Resolutions, opinions and reports search tool

The City Council of Vallirana did not apply for the leave of the SIPCAT of the Generalitat-Mossos d'Esquadra police of an officer of the Urban Guard who had caused leave in that city hall. Failure to comply with his obligation led the agent in question to make several accesses to SIPCAT from the computers of another city hall where he had subsequently gone to work and did so with the credentials of the Vallirana City Council.

On the one hand, by means of the digital certificate linked to a worker in the entity - which allowed him to access the HC3 file of the Department of Health - an unidentified person or persons who had access to the HC3 of the complainants, all of them workers in the entity; which is considered constitutive of a violation of the principle of application linked to the improper treatment of special categories of data. On the other hand, the digital certificate linked to one of the working people of the FSFA, which as mentioned allowed access to the HC3 file, was installed on several computers to which different people also workers in the entity had access. Thus, to the extent that all these people could use the same certificate to access the HC3 database, the identification of the person who actually accessed it could not be guaranteed unequivocally and customarily, nor, consequently, the justification of these accesses could be analysed. This is considered to be a breach of security measures.

In the context of the prior information, no facts that have been dealt with have been proven to constitute any of the infringements provided for in the data protection legislation. Well, the official who read the registered document did so in the exercise of its functions, for the purposes of including a description of the document in the corporate file manager.

The Professional Association has a sufficient legal basis to periodically communicate the basic data (name, surnames, membership number, date of affiliation to the association, degree) of its members to the General Council of the Association. without their explicit consent.

Publication in the Board of Advertisements of the City Council's Electronic Headquarters, of a document with personal data of citizens (among them, whistleblowers) who had participated in the advisory process on the regulated parking system (blue area) carried out by the consistory. In particular, the personal data disseminated are: name and surname, DNI number, telephone, postal address and email address, of each person who had submitted allegations, as well as their content and the resulting personal information derived from them.

The case file examined proceeds as it has not been proven that the City Council has leaked the personal data of the complainant to a regional median. The leaked information refers to the withdrawal of a gallon from a police officer, as well as the withdrawal of his firearm.

The resolution of the PDB, which estimates the request for the deletion of the data of the person claiming to be incorporated into the SIP file, will be declared extemporaneous, without going into any other considerations regarding the substance, given that the PDB has complied with the right exercised by the said person, and has agreed to delete the data.

The ruling of the PDB estimating the request of the claimant, of the deletion of his personal data concerning police proceedings no. (...) incorporated into the SIP file, without going into any other considerations regarding the substance, since the PDB has complied with the right exercised by the claimant, and has agreed to delete this data.

The claim filed by the claimant against the GDPR is estimated.

A person had been registered in a university for the purpose of receiving information about studies, which he did not eventually enroll, and requested the deletion of his personal data, without achieving such a deletion. The Authority dismisses his claim, considering that the university had not deleted his data because that person did not accredit his identity, despite having requested it, and the email address from which he made the application for deletion did not appear in the university's databases.