The protection of personal data and compliance with applicable regulations are priorities for ICTS SOCIB.
The Privacy and Personal Data Protection Policy established by ICTS SOCIB aims to specify the procedure for processing personal data provided by people who establish contact with ICTS SOCIB, as well as by Website users at www.socib.es, or newsletter subscribers, and others interested in the services offered.
- Legislative Framework
- Who is responsible for processing personal data?
- What is the purpose of processing personal data by ICTS SOCIB?
- What is the legitimacy of ICTS SOCIB to process personal data?
- What data is collected?
- How long does ICTS SOCIB keep personal data?
- To which recipients will personal data be communicated?
- Automated decisions, profiles, and applied logic
- Security measures
- User's responsibility
- What rights do users have?
- Newsletter subscription
Regulations and Exercise of Personal Data Protection Rights
Legislative Framework
The privacy and data protection management model of ICTS SOCIB is based on the following legal framework:
-
The guidelines of the Article 29 Working Party, created by Directive 95/46/EC which dealt with issues related to privacy and personal data protection until 25 May 2018.
-
The guidelines, opinions, binding decisions, and other documents of the European Data Protection Committee.
Who is responsible for processing personal data?
Your data is collected and will be processed by:
- Responsible: CONSORCIO PARA EL DISEÑO, CONSTRUCCIÓN, EQUIPAMIENTO Y EXPLOTACIÓN DEL SISTEMA DE OBSERVACIÓN Y PREDICCIÓN COSTERO DE LAS ILLES BALEARS (SOCIB)
- Tax ID: Q0700535H
- Registered Office: Isaac Newton St, Naorte Building, Block A, 2nd Floor, 3rd Door. Parc Bit 07121 Palma, Balearic Islands, Spain.
- Phone: +034 971 43 99 98.
- Fax: (+34) 948 42 56 16.
- Email for data protection communications: protecciondatos@socib.es
Data Protection Officer
ICTS SOCIB has appointed a Data Protection Officer (DPO). The DPO is an independent specialist who ensures compliance with current data protection regulations at ICTS SOCIB and respects the rights and freedoms of individuals in this area.
You can contact the Data Protection Officer to ask questions about data protection, exercise your rights, or convey your suggestions to ICTS SOCIB. For this, you can send an email to protecciondatos@socib.es or write by ordinary mail to the following postal address.
- AUDITORICER S.L.
- Registered Office: Vitoria St, No. 13, 2nd Left. 09004, Burgos +034 947 55 66 40
- Email: protecciondatos@socib.es
- Website: www.auditoriaycertificacion.com
What is the purpose of processing personal data by ICTS SOCIB?
SOCIB is a Unique Scientific and Technical Infrastructure (ICTS) that provides metocean data, access to facilities, services, and digital tools to advance the understanding of the ocean and transfer knowledge to society. It also organizes dissemination, training, and promotion activities. Based on the above, ICTS SOCIB will process personal data of third parties who access metocean data, services, and digital tools, and also participate in dissemination, training, and promotion activities.
-
Thus, when the processing consists of subscribing to the ICTS SOCIB newsletter, its purpose will be to manage such subscription, send communications, documents, invitations to events, or any other matter in which the interested person has expressed interest or that is related to the activities of ICTS SOCIB. Such communication will be made through email.
-
In the case of a general request for information, ICTS SOCIB collects your data to attend to it and provide the requested information.
-
On some occasions, ICTS SOCIB will organize educational or promotional activities, contests, or other events. In these cases, ICTS SOCIB will process your personal data through the website, to manage registration and participation in them.
-
In the case of Social Media, ICTS SOCIB will process your personal data for the management of these networks, interaction with network users, and the management and attention of communications through them.
-
In those cases where access to metocean data, document repositories, or digital applications and services is requested, ICTS SOCIB will process your data in order to manage and control access through the website to such data, as well as to carry out monitoring of the people and institutions using them, in addition to their impact and reach.
-
When you send your curriculum vitae through the website, ICTS SOCIB will process your data in order to carry out the corresponding selection processes, or, where appropriate, training practices.
-
When requesting information based on the Law of Transparency and Good Governance, ICTS SOCIB will process your data to register your request for information and process it.
-
The same purpose applies to the Whistleblower Channel. In this case, and provided that the complaint is not anonymous, ICTS SOCIB will process your personal data for the management and processing of your complaint.
-
The registration of logs is carried out with the purpose of monitoring applications, tracking, and error reports, and ensuring the security of the network or information.
What is the legitimacy of ICTS SOCIB for processing personal data?
In accordance with the regulation on the protection of personal data, ICTS SOCIB will process your data based on the following legal bases:
- Consent, in the following processes:
- Subscription to the newsletter or newsletter
- Promotional activities, dissemination, contests, competitions, educational and informative activities
- Image processing
- Social Media
- Speakers
- Students and teachers in training activities
- Execution of a contract:
- Management of speakers
- Human resources management
- Economic and budgetary management
- Management of curriculums vitae, job applications, and training
- Management of scientific projects and activities of scientific and technical consultancy
- Training actions
- Access to the scientific and technical facilities of the ICTS SOCIB, as well as equipment and systems
- Compliance with a legal obligation:
- Communication of activities of scientific and technical staff (Law/ 2011, of June 1, on Science, Technology, and Innovation)
- Management of access to the scientific and technical facilities of the ICTS SOCIB, as well as equipment and systems
- Transparency (Law 19/2013, of December 9, on Transparency, Access to Information, and Good Governance)
- Regulatory compliance and whistleblower protection (Law 2/2023, of February 20, regulating the protection of persons who report regulatory infractions and fight against corruption)
- Management of access to the Oceanographic Vessel B/O SOCIB
- Management of complaints and suggestions (Law 39/2015, on common administrative procedure and Law 40/2015, on the legal regime of the public sector)
- Legitimate interest:
- Agenda and institutional relations: legitimate interest (Art. 19 LOPDPyGDD)
- Image processing: legitimate interest in the promotion of activities of the ICTS SOCIB
- Management of users of metocean data and access to digital services: assessment of the impact of the Data Repository and traceability in its use
- Video surveillance: security of facilities, equipment, and people
- Access control: security of facilities and equipment
- Log registration: the legitimate interest is the security of computer networks and cybersecurity of the ICTS SOCIB
- Fulfillment of the mission of the ICTS SOCIB (as a public institution, the ICTS SOCIB's mission is to operate an observation and prediction system in the Western Mediterranean and provide data, facilities, services, and digital tools to advance the understanding of the ocean and transfer knowledge to society):
- Agenda and institutional relations
- Management of inquiries about general information of the ICTS SOCIB
- Promotion and dissemination activities
- Management of scientific projects and activities of scientific and technical consultancy
What data is collected?
Within the framework of the Website www.socib.es (hereinafter, "the Website"), ICTS SOCIB collects various types of data, either directly or through third parties. Among the categories of data collected are: 1) Identification data: email address and password; 2) Communication data during the service: tracker; 3) Usage data: name and surname; 4) Other types of data: device information, phone number, and physical address; 5) User subscription: IP address, page visits, device registration, operating system, browser information, clicks, interaction events, page scroll interaction, error data, etc.
Detailed information on each category of personal data collected can be consulted in the Inventory of Processing Activities on the Transparency Portal.
The use of cookies (or other tracking tools) by the Website, or by third-party service providers used, aims to provide the service requested by the user, in addition to any other purpose described in this document and in the Cookies Policy of ICTS SOCIB.
Data may be provided freely, with prior consent from the interested party, through the corresponding selection and mandatory acceptance of the Privacy Policy, when its legitimization is based on the provision of a service previously requested by the interested party or automatically, for example, based on a legitimate interest related to network and information security.
How long does ICTS SOCIB keep personal data?
ICTS SOCIB stores the personal data of users strictly necessary to fulfill the purpose for which they were collected, and according to the legal basis of its processing. Personal data is retained as long as there is a contractual and/or commercial relationship with the user until they exercise their right to deletion, cancellation, and/or limitation of the processing of their personal data. Once the contractual relationship has ended, personal data will be kept for the periods of legal prescription.
In the case of personal data provided by the interested party who submits their Curriculum Vitae, the maximum retention period will be one year.
In those cases where the legitimacy of data processing is based on the consent of the interested party, this may be withdrawn at any time.
On other occasions, the regulations on archiving and documentation will apply, in which case appropriate technical and organizational measures will be applied especially to comply with the data minimization principle, ensuring adequate security, including protection against unauthorized processing, loss, destruction, or accidental damage.
To which recipients will personal data be communicated?
-
For compliance with its legal obligations, your data may be communicated to competent Public Administrations in matters of taxation, labor, or Social Security, including, among others, the State Tax Administration Agency, the General Treasury of the Social Security, or public employment services.
-
Data related to participation in events may be transferred to third-party collaborators or sponsors.
-
In the case of the "Whistleblower Channel" your complaint (unless anonymous), the documents accompanying it, and the personal data contained within them, will be incorporated into an administrative file accessible to those responsible for processing, with the purpose of managing and processing it, as well as, where applicable, to the persons complained about and those who are legitimate interested parties, in accordance with Law 2/2023, of February 20, on the protection of persons who report regulatory infractions and fight against corruption.
-
If necessary, information will be communicated to the Public Prosecutor's Office in cases determined by law.
-
Data related to research projects or scientific and technical activities may be transferred to third parties for the effective execution of the project, as well as to public bodies due to legal obligations.
-
Publication of the academic and curricular content of teaching, technical, and research staff. Ninth additional provision of Law 17/2022, of September 5, amending Law 14/2011, of June 1, on Science, Technology, and Innovation.
-
Publication in own or shared open access repositories of the publications of the ICTS SOCIB staff.
Automated decisions, profiles, and applied logic
No automated decisions are made.
Security measures
ICTS SOCIB will process your data in an absolutely confidential manner and maintain the obligatory duty of secrecy regarding them, in accordance with the provisions of applicable regulations, adopting for this purpose the necessary technical and organizational measures that guarantee the security of your data and prevent their alteration, loss, treatment, or unauthorized access, taking into account the state of technology, the nature of the stored data, and the risks to which they are exposed.
User's responsibility
-
The user guarantees to be over 14 years old and that the data provided to ICTS SOCIB are true, accurate, complete, and up-to-date. For these purposes, the user is responsible for the veracity of all the data communicated and will keep the information provided suitably updated.
-
In the event of providing third-party data, the user guarantees to have previously informed and obtained their authorization to provide their data to ICTS SOCIB for the specific purposes of the processing for which they are provided.
-
The user will be responsible for the truthfulness of the information provided through the Website and for any direct or indirect damage caused to ICTS SOCIB or third parties due to false or inaccurate information.
-
Additional information on the rights that assist you.
What rights do users have?
-
Access: Obtain confirmation about the processing of your data by ICTS SOCIB, and know what data are being processed, for what purposes they are used, and where they were obtained.
-
Rectification: Request the correction of any data that are inaccurate or incomplete. Depending on the case, you may need to provide the necessary documentation to prove the requested change.
-
Cancellation/Deletion: Request the cancellation or deletion of your data when legally permitted, especially when the data are no longer necessary for the purposes for which they were collected.
-
Limitation: Request the limitation of the processing of your data under circumstances allowed by law, meaning to flag them in the computer systems to prevent their processing, either temporarily or permanently.
-
Opposition: Exercise your right to oppose the processing of your data in certain circumstances and for reasons related to your particular situation. ICTS SOCIB will stop processing them, except for compelling legitimate reasons, or the exercise or defense of possible claims.
-
Portability: Request the portability of your data where applicable.
-
Withdrawal of Consent: Withdraw your consent at any time you wish, without affecting the legality of the processing carried out prior to the withdrawal.
-
You can exercise your rights through the Data Protection Officer (DPO) by email or postal mail, at the addresses indicated in the corresponding section, specifying the situation in which your data is being processed, the right you wish to exercise, and any information or documentation you consider relevant. ICTS SOCIB invites you to submit a complaint to the DPO in case you consider that there has been incorrect processing of your personal data, which will be investigated confidentially.
- Furthermore, if you believe any of your rights have been violated, you may file a complaint with the Spanish Data Protection Agency (AEPD) at Jorge Juan St., 6, 28001-Madrid or through the AEPD's electronic headquarters: : https://sedeagpd.gob.es/sede-electronica-web/.
Newsletter subscription
Individuals who subscribe to any of the newsletters are informed that ICTS SOCIB has contracted the Mailchimp application for managing most of these mailings and electronic forms, a service provided by Intuit Inc., based in Mountain View, California. This means that the information supplied when filling out the forms may be processed and stored on servers of said company located in the United States. Intuit Inc. is subject to European personal data protection obligations through Standard Contractual Clauses approved by the European Commission.
In addition to the information provided by the user, information used by ICTS SOCIB to understand the performance of the mailing campaigns is stored, such as users who have opened the emails or clicked on the links. As with any other personal data, individuals can exercise their rights of access, rectification, deletion, etc., listed in the previous sections, by contacting the Data Protection Officer via email or postal mail at protecciondatos@socib.es
PFor more information, consult the Inventory of Processing Activities on the Transparency Portal.
Privacy Policy on Social Media
Overview
In accordance with the current regulations on Personal Data Protection (GDPR) and the Law 34/2002, of July 11, on Services of the Information Society and Electronic Commerce (LSSI-CE), ICTS SOCIB informs users that it has created profiles on Social Media such as Facebook, Twitter, Instagram, Flickr, YouTube, and LinkedIn, primarily for advertising its products and services.
If a user has a profile on the same Social Media and decides to join the page created by ICTS SOCIB, showing interest in the information advertised on the Network, they give their consent for the processing of those personal data published in their profile. Users can access the privacy policies of the Social Media at any time, as well as configure their profile to ensure their privacy.
ICTS SOCIB has access to and processes that public information of the user, especially their contact name. These data are only used within the Social Media itself and are not incorporated into any file.
In relation to the rights of access, rectification, limitation of processing, deletion, portability, and opposition to processing, which users can exercise in accordance with GDPR, the following nuances should be considered:
- Access Right: Users have the right to obtain information about their specific personal data being processed by ICTS SOCIB, as well as the available information on the origin of those data and the communications made or planned.
- Right to Rectification: Users have the right to have inaccurate or incomplete data modified. This can only be satisfied concerning information under the control of ICTS SOCIB, for example, deleting comments published on the page, images, or web content where personal data of the user appear.
- Right to Limitation of Processing: Users have the right to limit the purposes of processing originally intended by the responsible person.
- Right to Deletion: Users have the right to delete their personal data, except as provided by GDPR or other applicable regulations that determine the obligation to preserve them, in time and form.
- Right to Portability: Users have the right to receive their personal data they have provided, in a structured, commonly used, and machine-readable format, and to transmit them to another controller.
- Right to Opposition: Users have the right to prevent the processing of their personal data or to stop their processing by ICTS SOCIB.
ICTS SOCIB will carry out the following actions:
- Access public information from the profile.
- Publish on the user's profile any information already published on the ICTS SOCIB page.
- Send personal and individual messages through the Social Media channels.
- Update the status of the page that will be published on the user's profile.
- Users can always control their connections, delete content that no longer interests them, and restrict who they share their connections with. To do so, they should access their privacy settings.
Publicacions
- Once a user joins any of the Social Media of ICTS SOCIB, they can post comments, links, images or photographs, or any other type of multimedia content supported by the Social Media. In all cases, the user must be the holder of these, have the copyright and intellectual property rights, or have the consent of the affected third parties. Any publication on the page, whether texts, graphics, photographs, videos, etc., that may offend morals, ethics, good taste, or decorum, and/or infringe, violate, or break intellectual or industrial property rights, the right to the image or the law, is expressly prohibited. In these cases, ICTS SOCIB reserves the right to immediately remove the content, being able to request the permanent block of the user.
- ICTS SOCIB will not be responsible for the content freely published by a user.
- The user must be aware that their publications will be known by other users, so they are the main responsible for their privacy.
- Images that may be published on the page will not be stored in any file by ICTS SOCIB but will remain on the Social Media.