The gathering and automated treatment of the personal data collected through this web site have the purpose of managing the service requested by the user as well as its tracking. The treatment’s legal basis is the consent of the user, which is needed for the development of the public functions and missions of the CSIC, that is the responsible of this treatment. It is not possible to establish a precise estimation of the time limits for erasure, that will depend on the case and the requested service.
The regulations require to publish by electronic means the inventory of treatment activities. In the Transparency section of this web site appears the CSIC’s Record of Treatment Activities (RAT). Through the aforementioned links, it is possible to access the RATs corresponding to the CSIC’s central organization which specify, for each treatment, the identity of the controller, the legal basis, the purposes of the processing, the category of data, the expected deletion and a general description of the technical and organisational security measures.
In accordance with the Organic Law 3/2018, dated 5 December, on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD), the General Regulation of Data Protection (RGPD) and the related legislation, the CSIC undertakes to comply with the obligation of secrecy with regard to personal data and the duty to treat them confidentially after carrying out the corresponding risk analyses, in particular, in accordance with the First Additional Provision of the LOPDGDD, the security measures corresponding to those provided for in the National Security Scheme, necessary to prevent its alteration, loss, processing or unauthorised access.
Users may exercise their rights of access, rectification, cancellation, opposition, limitation or portability at any time by writing to the Secretary General of the CSIC at C/Serrano 117, 28006 MADRID (Spain), providing a photocopy of their National Identity Document (DNI) or through the CSIC’s Electronic Register, located at its Electronic Headquarters, for which they must have a recognised electronic certificate. It is possible to contact with the CSIC’s Data Protection Delegate though this email: email@example.com