Privacy Policy


Confidentiality and security are key values of CRAG and, consequently, we assume the commitment to guarantee the privacy of the personal data of our users at all times and not to collect unnecessary information.
Below, we provide you with all the necessary information about our Privacy Policy in relation to the personal data we collect, explaining:

  • Who is responsible for the processing of your data.
  • For what purposes do we request the data we request.
  • What is the legitimacy for its treatment?
  • For how long we keep them.
  • To which recipients communicate their data.
  • What are their rights.


Social Reason: Centre for Research in Agricultural Genomics (CRAG)
NIF: Q0801214H
Address: Centre for Research in Agricultural Genomics, CRAG Calle de la Vall Moronta, CRAG Building 08193 Cerdanyola del Vallès (Barcelona)


The personal data processed are those of:

  • People who have provided us with their data by sending email to the contact addresses published on the website to make questions or obtain information about our services and activities.
  • People who send their applications to personnel selection processes and job bank.


At CRAG we process personal data to respond to requests for information or respond to your requests.
These personal data will be processed for the legitimate purposes indicated below.

Responding to requests for information or contact: 

At CRAG we will use the contact information provided to respond to your requests and questions directed to the contact email addresses that have been published.

Legal basis:

  • Legitimate interest of CRAG for this data processing considering the reasonable expectations of the stakeholder to receive a response to their requests.

Data treated:

  • Data of identification: First name and surname(s)
  • Data of contact: Email address and optional contact phone number


Sending of candidates to open selection processes and job bank:

The personal data of the people who want to apply for the selection processes opened by the CRAG will be treated in order to validate the candidatures in the positions to which they apply, or are registered in the job bank to opt for future vacancies.

Legal basis:

  • Legitimate interest of the CRAG to manage candidates for open selection processes and considering the reasonable expectations of those interested in participating in these processes.
  • Treatment necessary for the execution of a contract in which the interested party is a party or for the application at the request of this of pre-contractual measures.
  • Consent expressed by the stakeholder when providing their data through the specific form for this purpose.

Data treated:

  • The place you apply for
  • Identification data: Name and Surname (s)
  • Contact data: Email address and contact telephone number
  • Education: Level of studies and languages
  • The employment situation: Current status and category
  • Curriculum and presentation letter
  • Other: Country and place of residence


Analytics of visits to the website:

CRAG uses various techniques to collect information that can be used to obtain analytical data of visits and navigation through the pages of our websites.
These analytics are based on the use of external services that have their own privacy policy: 

by Google Analytics ( 

It is important to note that, as indicated by their privacy policies, these companies can cross the browsing data with their internal records in order to use them for the personalization of ads, even if you do not have a registered account for their services.

Legal basis:

  • Legitimate interest of CRAG to obtain analytical information about the use of the website by visitors.

Treated data:

  • Online identifiers, including identification cookies
  • Identifiers of clients
  • Information contained in the HTTP headers of requests sent over the Internet such as the type of device, operating system and browser from which the pages are visited.
  • Information provided by the browser such as preferred language, time zone and others.
  • Navigation data on the website: pages visited

More information at:

In addition to the above, the CRAG may carry out other processing of personal data. In this case the interested party will receive the necessary information in relation to these treatments and the CRAG will request their consent if necessary.


In general, the data will be kept for as long as necessary to comply with the purpose for which they were collected and to determine the possible responsibilities that may arise from that purpose and the processing of the data.
Among others, it implies that the CRAG will keep the personal data of the stakeholder for the duration of the relationship with us and, where appropriate, for the period that is necessary for the formulation, exercise or defense of potential claims, or to comply with the legal obligations determined by the applicable legislation.
In the case of the data of the candidates who send us their applications to selection processes or register in the job bank, their data will be kept if their elimination is not requested.
Once the aforementioned period has ended, the CRAG undertakes to cease the processing of all personal data, destroy, block or anonymize them as far as possible for the purpose for which they are kept.


As a rule, personal data will not be transferred to third parties, unless it is necessary to respond to the request, we are bound by law or the interested party has given us his or her consent.

We might also communicate data to companies that provide us with services related to the ordinary and administrative activity of the company acting as processors, national or international, within the framework of the provision of services such as, among others, service providers of email, hosting web services, server hosting, management application services in SaaS mode, file archiving in the cloud and others.

The provision of these services may involve the processing of personal data by companies located in countries outside the European Economic Area (international data transfers). However, it will only be carried out with countries that offer an adequate level of protection or that have made available to us Standard Contractual Clauses (SCC) in accordance with the decision of the European Commission for data transfers from controllers in the EU to processors established outside the EU.

For entities in the US, we ensure that they are covered by the EU-US Data Privacy framework. Commission Decision (EU) 2016/679 of 10 July 2023, you can consult the companies covered in the following link:

The following are the service providers linked to the CRAG website:

Google Inc

Provider of the web usage analytics service.



At any time, the stakeholder may exercise their rights of access, rectification, deletion and portability of the personal data processed by the CRAG as well as those of opposition and limitation of its treatment.
These rights may be exercised free of charge by the stakeholder, and where appropriate by the person representing them, by written and signed request, accompanied by a copy of their ID or equivalent document proving their identity, addressed to our Data Protection Officer (DPO) who is available:

  • by email:
  • By postmail: Av. Cerdanyola 98, esc B, 4art pis, oficina 18 – Edifici Collserola 08173 Sant Cugat del Vallès (Spain)

In the case of representation, it must be tested by written document and attaching a copy of the DNI or equivalent document that proves its representation.
In addition to the above rights, the stakeholder will have the right to withdraw the consent granted at any time by means of the procedure described above, without this withdrawal of consent affecting the legality of the treatment prior to its withdrawal. The CRAG may continue to process the personal data of the stakeholder to the extent that the applicable law allows it or any other legitimization that justifies it persists.
The CRAG reminds the stakeholder that he has the right to file a claim with the relevant supervisory authority (Spanish Agency for Data Protection).


It is important that in order that we can keep your personal data updated, you inform us whenever there has been any modification in them. Otherwise, we do not respond to the veracity of the same and the implications that may have in its treatment.



The CRAG declares that it has applied the appropriate technical and organizational measures in order to guarantee and be able to demonstrate that the treatment is in accordance with current legislation and that the protection of the rights of the stakeholder is guaranteed. 
To do this, it has implemented a Management System for the Protection of Personal Data in order to determine and apply the technical and organizational means at its disposal to avoid the loss, misuse, alteration, unauthorized access and theft of the data provided by users, without prejudice to inform that the security measures on the Internet are not impregnable.
Likewise, the CRAG has launched internal controls to verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the safety of the treatment.


This website, like most websites on the Internet, uses cookies to improve the user experience. In our Cookies Policy you will find information about what cookies are, what type of cookies this portal uses, how you can disable cookies in your browser and how to specifically disable the installation of third-party cookies.
Please read our Cookies Policy carefully before continuing to browse our website.


The CRAG may modify its Privacy Policy in accordance with the applicable legislation at any time. In any case, any modification of the Privacy Policy will be duly notified so that you are informed of the changes made in the processing of your personal data and, in case the applicable regulations so require, the interested party can confirm their consent.