Last reviewed: 2 December 2024

Yes

The following are potential legal bases for processing personal data:

☒       the data subject has provided consent to the processing for the identified purposes
☒       the personal data is necessary to perform a contract with the data subject
☒       the personal data is necessary to comply with a legal obligation
☒       other

• Personal data is obtained from unrestricted public access sources
• Personal data is collected for the performance of the duties inherent to the powers of the State
• Personal data is limited to the name, ID number, tax or social security ID number, profession, date of birth and domicile
• Personal data is collected by financial entities in connection with transactions performed by customers of the referred entities

Last reviewed: 2 December 2024

Yes

The following are potential legal bases for processing special categories of personal data:

☒       the data subject has given consent to the processing, where consent is measured to the same standard as non-sensitive personal data
☒       processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law
☒       processing is necessary for reasons of substantial public interest
☒       processing is necessary for the purposes of medicine, the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services
☒       processing is necessary for reasons of public interest in the area of public health
☒       processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
☒       other

• If the processing is for statistic or scientific purposes and data subjects cannot be identified

Last reviewed: 2 December 2024

Yes

Under local regulations, a minor is a person below the age of 18. However, the "progressive capacity theory" included in the Civil and Commercial Code considers that minors are more prepared to make legal decisions based on their age and level of maturity (which must be analyzed on a case-by-case basis). Additionally, DPA's Resolution No. 4/2019 contemplates that it would be reasonable to conclude, in principle, that minors between 13 and 17 years old may provide their consent for the processing of their personal data.

Last reviewed: 2 December 2024

☒       generally

Last reviewed: 2 December 2024

☒       consent must be given or authorized by the holder of parental responsibility over the child
☒       additional data security requirements apply

When consent is granted by the parent/guardian of the minor, the individual or entity responsible for the database must perform reasonable efforts to verify that consent was actually granted by the parent/guardian of the minor.

☒       other

DPA's Disposition No. 18/2015 sets forth certain recommendations when processing minors' personal data, such as: limiting to the maximum extent possible the type and amount of information collected about them, implementing robust security measures on the collected information, and avoiding sharing minors' personal information with third parties.

Further, DPA's Resolution No. 332/2020 provides that during an inspection, the DPA will consider whether the individual or entity responsible for the database has obtained minors' consent with the authorization of their parents and/or legal guardians or if such consent has been obtained taking into account the minor’s progressive capacity.