Extraordinary health surveillance measures


  • Ensure to Banco de España staff the right to health protection and prevent the spread of Covid-19 within the Institution, its workplaces and to the population as a whole, by the adoption of extraordinary and temporary health surveillance measures
  • Manage vaccinations against Covid-19 that may be carried out at Banco de España workplaces

Legal basis

  • Compliance with a legal obligation to which the controller is subject pursuant to Law 31/1995, of 8 November, on Labor Risk Prevention
  • Explicit consent of employees for the processing of their personal data relating to Covid-19 vaccination

Categories of data subjects

  • Employees
  • Trainees
  • Staff from companies contracted by Banco de España who access to workplaces shared with employees.
  • Investigators accessing the Archive

Categories of personal data

  • Identification data: Name and surname
  • Contact data: Phone number and e-mail
  • Professional data: Employee number, workplace and name of the employing company
  • Special categories of data:
    1. Health data regarding Covid-19 symptoms, whose processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law (article 9.2.b) of GDPR)
    2. Health data related to vaccination against Covid-19, whose processing is voluntary and is carried out exclusively with respect to those employees who explicitly consent the processing of such personal data for the specific purpose of managing any vaccinations that may be carried out at Banco de España workplaces (article 9.2.a) of the GDPR)

Retention period

Personal data shall be retained for the time necessary to fulfil the purpose for which they were collected and to allocate any liability arising from said purpose and from the processing of the data

Security measures

Security measures provided for in Annex II of Royal Decree 3/2020, of 8 January, which regulates the National Security Scheme in the field of Electronic Administration.


  • Labor risk prevention service providers
  • Health authorities

International transfer of data


Data controller

Banco de España
NIF: Q2802472G

Data Protection Officer

Division of Governance and Transparency
Contact formOpens in a new window