Skip to main content

Data Protection

CSIC is a public body that generally acts as the controller of personal data processing activities. In accordance with the principle of accountability, it is therefore responsible for complying with the obligations established by the General Data Protection Regulation (GDPR) and Organic Law 3/2018 of 5 December on Personal Data Protection and the Guarantee of Digital Rights.

In compliance with the GDPR, please note that:

Personal data will be processed by the CSIC and incorporated into the processing activity entitled “General Information Enquiries”, the purpose of which is to handle and respond to the enquiry submitted. This processing is based on the exercise of the competences entrusted to the organisation.

Personal data may be communicated to the competent services of other public administrations when necessary to respond to the enquiry.

Data will be retained for the period necessary to fulfil the purpose for which it was collected.

Imagen
Image
Protección de datos

Among these obligations is the appointment of a Data Protection Officer (DPO) and the notification of that appointment to the Spanish Data Protection Agency (AEPD). The CSIC’s Data Protection Officer is José López Calvo.

If you wish to exercise your rights of access, rectification, erasure, objection or restriction of processing, or carry out any operation related to the management of your personal data, you may contact the Data Protection Officer through the relevant contact form.
 

The legislation also requires that the inventory of processing activities be made publicly available by electronic means. The following links provide access to the processing activity records of the CSIC’s central organisation and those of the CSIC institutes.

The CSIC has also fulfilled the remaining data protection requirements, including the establishment of internal procedures for reporting personal data breaches, the performance of risk assessments and the adoption of appropriate security measures based on the risks identified, as well as the conduct of Data Protection Impact Assessments where risks have been identified. These risks have mainly arisen in connection with the processing of personal data within certain research projects.