Automatic translation: original version

Privacy policy

In compliance with current regulations on data protection, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (GDPR), Organic Law on Data Protection and Guarantee of Digital Rights (LOPDGDD, Law 3/2018 of December 5), we inform you of the Personal Data Protection Policy, in regard to the processing of personal data, it is detailed below.

Responsible for the treatment of personal data

The data controller is the legal entity that determines the purposes and means of processing personal data. In other words, the controller decides how and for what purposes the personal data is processed. For the purposes of this Data Protection Policy, the person responsible for the processing of personal data is:

  • Business name: Fundación Centro Tecnolóxico de Supercomputación de Galicia (CESGA).
  • NIF: G-15.852.981
  • Registered office: Avenida de Vigo, s/n Campus Sur. ZIP: 15705. Santiago de Compostela
  • email: rgpd@cesga.es
  • Telephone: 981.569.810
  • Activity: Computer services and research projects.

Contact with the Data Protection Officer

The CESGA has internally appointed a Data Protection Delegate. Interested parties may contact him through the following email address:

What personal data do we process and how do we protect it?

Personal data is any information about an identified or identifiable natural person. For the purposes established in this Privacy Policy, the person in charge collects and processes the personal data that is explained in each type of treatment, and that will depend on the different services that you request or the contractual relationship that you maintain with our entity. Our organization undertakes to treat with total confidentiality and to apply the appropriate security measures, of a physical, technical and organizational nature, for the protection of your personal data. You guarantee and are responsible, in any case, for the veracity, accuracy, validity and authenticity of the personal data provided and undertake to keep them duly updated.Tratamiento de datos de “Clientes”

  1. What type of personal data do we process?
    • Identification data: name, ID, address, telephone, email address.
    • Academic and professional data: profession, position.
    • Data related to transactions: products and services provided.
  1. For what purpose do we process your personal data? We treat the personal data that you provide us for the management of the data of the entity’s clients, to maintain the commercial relationship, accounting, administrative and billing management, as well as tax obligations. The purpose of advertising and commercial prospecting has also been foreseen, for which the express consent of the interested party is requested. The personal data provided will be kept as long as the business relationship is maintained. If you decide to cancel your personal data, they may be kept in our databases for the periods provided by law in order to comply with tax and accounting obligations, and they will be deleted once said legal periods or those that are applicable have expired.
  2. What is the legitimacy for the treatment of your data? The legal basis for the treatment of your data is the execution of a contract, as well as the fulfillment of a legal obligation of the person in charge. The communication of offers and promotions that could be of interest to you is based on the express consent that is requested.
  3. To which recipients will your data be communicated? The transfers that are necessary to public bodies by legal obligation will be made. No international data transfers will be made.

Treatment of data of “Contacts and potential clients”

  1. What type of personal data do we process?
    • Identification data: name, address, telephone, email address.
    • Academic and professional data: profession, position.
  1. For what purpose do we process your personal data? We treat the personal data that you provide us in the contact form for the management of data of commercial contacts and potential clients. The purpose of advertising and commercial prospecting has also been foreseen, for which the express consent of the interested party is requested. The personal data provided will be kept as long as the business relationship is maintained. If you decide to cancel your personal data, it will be removed from our contact database.
  2. What is the legitimacy for the treatment of your data? The legal basis for the treatment of your data is the express consent that is requested.
  3. To which recipients will your data be communicated? No transfers will be made. No international transfers of personal data are planned.

Treatment of data of “Suppliers”

  1. What type of personal data do we process?
    • Identification data: name, ID, address, telephone, email address.
    • Financial data: bank account.
    • Academic and professional data: profession, position, qualifications.
    • Data related to transactions: products and services delivered.
  1. For what purpose do we process your personal data? We treat the personal data provided by the entity’s supplier data management, to maintain the business relationship, accounting, administrative and payment management, as well as tax obligations. The personal data provided will be kept as long as the business relationship is maintained. If you decide to cancel your personal data, they may be kept in our databases for the periods provided by law in order to comply with tax and accounting obligations, and they will be deleted once said legal periods or those that are applicable have expired.
  2. What is the legitimacy for the treatment of your data? The legal basis for the treatment of your data is the execution of a contract, as well as the fulfillment of a legal obligation of the person in charge.
  3. To which recipients will your data be communicated? The transfers that are necessary to public bodies by legal obligation will be made. Data transfers are also made for legitimate purposes related to the activity of the company: it will be necessary to communicate the bank details (NIF, name and surnames and account number) to the financial entities in charge of intervening in the operation of the payment of the fees of the supplier. No international data transfers will be made.

Data processing of “Employees”

  1. What type of personal data do we process?
    • Identification data: name, ID, date of birth, address, telephone, email address, signature, image.
    • Personal characteristics data: Sex, marital status, nationality, age, date and place of birth and family data.
    • Data on social circumstances: licenses and permits.
    • Economic-financial data: bank account, payroll data, tax deductions, other withholdings (if applicable).
    • Academic and professional data: profession, position, experience, qualifications.
  1. For what purpose do we process your personal data? We treat the personal data that you provide us for the management of the employment relationship, payroll management, administrative and payment management, compliance with the entity’s tax and labor obligations, access control, training and development management professional, and the prevention of occupational risks. The personal data provided will be kept as long as the employment relationship is maintained. If, once the employment relationship has ended, you decide to cancel your personal data, they will be kept until the legal deadlines defined by accounting, tax and labor regulations have expired, and once said deadlines have elapsed, your data will be deleted from our system.
  2. What is the legitimacy for the treatment of your data? The legal basis for the treatment of your data is the fulfillment of an employment contract, as well as the fulfillment of a legal obligation of the person in charge.
  3. To which recipients will your data be communicated? The transfers that are necessary to public bodies by legal obligation are made: Tax Agency, Social Security, Mutual, etc. Data transfers are also made for legitimate purposes related to the activity of the entity:
  • It will be necessary to communicate the bank data (NIF, name and surnames and account number) to the financial entities in charge of intervening in the payroll payment operation.
  • A review of the curriculum vitae, as well as the Social Security registration data could be delivered to the client companies and institutions, as part of the technical documentation included in the project offers presented in order to prove the technical solvency of the the entity, and its compliance with labor and occupational risk prevention legislation.
  • Likewise, in cases in which it is necessary to justify personnel expenses in any aid, training activity or project financed with public funds, the payroll data could be communicated to the public administrations responsible for the evaluation of said aid and/or or projects, in compliance with current legislation.
  • The photograph of an employee could be used in a publication or Web page with the purpose of disclosing a certain event or action related to the activities of the entity, for which the express consent of the interested party is requested.

No international transfers of personal data are planned.

Treatment of data of “Job candidates”

  1. What type of personal data do we process?
    • Identification data: name, ID, date of birth, address, telephone, email address, image.
    • Personal characteristics data: Sex, marital status, nationality, age, date and place of birth.
    • Academic and professional data: profession, position, experience, qualifications.
  1. For what purpose do we process your personal data? We treat the personal data that you provide us for the management of the selection processes of the entity. The personal data provided will be kept as long as the interested party has not withdrawn their consent in order to continue saving their curriculum vitae for future selection processes. If you decide to cancel your personal data, it will be removed from our job applicant database.
  2. What is the legitimacy for the treatment of your data? The legal basis for the treatment of your data is the express consent that is requested.
  3. To which recipients will your data be communicated? No transfers will be made to third parties. No international data transfers will be made.

Treatment of data of “Course attendees”

  1. What type of personal data do we process?
    • Identification data: name, ID, address, telephone, email address.
    • Academic and professional data: profession, position, qualifications.
  1. For what purpose do we process your personal data? We treat the personal data that you provide us for the registration of attendees to courses organized by the entity. The personal data provided will be kept as long as you do not request the cancellation of the data. If you decide to cancel your personal data, it will be removed from our database of course attendees.
  2. What is the legitimacy for the treatment of your data? The legal basis for the treatment of your data is the execution of a contract, as well as the fulfillment of a legal obligation of the person in charge.
  3. To which recipients will your data be communicated? The transfers that are necessary to comply with legal obligations are made to entities such as the Xunta de Galicia or the Tripartite Foundation. No international transfers of personal data are planned.

Treatment of data of “Users of the CESGA Classroom”

  1. What type of personal data do we process?
    • Datos identificativos: nombre, apellidos, dirección de correo electrónico, imagen.
  1. For what purpose do we process your personal data? We treat the personal data that you provide us for the registration of users of the CESGA teletraining platform. The personal data provided will be kept as long as you do not request the cancellation of the data. If you decide to cancel your personal data, it will be removed from our database of course attendees.
  2. What is the legitimacy for the treatment of your data? The legal basis for the treatment of your data is the consent of the interested party.
  3. To which recipients will your data be communicated? No transfers are made to third parties. No international transfers of personal data are planned.

Treatment of data of “Users of CESGA Services”

  1. What type of personal data do we process?
    • Identification data: name, ID, telephone, email address.
    • Academic and professional data: position, company.
  1. For what purpose do we process your personal data? We treat the personal data that you provide us for the registration of users of the services offered by the entity. The personal data provided will be kept as long as you do not request the cancellation of the data. If you decide to cancel your personal data, it will be removed from our database of service users.
  2. What is the legitimacy for the treatment of your data? The legal basis for the treatment of your data is the consent of the interested party.
  3. To which recipients will your data be communicated? No transfers are made to third parties. No international transfers of personal data are planned.

Treatment of data of “Teachers”

  1. What type of personal data do we process?
    • Identification data: name, ID, address, telephone, email address.
    • Financial data: bank account.
    • Academic and professional data: profession, position, qualifications.
    • Data related to transactions: services delivered.
  1. For what purpose do we process your personal data? We treat the personal data that facilitates us to manage the data of the entity’s teachers, for accounting, administrative and payment management, as well as tax obligations. The personal data provided will be kept as long as the relationship as a teacher is maintained. If you decide to cancel your personal data, they may be kept in our databases for the periods provided by law in order to comply with tax and accounting obligations, and they will be deleted once said legal periods or those that are applicable have expired.
  2. What is the legitimacy for the treatment of your data? The legal basis for the treatment of your data is the execution of a contract, as well as the fulfillment of a legal obligation of the person in charge.
  3. To which recipients will your data be communicated? The transfers that are necessary to public bodies by legal obligation will be made. Your photograph could be used in a CESGA publication, website or social network of the entity with the purpose of disseminating a certain training action, for which your express consent is requested. Data transfers are also made for legitimate purposes related to the activity of the company: it will be necessary to communicate the bank details (NIF, name and surnames and account number) to the financial entities in charge of intervening in the operation of the payment of the fees of the Professor. No international data transfers will be made.

Treatment of data of “Participants in projects”

1.What type of personal data do we process?

    • Identification data: name, ID, address, telephone, email address.
    • Academic and professional data: profession, position.
  1. For what purpose do we process your personal data? We treat the personal data that you provide us for the management of the data of the participants in the projects in which the CESGA participates. The personal data provided will be kept as long as the relationship is maintained during the execution of the project. If you decide to cancel your personal data, they may be kept in our databases for the periods provided by law in order to comply with tax and accounting obligations, and they will be deleted once said legal periods or those that are applicable have expired.
  2. What is the legitimacy for the treatment of your data? The legal basis for the treatment of your data is the execution of a contract, as well as the fulfillment of a legal obligation of the person in charge. The communication of offers and promotions that could be of interest to you is based on the express consent that is requested.
  3. To which recipients will your data be communicated? The transfers that are necessary to public bodies by legal obligation will be made. No international data transfers will be made.

What are your rights when you provide us with your data?

In accordance with the applicable regulations on data protection, you have a series of rights in relation to the processing of your personal data. The exercise of these rights will be free for you, except in cases where manifestly unfounded or excessive requests are made, especially repetitive ones. These rights are the following: – Right to information: You have the right to be informed in a concise, transparent, intelligible and easily accessible manner, with clear and simple language, about the use and treatment of your personal data. – Right of access: You have the right to ask us at any time to confirm if we are treating your personal data, to provide you with access to them and to information about their treatment and to obtain a copy of said data. The copy of your personal data that we provide will be free of charge, although the request for additional copies may be subject to the charge of a reasonable amount based on administrative costs. For our part, we may ask you to prove your identity or require more information that is necessary to process your request. – Right of rectification: You have the right to request the rectification of inaccurate, outdated or incomplete personal data concerning you. You may also request that incomplete personal data be completed, including by means of an additional declaration. – Right of deletion: You have the right to request the deletion of your personal data when, among other reasons, the data is no longer necessary for the purposes for which it was collected. However, this right is not absolute, so that our organization may continue to keep them duly blocked in the cases provided for by the applicable regulations. – Right to limit treatment: You have the right to request that we limit the treatment of your personal data, which means that we may continue to store them, but not continue treating them if any of the following conditions are met:

  1. that you challenge the accuracy of the data, for a period that allows the controller to verify the accuracy of the data;
  2. the treatment is unlawful and you oppose the deletion of the data and request instead the limitation of its use;
  3. our entity no longer needs the data for the purposes of the treatment, but you need them for the formulation, exercise or defense of claims;
  4. You have opposed the treatment, while it is verified if the legitimate reasons of our entity prevail over yours

– Right to data portability: You have the right to have your data transmitted to another data controller in a structured, commonly used and machine-readable format. This right applies when the processing of your personal data is based on consent or the execution of a contract and said processing is carried out by automated means.

– Right of opposition: This right allows you to oppose the processing of your personal data, including profiling. We will not be able to attend to your right only when we process your data in the event that we prove legitimate reasons for the treatment or for the formulation, exercise or defense of claims.

– Right not to submit to automated decisions, including profiling: This right allows you not to be the subject of a decision based solely on automated processing, including profiling, that produce -said decisions- legal effects or affect you in a similar way. Unless said decision is necessary for the conclusion or execution of a contract, is authorized by law or is based on consent.

– Right to withdraw consent: In cases where we have obtained your consent for the processing of your personal data in relation to certain activities (for example, in order to send you commercial communications), you can withdraw it at any time. In this way, we will stop carrying out that specific activity for which you had previously consented, unless there is another reason that justifies the continuity of the processing of your data for these purposes, in which case, we will notify you of said situation.

– Right to file a claim with a supervisory authority: You have the right to file a claim with the Spanish Data Protection Agency, C/ Jorge Juan, 6, 28001 Madrid, 901 100 099 – 912 663 517 (www.agpd.es), or at the electronic address: https://sedeagpd.gob.es/sede-electronica-web/vistas/formQuejasSugerencias/seleccionarQuejaSugerencia.js.

You may exercise the aforementioned rights by sending us a communication to our Customer Service Department, or through an email to rgpd@cesga.es, attaching a document proving your identity and providing the necessary details to process your request. Interested parties can obtain additional information about their rights on the website of the Spanish Agency for Data Protection, www.agpd.es