Data Protection

The CSIC is a public body that generally acts as responsible for the treatment of personal data for what it is entitled, following the principle of proactive responsability, to meet the obligations  established by the General Data Protection Regulation and the Act 3/2018, of December 5, Protection of Personal Data and the Guarantee of Digital Rights.

Among these obligations, it is included the duty to appoint a data protection officer and to communicate it to the Spanish Data Protection Agency (AEPD). The CSIC officer for data protection is José López Calvo.

In case of wanting to exercise a right to access, rectify, cancel, oppose or limit your personal data, and also manage any action related to the protection of your personal data. You can contact the CSIC officer for data protection through the following contact forms:

The regulation also requires to publish by electronic means the inventory of treatment activities. The CSIC central organization link is available here, and the CSIC centres and institutes is available here.

The CSIC has complied with the remaining existing requirements in regard to data protection. Among them, the creation of internal flows for the communication of any security breach, the corresponding risk analysis, with the implementation of relevant security measures in accordance with the detected ones, as well as the realisation of studies on “privacy impact assessment” in the assumptions in which existing risks have been considered, that have been detected mainly associated to the processing of data in the framework of some research projects.

CSIC privacy policy is available at:

LEGAL NOTICE ( ver en )