Pasaia Port

We are working with you to draw up the maritime lines of the future

Vista aérea del puerto de Pasajes

Data Protection

1. Identification and contact details of the Data Controller

The Port Authority of Pasaia is an organisation belonging to the government agency Puertos del Estado, which manages and coordinates all functions and duties attributed thereto by law.

Contact channels with the Port Authority of Pasaia

  • By postal mail: Edificio Transatlántico. Recinto portuario s/n. 20110 Pasaia / Gipuzkoa (Spain)
  • By e-mail:

2. Identification of the Data Protection Officer

Designated DPO: Puertos del Estado, Álvaro Sanchez Manzanares.

Representative for the DPO: Director of the Port Authority of Pasaia, Cesar Salvador Artola. Contact e-mail:

3. Exercise of your rights

Interested parties may request the right to exercise the following:

  1. The right to access the personal data to obtain information on the data subject to processing and the processing operations carried out therewith.
  2. The right to amend any incorrect personal data.
  3. The right to delete the personal data, where possible.
  4. The right to object to the processing of the personal data, particularly in relation to the use of images on the internet. If you exercise your right of objection, your data will be deleted unless the Port Authority of Pasaia has a legitimate and compelling interest or for the formulation, exercise or pursuit of claims.
  5. The right to request the restriction of the processing of personal data when the accuracy, legality or necessity of the data processing is in doubt. In this case, we may retain the data for the exercise or pursuit of claims.
  6. The right to the portability of your data, provided that the legal basis allowing for the processing entails the existence of a contractual relationship or consent.
  7. The right to withdraw the consent granted to the Port Authority.

Furthermore, you are hereby informed that all individuals have the right to file a claim before the Spanish Data Protection Agency if they consider that there has been a breach of data protection regulations with regards to the processing of their personal data.

4. Information on the processing carried out by the Port Authority of Pasaia

The Port Authority of Pasaia holds a Record of Processing Activities in compliance with the provisions of article 30 of the GDPR. The inventory of processing operations, including a description of the purpose thereof, is as follows:

Processing Purpose
Commercial, marketing and management of promotional activities Communication management and of commercial and institutional activity.
Management of promotional activities organised for education-related groups, other organisations and the general public.
Management of complaints and suggestions.
Customer service.
List of contacts.
Licences and authorisations Management of port licences and authorisations.
Board members The purpose is to manage the data of board members named by the Basque government
Procurement Management of maximum quantity procurement (tenders and contracting) and minimum quantity procurement
Access control Control of the entry and exit of individuals to the port area and to certain port facilities. Visitor log and management of the entry of authorised individuals.
Coordination of business activities Coordination of the business activities carried out by subcontracted staff within the context of occupational risk prevention.
Administrative records and legal proceedings Management, initiation, processing and resolution of administrative records according to applicable regulations.
Legal defence of the Port Authority of Pasaia in legal proceedings and in out-of-court proceedings.
Invoicing Management of client services and invoicing. Collection of the established fees for the use of port services. Basic port services.
Account management and supplier and client registration Account management and supplier and client registration.
Recordings of video images Surveillance of the port area, viewing of the occurrences in operation areas, security access control, remote surveillance of operations by port police, surveillance for the prevention of offences.
Waiting list for recreational boating facilities Management of the users of recreational boating facilities, granting the right to moor at the dock.
Occupational risk prevention Management of the legal obligations established in the occupational risk prevention law.
Sanction procedures carried out by the port police Processing of sanction procedures in accordance with applicable regulations.
Human resources Comprehensive HR management, including new and former employees, employees at the organisation and trainees.
Management of employee data: drafting of employment contracts, payment of salaries and social security, attendance control.
Management of the continuous training, skills and competencies of workers.
Management of the data of trainees through collaboration agreements with universities and training centres.
Announcement of recreational activities for employees and former employees.
Social benefits for employees (to be included in the clause: loans, life insurance, social security, restaurant vouchers. Inform about data disclosure related to restaurant vouchers).
Communication of employment registration and work leave.
Recruitment Management of the data of candidates who apply to vacancies. Management of job vacancies.

5. Data retention

Personal data will be retained for as long as necessary to fulfil the purpose for which they were collected and, in the event of other possible responsibilities, they will be retained for as long as strictly necessary according to the legal basis applicable to such processing operations. Personal data will also be retained according to data archiving and documentation regulations when such regulations apply.

6. Security

All security measures implemented are in line with those established in the National Security Framework in the field of Electronic Administration, which are described in the documents that are part of the information security policy of the Port Authority of Pasaia.

7. Confidentiality

All personal data that we may collect through our Website or through the different communications maintained will be processed in a confidential manner, and we undertake to maintain the secrecy of such data, in accordance with applicable regulations.

8. International transfers

The processing operations for which the Port Authority of Pasaia is responsible and which appear in the Record of Processing Activities are not subject to international transfers, unless necessary to fulfil a legal obligation or to defend interests related to the operation of the Port Authority of Pasaia.

In the case of images used on social networks, you are hereby informed that the publication of data on social networks necessarily implies an international transfer of the data to Facebook, Inc., Google, Inc. (if YouTube is used), to Twitter, Inc. (when used), which are companies based in the USA, subject to the EU-US Privacy Shield (provided for in article 45.1 of EU Regulation 2016/679), under the terms and conditions defined in their privacy policy.

9. Update of the privacy policy

This Privacy Policy may be subject to updates. For this reason, it is advisable to visit this website regularly in order to remain duly informed about the type of information collected and the processing thereof.

This privacy policy was last modified on 31 January 2019.