Privacy Policy Personal Data Protection

By reading this Privacy Policy, the User is informed of how the Fundación Donostia International Physics Center (hereinafter DIPC), processes and protects any personal data supplied through the website, or through any other form or channel provided for this purpose by DIPC.

Updated on September 27th, 2023

Data controller

Name: Fundación Donostia International Physics Center (hereinafter, DIPC).
Tax no.: G-20662292
Postal address: Paseo Manuel de Lardizábal 4, 20018 Donostia/San Sebastián.
Telephone: 943 01 82 29

Source and category of the data

The personal data we process come straight from you.

In the event that the personal data supplied belong to a third party, you guarantee that you have informed the said Third Party about this Privacy Policy and gained their authorisation to supply their data to DIPC for the purposes specified in this section.

You are further informed of the possible processing of your social network data through the corporate profiles DIPC makes available on each social network where it is present, all on the terms and conditions laid down in each social network.

The categories of data processed are the following:

  • Identifying and contractual data (e.g. first name, surname(s), ID no., postal and email address, telephone number, etc.).
  • Identifying codes or passwords.
  • Financial details (in the case of employees and suppliers).
  • Internet browsing details (e.g. IP address, visits to websites, connections to wifi networks, etc.).
  • Personal details, qualifications, experience, etc. (in the case of job applications/offers and/or DIPC selection processes in which you are taking part on a voluntary basis).

Data with special protection are not processed.


Each of the processing activities performed by the DIPC using your personal data has its own purposes. These purposes are outlined below for the different activities in which the DIPC engages:

  • Managing the employment relationship with employees.
  • Managing commercial relations with suppliers.
  • Managing activities (visits, congresses, publications, seminars, courses, etc.). Announcing future activities in the science education programme we run aimed at the public.
  • Managing relations with candidates for a job in the company. Assessing your suitability for a position, as well as notifying you of job opportunities.
  • Dealing with people asking for the services of the calculation centre.
  • Security of people and property.

Furthermore, the DIPC uses its own and third-party cookies on its website for the purpose of improving its functioning and viewing, and for compiling statistics. You can accept, reject or configure the use of cookies and obtain further information through the following link to the Cookie Policy.


Depending on the purpose in each case, legitimate grounds for processing of personal data by the DIPC may be any of the following:

  • Consent given by the User. This consent may be withdrawn at any time, though such withdrawal will not affect the licitness of previous processing.
  • The existence of a contractual relationship in cases where processing is necessary to fulfil the said contractual relationship or to take any precontractual measures requested by the User.
  • Compliance with a legal obligation.


Terms or criteria for keeping the data:

The personal data supplied will be kept for the period necessary to achieve the purposes described in this policy, while you do not withdraw your consent to processing or request their deletion, plus the time necessary to fulfil the legal obligations incumbent on the DIPC.

In the case of personal details contained in CVs, they will be kept for a period of two years following reception.


During the period in which your data are processed, the DIPC will not transfer them to anybody else, except by legal obligation, notwithstanding the contents of the following paragraph. In this respect, your explicit consent will be requested before transferring your data to any other organisation.

Your personal data may be accessed by companies providing us with any kind of consulting, IT maintenance, marketing, training or auditing services, as data processors. These organisations, located in the European Union (EU) or the United States (USA), only have access to the personal information necessary to provide the said services, and are required through a contract known as a "data access agreement" to maintain confidentiality, not to use the information for any other purposes and to take measures to ensure its integrity and availability.

Service providers located in the United States are subject to the "EU-US Data Privacy Framework" and agreement between the European Union and the United States covering the transfer of data between these two regions.


You can exercise your rights to access, rectification, cancellation and objection (ARCO) of your personal data through the email address or by post to the address Paseo Manuel de Lardizábal 4, 20018 Donostia-San Sebastián, on the terms stipulated in the Spanish data protection act.

You are also entitled to the right to be forgotten, to portability of your data and to limitation of processing.

You are further informed that you are entitled to lodge a complaint with the Spanish Data Protection Agency if you consider that there has been a breach of data protection legislation with regard to the processing of your personal data.

Security measures

The DIPC will treat your data in the strictest confidence at all times, upholding the obligatory duty of secrecy regarding them, in accordance with the stipulations of applicable data protection regulations, to this end adopting the necessary technical and organisational measures to ensure the security of the personal data and prevent their alteration, loss or unauthorised processing or access, in view of the state of technology, the nature of the data stored and the risks to which they are exposed.