Data protection notice

Notice from the Catalan Data Protection Authority (APDCAT) regarding protection of personal data

The APDCAT is issuing this data protection notice to help users gain quick, easy access to the most important information relating to the data processing it carries out and to the rights of data subjects, so that they can effectively take control over their personal data.

Data controller

The data controller is the Direcció de l’Autoritat Catalana de Protecció de Dades, with headquarters at C/ Gran Via de les Corts Catalanes, 635, 1a planta, 08010 Barcelona.

Tel. 93 552 78 00. Fax 93 552 78 30 apdcat@gencat.cat www.apdcat.cat

Data protection officer

The data protection officer (DPO) is the person responsible for ensuring that the APDCAT fully complies with data protection legislation. The DPO can be contacted by different ways:

Name and surname: Joana Marí Cardona

Email address: dpd.apdcat@gencat.cat

Postal address: C/ Gran Via de les Corts Catalanes, 635, 1a planta, 08010 Barcelona

Telephone: 93 552 78 00 (from Monday to Friday, from 10 am to 2 pm)

List of processing activities carried out by the APDCAT

The Authority carried out the following processing activities. You can find a full description of each one in the Catalan Data Protection Authority record of processing activities:

1. Communications and institutional relations
2. Training activities
3. Human resources management
4. Financial and economic management
5. Protection of rights, inspection, and penalty files
6. Management of enquiries about data protection
7. Requests to exercise the right of access to public information
8. Requests to exercise the informational self-determination rights
9. Public sector consultancy
10. Catalan Data Protection Register
11. Audits
12. Register of entry and exit of documents
13. Register of data protection officers
14. International transfer authorisations
15. Codes of conduct
16. IDT communication based on compelling legitimate interests
17. Prior consultation
18. Opinions
19. Binding Corporate Rules
20. Awards
21. Notification of personal data breaches
22. Minors, Internet and Technologies Project
23. Selection and provision of jobs
24. Sending APDCAT press releases and calls
25. Video surveillance
26. Internal alert channel
27. Learning community "DPD en xarxa"
28. Acces control to the headquarters
     

How you can exercise your rights before the APDCAT?

You can access your data, request its rectification or deletion, object to the treatment and request its limitation, by sending your request to the address of the APDCAT (C/ Gran Via de les Corts Catalanes, 635, 1a planta, 08010 Barcelona), or through its electronic headquarters. Specifically, you can do it by following the link. You can know more about your rights by following this link.

This request must be resolved and notified within one month of receipt, even if your personal data is not processed, a period that can be extended by two more months (therefore, up to a maximum of three months), if necessary, taking into account the complexity and number of requests. In the latter case, the APDCAT must inform of the extension of the deadline within the first month.

If you consider that we have not given an adequate response to your request, you can file a claim with this Authority or take legal action.

How you can exercise your rights against other entities?

You can exercise your rights of access, rectification, opposition, deletion, portability and limitation of treatment, as well as you can not be the subject of individual decisions based solely on the automated processing of your data, by sending your request directly to the person in charge of the treatment, which is the natural or legal person, public authority, service or any other body that, alone or together with others, determines the purposes and means of the treatment.

If what you want is to submit a claim because the person in charge of the treatment, which belongs to the scope of action of the APDCAT, has refused, in part or in full, your request or your request has not been answered within the period established by the regulations, you can do it before the APDCAT.

In the event that the data controller does not belong to the scope of action of the APDCAT, the claim must be submitted to the Spanish Data Protection Agency (AEPD).