Privacy and data protection

Privacy policy of the guifi.net Foundation

In accordance with Regulation (EU) 2016/679 and LO 3/2018 (LOPDGDD), we offer you the following information:


Data controller:PRIVATE FOUNDATION FOR THE OPEN, FREE, AND NEUTRAL NETWORK, GUIFI.NET

NIF: G64918212

Old Schools Building, C.D. 3210, Ctra. de Sant Bartomeu del Grau km 4, 08503 Gurb (BCN)

@: fundacio@guifi.net

Purpose of processing:To manage our project for the construction of a shared, open, free, and neutral telecommunications infrastructure.

Legitimacy: Consent obtained from the data subject.

Recipients:Your data will not be communicated to third parties, unless required by law or necessary to fulfill the purpose of the processing.

Rights of individuals:Data subjects have the right to exercise the rights of access, rectification, limitation of processing, deletion, portability, and opposition by sending their request to our address.

Retention period:As long as participation in the project is maintained and for the time necessary to fulfill legal obligations.

Complaint:Data subjects may contact the AEPD to file any complaint they deem appropriate.

Additional information: You can consult detailed information below in the "Privacy Questions".


Privacy Questions


In compliance with Regulation (EU) 2016/679 of the European Parliament and Council, of April 27, 2016, (GDPR), and Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights (LOPDGDD), we offer you the following information about the processing of your personal data:


Who is the data controller?

Identity: PRIVATE FOUNDATION FOR THE OPEN, FREE, AND NEUTRAL NETWORK, GUIFI.NET

NIF: G64918212

Address: Old Schools Building, C.D.3210, Ctra. de Sant Bartomeu km 408503Gurb

Phone: 621201884

Email: fundacio@guifi.net


For what purpose do we process your personal data?


We process the information provided to manage our project for the construction of a shared, open, free, and neutral telecommunications infrastructure.

If you contact us via the contact form on our website, we will process your data to manage your inquiry.

If you give us your consent, we may also process your data to send you information about our activities or services.

If you send us a curriculum, we will process the data for the purpose of managing the CV database for personnel selection.


For how long will we retain your data?

The personal data provided will be retained as long as you participate in the project or wish to receive information, and afterwards, for the periods established to fulfill our legal obligations.

In the case of curricula, the data will be retained for one year.


What is the legitimacy for processing your data?

The legitimacy for processing is found in the consent of the data subjects.

The fact of participating in the project implies that the participant gives us their unequivocal consent to process their data.

Regarding information submitted by minors under 16 years of age, it is essential that it is done with the consent of a parent, guardian, or legal representative of the minor for the personal data to be processed. If this is not the case, the legal representative of the minor must inform us as soon as they become aware of it.


To whom will your data be communicated?

The data will not be communicated to third parties unless required by law or necessary to fulfill the purpose of the processing.

What are your rights when you provide us with your data?

Any person has the right to obtain confirmation as to whether or not we are processing their personal data.

Data subjects have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, to request its deletion when, among other reasons, the data are no longer necessary for the purposes for which they were collected.

In certain circumstances, data subjects may request the limitation of the processing of their data, in which case we will only retain them for the exercise or defense of claims.

Also, in certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data. In this case, we will stop processing them, except for compelling legitimate grounds or for the exercise or defense of possible claims.

Data subjects also have the right to data portability.

Any data subject has the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning them or significantly affects them in a similar manner.

Finally, data subjects have the right to lodge a complaint with the competent Supervisory Authority.


How can you exercise your rights?

By sending us a written request attaching a copy of a document that identifies you, to our physical or electronic address.


How have we obtained your data?

The personal data we process comes from the data subject themselves, who guarantees that the personal data provided is accurate and is responsible for communicating any changes. Data marked with an asterisk will be mandatory to provide the requested service.


What data do we process?

The categories of data we may process are:


  • Identifying data

  • Postal or electronic addresses

  • In the case of curricula, also:

    • Personal characteristics

    • Academic and professional


The data are limited, as we only process the data necessary for providing our services and managing our activity.


Do we use cookies?

We use cookies during navigation on our website with the user's consent.

The user can configure their browser to alert them about the use of cookies and to prevent their use. Please visit our cookie policy.


What security measures do we apply?

We apply the security measures established in Article 32 of the GDPR, therefore we have adopted the necessary security measures to ensure an appropriate level of security relative to the risk of data processing we carry out, with mechanisms that allow us to guarantee the confidentiality, integrity, availability, and permanent resilience of the processing systems and services.


Some of these measures are:

  • Information on data processing policies to staff.

  • Regular backup copies.

  • Access control to the data.

  • Regular verification, evaluation, and assessment processes.