Skip to main content

Privacy Policy

Last updated: February 2026

In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Spanish Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the guarantee of digital rights (LOPDGDD), this policy details how REMOA Labs collects, uses and protects your personal data.

1. Data Controller

Red Española de Microscopía Óptica Avanzada (REMOA)
Association registered in the Registro Nacional de Asociaciones (National Register of Associations), Ministerio del Interior (Ministry of the Interior), September 2017.
Tax ID (CIF): G67434159
Registered address: c/ Casanova, 143 — 08036 Barcelona, Spain
Contact email: info@remoa.net
Website: https://remoa.net
Data Protection Officer (DPO): dpo@labs.remoa.net

You may contact the DPO at the address indicated for any matter relating to the processing of your personal data.

2. Data We Collect

We collect the following categories of personal data, strictly limited to what is necessary for the provision of the service (data minimisation principle, Art. 5.1.c GDPR):

  • Identity data: first name, last name, email address.
  • Professional data: associated laboratory, role in the network, research centre, institution.
  • Technical data: IP address, browser type, session data, system activity logs.
  • Consent data: policy acceptance, date and version of consent given.

3. Purpose and Legal Basis for Processing

Your data is processed for the following purposes, each with its corresponding legal basis under Art. 6.1 GDPR:

  • Account management and authentication: Performance of a contract (Art. 6.1.b GDPR).
  • Laboratory network management: Performance of a contract (Art. 6.1.b) and legitimate interest (Art. 6.1.f GDPR).
  • Training coordination: Performance of a contract (Art. 6.1.b GDPR).
  • Security, audit and fraud prevention: Legitimate interest (Art. 6.1.f) and legal obligation (Art. 6.1.c GDPR).
  • Service-related communications: Performance of a contract (Art. 6.1.b GDPR).

4. Data Recipients

Your personal data may be disclosed to the following recipients:

  • Authorised REMOA personnel: System administrators and network coordinators, with access limited to their duties.
  • Third parties: Data is not shared with external companies, commercial third parties or organisations outside the REMOA network.

Should any unforeseen data disclosure become necessary, you will be informed in advance and your consent will be requested where legally required.

5. International Transfers

Currently, no personal data is transferred outside the European Economic Area (EEA). Should this become necessary in the future, appropriate safeguards under Articles 46 and 47 of the GDPR will be adopted and you will be duly informed.

6. Data Retention Period

We retain your data for the following periods, in accordance with the storage limitation principle (Art. 5.1.e GDPR):

  • Active accounts: For as long as your account remains active in the system.
  • Deleted accounts: 90 days after deletion (grace period for recovery).
  • Inactive accounts: Warning after 2 years of inactivity; automatic deletion after 3 years.
  • Activity logs: 365 days (1 year).
  • Sessions: 120 minutes of activity; expired sessions purged after 1 day.

After these periods, data will be deleted or irreversibly anonymised, unless retention is required by law.

7. Your Rights

In accordance with the GDPR and the LOPDGDD, you have the following rights:

  • Access (Art. 15 GDPR): Obtain confirmation of whether your data is being processed and access a copy thereof.
  • Rectification (Art. 16 GDPR): Request the correction of inaccurate or incomplete personal data.
  • Erasure (Art. 17 GDPR): Request the deletion of your data ("right to be forgotten").
  • Restriction of processing (Art. 18 GDPR): Request the restriction of processing in certain circumstances.
  • Portability (Art. 20 GDPR): Receive your data in a structured, commonly used and machine-readable format, and transmit it to another controller.
  • Objection (Art. 21 GDPR): Object to the processing of your data in certain circumstances.
  • Withdrawal of consent: You may withdraw your consent at any time, without affecting the lawfulness of processing based on consent given prior to its withdrawal.

To exercise these rights, contact our DPO at the address indicated in section 1, enclosing a copy of your identity document with your request.

8. Right to Lodge a Complaint with a Supervisory Authority

If you consider that the processing of your personal data does not comply with the applicable regulations, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD).

https://www.aepd.es
C/ Jorge Juan, 6 — 28001 Madrid, Spain

9. Automated Decision-Making

No decisions are made based solely on automated processing of data, including profiling, that produce legal effects concerning you or similarly significantly affect you (Art. 22 GDPR).

10. Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk (Art. 32 GDPR), including encryption of data in transit and at rest, role-based access control, action auditing, mandatory multi-factor authentication (MFA) for administration accounts and regular backups.

11. Applicable Legislation

This policy is governed by the following regulations:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016 (GDPR).
  • Spanish Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the guarantee of digital rights (LOPDGDD).

12. Contact

For any queries regarding this policy or the processing of your personal data, contact our Data Protection Officer at: dpo@labs.remoa.net

Back