Resolutions, opinions and reports search tool

The data protection regulations allow, in this case, the union delegate to have access to a copy of the decrees of the mayor's approval of the payroll of the staff of the City Council, prior to anonymization of the data of the public employees concerned and limiting their access, if applicable, to any other information that may appear in the said decrees that exceed the object of their claim, pursuant to the principle of minimization of the data (Article 5.1.c of the GDPR). However, it would be possible to provide the merely identifying information contained in the mayor's decrees relating to the mayor, in the terms that have been set out.

Taking into consideration the terms in which the complaint is made, data protection regulations do not prevent the claimant from accessing the information requested by the prior pseudonymation of personal data.

The data protection regulations do not prevent access to a copy of the report issued by the Directorate General of the Local Administration, concerning the authorisation of a civil servant to accidentally occupy the position of financial controller in the City Council and to information regarding the supplementary remuneration of this job. However, access to the reports issued by those who have accidentally exercised the intervening function will depend on the personal data that is affected, taking into account its content and the application of the limits relating to data protection referred to in Articles 23 and 24 of the LTTE, in the terms that have been set out.

Data protection regulations do not prevent the complainant from having access, if he is delegated from a trade union organisation that has the most representative status, to information on training data, professional experience, as well as punctuation with respect to merits and other valorative elements that have been taken into account in the selection process and the scores awarded in relation to the subject. In the event that the complainant does not belong to a union organization that has the most representative status, the information must be limited to the identity of the person selected in a selective process - if applicable, the worker concerned - and the scores obtained in the different merits or tests.

The Authority considers that the provisions of the legislation on the prevention of money laundering and terrorist financing on the conduct of an impact assessment in relation to certain data processings could be interpreted, for the case of foundations and associations, to the effect that they should only do so at the same time that, if necessary, they detect facts that might be indications of money laundering or terrorist financing, given the obligation to report them to the SEPBLAC. This is without prejudice to the fact that, in view of the concurrence of certain specificities, the entities consider it appropriate to carry it out in advance in the event that they may encounter any of the communication assumptions imposed by this regulation.

The data protection regulations do not prevent the claimant from accessing the information relating to the number of jobs corresponding to the call for 300 (internal procedure procedure 361), indicating the date of creation of the place and periods in which the places have been covered by interruptions, including information relating to the order number of persons assigned to each of the places.

Data protection regulations do not prevent the claimant from accessing and copying the Labour Establishment Protocol. With regard to the access of the claimant to the claimed file, access could be given to his or her own personal data and, in principle, to the identity of witnesses who have spoken by providing information on the claimant to be recorded in the documentation, unless specific circumstances justifying the limitation are met with regard to these third parties, in the terms set out in legal basis IV. In addition, data protection legislation does not prevent employees or public officials in charge of processing and resolving the case from having access to the identity, since these are actions carried out in the performance of their duties. Finally, it should be borne in mind that information containing special categories of data on third parties should be omitted, as should other information on third parties that may be included in the file and that does not have a direct relationship with the complainant and the harassment complaint that he submitted.

Taking into consideration the terms in which the complaint is made and the relevant elements, the data protection regulations prevent access by the claimant to the full content of the dossiers of patrimonial responsibility processed by the City Council between 2007 and 2022 that affect a particular person, and to the information relating to the judicial proceedings that may have arisen. However, information could be provided on the number of liability files referred to in the consultation, the meaning of the resolution and, if applicable, compensation, as well as whether legal proceedings have been taken.

The data protection regulations do not prevent the person claiming the inventory of licenses for major works that have been transferred to the District Archive and the Historical Archive of the Autonomous Community, along with the metadata of street name and number, petitioner, type and year of the work and architect, without prejudice to omitting those personal data of the holders of the works licenses that are not necessary to achieve the intended purpose as the DNI data of these people would be.

The lack of a sufficient legal basis to enable the processing of workers' personal data in an electoral procedure by electronic voting prevents a response to the questions raised, since it would be necessary to keep to the specific provisions of legal empowerment and possible regulatory deployment, in order to assess the specific aspects relating to compliance with data protection regulations.