Data Protection

Update date: 24/09/2024

PRIVACY AND DATA PROTECTION

The Ministry for Digital Transformation and Civil Service is the entity responsible for the processing of personal data provided by users on the Web Portals and at the Department's associated electronic headquarters.

In accordance with the provisions of the General Data Protection Regulation, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, the Ministry undertakes to comply with its obligation of secrecy with regard to personal data and the duty to treat them confidentially. To this end, it shall take the necessary measures to prevent its alteration, loss, treatment or unauthorized access.

This legal notice applies to the pages of the Web Portals and the associated electronic headquarters of the Department, is not guaranteed in the accesses through links to these sites, nor to the links from these sites with other websites.

Articles 34.1 of the Organic Law 3/2018, of December 5Personal Data Protection and Digital Rights Guarantee (hereinafter LOPDGDD), and 37.1 of the Regulation (EU) 2016/679 of 27 April 2016 (hereinafter GDPR), require the appointment of a Data Protection Officer when the processing of data is carried out by a public authority or body.

You can go to the Data Protection Graduate via: dpd@digital.gob.es

Functions of the Data Protection Officer

To inform and advise those responsible for the processing of personal data, as well as employees who are responsible for the processing of personal data, in accordance with the GDPR, the Marketing Authorisation LOPDGDD and other relevant provisions.
Monitor compliance with the rules and policies of data protection data controllers and processors.
To provide advice as requested on the impact assessment concerning the protection of personal data.
Cooperate with the Spanish Data Protection Agency and act as a contact body with it.
Intervene in the event that interested parties submit to the AEPD the power to complain before the AEPD.
To address the issues of data subjects relating to the processing of their personal data and the exercise of their rights, under the protection of GDPR and the LOPDGDD.

Data protection policy

Collection of personal data

In order to provide the services to which you are entitled, the Ministry may request through forms personal data that will generally be processed in accordance with the provisions of the General Data Protection Regulation, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and the Organic Law 3/2018 of Protection of Personal Data and Guarantee of the Digital Data.

The Ministry shall inform and may collect data from the following categories of personal data:

Identification and contact details (including postal and/or electronic addresses).
Identification codes or keys for access and operation in the Portal and Electronic Headquarters.
Transactional data, that is, any operation, movement and consultation associated with any of the administrative services and procedures that a user maintains with the Ministry.
Socioeconomic and labor data.
Legal representation data

Responsible for Treatment

The activities of processing personal data correspond to different Controllers, depending on the service provided by the Ministry for Digital Transformation and the Civil Service. The Register of Treatment Activities (RAT), published and downloadable on this site, identifies those responsible for all treatments registered in the Ministry.

Purposes of the processing activities and their legitimation

Through Web Portals and Electronic Sites, no personal data are collected without due legitimacy. The data provided by the data subject shall be used, on a unique and exclusive basis, for the purposes set out in each procedure or action.

The general purpose of the collection and processing of personal data is the management, provision and improvement of the services and the processing of administrative procedures related to the Ministry for Digital Transformation and the Civil Service, as well as any other service requested at any time by the user and the follow-up and response to the consultations raised by them.

The processing of personal data collected by the Ministry may have additional purposes, all of which are justified by the explicit consent of the user or by the legitimacy conferred on the Ministry by the laws and regulations regulating the services offered and the respective procedures, in accordance with the presumption of lawfulness of the treatments provided by Article 6 of the Regulation (GDPR).

The different purposes and their legitimacy can be consulted in the access to each of the services and procedures offered by the Ministry; and in general, in the RAT published in compliance with the provisions of Art. 31.2 of the Organic Law 3/2018 (LOPDyGDD).

Explicit Consent

Once informed of the type of data necessary for the provision of the associated administrative services and procedures, the processing activities to be carried out, their purpose and their legitimation, express consent shall be obtained when necessary for the Ministry to carry out the processing activities of the personal data provided by the user of the services.

Recipients, transfer and transfer of data

In general, the Ministry for Digital Transformation and the Civil Service is the sole recipient of the data collected. In no case will the aforementioned data be processed or transferred to third parties, if it is not with the express consent of the affected, except with legal authorization, according to the assumptions provided by the current legal regulations.

Where the service provided or its associated procedure includes legal obligations arising from the legitimation of the processing which require the transfer or transfer to third parties, the third parties to whom such data are addressed and the purposes of their processing activities shall be indicated.

Where applicable, the express consent of the user shall be sought for such transfers and transfers of data. Consent will be requested separately and specifically when the transfer of data is international.

Data retention period

The data will be kept for the time necessary to meet the services offered by the Ministry based on the administrative legislation regarding the prescription of responsibilities.

Exercise of rights

The user may at any time exercise the rights with respect to the data provided for any of the administrative procedures and services. For this purpose, you can contact us by any means which shows your dispatch and receipt, to:

Ministry for Digital Transformation and Civil Service
Calle Poeta Joan Maragall, 41 - 28046 Madrid

You can also contact the Spanish Data Protection Agencywhere you can consult more information on obligations and rights relating to the protection of personal data.

Registration of Personal Data Processing Activities

Download Personal Data Processing Registry of the Secretaries of State of Digital Transformation

Date of update: 31/01/2025

Download Personal Data Processing Registry of the Secretary of State for Public Service (in review)

Date of update: 05/04/ 2024

Download Personal Data Processing Register of the General Secretary of Digital Administration (provisional)

Date of update: 24/09/ 2024

Download Registry of Personal Data Processing of the Undersecretary

Date of update: 27/03/ 2025