Recording processing activities

Processing activities. May 2018

Population register of Catalonia

Controlling administrative authority: Directorate.

Categories of data processed: data for identification purposes; personal, academic and professional details.

Purpose of the processing activities: keep residents' data of a mandatory nature up to date in the municipal population registers of all the town and city councils of Catalonia.

Data subject categories: public administration bodies of the Catalan Government.

Vulnerable groups: minors under the age of 16 and senior citizens.

Storage period: indefinite.

Transferee Categories: Catalan public administrations when required to exercise their competencies and when the residence or domicile is relevant.

Data processor categories: not applicable.

Queries

Controlling administrative authority: General Sub-Directorate of Information and Communication.

Categories of data processed: data for identification purposes; data of an economic nature.

Purpose of the processing activities: relationship with the public administration derived from the query management and the service satisfaction questionnaire.

Data subject categories: applicants.

Vulnerable groups: not applicable.

Storage period: less than 1 year.

Transferee Categories: not applicable.

Data processor categories: not applicable.

Certificates

Controlling administrative authority: General Sub-Directorate of Administration and General Services.

Categories of data processed: data for identification purposes.

Purpose of the processing activities: relationship with the public administration derived from the certificate.

Data subject categories: applicants.

Vulnerable groups: not applicable.

Storage period: less than 1 year.

Transferee Categories: not applicable.

Data processor categories: not applicable.

Extra-parliamentary legislative initiativess

Controlling administrative authority: General Sub-Directorate of Administration and General Services.

Categories of data processed: data for identification purposes.

Purpose of the processing activities: to check the registration with municipal population registers in Catalonia of persons that sign parliamentary legislative initiative forms. The uses covered are to process and check registration in municipal population registers in Catalonia of persons that sign parliamentary legislative initiatives.

Data subject categories: committees promoting same.

Vulnerable groups: not applicable.

Storage period: less than 1 year.

Transferee Categories: not applicable.

Data processor categories: not applicable.

Economic management and public procurement

Controlling administrative authority: General Sub-Directorate of Administration and General Services.

Categories of data processed: data for identification purposes; personal details; data of an economic, financial and insurance-related nature; business information; other types of data.

Purpose of the processing activities: economic management of Idescat, which includes the preparation and oversight of the budget, the procurement of goods and services, expenditure and revenue documents, agreements and treasury, among others.

Data subject categories: employees; citizens and residents; contact persons; suppliers; legal representatives.

Vulnerable groups: not applicable.

Storage period: from 5 to 10 years, or 10 years or more.

Transferee Categories: The Tax Agency; banks; savings banks and rural savings banks; public administration agencies with competence in the matter in question; other public administration bodies; public registers.

Data processor categories: not applicable.

Human resource management

Controlling administrative authority: General Sub-Directorate of Administration and General Services.

Categories of data processed: data for personal identification purposes; specially protected data; academic and training data; economic data; employment and occupational data.

Purpose of the processing activities: to manage Idescat's human resources; the data necessary for the identification of staff; payroll; training and CPD; competitive staff selection and recruitment tests, tenders and clocking in/out of Idescat staff.

Data subject categories: employees, applicants.

Vulnerable groups: not applicable.

Storage period: from 1 to 5 years.

Transferee Categories: The Tax Agency; banks; savings banks and branches of the Social Security Agency; occupational accident mutual insurance associations.

Data processor categories: not applicable.

Prevention of occupational hazards

Controlling administrative authority: General Sub-Directorate of Administration and General Services.

Categories of data processed: data for identification purposes; specially protected data; personal details; employment data; academic and professional data.

Purpose of the processing activities: collection and management of the requisite personal data for the prevention of occupational hazards and assurance of the health of Idescat staff.

Data subject categories: employees.

Vulnerable groups: not applicable.

Storage period: less than 1 year.

Transferee Categories: not applicable.

Data processor categories: not applicable.

Contacts, institutional relations and subscribers

Controlling administrative authority: Directorate.

Categories of data processed: data for identification purposes.

Purpose of the processing activities: directory of persons with whom relations are maintained at the institutional level and for the purpose of protocol, administration and communications. Publications.

Data subject categories: subscribers.

Vulnerable groups: not applicable.

Storage period: from 1 to 5 years.

Transferee Categories: not applicable.

Data processor categories: not applicable.

Access control

Controlling administrative authority: General Sub-Directorate of Administration and General Services.

Categories of data processed: data for identification purposes.

Purpose of the processing activities: control of persons who access the Idescat building to check the status of occupancy and ensure internal security.

Data subject categories: employees; citizens and residents; suppliers.

Vulnerable groups: minors under the age of 16

Storage period: less than 1 year.

Transferee Categories: not applicable.

Data processor categories: security service.

Video surveillance

Controlling administrative authority: General Sub-Directorate of Administration and General Services.

Categories of data processed: data for identification purposes.

Purpose of the processing activities: viewing and recording of images of people entering the Idescat building to ensure the security and monitoring of persons and goods.

Data subject categories: visitors and suppliers.

Vulnerable groups: minors under the age of 16

Storage period: less than 1 year.

Transferee Categories: not applicable.

Data processor categories: security service.

Statistical training and promotion

Controlling administrative authority: General Sub-Directorate of Production and Coordination.

Categories of data processed: data for identification purposes; academic and professional data; data of an economic nature.

Purpose of the processing activities: training and promotion of statistics at Idescat.

Data subject categories: applicants.

Vulnerable groups: not applicable.

Storage period: from 5 to 10 years.

Transferee Categories: not applicable.

Data processor categories: not applicable.

Suggestions

Controlling administrative authority: General Sub-Directorate of Information and Communication.

Categories of data processed: data for identification purposes.

Purpose of the processing activities: administrative procedure derived from the suggestion.

Data subject categories: applicants.

Vulnerable groups: not applicable.

Storage period: less than 1 year.

Transferee Categories: not applicable.

Data processor categories: not applicable.

Venue rental

Controlling administrative authority: General Sub-Directorate of Administration and General Services.

Categories of data processed: data for identification purposes.

Purpose of the processing activities: to make spaces available within the headquarters of Idescat to companies, institutions and the general public to hold conferences, courses, seminars, meetings or similar events.

Data subject categories: applicants.

Vulnerable groups: not applicable.

Storage period: less than 1 year.

Transferee Categories: not applicable.

Data processor categories: not applicable.

Visits

Controlling administrative authority: General Sub-Directorate of Information and Communication.

Categories of data processed: data for identification purposes.

Purpose of the processing activities: administrative procedure resulting from the request for a visit to Idescat's offices.

Data subject categories: applicants.

Vulnerable groups: not applicable.

Storage period: less than 1 year.

Transferee Categories: not applicable.

Data processor categories: not applicable.

For all of the activities, the data controller is the Statistical Institute of Catalonia.

The data protection officer's email address is dpd at idescat dot cat.

The security measures that apply to all the activities are those laid down by the Data Protection Cybersecurity Framework.

The transfer of data to countries outside the European Economic Area is not applicable.

You are here: