Registry of data processing activities

LABOR MANAGEMENT

Legitimacy

GDPR (art.6.1.b): Data processing required for the execution  of any agreement to which the data subject is a party, or for the implementation of pre-contractual measures, at the request of the data subject. GDPR (art. 6.1.c): Data processing activities required for the fulfilment of a legal requirement of application to the Data controller. Royal Legislative Decree 2/2015, of 23 October, approving the consolidated text of the Law on the Statute of rights for workers. Royal Legislative Decree 8/2015, of 30 October, approving the consolidated text of the General Law on Social Security. General Tax Law No. 58/2003, of 17 December.

Purpose

Management of labour relationships and human resources. Compliance with labour, social security and tax legal responsibilities arising from the employment relationship.

Assignments

Not applicable

Origin

Potential employers and jobseekers.

Target

Tax Administration. Social Security and Labour administration. Banking institutions. Mutual Insurance Company for Occupational Accidents and Diseases, External private administrative agencies, in their capacity as data processors.

Categories

Identification data, personal details, social circumstances, academic and professional background; detailed employment data

Storage period

Legally established limitation period: 5 years

Measures

Schedule – Security Manual

MANAGEMENT OF THE ADMINISTRATIVE MANAGER TITLE

Legitimacy

GDPR: 6.1.c) Processing is necessary for compliance with a legal obligation to which the controller is subject. ORGANIC STATUTE OF THE PROFESSION 424/1963 and art. 6.1.a) Consent of the Data Subject

Purpose

Individuals who apply for the issue of the Professional Certificate of Administrative Agent, once they have successfully met the applicable requirements (entrance examinations, Master’s Degree in business management…)

Assignment

Professional Associations of Administrative Agents

Origin

The data subject, a member of the association of Administrative Agents

Recipients

The relevant Ministry

Categories

Identification data, academic and professional background; detailed employment data.

Storage period

No term limits

Measures

Schedule – ENS Schedule – Security Manual

MANAGEMENT OF ACCESS TESTS

Legitimacy

Resolution of the Secretary of State for Public Administration (in its absence, the relevant Secretary of State) and Organic Statute of the Profession (D424/1963) art 6.1a) and 6.1 c) RGPD

Purpose

Management of participation in the different Courses offered and Issue of Diplomas

Assignment

Professional Associations of Administrative Agents and Mutual Insurance Company of Administrative Agents

Origin

Individuals interested in becoming administrative agents

Recipients

The relevant Ministry

Categories

Identification data, academic background; detailed employment data.

Storage period

No term limits

Measures

Schedule – ENS Schedule – Security Manual

INSTITUTIONAL ORGANIZATION

Legitimacy

GDPR: 6.1.c) Processing is necessary for compliance with a legal obligation to which the controller is subject. ORGANIC STATUTE OF THE PROFESSION 424/1963)

Purpose

Management of the governing bodies of the BOARD and the institutional activities, including the notices of call to the meetings and preparation and archiving of minutes. Notification of the Composition of the Governing Board to the relevant Registries and Public Administrations with jurisdiction

Assignment

Not applicable

Origin

Data subjects. Minutes with data attached.

Recipients

Official Associations of Administrative Agents

Categories

Identification data and contact information

Storage period

The period established by the applicable regulations; the erasure of data will be locked and the data will be kept for historical archiving purposes

Measures

Schedule – ENS Schedule – Security Manual

INSTITUTIONAL RELATIONS

Legitimacy

GDPR: 6.1.c) Processing is necessary for compliance with a legal obligation to which the controller is subject. General Data Protection Regulations 6.1.f) Processing is necessary for the purposes of the legitimate interests pursued by the controller

Purpose

Management of the Institutional Agenda, Institutional Relationships and Communications

Origin

The data subject, individuals holding positions of responsibility in the administration and private entities that maintain professional and institutional relationships with the CGGA

Categories

Identification data, contact and professional details

Storage period

The period established by the applicable regulations; the erasure, deletion or destruction of data will be carried out in accordance with the provisions of Law 4/1993, of 21 April, on Archives and Documentary Heritage of the Community of Madrid.

Measures

Schedule – Security Manual

FISCAL MANAGEMENT

Legitimacy

GDPR: 6.1.c) Processing is necessary for compliance with tax regulations

Purpose

Management of taxes

Assignment

Not applicable

Origin

Employees and managers of the Institution

Recipients

Tax administration. Social Security and Labour Administration. Banking Institutions, External administrative agencies, in their capacity as data processors.

Categories

Identification data, economic, financial and banking information, etc…

Storage period

Legally established period of 4 years

Measures

Schedule – Security Manual

ACCOUNTING MANAGEMENT

Legitimacy

RGPD: 6.1.c) Compliance with the accounting regulations, General Accountancy Plan

Purpose

Accounting management

Assignment

Not applicable

Origin

Professional, business or commercial relationships with the CGGA

Recipients

Tax administration. External administrative agencies, in their capacity as data processors.

Categories

Identification and transaction data

Storage period

Legally established period of 5 years

Measures

Schedule – Security Manual

REGA

Legitimacy

GDPR: 6.1.c) Data processing activities required for the fulfilment of a legal requirement of application to the Data controller. ORGANIC STATUTE OF THE PROFESSION 424/1963 and art. 6.1.a) Consent of the Data Subject

Purpose

Processing of identification and Professional data of Administrative Agents.

Assignment

Public access

Origin

Administrative Agents

Recipients

Official Associations of Administrative Agents and Mutual Insurance Company of Administrative Agents.

Categories

Identification data, contact and professional information.

Storage period

No term limits, historical files

Measures

Schedule – ENS Schedule – Security Manual