Management of personal data to create a user in SAP (email, SAP registration, computer equipment request, etc.), for the preparation and signing of the International Assignment Agreement with the employee, preparation and signing of employment contracts abroad, payroll management abroad, for the processing of visas, work permits, relocations, submission of forms and communications to the corresponding tax authorities, and for communication to Social Security of any movement; for the request of flights.

NAVANTIA S.A. S.M.E.
A84076397
C/Velázquez, 132 - 28006 MADRID (Madrid)
(+34) 913 358 400
[email protected]
[email protected]

The legal bases for processing are:

Article 6.1(b) of GDPR: Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.

Article 6.1(c) of GDPR: Processing is necessary for compliance with a legal obligation to which the controller is subject:
- Law 35/2006, of November 28, on Personal Income Tax and partial modification of the laws on Corporate Tax, Non-Resident Income Tax, and Wealth Tax.
- Law 45/1999, of November 29, on the posting of workers in the framework of a transnational provision of services.
- Royal Legislative Decree 2/2015, of October 23, approving the revised text of the Workers' Statute Law.
- Other regulations of the destination country.

Article 6.1(a) of GDPR: Consent of the data subject.

Data will be stored for four years or for the time necessary to fulfill the purpose for which they were collected and to determine any possible responsibilities that may arise from that purpose and the processing of the data. The provisions of the applicable archives and documentation regulations for Navantia will apply.

Employees of Navantia and their family members (including data of minors under 14 years old).

Administrative offenses, criminal record certificate and/or criminal convictions (Article 10 of GDPR).

Data not processed.

Name and surname; NIF*; Postal address; Personal registration number; Postal address; Telephone; Email; Signature**; Image.
(*) NIE, Passport or Residence card number.
(**) Handwritten or electronic.

Personal characteristics; Social, academic, and professional circumstances; Employment details, Transactions of goods and services; Economic, financial, and insurance; Other information necessary for the management of employees abroad.

The security measures applied correspond to those provided in Annex II (Security Measures) of Royal Decree 311/2022, of May 3, which regulates the National Security Scheme in the field of Electronic Administration and are described in the documents forming part of Navantia's Data Protection and Information Security Policy. Security measures corresponding to Annex A of UNE-EN/IEC 27001 - Information Security Management Systems.

Additionally, security measures are adopted for paper-based documentation according to the risks to which they are exposed, in order to ensure the confidentiality of the processed data.

Communications are foreseen when data communication can be carried out in accordance with Article 6 of GDPR regarding the legitimacy of the processing to:

- Consulates.
- Embassies.
- Financial entities.
- Tax administrations.
- Labor administrations.

Data transfers to third countries are planned for the proper development of work activities. Countries where Navantia has personnel assigned (Turkey, India, Saudi Arabia, USA, United Kingdom, Australia, France, Norway, Canada, Thailand and Germany). The transfer of personal data to third countries is carried out within the framework of an employment contract.