
Field | Content | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 - Name of the activity | |||||||||||||||||||
2 - Responsible for the treatment / DPO | COLEGIO PROFESIONAL. DE DIPLOMADOS EN ENFERMERÍA DE BURGOS / Lant Abogados (Lant Advisors, S.L.P.) | ||||||||||||||||||
3- Purpose of the processing | |||||||||||||||||||
4- Legal grounds for the processing | |||||||||||||||||||
5- Categories of data subjects | |||||||||||||||||||
6- Origin of the data | |||||||||||||||||||
Categories of personal data | |||||||||||||||||||
7 - Identification data | |||||||||||||||||||
8 - Processing system | |||||||||||||||||||
9- Data transfers | |||||||||||||||||||
International Transfers |
|
||||||||||||||||||
14- Data erasure timeframes | |||||||||||||||||||
15- General description of the technical and organizational security measures |
|
Field | Content | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 - Name of the activity | Video-surveillance management | ||||||||||||||||||
2 - Responsible for the treatment / DPO | COLEGIO PROFESIONAL. DE DIPLOMADOS EN ENFERMERÍA DE BURGOS / Lant Abogados (Lant Advisors, S.L.P.) | ||||||||||||||||||
3- Purpose of the processing | Security management of the facilities and persons using video-surveillance systems |
||||||||||||||||||
4- Legal grounds for the processing | GDPR: 6.1. e) and 6.1 f): Legitimate, public interest in protecting the safety of persons and facilities. | ||||||||||||||||||
5- Categories of data subjects | Persons entering the facilities | ||||||||||||||||||
6- Origin of the data | Security system (cameras and/or alarms that capture images) | ||||||||||||||||||
Categories of personal data | Identification and contact details. |
||||||||||||||||||
7 - Identification data | Identification and contact data: image (photographs or videos) of persons entering the facilities or registration plates. |
||||||||||||||||||
8 - Processing system | Automated | ||||||||||||||||||
9- Data transfers | State Security Forces |
||||||||||||||||||
International Transfers |
|
||||||||||||||||||
14- Data erasure timeframes | One month as from personal data collection | ||||||||||||||||||
15- General description of the technical and organizational security measures |
|
Field | Content | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 - Name of the activity | |||||||||||||||||||
2 - Responsible for the treatment / DPO | COLEGIO PROFESIONAL. DE DIPLOMADOS EN ENFERMERÍA DE BURGOS / Lant Abogados (Lant Advisors, S.L.P.) | ||||||||||||||||||
3- Purpose of the processing | |||||||||||||||||||
4- Legal grounds for the processing | |||||||||||||||||||
5- Categories of data subjects | |||||||||||||||||||
6- Origin of the data | |||||||||||||||||||
Categories of personal data | |||||||||||||||||||
7 - Identification data | |||||||||||||||||||
8 - Processing system | |||||||||||||||||||
9- Data transfers | |||||||||||||||||||
International Transfers |
|
||||||||||||||||||
14- Data erasure timeframes | |||||||||||||||||||
15- General description of the technical and organizational security measures |
|
Field | Content | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 - Name of the activity | |||||||||||||||||||
2 - Responsible for the treatment / DPO | COLEGIO PROFESIONAL. DE DIPLOMADOS EN ENFERMERÍA DE BURGOS / Lant Abogados (Lant Advisors, S.L.P.) | ||||||||||||||||||
3- Purpose of the processing | |||||||||||||||||||
4- Legal grounds for the processing | |||||||||||||||||||
5- Categories of data subjects | |||||||||||||||||||
6- Origin of the data | |||||||||||||||||||
Categories of personal data | |||||||||||||||||||
7 - Identification data | |||||||||||||||||||
8 - Processing system | |||||||||||||||||||
9- Data transfers | |||||||||||||||||||
International Transfers |
|
||||||||||||||||||
14- Data erasure timeframes | |||||||||||||||||||
15- General description of the technical and organizational security measures |
|
Field | Content | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 - Name of the activity | |||||||||||||||||||
2 - Responsible for the treatment / DPO | COLEGIO PROFESIONAL. DE DIPLOMADOS EN ENFERMERÍA DE BURGOS / Lant Abogados (Lant Advisors, S.L.P.) | ||||||||||||||||||
3- Purpose of the processing | |||||||||||||||||||
4- Legal grounds for the processing | |||||||||||||||||||
5- Categories of data subjects | |||||||||||||||||||
6- Origin of the data | |||||||||||||||||||
Categories of personal data | |||||||||||||||||||
7 - Identification data | |||||||||||||||||||
8 - Processing system | |||||||||||||||||||
9- Data transfers | |||||||||||||||||||
International Transfers |
|
||||||||||||||||||
14- Data erasure timeframes | |||||||||||||||||||
15- General description of the technical and organizational security measures |
|
Field | Content | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 - Name of the activity | RH management | ||||||||||||||||||
2 - Responsible for the treatment / DPO | COLEGIO PROFESIONAL. DE DIPLOMADOS EN ENFERMERÍA DE BURGOS / Lant Abogados (Lant Advisors, S.L.P.) | ||||||||||||||||||
3- Purpose of the processing | Personnel (permanent): Management of the employment relationship and workers’ files; processing of registrations and de-registrations with the Social Security, issuance and payment of payrolls; evaluation, follow-up and control of the performance of professional activities; access and presential control and recording of work day/timetable (including, if applicable, applications with geolocation and identity cards); promote and offer training activities, including discounted activities; occupational risk prevention; promotions, raises and/or changes in professional category. Processing of occupation accident reports (with a description of the accident and its consequences, which may involve access and processing of health data). Maintenance of a historic log of permanent workers. |
||||||||||||||||||
4- Legal grounds for the processing | Structure: GDPR 6.1.b) Execution of employment contract, GDPR 6.1.c) Comply with a legal obligations (Workers’ Statute and applicable Collective Agreement) and GDPR 6.1.f) Legitimate interest in storing names and surnames, job position and dates as a historic record of workers. Interships: GDPR 6.1.b) Execution of internship agreement. Similar: GDP 6.1.b) Execution of commercial contract. Temp Agency: GDPR 6.1.b) Execution of supply contract between the Temp. Agency and the user company and GDPR 6.1.c) Compliance with a legal obligation (temporary employment agency law) External: GDPR 6.1.b) Execution of commercial contract with the employer. GDPR 6.1.c) Compliance with a legal obligation (Occupational Risk Prevention Law) and Royal Decree with regard to the coordination of business activities). Candidate: GDPR 6.1.a) Consent of the data subject. Additional processing; GDPR 6.1.a) Consent of the data subject and/or GDP 6.1.b) Eexecution of a contract to which the data subject is a party or for the application of precontractual measures and/or GDPR at their request. | ||||||||||||||||||
5- Categories of data subjects | Employees (general regime, self-employed and similar, interns); Temp. Agency works; external workers; candidates; former employees | ||||||||||||||||||
6- Origin of the data | Permanent/Similar: the data subjects themselves or their legal representative. Internships: the data subjects themselves or their legal representative and/or the training centres or entity to which they belong. ETT: Temporary employment agencies. External: External company responsible for the worker (employer) Candidates:: the data subjects themselves, job portals, personnel selection companies. When applicable: parent company and/or entities belonging to the corporate group | ||||||||||||||||||
Categories of personal data | Identification and contact data; personal characteristics; social and family circumstances; personality-related; academic and professional; employment details; union; economic-financial and insurance; medical or health data; administrative; judicial; social; infrastructure; other special categories of data. |
||||||||||||||||||
7 - Identification data | Identification and contact details: Name, surnames; DNI/NIE or Passport, Social Security number, address, email, telephone no., signature, images and/or voice, IP address/MAC of devices. Personal characteristics: Date and place of birth, age, marital status, gender, nationality, mother tongue, physical or anthropometric characteristics. Social and family circumstances: Family situation, family responsibilities, licenses, permits, authorisations, hobbies and lifestyle. Personality: Assessment of profiles, behaviour and attitudes. Academic and professional: Education, qualifications, profession and professional experience, membership of professional associations, email, identification number, hierarchic data. Employment details: Job category, non-economic salary data, professional and employee record, experience in professional world. Unions: Union membership and/or membership of works council or trade groupings. Economic-financial and insurance: Bank, current account, income, rent, credit, loans, guarantees, pension and/or retirement plan, assets, economic salary data, tax/tax benefits, compensation, indemnity, insurance, mortgages, seizures, debts. Medical or health: occupational accidents, degree of disability or incapacity and/or degree of occupational disability and other health-related data. Administrative: administrative procedures, arbitration, claims, appeals, penalties. Judicial: judicial procedures, suits, penalties. Social: aid, subsidies, social welfare benefits, employment benefits and pensions. Infrastructure: video-surveillance images. |
||||||||||||||||||
8 - Processing system | Mixed (IT systems and hardcopy documents). | ||||||||||||||||||
9- Data transfers | Organisations or persons directly related to the controller. General Treasury of the Social Security and Public Employment Service (SEPE) and other Competente Public Administrations.. Banking and financial entities. Tax administration. Mutual societies and occupational risk prevention companies. Training companies or entities and processing of discounts before the National Foundation for Employment. Insurance companies Courts and tribunals. Court representatives. Notaries. State Security Forces Works councils and stewards. Entities, clients and/or suppliers to which employees or users must be identified. Public and private entities for the presentation of projects, tenders and subsidies. Such cases as legally provided. Parent company and/or other entities belonging to the corporate group as a result of corporate organisation and management of human resources. In the case of candidates: to increase possibilities of hiring. |
||||||||||||||||||
International Transfers |
|
||||||||||||||||||
14- Data erasure timeframes | Permanent/Similar/Interns: The data will be stored during the life of the relationship. Once terminated, the work data will be stored and blocked during the legally required periods to address potential liabilities; except for name and surnames, job positions and dates of hiring and departure which will be stored as a historic log of permanent workers based on the entity’s legitimate interest. Temporary workers: Data will be stored for the duration of the engagement with the temporary employment agency (ETT) and, upon termination, will be stored and blocked for the legally required periods to address potential liabilities or enter into a new contract. The company shall, based on a legitimate interest, store the name and surnames, job position, reason for termination and dates as a historic log of workers for an indefinite period based on the entity’s legitimate interest. External: Data will be stored for the duration of the commercial contract with the entity (employer) and, upon termination, will be stored and blocked for the legally required periods to address potential liabilities. Candidates: Throughout the personnel selection processes and upon termination, for 1 year for future processes. Business information: until unsubscription is requested. Images/voice: while published in the media described and are used for the purpose for which they were obtained, unless your consent is withdrawn. | ||||||||||||||||||
15- General description of the technical and organizational security measures |
|
Field | Content | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 - Name of the activity | Supplier management | ||||||||||||||||||
2 - Responsible for the treatment / DPO | COLEGIO PROFESIONAL. DE DIPLOMADOS EN ENFERMERÍA DE BURGOS / Lant Abogados (Lant Advisors, S.L.P.) | ||||||||||||||||||
3- Purpose of the processing | Tax, accounting and administrative management of suppliers |
||||||||||||||||||
4- Legal grounds for the processing | Provision of the service: GDP 6.1. b) execution of contract | ||||||||||||||||||
5- Categories of data subjects | Suppliers, contact persons and/or legal representatives. | ||||||||||||||||||
6- Origin of the data | The data subjects themselves or their legal representative. | ||||||||||||||||||
Categories of personal data | Identification and contact data; economic-financial and insurance. |
||||||||||||||||||
7 - Identification data | Identification and contact details: Name, surnames, identification documents (DNI, NIE or passport), address, telephone no., email. Name, surnames, telephone no. of contact persons. Name, surnames and signature of legal representatives Economic-financial and insurance: Bank data. |
||||||||||||||||||
8 - Processing system | Mixed (IT systems and hardcopy documents). | ||||||||||||||||||
9- Data transfers | Organisations or persons directly related to the controller. Competente Public Administrations.. Tax administration. Banking entities. Such cases as legally provided. |
||||||||||||||||||
International Transfers |
|
||||||||||||||||||
14- Data erasure timeframes | Data will be stored for the duration of the relation and, upon termination, will be stored for the legally required periods to address potential liabilities. | ||||||||||||||||||
15- General description of the technical and organizational security measures |
|