Entity in charge
NAVANTIA S.A. S.M.E.
C/Velázquez, 132 - 28006 MADRID (Madrid)
Base de licitud
The legal basis for processing is GDPR Article: 6(1)(e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- Private Security Act.
- Spanish Organic Law 3/2018, of 5 December, on Personal Data Protection and Guarantee of Digital Rights.
terms for data retention
The data relating to video surveillance recordings will be kept for a maximum period of one (1) month and at least 15 days from the collection date, depending on the systems of each geographical location; unless under an investigation by the Security Forces or Courts of Justice.
The data relating to access controls will be kept for a maximum period of one (1) year from the collection date.
Employees, visitors, clients or providers that access video-monitored spaces or pass through access control in Navantia
Data type - Infringement
Data not processed.
Data types - Special categories
Data not processed.
Data type - Identification data
Name and surname; tax identification number*; signature**; photo; employee number; vehicle licence plate number
(*) Foreigner identification number, passport number or residence card number
(**) Manual or electronic.
Data type - Other
Employment details; company or entity in which the person works and area/department addressed.
The security measures applied correspond to those in Schedule II (Security Measures) of Royal Decree 3/2010, of 8 January, regulating the National Security Scheme for Electronic Administration, and described in the documents forming part of Navantia's data protection and information security policy.
Security measures corresponding to Schedule A of UNE-EN/IEC 27001 - Information Security Management Systems.
Staff who access the system have a duty of confidentiality and secrecy.
Access to personal data by unauthorised persons is prevented.
Paper documents are stored in a safe place (cabinets or areas with restricted access) 24 hours a day.
Documents or electronic media (CDs, pendrives, hard discs, etc.) containing personal data will not be discarded without guaranteeing their destruction.
The duty of secrecy and confidentiality persists even when the worker's employment relationship with the company ends.
Control of access to the system by identifying users in access and video surveillance control systems.
The systems comply with Navantia's information security policy.
These security measures will be reviewed periodically and this review may be carried out by automatic mechanisms (software or computer programs) or manually.
In addition, security measures are adopted on paper documentation based on the risks to which they are exposed to ensure the confidentiality of the data processed.
Communications are envisaged when the data can be communicated in accordance with GDPR Article 6, regarding the authorisation for processing to: - Security Forces - Courts of Justice - Cadiz Bay. Register of access of the Auxiliary Industry to the Department of Maintenance and General Services of Cadiz Bay. Register of access of the Auxiliary Industry to the Coordination Office of the Auxiliary Industry of Cadiz Bay. Register of access of the Auxiliary Industry to the Repair Project Division DDG's US Navy, Naval Base of Rota. Register of access to the Production Department of Cadiz Bay. Register of access to the Human Resources Department of Cadiz Bay. Register of access to the Management of the Cadiz Bay Shipyard-Cartagena wharf. Register of access of the Auxiliary Industry to the Production Manager of the shipyard. Register of access, in case of incidents, to the Human Resource Manager of the shipyard. Register of access of the Auxiliary Industry to the Quality Manager of the shipyard. - Ría de Ferrol. Register of access to the fitting out wharf to the Programme Manager.- Madrid. Register of access to the Human Resource Department.
They are not envisaged.