DisGeNET - Privacy Policy

Introduction

Universitat Pompeu Fabra (the “University”, or “we/us”), is committed to protecting the privacy of all users (“You/r”) of our website and services. This Privacy Policy explains our practices regarding the use of personal data collected and processed through our website, contacts with third parties and the provision of services.

1. DATA CONTROLLER AND DATA PROTECTION OFFICER

The entity responsible for Your personal data is Universitat Pompeu Fabra, Pl. de la Merce, 12. 08002 Barcelona. Tel. (+34) 935 422 000. You can contact the Universitat Pompeu Fabra’s DPO at the following address: Pl. de la Mercè, 12 08002 – Barcelona. You can also contact by phone (93 542 200 00) or e-mail (dpd@upf.edu).

2. PERSONAL INFORMATION WE COLLECT ABOUT YOU AND HOW WE USE IT Data collected and its purposes

We collect and process the following data:

Prohibited data. It is forbidden to submit to us any data that contain data of special categories indicated in article 9 on the General Data Protection Regulation 679/2016 (“GDPR”).

3. LEGAL BASIS

The legal basis that allow us collecting and processing Your personal data are the ones set out below:

4. DATA DISCLOSURE

We process Your personal data with strict confidentiality in accordance with applicable law. Unless otherwise stated, Your personal data will not be provided to third parties. We do not sell or assign to third parties lists with personal data, nor of any other type.

Nonetheless, we may disclose Your data as follows:

INTERNATIONAL TRANSFER

The University is based in Spain. We use technology services from third parties who can process Your data in the course of providing us with their services. These entities may be in jurisdictions that generally do not provide adequate guarantees in relation to the processing of personal data. \ However, we have entered into contracts with those entities that do include the safeguards required by applicable privacy laws, including the so called “standard model clauses”. For more information, contact us at dpd@upf.edu.

5. DATA RETENTION

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of Your personal data, the purposes for which we process Your data personal and if we can achieve those purposes through other means and the applicable legal requirements.

After that period, the data will be retained (in a blocked and secure manner) for the required period of legal and administrative liability and to comply with legal obligations and other purposes set out above, which may be up to 10 years according to current applicable law.

We may also retain anonymized data after the period mentioned above, for statistic purposes.

6. SECURITY MEASURES

We implement security measures and personal data protection schemes as required by the applicable data protection law to maintain the confidentiality and integrity of Your data and protection against unauthorized access, modification or destruction.

7. YOUR RIGTHS

You have the following rights under the data protection laws, in relation to Your personal data: the right to request access to Your personal data (commonly known as a “data subject access request”); request the correction of the personal data we have about You; request the erasure of Your personal data; objecting to the processing of Your personal data when we are relying on a legitimate interest (or those of a third party); request the restriction of processing Your personal data; request the transfer of Your personal data to You or to a third party (right to data portability); withdraw Your consent at any time where we are relying on consent to process Your personal data.

You can make the aforementioned rights effective by contacting us at gerencia@upf.edu

You also have the right to file a complaint with the competent authority, in this case, the Catalan Data Protection Authority (www.apdcat.cat).

8. GENERAL

We reserve the right to modify the terms of this Privacy Policy and will notify You by clear notice of these changes by email, on our website, and in this Privacy Policy. If You continue to use our website and services after such update, You will be deemed to accept the new terms. If You do not accept the update, let us know and we will cancel Your account and will delete Your personal data (except when it is necessary to keep them for legal purposes) and You will not be able to continue using our services.

Unless a specific local regulation sets forth to the contrary, the Privacy Policy is governed by the laws of Spain.

11/05/2021