expatistan reserves the right to exclude from the services and proceed to the cancellation of the service to any user who has provided false data, without prejudice to other actions that may be applicable by law.

2. From whom do we receive personal data and who we pass them on to?

We obtain personal data primarily from data subjects, which is you. We do not collect any data other than those you give us. You are required to provide only accurate data and if your personal data is changed, you must update the data.

We use the following processors to process your personal data:

  • company Google Ireland Ltd, Gordon House Barrow Street Dublin 4, D04E5W5 Ireland as a processor via the service G Suite for document creation, email services, calendar management, etc.; data may be transferred to the USA;
  • company PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg as a processor via the service PayPal for payment services; data may be transferred to the USA;
  • company Linode LLC 249 Arch St. Philadelphia, PA 19106, USA, as a processor via Hosting and Web Infrastructure; data may be transferred to the USA;
  • company Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, USA, for data backups purposes; data may be transferred to the USA;
  • Honeybadger Industries LLC 11410 NE 124th Street #246 Kirkland, WA 98034, USA, monitoring and alerting service that allow us to handle errors and outages in the Service; data may be transferred to the USA;
  • company Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA, as a processor via the service Mandrill for messaging and emailing services to deliver email messages to you; data may be transferred to the USA.
  • company Expat Taxes s.r.o., ID: 016 14 908, Zahradníčkova 1220/20a, Košíře, 150 00 Prague 5, Czech republic, as a processor for taxes and accounting purposes;

The Provider transfers personal data to third countries (e.g. USA, in the scope of the above-mentioned services) only if the processing of personal data is carried out in accordance with European security standards and law. If personal data is to be transferred to a third country, the Provider shall, at its own expense and responsibility, take all steps to ensure that the transfer of personal data to the third country complies the necessary standards.

3. How do we process the personal data?

We use the data supplied from you to present you the cost-of-living comparison and salary calculation via the Service. We do not perform any other profiling or automated decision making.

The Personal Data of the User may be processed also manually and may involve our employees or other persons working for us, including for the purpose of removing errors, inaccuracies, etc. However, such persons may process personal data only under the conditions and in the scope above and are bound by the obligation to maintain confidentiality of personal data and security measures whose disclosure would threaten the security of personal data.

We always process personal data in accordance with applicable laws and we provide them with due care and protection. We take care that you never suffer any harm to your rights, in particular the right to the preservation of human dignity. We also protect you from unauthorized interference with your private and personal life.

4. How long do we process the personal data?

4.1. Contract with User

We keep the personal data which you provided during concluding the Contract and during its performance for the duration of the Contract. Even after the termination of the Contract, however, we are authorized to continue processing personal data, of which processing is necessary for the following purposes:

  • Compliance with legal obligations

    We process personal data processed due to our legal obligations within the time limits set by these laws.

    Personal data required by law must be processed for accounting and tax purposes (or for archival purposes). The processing period is 5 (five) years from the end of the accounting period, in the case of documents relevant to VAT payments it is (ten) 10 years from the end of the taxable period in which the transaction took place.

  • Legitimate interests

    We also process personal data to protect our legitimate interests, i.e. to defend ourselves against any claims of our customers, even before a court (for example, during the respective limitation periods that may be in the Czech Republic up to 15 (fifteen) years from the occurrence of a relevant event). In this context, the Provider processes your email and data about the performance of the Contract (its content, information about its fulfilment).

    We cannot delete this data even at the request of the User because they are not processed by consent. However, based on your request, we will review whether personal data is no longer needed.

  • Sending commercial messages

    We send commercial messages as described above and process personal data for these purposes until you unsubscribe in accordance with the procedure set out in paragraph 1.4 of this document.

  • Longer processing

    Personal data may be processed for longer than the above if there is a relevant reason for further processing, typically an administrative or legal proceeding for which the personal data is relevant.

5. What are your rights?

In the first place, you have the right to ask us for access to your personal data, including a copy of all your personal data, rectification, restriction of processing, erasure, data portability and opposition. You can do this by using the e-mail address provided at the head of this document.

Withdrawal of consent to processing: if we process your personal data on the basis of your consent, you may freely and free of charge withdraw your consent to processing at any time by using your User account, the contact email mentioned above or otherwise as stated elsewhere in this document. In this case, we will no longer process your personal data processed on the basis of your consent.

For personal data that is not processed on the basis of consent, it is not possible to withdraw consent to processing. However, we will always assess, on the basis of your request, whether it is still necessary to process your personal data for any of the above purposes.

Your rights:

We will always keep you informed about:

  • the purpose of the processing of personal data,
  • the personal data or, where appropriate, the categories of personal data processed, including any available information on their source,
  • the nature of the automated processing, including profiling, and the information relating to the procedure followed, as well as the significance and foreseeable consequences of such processing for the data subject,
  • the recipients or categories of recipients of your personal data, and, in the case of a transfer of personal data to a third country, the appropriate safeguards applicable to the transfer to ensure the security of the personal data,
  • the time at which the personal data will be stored or, if it is not possible, the criteria used to determine that time,
  • any available information about the personal data source, unless it is obtained from you.

Your other rights are:

  • ask us for an explanation,
  • require us to eliminate the situation, in particular, it may be blocking, correcting, supplementing, limiting or deleting personal data (the right to be forgotten);
  • request personal data that concern you in a structured, commonly used, and machine-readable format, and pass on these data to another controller without an obstruction, in any way,
  • complain to the Office for the Protection of Personal Data of Spain (AEPD); and
  • object to the processing of personal data that concern you.

6. How do we protect your personal data?

We take our commitment to protect personal data very responsibly. We use SSL Encryption for all communications with our servers, data is stored in reliable datacentres with state of the art security measures, data is only accessible through a secret password and our employees only have access to your data on a need-to-know basis.

7. Information on the use of cookies

By the mere fact of visiting this website or using the services of Expatistan, no personal data that identifies a user is automatically recorded. However, we inform you that while browsing the Website "cookies" are used, small data files that are generated in the user's computer and that allow us to obtain the following analytical information:

a) The date and time of access to the Website, allowing us to know the busiest times, and to make the necessary adjustments to avoid saturation problems at our peak times.

b) The number of daily visitors to each section, allowing us to know the most successful areas and to increase and improve their content, so that users obtain a more satisfactory result and improve the design of the contents.

c) The date and time of the last time the user visited the Website in order to carry out analytical and statistical studies on the use of the website.

d) Security elements involved in controlling access to restricted areas.

For more information visit our cookies policy.

8. Do you not wish to receive information from us or do you wish to revoke your consent?

Any user may object to the use of his or her information for advertising purposes, market research or satisfaction surveys and may revoke his or her consent at any time (without retroactive effect). To do so, please send an e-mail to gerardo@expatistan.com. When you receive advertising by e-mail, you may also object from that e-mail by clicking on the link included in the e-mail and following the instructions provided.

9. Changes to the Privacy Policy.

Our Privacy Policy may be updated due to changes and legal requirements, as well as due to improvements and changes included in the way we offer and provide our services. Therefore, we recommend that you visit and access our Privacy Policy periodically, in order to have access to the latest changes that may have been incorporated. In the event that such changes relate to the consent given by the user, in which case a separate and independent notification will be sent to the user in order to re-notify him/her again.

If you have any questions or concerns about our Privacy Policy or wish to exercise any rights or actions relating to your personal data, please contact us at gerardo@expatistan.com.

Updated: 5 March 2024

Make a different comparison:

Compare cost of living between cities:
vs