Staff management
Purpose
Management of personnel selection/pre-contractual, contractual, and/or civil servant relationship (registration in the employee portal, CV screening, theoretical exam and merit competition, psychotechnical and competency tests, practical skills tests, interviews, hiring, insurance, withholdings, payroll, vacations, permits, absences), as well as employee mobility processes and other situations arising from the relationship. Management of the time control register.
Entity in charge
NAVANTIA S.A. S.M.E.
A84076397
C/Velázquez, 132 - 28006 MADRID (Madrid)
(+34) 913 358 400
[email protected]
[email protected]
A84076397
C/Velázquez, 132 - 28006 MADRID (Madrid)
(+34) 913 358 400
[email protected]
[email protected]
Base de licitud
The legal bases for processing are:
Article 6.1.b) of GDPR: Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
Article 6.1.c) of GDPR: Processing is necessary for compliance with a legal obligation to which the controller is subject:
- Royal Legislative Decree 5/2015, of October 30, approving the revised text of the Basic Statute of Public Employees.
- Royal Legislative Decree 2/2015, of October 23, approving the revised text of the Workers' Statute.
- Organic Law 11/1985, of August 2, on Trade Union Freedom.
- Law 35/2006, of November 28, on Personal Income Tax.
Article 6.1.e) of the GDPR: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller:
- Royal Legislative Decree 5/2015, of October 30, approving the revised text of the Basic Statute of Public Employees.
Article 6.1.f) of the GDPR: Processing is necessary for the purposes of the legitimate interests pursued by the controller:
- Royal Legislative Decree 2/2015, of October 23, approving the revised text of the Workers' Statute.
In certain cases, processing may be based on Article 6.1.a) of GDPR: Consent of the data subjects.
The legal basis for special categories is Article 9.2.b) of GDPR: Processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment law.
Article 6.1.b) of GDPR: Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
Article 6.1.c) of GDPR: Processing is necessary for compliance with a legal obligation to which the controller is subject:
- Royal Legislative Decree 5/2015, of October 30, approving the revised text of the Basic Statute of Public Employees.
- Royal Legislative Decree 2/2015, of October 23, approving the revised text of the Workers' Statute.
- Organic Law 11/1985, of August 2, on Trade Union Freedom.
- Law 35/2006, of November 28, on Personal Income Tax.
Article 6.1.e) of the GDPR: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller:
- Royal Legislative Decree 5/2015, of October 30, approving the revised text of the Basic Statute of Public Employees.
Article 6.1.f) of the GDPR: Processing is necessary for the purposes of the legitimate interests pursued by the controller:
- Royal Legislative Decree 2/2015, of October 23, approving the revised text of the Workers' Statute.
In certain cases, processing may be based on Article 6.1.a) of GDPR: Consent of the data subjects.
The legal basis for special categories is Article 9.2.b) of GDPR: Processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment law.
terms for data retention
Data will be stored for the time necessary to fulfill the purpose for which they were collected and to determine any possible liabilities that may arise from that purpose and the processing of the data. The provisions of the applicable archives and documentation regulations applicable to Navantia will apply.
The economic data of this processing activity will be kept under the provisions of Law 58/2003, of December 17, General Tax Law.
The data related to the time control register will be kept under the provisions of Royal Legislative Decree 2/2015, of October 23, approving the revised text of the Workers' Statute.
The economic data of this processing activity will be kept under the provisions of Law 58/2003, of December 17, General Tax Law.
The data related to the time control register will be kept under the provisions of Royal Legislative Decree 2/2015, of October 23, approving the revised text of the Workers' Statute.
Affected groups
Employees assigned to Navantia; people who register on the Employee Portal as well as those who apply for a job at Navantia.
Data type - Infringement
Not processed.
Data types - Special categories
Health and disability; Union affiliation.
Data type - Identification data
Name and surname; NIF*; Social Security/Mutuality Number; Personal Registration Number; Postal address; Image; Telephone; Email; Signature**.
(*) NIE, Passport or Residence card number.
(**) Handwritten or electronic.
(*) NIE, Passport or Residence card number.
(**) Handwritten or electronic.
Data type - Other
Personal characteristics; Social circumstances; academic and professional; Employment details, Employment History Certificate and Employment Contracts, Merit Accreditation; Economic, financial, and insurance data; Others (other types of data necessary for personnel management in labor matters). Data related to the results of theoretical exams, merit competition, psychotechnical, competency, and skills tests, as well as data related to interviews conducted in the selection tests.
Security measures
The security measures applied correspond to those provided in Annex II (Security Measures) of Royal Decree 311/2022, of May 3, which regulates the National Security Scheme in the field of Electronic Administration and are described in the documents forming part of Navantia's Data Protection and Information Security Policy. Security measures corresponding to Annex A of UNE-EN/IEC 27001 - Information Security Management Systems.
Security measure
Additionally, security measures are adopted for paper-based documentation according to the risks to which they are exposed, in order to ensure the confidentiality of the processed data.
Communication
Communications are foreseen when data can be communicated in accordance with Article 6 of GDPR, in relation to authorised processing of:
- General Treasury of Social Security.
- State Tax Administration Agency.
- Financial entities.
- Insurance companies.
- Trade union organizations.
- Ministry of Labor.
- Accident mutuals.
- State Public Employment Service (SEPE).
- Spanish state-owned industrial holding company (SEPI).
- Courts and Tribunals of Justice.
- General Treasury of Social Security.
- State Tax Administration Agency.
- Financial entities.
- Insurance companies.
- Trade union organizations.
- Ministry of Labor.
- Accident mutuals.
- State Public Employment Service (SEPE).
- Spanish state-owned industrial holding company (SEPI).
- Courts and Tribunals of Justice.
International transfers
Data transfers to third countries are planned for the proper development of work activities, to countries where Navantia has assigned personnel (Turkey, India, Saudi Arabia, USA, etc.). The transfer of personal data to third countries is carried out within the framework of an employment contract.
