Privacy policy

Last updated: 16 June 2026

1. Data controller

The controller of the personal data processed through this website is the Universidade de Vigo (CIF Q8650002B), Edificio Exeria, As Lagoas, Marcosende s/n, 36310 Vigo, Spain. Phone: +34 986 813 600. Email: informacion@uvigo.gal.

This website is run by TIAS lab, a public-participation living lab of the Post-Growth Innovation Lab (Universidade de Vigo), Edificio Benito Corbal, Rúa Benito Corbal 45, 36001 Pontevedra. Contact: tiaslab@uvigo.gal.

2. Data Protection Officer

You can contact the University's Data Protection Officer (DPO) at dpd@uvigo.gal for any question about the processing of your personal data.

3. What data we process and why

• Contact form. When you write to us through the contact form we process the name, email address and message you provide, in order to answer your enquiry. Providing these data is necessary to reply to you.
• Anti-spam (hCaptcha). The contact form uses hCaptcha to tell humans from bots; this involves processing technical data by the provider (see the Cookies policy).
• Technical logs. The website is hosted on Universidade de Vigo servers. The University's IT service may keep standard server logs (such as IP address, date and time, and browser type) for the time needed to keep the service secure and running.

4. Legal basis

The legal basis depends on the processing: your consent (Art. 6.1.a GDPR) when you send the contact form; the performance of a task carried out in the public interest (Art. 6.1.e GDPR) entrusted to the University; compliance with legal obligations (Art. 6.1.c GDPR) where applicable; and the University's legitimate interest (Art. 6.1.f GDPR) in keeping the website secure. You may withdraw your consent at any time.

5. Who has access to your data

Your data are handled by authorised staff of TIAS lab / Universidade de Vigo. We also use the following service providers (data processors / third parties):

• Web3Forms: delivers contact-form submissions to our inbox.
• hCaptcha (Intuition Machines, Inc.): anti-spam protection on the form.

Some of these providers may process data outside the European Economic Area. Where that happens, the transfer relies on a European Commission adequacy decision or on appropriate safeguards such as the standard contractual clauses approved by the European Commission.

6. Retention

We keep contact-form messages only for as long as needed to deal with your enquiry and any follow-up (as a rule, no longer than 12 months after our last contact with you), except where they must be kept longer to determine possible responsibilities or under the University's archive and records-management rules. Server logs are kept only for the limited period needed for security.

7. Your rights

You may exercise your rights of access, rectification, erasure, restriction, portability and objection, as well as withdraw any consent at any time. You can do so by writing to dpd@uvigo.gal, through the University's electronic headquarters (sede.uvigo.gal, "SXER" procedure), or at the University's registry offices.

If you believe your rights have not been respected, you may lodge a complaint with the Spanish Data Protection Agency (AEPD), www.aepd.es.

8. Changes

We may update this policy to reflect changes in the website or in the law. The "last updated" date above shows the current version.