Medical services and phycosocial care for employees


  • Management of employee health surveillance.
  • Management of psychosocial care.
  • Handling of reports of situations that may constitute harassment at work.

Legal basis

  • For compulsory medical examinations, the legal basis is that the processing is necessary for compliance with the legal obligation provided for in article 22 of Law 31/1995, of 8 November, on the Prevention of Occupational Risks (article 6.1.c) of the GDPR).
  • For the entry medical examination and periodic and voluntary examinations that the Banco de España is obliged to offer its employees in its capacity as employer and in compliance with the LPRL, the legal basis is that the processing is necessary for the performance of the employment contract or pre-contractual measures (article 6.1.b) of the RGPD).
  • For psychosocial care and voluntary medical examinations and services that the Banco de España offers to its employees without being obliged to do so (such as, for example, the gynecological and ophthalmological campaign, the back school, etc.), the legal basis is the data subject's consent (article 6.1.a) of the GDPR).
  • For the processing of reports of situations that may constitute harassment at work, the legal basis is the fulfilment of a public interest mission provided for in Article 24 of the Spanish Data Protection Act (Article 6.1.e) of the RGPD).

Categories of data subjects

  • Employees and applicants called to fill a permanent post
  • Retirees and pensioners
  • Trainees

Categories of personal data

  • Identification data: Name, surname, NIF or equivalent, image, social security number.
  • Contact details: Telephone, e-mail address, postal address.
  • Academic and professional data: Position, professional location, personnel number.
  • Economic and financial data: Account number for the management of financial aid of a social nature.
  • Personal characteristics data: Age, sex, place and date of birth and family data.
  • Special category data: Health data whose processing has been explicitly consented to by the data subject (article 9.2.a) of the GDPR) or is necessary for the purposes of preventive or occupational medicine, assessment of the worker's capacity to work, medical diagnosis, provision of health or social care or treatment (article 9.2.h) of the GDPR).
  • Data of vulnerable subjects: Data of children under 14 years of age, disabled persons, persons accessing social services and victims of gender violence, as well as their descendants.

Retention period

Personal data shall be retained for the time necessary to fulfil the purpose for which they were collected and to allocate any liability arising from said purpose and from the processing of the data.

Security measures

Security measures provided for in Annex II of Royal Decree 3/2020, of 8 January, which regulates the National Security Scheme in the field of Electronic Administration.


  • Health centers providing external medical services
  • Provider of OHS services in branches that do not have their own services
  • Mutual insurance of Banco de España
  • Social Security bodies
  • Judges and Courts
  • Other competent public administration bodies

International transfer of data


Data controller

Banco de España

NIF: Q2802472G

Data Protection Officer

Division of Governance and Transparency
Contact formOpens in a new window

Exercise of rights and complaints

You can check whether it is mandatory for you to provide your personal data, as well as the procedure to exercise your rights, withdraw your consent if applicable and lodge a complaint before the Data Protection Officer or the Spanish Data Protection Agency at our Privacy Policy