| a) Legal basis | GDPR: 6.1.e) Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. RGPD: 6.1.f) The processing is necessary for the satisfaction of legitimate interests pursued by the data controller, regarding the protection of facilities, goods and services and which prevail over the interests of private individuals whose image may be collected by the video cameras or whose data is provided at the entrance, at the reception desk. All this in relation to Article 22 of the LOPDGDD. |
| b) Purposes of treatment | Video surveillance. Security. Building access control. Control the security of the entity’s accesses and facilities. |
| c) Collective | Persons whose image is collected by the security cameras installed in the enclosure and the different facilities of the entity, as well as those who provide their data at the reception desk to authorize their entry. |
| d) Data categories | Identifying data: Image. First and last name. Company. |
| e) Target category | Judges, Courts or State Security Forces and Corps. Service providers with which ITA has a relationship and under processor contracts concluded with them (Article 28 RGPD). |
| f) Transf. International | No international transfer of data is foreseen. |
| g) Time limit suppression | The images will be kept for a maximum period of thirty days from their collection, unless they must be kept because they have captured the commission of an offence that must be reported, pursuant to the provisions of Article 22.3 of the LOPDGDD. |
| h) Security measures | The security measures implemented will ensure the confidentiality, integrity, availability and permanent resilience of the processing systems and services that are appropriate to ensure a level of security appropriate to the processing risk, in the terms required by Royal Decree 311/2022, of May 3, which regulates the National Security Scheme and which are described in the documents that make up the ITA’s Data Protection and Information Security Policy. |
| i) Responsible entity | TECHNOLOGICAL INSTITUTE OF ARAGON. |
| a) Legal basis | GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is a party or for the implementation at the request of the data subject of pre-contractual measures. GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the controller. GDPR: 6.1.a) The data subject consented to the processing of his or her personal data for one or more specific purposes. |
| b) Purposes of treatment | Accounting, tax and administrative management; as well as managing the course in which the student will participate (pre-registration, tests, registration, development, billing, delivery of diplomas) and to provide their data to public administrations and teachers. Sending information about other courses, activities and events promoted or participated by ITA. Sending information. Capture of images on the development of the training activity. |
| c) Collective | Students. |
| d) Data categories | Special categories of data. Identifying data. Social circumstances data. Employment details data. Academic and professional data. Personal characteristics data. |
| e) Target category | The data will be communicated to the Public Administration with competence in the matter as well as to the entities and organizations subsidizing the training action and to the teaching staff. Public agencies that require it for intervention, auditing, certifications, etc. Service providers with which ITA has a relationship and under processor contracts concluded with them (Article 28 RGPD). |
| f) Transf. International | Email marketing platform, whose servers are hosted in the USA, for sending information about services and activities and invitations to conferences and events. |
| g) Time limit suppression | The data will be kept for a maximum period of seven years or for the years necessary to comply with the legal obligations arising from the processing, such as the need for justification of competitive public financing projects, and the justification of the destination of public funds received (ERDF, ESF, etc.). |
| h) Security measures | The security measures implemented will ensure the confidentiality, integrity, availability and permanent resilience of the processing systems and services that are appropriate to ensure a level of security appropriate to the processing risk, in the terms required by Royal Decree 311/2022, of May 3, which regulates the National Security Scheme and which are described in the documents that make up the ITA’s Data Protection and Information Security Policy. |
| i) Responsible entity | TECHNOLOGICAL INSTITUTE OF ARAGON. |
| a) Legal basis | GDPR: 6.1.a) The data subject consented to the processing of his or her personal data for one or more specific purposes. |
| b) Purposes of treatment | Manage the selection processes carried out in the entity, respecting the principles of publicity, merit and concurrence. Analysis of the professional-behavioral profile of the candidates. |
| c) Collective | Candidates. |
| d) Data categories | Special category data. Identifying data. Social circumstances data. Employment details data. Academic and professional data. Personal characteristics data. |
| e) Target category | Companies related to ITA, provided that the candidate has given his/her consent. Public agencies that require it for intervention, auditing, certifications, etc. Service providers with which ITA has a relationship and under processor contracts concluded with them (Article 28 RGPD). |
| f) Transf. International | No international transfer of data is foreseen. |
| g) Time limit suppression | The data will be kept for the years necessary to comply with the legal obligations arising from the treatment, such as the need for justification of competitive public funding projects, and the justification of the destination of public funds received (ERDF, ESF, etc.). |
| h) Security measures | The security measures implemented will ensure the confidentiality, integrity, availability and permanent resilience of the processing systems and services that are appropriate to ensure a level of security appropriate to the processing risk, in the terms required by Royal Decree 311/2022, of May 3, which regulates the National Security Scheme and which are described in the documents that make up the ITA’s Data Protection and Information Security Policy. |
| i) Responsible entity | TECHNOLOGICAL INSTITUTE OF ARAGON. |
| a) Legal basis | GDPR: 6.1.a) The data subject consented to the processing of his or her personal data for one or more specific purposes. GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is a party or for the implementation at the request of the data subject of pre-contractual measures. GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the controller. RGPD: 6.1.f) Processing necessary for the satisfaction of legitimate interests of the data controller, in relation to Article 19 of the LOPDGDD. |
| b) Purposes of treatment | Customer management and invoicing; accounting, administrative and sales management; obtaining sales statistics and commercial history; storage of data required by tax and commercial regulations and those related to the commercial relationship. Opinion polls. Commercial prospecting, e-commerce. Sending information about services and activities and invitations to conferences and/or events promoted or participated by ITA. |
| c) Collective | Clients. |
| d) Data categories | Identifying data. Employment details data. Commercial information data. Economic and financial data. Transaction data. |
| e) Target category | Tax Agency and banks. Public agencies that require it for intervention, auditing, certifications, etc. Service providers with which ITA has a relationship and under processor contracts concluded with them (Article 28 RGPD). |
| f) Transf. International | Email marketing platform, whose servers are hosted in the USA, for sending information about services and activities and invitations to conferences and events. |
| g) Time limit suppression | The data will be kept for the years necessary to comply with the legal obligations arising from the treatment, such as the need for justification of competitive public funding projects, and the justification of the destination of public funds received (ERDF, ESF, etc.). |
| h) Security measures | The security measures implemented will ensure the confidentiality, integrity, availability and permanent resilience of the processing systems and services that are appropriate to ensure a level of security appropriate to the processing risk, in the terms required by Royal Decree 311/2022, of May 3, which regulates the National Security Scheme and which are described in the documents that make up the ITA’s Data Protection and Information Security Policy. |
| i) Responsible entity | TECHNOLOGICAL INSTITUTE OF ARAGON. |
| a) Legal basis | GDPR: 6.1.a) The data subject consented to the processing of his or her personal data for one or more specific purposes. RGPD: 6.1.f) The processing is necessary for the satisfaction of the legitimate interests pursued by the data controller, given that its mission is to develop and disseminate knowledge, this interest prevailing over the interests of the data subject. RGPD: 6.1.f) Processing necessary for the satisfaction of legitimate interests of the controller, in relation to Article 19 of the LOPDGDD |
| b) Purposes of treatment | Maintenance of the necessary data to contact people who may be of interest for the development of the entity’s activity. Sending invitations. Sending information and newsletters. |
| c) Collective | Contacts. Persons who may be of interest for the development of the entity’s activities. |
| d) Data categories | Identifying data. |
| e) Target category | Service providers with which ITA has a relationship and under processor contracts concluded with them (Article 28 RGPD). |
| f) Transf. International | Email marketing platform, whose servers are hosted in the USA, for sending information about services and activities and invitations to conferences and events. |
| g) Time limit suppression | The data will be kept as long as their deletion is not requested. |
| h) Security measures | The security measures implemented will ensure the confidentiality, integrity, availability and permanent resilience of the processing systems and services that are appropriate to ensure a level of security appropriate to the processing risk, in the terms required by Royal Decree 311/2022, of May 3, which regulates the National Security Scheme and which are described in the documents that make up the ITA’s Data Protection and Information Security Policy. |
| i) Responsible entity | TECHNOLOGICAL INSTITUTE OF ARAGON. |
| a) Legal basis | GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is a party or for the implementation at the request of the data subject of pre-contractual measures. GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the controller. RGPD: 6.1.f) Processing necessary for the satisfaction of legitimate interests of the data controller, in relation to Article 19 of the LOPDGDD. |
| b) Purposes of treatment | Administrative, accounting and purchasing management. Obtaining statistics and commercial history. Storage of data required by tax and mercantile regulations and those related to the commercial relationship. |
| c) Collective | Suppliers. |
| d) Data categories | Identifying data. Employment details data. Commercial information data. Economic and financial data. Transaction data. |
| e) Target category | Tax Agency and banks. Public agencies that require it for intervention, auditing, certifications, etc. Service providers with which ITA has a relationship and under processor contracts concluded with them (Article 28 RGPD). |
| f) Transf. International | No international transfer of data is foreseen. |
| g) Time limit suppression | The data will be kept for the years necessary to comply with the legal obligations arising from the treatment, such as the need for justification of competitive public funding projects, and the justification of the destination of public funds received (ERDF, ESF, etc.). |
| h) Security measures | The security measures implemented will ensure the confidentiality, integrity, availability and permanent resilience of the processing systems and services that are appropriate to ensure a level of security appropriate to the processing risk, in the terms required by Royal Decree 311/2022, of May 3, which regulates the National Security Scheme and which are described in the documents that make up the ITA’s Data Protection and Information Security Policy. |
| i) Responsible entity | TECHNOLOGICAL INSTITUTE OF ARAGON. |
| a) Legal basis | GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is a party or for the implementation at the request of the data subject of pre-contractual measures. GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the controller. GDPR: 6.1.a) The data subject consented to the processing of his or her personal data for one or more specific purposes. RGPD: 6.1.f) Processing necessary for the satisfaction of legitimate interests of the data controller. GDPR: 6.1.e) Processing necessary for the performance of a task carried out in the public interest. |
| b) Purposes of treatment | Social and labor management of the entity, preparation of payrolls, social security and other documents to be submitted to AEAT, TGSS and INEM. Storage of data required by tax, labor and accounting regulations. Training, occupational risk prevention and health surveillance. Taking of images and photographs. Contracting insurance. Schedule control and access control to the facilities. Analysis of the professional-behavioral profile of the workers. |
| c) Collective | Own employees, trainees and interns. |
| d) Data categories | Special categories of data. Identifying data. Social circumstances data. Employment details data. Academic and professional data. Personal characteristics data. Economic and financial data. Transaction data. |
| e) Target category | Tax Agency, INAEM, trade union representatives, Social Security General Treasury, transparency portals, occupational risk prevention mutual insurance companies and banks. Project Partners. Public agencies that require it for intervention, auditing, certifications, etc. Service providers with which ITA has a relationship and under processor contracts concluded with them (Article 28 RGPD). |
| f) Transf. International | Project partners located outside the EU, where such transfer is necessary for the conclusion or performance of a contract, in the interest of the data subject, between the controller and another natural or legal person, as well as for important reasons of public interest. Such transfers are covered by the provisions of Article 49.1.c) and d) of the GDPR. |
| g) Time limit suppression | The data will be kept for the years necessary to comply with the legal obligations arising from the treatment, such as the need for justification of competitive public funding projects, and the justification of the destination of public funds received (ERDF, ESF, etc.). |
| h) Security measures | The security measures implemented will ensure the confidentiality, integrity, availability and permanent resilience of the processing systems and services that are appropriate to ensure a level of security appropriate to the processing risk, in the terms required by Royal Decree 311/2022, of May 3, which regulates the National Security Scheme and which are described in the documents that make up the ITA’s Data Protection and Information Security Policy. |
| i) Responsible entity | TECHNOLOGICAL INSTITUTE OF ARAGON. |
