Privacy policy

Objective

In accordance with the EU Regulation 2016/679, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data (GDPR), this policy aims to provide you with the information provided for in articles 13 and 14 of this Regulation, as well as any other considered necessary on how we collect and how we use your personal data.

Who is the controller of the processing of your data?

The controller of the processing of your personal data is the Cartographic and Geological Institute of Catalonia (ICGC), a public law entity of the Government of Catalonia attached to the Department of Territory and Sustainability, with:

  • Tax identification code (CIF): Q-0801980-D
  • Electronic address: protecciodades@icgc.cat
  • Address: Parc de Montjuïc, 08038 Barcelona
  • Phone number: (+34) 93 567 15 00

The controller’s representative is Mrs. Miriam Moysset i Gil, director of the ICGC.

As a public law entity, the ICGC has appointed a Data Protection Officer (DPO). Their contact details are:

  • Electronic address: dpd@icgc.cat
  • Address: Parc de Montjuïc, 08038 Barcelona.

For what purposes and on what legal basis do we process your personal data?

  • For legitimate interests:
    • Respond to your enquiries, requests, suggestions, error notifications and complaints.
    • Process your job vacancy applications and CVs.
    • Guarantee your security when accessing our facilities.
    • Carry out satisfaction surveys and market research.
    • Improve the services we offer.
  • On the basis of your consent:
    • Provide you with personalised use of our web applications and services, provided you have registered for this purpose.
    • Promote and provide you with information about the activities we carry out, products and other aspects related to the services we offer, through emails, the web, social networks and other mechanisms.
  • For contractual relationship:
    • Manage the product orders you make through the e-shop or the User Support Centre.
    • Manage the administrative hiring procedures and fulfil the obligations arising from the contracts you have entered into with us.
  • For legal reasons:
    • Respond to your requests of public information.
    • Manage the administrative hiring procedures and fulfil the obligations arising from the contracts you have entered into with us.
    • Exercise the ICGC responsibilities according to current regulations (IDEC, RCC…).

What personal data do we collect and how is it collected?

Information you provide us through web forms

Some of the web forms through which we collect your personal data are:

  • Contact mailboxes.
  • Registration to events organized by the ICGC.
  • E-shop orders.
  • Request of public information (transparency).
  • User registration, to download information and / or to use certain services.

In these cases, at the time of collection basic information about data protection is specified, especially its purpose.

In general, the personal data you provide us through these forms are:

  • Email address.
  • First name and family name.
  • Postal address.
  • Username and password to access our web applications and services.
  • Company name.

Information you provide us through email, phone, social networks and other communication channels

In these cases, the information we collect is what you provide us proactively and voluntarily, and we use it only to manage your enquiries, requests, suggestions, complaints, etc. Some of these data may reside on third-party servers (Twitter, Facebook, etc.).

Information we collect from your visits to our websites

For the simple fact of browsing our webs, we collect limited information from users and anonymous global statistics.

We use this information to improve the access to the contents and services we offer, and to monitor its performance.

We obtain this information through the cookies that are stored in your browsers and the logs that are stored in our web servers.

For detailed information, check our cookies policy.

Information we collect when you authenticate

Some of our web services and applications allow a customized use. For this purpose, you need to identify yourself with a username and a password, which can be stored in a cookie format in your browser so that you can enjoy this customization and / or you do not have to authenticate each time you access.

For detailed information, check our cookies policy.

Location

If you are users of the CatNet service, we collect your approximate real-time location, only to be able to provide you with the corresponding differential corrections.

Data from minors

Although the contents of our websites and applications can be used by minors, we do not require their personal data in any case.

If you are a minor, please do not register as a user of our websites or applications. If we discover that we have obtained personal information from a minor, we will remove this information as soon as possible.

How long do we keep your data?

We store your personal information only to the extent that we need it, in order to be able to use it for the purposes we collected it for, and according to the legal base of its processing, in accordance with the applicable law.

We will retain your personal information for as long as you are registered as user of our services, while there is a contractual and / or a commercial relationship, or while you do not exercise your right to erasure and / or to restriction of processing of your data (for detailed information, please check the section about your rights). In these cases, we will keep the information duly blocked, without using it, for as long as it may be necessary for the exercise or defence of claims or to handle any kind of judicial, legal or contractual responsibilities that may arise from the processing of your data, and for which it may be necessary to recover it.

We may also retain your personal data for a reasonable period afterwards to allow us to respond to any enquiries, requests or complaints that you may address to us later.

To determine the periods of preservation of personal data, we take into account:

  • amount of data,
  • nature of the data,
  • sensitivity of the data,
  • potential risk of harm for unauthorised use or disclosure of your personal data,
  • purposes for which we process your data and whether we can achieve those purposes through other means, and
  • applicable legal requirements.

In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for statistical purposes. In these cases, we may store this information (anonymous) indefinitely, without further notice to you.

To whom can we disclose your data?

Most of the data we collect resides in our servers, but in some cases it is necessary to disclose the information that you have provided us to third parties, in order to provide the requested service; for example, the delivery of products that you purchase through the e-shop.

There are also companies that provide us with other kinds of services, for example, in the information technology environment. These third parties only have access to the personal information they need to carry out their services. They are required to maintain confidentiality regarding your data and cannot use them in any other way than the one we have requested.

In all cases, we assume responsibility for the personal information that you provide us and we request those companies with whom we share your data that apply the same degree of protection we apply.

Likewise, your personal information will be available to the public administrations, judges and courts, for the attention of the possible responsibilities arising from the processing.

The data will not be disclosed to other categories of recipients, except in the cases provided for by law or when you had previously consented it.

How do we protect your data?

Once it is within our control, we will do our utmost to ensure your personal data is processed in a way that ensures appropriate security from unauthorised or unlawful processing, accidental loss, destruction or damage.

For this purpose, we use appropriate technical and organizational measures, which are reviewed periodically. We protect your personal information by using a combination of physical, computer and logical security controls, including access controls that restrict and administer the way your personal data is processed and managed. We also make sure that our workers are properly trained to protect your personal information.

We have established procedures to manage any suspicious incident related to personal data that could happen, which would be notified to you, as well as any regulations applicable to the incidence that we are legally obliged to comply with.

What are your data protection rights and how can you exercise them?

  • Withdraw consent: Where we are using your personal information on the basis of your consent, you have the right to withdraw that consent at any time.
  • Right to be informed: You have the right to be told how your personal information will be used. This policy document, and shorter summary statements used on our communications and forms, is intended to be a clear and transparent description of how your data may be used.
  • Right of access: You can write to us asking what information we hold on you and/or to request a copy of that information
  • Right to erasure: From 25 May 2018, you can exercise your "right to be forgotten", that is, to have your personally identifiable data deleted. However, we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you. In some cases, we will suggest you unsubscribe from future communications, rather than data deletion.
  • Right to rectification: If your data is inaccurate in our databases, you have the right to ask for those records concerning you to be updated. 
  • Right to restriction of processing: In certain situations you have the right to ask for processing of your personal data to be restricted because there is some disagreement about its accuracy or legitimate usage. This entails the marking of the personal data conserved, in order to limit its future processing.
  • Right to data portability: Where we are processing your personal data under your consent, the law allows you to request data portability from us to another service provider. In this case, we will provide to you (or the third party you have chosen) your personal data in a structured, commonly used and machine-readable format, as long as it is technically feasible.
  • Right to object and automated individual decision-making: You can oppose the processing of your data, provided that none of the exceptions determined in the Regulations are met. This opposition may be presented at any time, and may be based on reasons related to your particular situation. In this case, we will stop processing your personal data.

Some of these rights may be exercised directly through the web forms enabled for this purpose and also through the corresponding link in the informational messages that we send to you (if applicable).

In addition, you can request the exercise of any of these rights by contacting us at protecciodades@icgc.cat.

Cookies

We use cookies to distinguish you from other users of our websites, to improve the information and services we provide you, and to make your access easier. These cookies cannot be used to identify you personally, as they are only associated with an anonymous user and their device.

You can set your browser to refuse all or some of cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of these websites may become inaccessible or not function properly.

For detailed information, check our cookies policy.

Changes to this policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you through email. If necessary, in order to continue your use of our services, you may be required to read and accept the new terms.

Contact

If you have any enquiry or comment, or if you wish to make a suggestion about how we use personal data, please send an email to protecciodades@icgc.cat.

Complaints

You have the right to file a complaint to the Data Protection Officer of the ICGC, at dpd@icgc.cat.

Following this, if you are still dissatisfied, you are able to contact the Catalan Data Protection Authority directly at its electronic headquarters.

Recommendations

  • Do not inform anyone about your username or your password.
  • Do not write your username or your password in easily accessible places, such as the computer or the agenda.
  • Always disconnect the browser session after accessing a security zone or after having entered your username or password into the system.

Date of update: November 2022