International mobility · Privacidad

Purpose

Management of personal data to create a user in SAP (email, SAP registration, computer equipment request, etc.), for the preparation and signing of the International Assignment Agreement with the employee, preparation and signing of employment contracts abroad, payroll management abroad, for the processing of visas, work permits, relocations, submission of forms and communications to the corresponding tax authorities, and for communication to Social Security of any movement; for the request of flights.

Entity in charge

NAVANTIA S.A. S.M.E.
A84076397
C/Velázquez, 132 - 28006 MADRID (Madrid)
(+34) 913 358 400
[email protected]
[email protected]

Legal basis

The legal bases for processing are:

Article 6(1)(b) of GDPR: Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
Article 6(1)(c) of GDPR: Processing is necessary for compliance with a legal obligation to which the controller is subject:
- Law 35/2006, of November 28, on Personal Income Tax and partial modification of the laws on Corporate Tax, Non-Resident Income Tax, and Wealth Tax.
- Law 45/1999, of November 29, on the posting of workers in the framework of a transnational provision of services.
- Royal Legislative Decree 2/2015, of October 23, approving the revised text of the Workers’ Statute Law.
- Other regulations of the destination country.
Article 6(1)(a) of GDPR: Consent of the data subject.

Data retention periods

Data will be stored for four years or for the time necessary to fulfill the purpose for which they were collected and to determine any possible responsibilities that may arise from that purpose and the processing of the data. The provisions of the applicable archives and documentation regulations for Navantia will apply.

Affected groups

Employees of Navantia and their family members (including data of minors under 14 years old).

Data type - Infringement

Administrative offenses
Criminal record certificate and/or criminal convictions (Article 10 of GDPR)

Data types - Special categories

Not processed.

Data type - Identification data

Name and surname
NIF (NIE, Passport or Residence card number)
Postal address
Personal registration number
Telephone
Email
Signature (handwritten or electronic)
Image

Data type - Other

Personal characteristics
Social, academic, and professional circumstances
Employment details
Transactions of goods and services
Economic, financial, and insurance
Other information necessary for the management of employees abroad

Security measures

The security measures applied correspond to those provided in Annex II (Security Measures) of Royal Decree 311/2022, of May 3, which regulates the National Security Scheme in the field of Electronic Administration and are described in the documents forming part of Navantia’s Data Protection and Information Security Policy. Security measures corresponding to Annex A of UNE-EN/IEC 27001 - Information Security Management Systems.

Additionally, security measures are adopted for paper-based documentation according to the risks to which they are exposed, in order to ensure the confidentiality of the processed data.

Communication

Communications are foreseen when data communication can be carried out in accordance with Article 6 of GDPR regarding the legitimacy of the processing to:

Consulates
Embassies
Financial entities
Tax administrations
Labor administrations

International transfers

Data transfers to third countries are planned for the proper development of work activities. Countries where Navantia has personnel assigned (Turkey, India, Saudi Arabia, USA, United Kingdom, Australia, France, Norway, Canada, Thailand and Germany). The transfer of personal data to third countries is carried out within the framework of an employment contract.