Industrial Security
Purpose
Management and control of the video surveillance and access control systems in the entity's facilities to ensure the security of people, property, buildings, and installations.
Entity in charge
NAVANTIA S.A. S.M.E.
A84076397
C/Velázquez, 132 - 28006 MADRID (Madrid)
(+34) 913 358 400
[email protected]
[email protected]
A84076397
C/Velázquez, 132 - 28006 MADRID (Madrid)
(+34) 913 358 400
[email protected]
[email protected]
Base de licitud
The legal basis for the processing is:
Article 6.1.e) of GDPR: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller:
- Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights.
- Law 5/2014, of April 4, on Private Security.
Article 6.1.e) of GDPR: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller:
- Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights.
- Law 5/2014, of April 4, on Private Security.
terms for data retention
Data related to video surveillance recordings will be kept for a maximum period of 1 month from the date of collection, depending on the systems of each geographical location; unless it is the subject of an investigation by the Security Forces or Courts of Justice. Data related to access controls will be kept for a maximum period of 5 years from the date of collection.
Affected groups
Employees, visitors, clients, or suppliers who access video-surveilled areas or pass through access controls at Navantia.
Data type - Infringement
Data not processed.
Data types - Special categories
Data not processed.
Data type - Identification data
Name and surname; NIF*; Image; Employee Number; Vehicle Registration.
(*) NIE, Passport, or Residence Card Number.
(*) NIE, Passport, or Residence Card Number.
Data type - Other
Employment details; company or entity where they work and the area/department they are heading to.
Security measures
The security measures applied correspond to those provided in Annex II (Security Measures) of Royal Decree 311/2022, of May 3, which regulates the National Security Scheme in the field of Electronic Administration and are described in the documents forming part of Navantia's Data Protection and Information Security Policy. Security measures corresponding to Annex A of UNE-EN/IEC 27001 - Information Security Management Systems.
Organizational Measures:
- Personnel accessing the system have a duty of confidentiality and secrecy.
- Access to personal data by unauthorized persons is prevented.
- Paper documents are stored in a secure location (cabinets or restricted access areas) 24 hours a day.
- Documents or electronic media (CDs, pen drives, hard drives, etc.) containing personal data will not be discarded without ensuring their destruction.
- The duty of secrecy and confidentiality persists even after the employee's employment relationship with the company ends.
Technical Measures:
- System access control through user identification in access control and video surveillance systems.
- The systems follow Navantia's information security policy.
- These security measures will be reviewed periodically, and this review can be carried out by automatic mechanisms (software or computer programs) or manually.
Organizational Measures:
- Personnel accessing the system have a duty of confidentiality and secrecy.
- Access to personal data by unauthorized persons is prevented.
- Paper documents are stored in a secure location (cabinets or restricted access areas) 24 hours a day.
- Documents or electronic media (CDs, pen drives, hard drives, etc.) containing personal data will not be discarded without ensuring their destruction.
- The duty of secrecy and confidentiality persists even after the employee's employment relationship with the company ends.
Technical Measures:
- System access control through user identification in access control and video surveillance systems.
- The systems follow Navantia's information security policy.
- These security measures will be reviewed periodically, and this review can be carried out by automatic mechanisms (software or computer programs) or manually.
Security measure
Additionally, security measures are adopted for paper-based documentation according to the risks to which they are exposed, in order to ensure the confidentiality of the processed data.
Communication
Communications are foreseen when data communication can be carried out in accordance with Article 6 of GDPR regarding the legitimacy of the processing to:
- State Security Forces and Bodies.
- Courts of Justice.
- Cadiz Bay:
o Access registry of the Auxiliary Industry to the Maintenance and General Services Department of Bahía de Cádiz.
o Access registry of the Auxiliary Industry to the Auxiliary Industry Coordination Office of Bahía de Cádiz.
o Access registry of the Auxiliary Industry to the Project Management of DDG's US Navy Repairs, Naval Base of Rota.
o Access registry to the Production Department of Bahía de Cádiz.
o Access registry to the Human Resources Department of Bahía de Cádiz.
o Access registry to the Management of the Shipyards of Bahía de Cádiz.
- Cartagena's dock:
o Access registry of the Auxiliary Industry to the Production Manager of the shipyard.
o Access registry in case of incidents to the HR Manager of the shipyard.
o Access registry of the Auxiliary Industry to the Quality Manager of the shipyard.
- Ferrol Estuary:
o Access registries to the armament docks of the ships under construction in Ría de Ferrol, for all groups, to the Program and Production Managers of NFBI, with inherent interest in the activities carried out in those docks while they are in dedicated use.
o Access registries to the facilities, for all groups, to the Main Business Managements located in the shipyards of Ferrol and Fene.
o Access registries to the facilities, for employed personnel, to the Human Resources Management of Ría de Ferrol, including the head of the Operations Department of that management.
o Access to the registries of private vehicles and the declarations of voluntary access compliance with private vehicles to the facilities of Ría de Ferrol, to the Legal Advisory Office of the shipyard.
- Madrid:
o Access registry to the Human Resources Management.
- State Security Forces and Bodies.
- Courts of Justice.
- Cadiz Bay:
o Access registry of the Auxiliary Industry to the Maintenance and General Services Department of Bahía de Cádiz.
o Access registry of the Auxiliary Industry to the Auxiliary Industry Coordination Office of Bahía de Cádiz.
o Access registry of the Auxiliary Industry to the Project Management of DDG's US Navy Repairs, Naval Base of Rota.
o Access registry to the Production Department of Bahía de Cádiz.
o Access registry to the Human Resources Department of Bahía de Cádiz.
o Access registry to the Management of the Shipyards of Bahía de Cádiz.
- Cartagena's dock:
o Access registry of the Auxiliary Industry to the Production Manager of the shipyard.
o Access registry in case of incidents to the HR Manager of the shipyard.
o Access registry of the Auxiliary Industry to the Quality Manager of the shipyard.
- Ferrol Estuary:
o Access registries to the armament docks of the ships under construction in Ría de Ferrol, for all groups, to the Program and Production Managers of NFBI, with inherent interest in the activities carried out in those docks while they are in dedicated use.
o Access registries to the facilities, for all groups, to the Main Business Managements located in the shipyards of Ferrol and Fene.
o Access registries to the facilities, for employed personnel, to the Human Resources Management of Ría de Ferrol, including the head of the Operations Department of that management.
o Access to the registries of private vehicles and the declarations of voluntary access compliance with private vehicles to the facilities of Ría de Ferrol, to the Legal Advisory Office of the shipyard.
- Madrid:
o Access registry to the Human Resources Management.
International transfers
Not foreseen.
