Industrial Security Digital Platform
Purpose
Management of perimeter security and control of access and/or presence in the facilities, generating alerts and enabling the acquisition of statistics at the facilities of;
• Head office: C/ Velázquez, 132, 28006 Madrid
• Cartagena shipyard: Ctra. Algameca, s/n, 30205 Cartagena (Murcia)
• Ferrol shipyard: C/Taxonera, s/n 15403, Ferrol (A Coruña)
• Fene shipyard: Avda. Pías-Cruceiro s/n 15550 Fene (A Coruña)
Cadiz Bay shipyard C/ Carretera Industrial, s/n 11007 (Cádiz)
• Puerto Real shipyard: Polígono Río San Pedro, s/n 11519, Puerto Real (Cádiz)
• San Fernando shipyard: Ctra. de la Carraca s/n 11100 San Fernando (Cádiz)
• Head office: C/ Velázquez, 132, 28006 Madrid
• Cartagena shipyard: Ctra. Algameca, s/n, 30205 Cartagena (Murcia)
• Ferrol shipyard: C/Taxonera, s/n 15403, Ferrol (A Coruña)
• Fene shipyard: Avda. Pías-Cruceiro s/n 15550 Fene (A Coruña)
Cadiz Bay shipyard C/ Carretera Industrial, s/n 11007 (Cádiz)
• Puerto Real shipyard: Polígono Río San Pedro, s/n 11519, Puerto Real (Cádiz)
• San Fernando shipyard: Ctra. de la Carraca s/n 11100 San Fernando (Cádiz)
Entity in charge
Base de licitud
The legal bases for the processing are:
GDPR: 6(1)(e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Spanish Organic Law 3/2018, of 5 December, on Personal Data Protection and Guarantee of Digital Rights.
- Spanish Law 9/2014, of 31 July, on the industrial security of establishments, facilities and products.
Article 6(1)(c) GDPR: processing is necessary for compliance with a legal obligation to which the controller is subject:
Law 5/2014 of 4 July, on Private Security.
Law 8/2011, of 28 April, establishing measures to protect critical infrastructures.
Royal Decree 3/2010, in accordance with Law 40/2015
Royal Decree Law 12/2018, of 7 September, on the security of networks and information systems.
GDPR Article 6(1)(f): the processing is necessary to satisfy legitimate interests pursued by the data controller and Royal Decree 43/2021.
GDPR: 6(1)(e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Spanish Organic Law 3/2018, of 5 December, on Personal Data Protection and Guarantee of Digital Rights.
- Spanish Law 9/2014, of 31 July, on the industrial security of establishments, facilities and products.
Article 6(1)(c) GDPR: processing is necessary for compliance with a legal obligation to which the controller is subject:
Law 5/2014 of 4 July, on Private Security.
Law 8/2011, of 28 April, establishing measures to protect critical infrastructures.
Royal Decree 3/2010, in accordance with Law 40/2015
Royal Decree Law 12/2018, of 7 September, on the security of networks and information systems.
GDPR Article 6(1)(f): the processing is necessary to satisfy legitimate interests pursued by the data controller and Royal Decree 43/2021.
terms for data retention
Data will be stored for the time necessary to meet the established purpose, and specifically, the images captured by video surveillance will be one month from their recording, except when they must be stored to prove the commission of acts that infringe the integrity of people, goods or facilities.
The provisions of the file and documentation regulations applicable to Navantia will apply.
The provisions of the file and documentation regulations applicable to Navantia will apply.
Affected groups
Employees and people from third companies/auxiliary industry, suppliers staff, visitors, PASSENGERS and other people related to projects developed by Navantia in each of the facilities
Data type - Infringement
Data not processed.
Data types - Special categories
Data not processed.
Data type - Identification data
Photo
(*) Foreigner identification number, passport number or residence card number
Name and surnames.
System ID
Address, telephone.
If applicable, details of the representation the person holds.
(*) Foreigner identification number, passport number or residence card number
Name and surnames.
System ID
Address, telephone.
If applicable, details of the representation the person holds.
Data type - Other
Academic and professional details; employment details;
Position and presence (subcontractor staff and employees)
Time of stay and route (passenger trips)
Position and presence (subcontractor staff and employees)
Time of stay and route (passenger trips)
Security measures
The security measures applied correspond to those in Schedule II (Security Measures) of Royal Decree 3/2010, of 8 January, regulating the National Security Scheme for Electronic Administration, and described in the documents forming part of Navantia's data protection and information security policy.
Security measures corresponding to Schedule A of UNE-EN/IEC 27001 - Information Security Management Systems.
Security measures corresponding to Schedule A of UNE-EN/IEC 27001 - Information Security Management Systems.
Security measure
In addition, security measures are adopted on paper documentation based on the risks to which they are exposed to ensure the confidentiality of the data processed.
Communication
- State security forces.
- Control authorities
- Courts of Justice.
- Bodies with competence (Consulates and the Ministry of Foreign Affairs)
Communication
- State security forces.
- Control authorities
- Courts of Justice.
- Bodies with competence (Consulates and the Ministry of Foreign Affairs)
Communication
- State security forces.
- Control authorities
- Courts of Justice.
- Bodies with competence (Consulates and the Ministry of Foreign Affairs)They are not envisaged.
- Control authorities
- Courts of Justice.
- Bodies with competence (Consulates and the Ministry of Foreign Affairs)They are not envisaged.
International transfers
They are not envisaged.
