Privacy Policy

1. Who does this Privacy Policy apply to? 

By visiting, consulting, or using the IEEC – Phi-Lab NET Spain website, the user accepts the processing of their personal data in accordance with the terms set out in this document (hereinafter, the ‘Privacy Policy’). 

This Privacy Policy and the processing of your data are governed by the General Data Protection Regulation, or Regulation [EU] 2016/679 (‘GDPR’). 

2. Who is the data controller? 

The Data Controller of the personal data collected within the framework of the Phi-Lab NET Spain website is: 

DATA CONTROLLER 
Identity FOUNDATION OF THE INSTITUTE OF SPACE STUDIES OF CATALONIA 
Address C/ Esteve Terradas, 1, Edifici RDIT, Oficina 212, Parc Mediterrani de la Tecnologia (PMT) Campus del Baix Llobregat – UPC C.P. 08860 Castelldefels (Barcelona) 
Telephone no.: +34 93 280 20 88 
Email protecciodedades@ieec.cat  

3. What information do we process? 

The information we receive from users, which will be processed with the utmost confidentiality, is as follows: 

  1. Information that users provide us directly: The IEEC collects and stores certain information that the user enters on the website, through the following form: 

‘Submit your application here’: The information that the user provides to the IEEC when filling out the form is the following (identifying data): Name of the project, Name of the company, project manager, email address and request for proposal.  

  1. Information provided indirectly by users: 

First-party and third-party cookies (Data arising from identifying cookies and data derived from browsing): The IEEC uses first-party and third-party cookies to distinguish you from other users of our website. This includes, but is not limited to, collecting the following information: the type of browser, the operating system, including the content you view and the time of day you view it, as well as the online identifier (i.e. the IP assigned to your device).  

4.1 Data quality: The user must guarantee, both to the IEEC and to third parties, the quality of the information and personal data provided through the IEEC website. This means that all personal data and information provided must be accurate, truthful, up-to-date, and belong to the user, not to third parties. If the data belongs to third parties, it is understood that it is provided with their consent, and the third party is invited to review our legal texts as soon as possible. 

4.2 Modification of data: The user must notify the IEEC of any modifications to the personal data provided. The user is responsible for ensuring the truthfulness and accuracy of the data at all times. 

4. What is the legitimacy of the data processing? 

The personal data of individuals participating in the Phi-Lab NET Spain calls for proposals will be collected through the website form ‘Submit your application here’. The purpose of this form is to channel ESA Phi-Lab NET Spain’s proposal requests from individuals who wish to participate as candidates.  

This form must be completed by the data subject, and the legal basis for processing is their consent to the processing of the personal data provided. This data will be processed with the utmost confidentiality and solely for the purpose of managing the requests for proposals.  

5. For what purpose will we process the data? 

To manage requests for participation in Phi-Lab NET The IEEC will process the personal data provided through the form ‘Submit your application here’ to manage applications for participation in Phi-Lab NET. This processing is carried out within the framework of the calls for project selection.   
Disclosure of data to third parties – In cases where it is strictly necessary to manage applications and process the corresponding tenders in the event that the IEEC collaborates with third parties. The IEEC may communicate personal data to other members of the Phi-Lab NET Spain Programme, such as Arribes Enlightenment SL and Fundación Privada Knowledge Innovation Market Barcelona, to manage the applications of the tenders.  – When the IEEC has express and unequivocal authorisation from the user. – When requested by a competent authority in the exercise of its functions (to investigate, prevent, or take action in relation to illegal actions). – If required by regulation. 
First-party and third-party cookies – In order to provide a better browsing experience and inform us about your last visit to our website (technical and personalisation cookies).  i – With the consent of the user, cookies can be installed to calculate the number of people who enter the website, as well as store information on the behaviour of users obtained through the continuous observation of their browsing habits (analytical, advertising and behavioural).  Most browsers support the use of cookies automatically, but you can configure your browser to be warned on your computer screen about receiving cookies and, in this way, prevent them from being installed on your hard drive. For information in further detail about the cookies we use and the purposes for which we use them, see our Cookie Policy.

  

6. How long will we retain your data? 

The IEEC will retain your personal data for as long as necessary to fulfil any of the purposes mentioned in this Privacy Policy, comply with current legislation, regulatory requirements, and relevant orders of competent courts. Additionally, we will retain your data as long as we send you information and you do not request its erasure or object to its processing. 

Once your personal data is no longer relevant for the purposes for which it was collected, it will be anonymised or erased.   

7. To which recipients are the data disclosed? 

The personal data collected by the IEEC will be used exclusively to achieve the purposes defined on the IEEC website. To achieve this goal and to properly manage applications, the IEEC may share certain personal data of users under the following conditions:  

– Upon legal request: The IEEC may share information with law enforcement agencies and/or third parties regarding requests for information related to criminal investigations and alleged illegal activities.  

– With the user’s consent: Apart from the above (Clause 6), the user will be informed if any information about them is shared with third parties for purposes other than those set out on the IEEC website, allowing them the opportunity to decide not to share their information. None of the foregoing data disclosures will include selling, renting, sharing, or otherwise disclosing customer personal information for commercial purposes in a manner contrary to the commitments made in this Privacy Policy. 

8. Can data be transferred internationally? 

In the event that IEEC transfers your personal data to a third country, i.e., a country outside the European Economic Area (the countries of the European Union plus Liechtenstein, Iceland, and Norway), the IEEC will comply with all applicable laws regarding this transfer. This includes ensuring that your personal data is kept secure and that adequate safeguards are in place. The IEEC will use standard data protection clauses adopted by the European Commission to ensure adequate protection. 

9. What rights does the user have regarding the data provided? 

The user may exercise the following rights before IEEC: 

  • Right to be informed: The user has the right to receive clear, transparent, and easily understandable information about how we use their information and their rights. This information is provided in this Privacy Policy. 
  • Right of access: The user has the right to obtain access to their information (if we are processing it), as well as other relevant information (similar to that provided in this privacy policy). This ensures that they are informed and can verify that we are using their information in accordance with data protection legislation. 
  • Right to rectification: The user has the right to have their information corrected if it is inaccurate or incomplete. 
  • Right to erasure: Also known as the ‘right to be forgotten,’ this right allows the user to request the deletion or suppression of their information when it is no longer necessary for the purposes for which it was collected. This is not a general right of erasure; there are exceptions. 
  • Right to restrict processing: The user has the right to ‘block’ or prevent further use of their information. When processing is restricted, we will only retain your information for the purpose of pursuing or defending claims. We also maintain lists of users who have requested to ‘block’ further use of their information to ensure that the restriction is respected in the future. 
  • Right to data portability: The user has the right to obtain and re-use their personal data for their own purposes across different services.  
  • Right to object: The user has the right to object to certain types of processing, including processing for direct marketing purposes, except for compelling legitimate reasons or the exercise or defence of possible claims. 

The exercise of the aforementioned rights is highly personal, so it will be necessary for the user to prove their identity. 

To exercise these rights as provided for in the legislation, the user may contact the Data Protection Delegate by sending an email to protecciodedades@ieec.cat, or by writing to the address given in section 1 of this Policy. The communication should include the following data and documents: 

  • Full name of the data subject, enclosing a photocopy of the DNI or other valid document that identifies them and, where appropriate, of the person representing them. However, the use of an electronic signature will exempt the data subject from submitting these documents. 
  • Indication of the data subject’s address and the petition in which the request is made (the right to be exercised). 

The user will also have the right to file a claim with the Catalan Data Protection Authority (https://apdcat.gencat.cat/ca/inici/index.html) when deemed convenient. 

10. How do we protect our users’ data? 

The IEEC informs users that it has adopted the necessary technical and organisational measures required by current Data Protection legislation to ensure the security of their data. These measures are in place to prevent alteration, loss, unauthorised access, or unauthorised processing of data. 

Some companies/entities subcontracted by the IEEC may have access to personal data and personal information, always under the exclusive control of IEEC, for the sole purpose of managing Phi-Lab NET Spain. 

11. Amendments 

The IEEC reserves the right to amend this Privacy Policy in accordance with applicable legislation at all times. Therefore, it is recommended that users regularly review this Privacy Policy to stay informed about the processing and protection of personal data, as well as their rights. 

12. Applicable law 

This Policy will be governed and interpreted in accordance with Spanish law, including the resolution of any disputes or disagreements related to this website. The use of the services of this website implies the express acceptance of Spanish jurisdiction. 

Last updated: November 2024