Personal data protection

Rights of data subjects

In accordance with Articles 15 to 21 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data (GDPR), ADIF has the duty to guarantee the rights of natural persons to access, rectify, erase, object to and restrict the processing of their data.


1.1. Procedure for exercising rights

These rights may only be exercised by the following:

  • Data subjects themselves, as an individual right, who shall in all cases provide proof of their identity.
  • Legal representatives acting on behalf of data subjects who are incapacitated or minors and therefore unable to exercise their rights themselves, in which case the legal representative shall provide proof of this condition. Personal data shall not be disclosed to third parties who do not provide documentary evidence of the data subject's incapacity or minority and of their own status as the data subject's legal representative.
  • Voluntary representatives, who shall provide clear proof of the identity of the person represented, by supplying a photocopy of their national identity document or equivalent document, and of the proxy conferred by said person.

1.2. Place for presentation of requests from data subjects

Data subjects may exercise their rights by submitting a request to the Data Controller. This request to exercise the rights of access, rectification, erasure, objection and restriction shall be addressed to the department or address indicated in the various legal notices or privacy and data protection policies which inform data subjects of the aspects covered in Art. 13 of the GDPR. These requests shall be managed centrally at the address indicated below. Likewise, data subjects who ask any ADIF members of staff about how to exercise their rights or raise the need to do so, shall be referred to the address indicated. Such requests shall be managed by:


  • Data Protection Officer: Postal address: Calle Sor Ángela de la Cruz, 3-7ª Planta, 28020 – Madrid
  • The request forms are available at this address and in section four below

1.3. Requirements for exercising the rights of access, rectification, erasure and objection

The request shall contain the following information and/or documents:

  • Data subject's full name.
  • Photocopy of their national identity document or alternative document that provides proof of their identity.
  • Photocopy of the national identity document of the person representing an incapacitated data subject, where proxy has been conferred, and of the document providing proof of said proxy.
  • Specific request or right exercised.
  • Address for correspondence.
  • Date and requester’s signature.
  • Documents supporting the request formulated, if applicable.
  • Intended method or system for accessing personal data.
  • Requests to access, rectify, erase or object to the processing of personal data referring to images of identified or identifiable natural persons shall contain a recent photograph of the data subject.
  • Requests to exercise the right of erasure shall specify whether it is question of erasing incorrect or inaccurate data or withdrawing consent previously given to collect and process the data.

1.4. Request to exercise rights

Data subjects shall submit their requests to exercise their rights to access, object to, rectify, erase and restrict processing of their personal data directly to the Data Controller on the relevant request forms.

These forms are available in all departments and at all addresses where these rights may be exercised, as well as at the following address: ADIF website, section "Our Commitments", sub-section "Transparency".