Service charters

Service charters are documents that contain all the information related to services directly addressed to citizens, with the aim of ensuring that they meet minimum quality standards and are accessible in an efficient manner. They make public the quality commitments that can be demanded, as well as the rights and obligations of the people using these services.


The service charter of the Catalan Data Protection Authority, approved by resolution of the APDCAT Director and published in DOGC number 9288 on 12 November 2024, covers the following services:

  • Public assistance.
  • Exercise of the rights of informational self-determination in data processing carried out by APDCAT.
  • Claim for the protection of rights.
  • Complaints for non-compliance with data protection regulations.

The official responsible for this service charter is the Director of APDCAT.

The Catalan Data Protection Authority (APDCAT) is an independent body that works to ensure the rights to personal data protection and access to related information, within the competences of the Government of Catalonia.

  • We defend citizens' rights: We handle complaints and claims submitted by individuals when entities and organisations fail to comply with the European Data Protection Regulation and related legislation.
  • We advise organisations: We provide information and resources to organisations and advise them on compliance with data protection laws. We promote technological innovation that respects the right to data protection and privacy.
  • We promote training and awareness: We organise courses, seminars, and workshops. We produce informative materials to raise awareness of the rights and obligations that protect citizens’ privacy and data protection rights.
  • We supervise the entities: We monitor compliance with data protection laws in the Catalan public sector. We also supervise private-sector organisations providing services (Art. 3 Law 32/2020), including IT, cloud computing, education, health, among others. We also advise them on how to introduce privacy from the start of each project.

The APDCAT directly manages the services covered by this charter. It has a team of expert professionals committed and specialised in safeguarding the rights and freedoms of individuals in the processing of personal data..

Our services for citizens

APDCAT provides a public assistance service that any individual can access to request information, submit a complaint, or seek advice on the application of personal data protection legislation.

Price: Free of charge.

Our quality commitments: These commitments are enforceable under the conditions detailed below, provided services can be delivered under normal circumstances, i.e., not disrupted by unforeseen events or force majeure.

Commitments:

  • Respond to information requests within a maximum of 7 working days.
  • Maintain an average telephone wait time of under 5 minutes.
  • Provide courteous and attentive service.

Service monitoring and evaluation:

  • Number of queries submitted annually.
  • Number of queries responded to within the deadline.

Individuals have the right to know if APDCAT processes their personal data. If so, they have the right to access it and obtain additional information; request correction of inaccurate or incomplete data; in certain cases, request deletion; object to processing in certain situations; or request limitation of processing as legally provided.

Price: Free of charge.

Our quality commitments: These commitments are enforceable under the conditions detailed below, provided services can be delivered under normal circumstances, i.e., not disrupted by unforeseen events or force majeure.

Commitment:

  • Resolve requests within one month. This period may extend up to three months, depending on the complexity and number of requests.

Service monitoring and evaluation:

  • Number of requests submitted annually.
  • Number of requests resolved within the timeframe.

Individuals may submit a claim to APDCAT if a public entity or entity providing public services in Catalonia partially or fully denies a request for access, rectification, erasure, restriction, portability, objection, or to not be subject to automated individual decisions, including profiling. Also, if no response is received within the legal timeframe.

If the entity is outside APDCAT’s competence, the claim is forwarded to the Spanish Data Protection Agency (AEPD) and the claimant is informed. For information on claims forwarded to the AEPD, individuals must contact the agency directly.

Price: Free of charge.

Our quality commitments: These commitments are enforceable under the conditions detailed below, provided services can be delivered under normal circumstances, i.e., not disrupted by unforeseen events or force majeure.

Commitments:

  • Resolve claims within six months. In the case of claims related to the processing of data for the prevention, investigation and prosecution of criminal offences and penalties, the time limit is three months.
  • If the entity falls outside the APDCAT's sphere of competence, the Authority transfers the claim to the Spanish Data Protection Agency (AEPD) within 30 working days.

Service monitoring and evaluation:

  • Number of claims submitted annually.
  • Number of claims resolved.

Anyone can report to the APDCAT (Catalan Data Protection Authority) any incident that may constitute a personal data protection infringement.

If the entity being reported falls outside the APDCAT's jurisdiction, the Authority will forward the complaint to the Spanish Data Protection Agency (AEPD) and inform the complainant. For information on the processing of complaints forwarded to the AEPD, the complainant should contact the agency directly.

Price: Free of charge.

Our quality commitments: These commitments are enforceable under the conditions detailed below, provided that services can be provided under normal circumstances; that is, that they are not disrupted by unforeseen events or force majeure affecting their provision.

Commitments:

  • When the reported incidents are attributed to a person or entity within the APDCAT's jurisdiction, the Inspection and Technical Area will initiate an investigation.
  • If the entity falls outside the jurisdiction of the Catalan Data Protection Authority (APDCAT), the Authority will forward the complaint to the Spanish Data Protection Agency (AEPD) within 30 business days.

Service monitoring and evaluation:

  • Number of complaints filed annually.
  • Number of sanctioning proceedings resolved annually.

This procedure allows individuals to exercise their right of access to the public information held by the Catalan Data Protection Authority (APDCAT). It can be exercised by both natural persons (from the age of 16) and legal entities.

It is important to note that, according to the first additional provision of Law 19/2014, of 29 December, on transparency, access to public information and good governance (LTC), the access of interested parties to documents forming part of ongoing administrative procedures is governed by the provisions of the legislation on legal regime and administrative procedure. In cases where a special access regime has been established, such access is regulated by the specific legislation and, subsidiarily, by the LTC.

Price: Free of charge.

However, the issuance of copies and the conversion to formats different from the original may be subject to a fee established by the corresponding fiscal ordinance, if applicable.

Our quality commitments: These commitments are enforceable under the conditions detailed below, provided services can be delivered under normal circumstances, i.e., not disrupted by unforeseen events or force majeure.

Commitment:

  • Process the request within one month.

Service monitoring and evaluation:

  • Number of requests submitted annually.
  • Number of requests resolved within the timeframe.

Complaints and suggestions

Complaints and suggestions should be addressed to the Catalan Data Protection Authority via this link.

Last update: 21.01.2026