Data protection policy

Additional information on Data Protection

We hereby inform you, under the provisions set out in Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April, the "General Data Protection Regulation", that the data controller responsible for processing your data is the BIBLIOTECA NACIONAL DE ESPAÑA, O.A.

1. Identification of the data controller and the Data Protection Officer

The BIBLIOTECA NACIONAL DE ESPAÑA, having Tax ID number Q2828005E and attached to the Spanish Ministry of Culture and Sport, hereby informs its users of the existence of several automated personal data files, whose controller is the BIBLIOTECA NACIONAL DE ESPAÑA, with address Paseo de Recoletos, number 20-22, 28071- Madrid, telephone +34 91 580 78 00, where the personal data provided by users and customers of the BIBLIOTECA NACIONAL DE ESPAÑA (henceforth BNE) are collected and stored.
The functions that the above-mentioned Regulation grants the Data Protection Officer will be carried out by the head of the Sub-directorate General of BNE, whom citizens can contact via the following email address dpd@bne.es

2. Purpose of the file

Personal data may only be understood to be communicated by users to the BNE through its webpage where they voluntarily use the form service offered by the BNE to contact the BNE or to register for access to the Library’s specific data of interest or in contact emails, given that it is inevitable and implicit in such cases that the data will be processed in the contact system. For such cases, the BNE hereby informs its users that their data may be processed for the following purposes:

  • Managing invitations to public events.
  • Managing users of the BNE to carry out services, such as issuing a library card, requesting works in advance, requesting copies and authorising use of public documents, under the BNE's Charter of Services.
  • Managing acquisitions, including contributions.
  • Managing entry and exit of documents.
  • Managing BNE security by monitoring entrances to its facilities using video surveillance systems.
  • 3. Legitimation

BNE informs its users that the legal basis for processing their personal data is for meeting its goals and functions, as stated in Article 3 of Act 1/2015 of 24 March, governing the BNE, and in Article 2 of its Articles of Association, as approved by Royal Decree 640/2016 of 9 December. It is mandatory for users to have their data processed if they are to benefit from the services offered by BNE.

4. Identification of the recipients regarding whose data the BNE has provided for third-party transfers or access

The BNE shall solely provide for transfers or communications of data that have to be supplied for the purposes of meeting its obligations with the Public Authorities where required under the current Legislation on any matter, at any time and where appropriate, to other bodies such as the Spanish State's Judges, Public Prosecutor's office, Courts, Tribunals, Court of Audit, Ombudsman's office and National Security Forces.
Notwithstanding the above, the BNE hereby informs its users that any processing of personal data shall be subject to the current Spanish legislation on data protection, as established by the Regulation mentioned above. The BNE is solely responsible and liable to that extent and guarantees the confidentiality of the personal data that it requests from users through the bne.es and bne.gob.es domains and it accepts no responsibility whatsoever for any subsequent processing or use of personal data that may occur through third-party information society service providers that may gain access to such data on the grounds of providing their services or carrying out their business activity.

Third-party information society service providers shall be understood to include, without being limited to, individuals or companies that provide the following services:

  • Transmission of data across a communication network for the recipients of the service.
  • Access services to that network.
  • Data storage or hosting services.
  • Supply of content or information.

Likewise, the BNE shall not be held responsible or liable for any processing of data carried out by third parties establishing hyperlinks with the BNE, or for the third parties that are responsible or liable which the BNE refers its visitors to through hyperlinks.  

5. Rights

BNE informs its users of the possibility of exercising the following rights:

  • Access to their personal data, as well as full information on their processing.
  • Rectification of their personal data, as well as restrictions to their processing.
  • Application for the data's deletion.
  • Challenge the processing of their personal data.
  • Application for transferability of their personal data.

 

Where any of the cases mentioned above occurs, the BNE shall consent to the request of the data subject and keep those data solely for the possible drafting, exercise or defence of claims or, if necessary, for legal reasons.
If you wish to exercise your rights before the data controller, or if require information on your data's processing, you can send a request to the contact details listed in section 1.