Skip to main content
Information for the interested party regarding data protection

5.78. Training

Description of the activity

Management of the teaching staff and students who will participate, participate, or have participated in the courses taught to AEAT employees.

Purpose

Management and control of training activities organised by the AEAT

Legitimation

Article 6 of Regulation 2016/679 (EU), relating to the legality of processing, in section 1, letter b) states that “The processing will be legal if at least one of the following conditions is met: (…) b) the processing is necessary for the execution of a contract to which the interested party is a party or for the application at the request of the interested party of pre-contractual measures (…)”.

Under this provision, data processing is lawful and does not require consent when the data processing is carried out for the fulfillment of contractual relations of an employment nature.

This provision would cover the treatment of teachers and students employed by the AEAT, even if their relationship is not strictly contractual.

For external teachers, the basis for legitimacy will be their consent based on article 6.1.a, which will be obtained prior to training.

Interested parties

  • Employees (civil servants and workers who provide services to the AEAT)
  • Professor/External company (individuals and/or legal entities)

Details

  • NIF/DNI, Name and Surname, Address, Telephone, Image/Voice, email.
  • Academic and professional
  • Job Details
  • Bank details (external teachers and companies)

Treatments

  • Collection
  • Record
  • Storage
  • Structuring
  • Modification
  • Update
  • Copy
  • Analysis
  • Enquiry
  • Extraction
  • Promotion
  • Interconnection
  • Limitation
  • Suppression
  • Destruction
  • Other

Recipients

External training companies with which a service has been contracted or entities with an agreement. The essential data for the correct provision of the service will be transferred.

International transfers

Not foreseen

Profiling

Does not apply

Technical/organizational measures

All data processed has been evaluated through a risk analysis, obtaining the list of technical and organizational measures to be applied.

These measures have been applied in accordance with the approved adaptation plan.