Skip to main content

Privacy policy of the Conecta AEAT app

APP ConectAEAT is an application for mobile devices that allows internal, collaborating and external users of the AEAT , hereinafter users, based on their profile, to quickly manage their credentials to access the Information System of the AEAT .

The State Tax Administration Agency distributes the “ConectAEAT” application for mobile devices, being responsible for protecting the legal rights and privacy of users. The mobile application provides a section with a legally valid privacy notice and terms of service.

The privacy policy is based on:

  • The user's consent to use the application. This consent implies acceptance of the terms of use and this privacy policy.
  • The processing of the necessary data held by the Tax Agency to provide the services offered by the application.
  • The processing of such personal data in accordance with:
    • The provisions of the “Regulation ( EU ) 2016/679 of the European Parliament and of the Council, of April 27, 2016, relating to the protection of natural persons with regard to the processing of personal data and the free circulation of these data (General data protection regulations)” and the “Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights” and other applicable regulations .
    • The Resolution of November 8, 2012 of the Presidency of the State Tax Administration Agency, approving the information security policy of the State Tax Administration Agency (BOE, November 29, 2012).
    • Information Security Standards that develop the particular principles and specific responsibilities of the Information Security Policy.

Access to and use of the ConectAEAT application entails the status of User, which implies observance and compliance with the provisions contained herein, as well as any other legal provisions that may be applicable.

1. Developer information and point of contact.

Developer Name: State Revenue Office

Website: https://sede.agenciatributaria.gob.es

E-mail: supportapp@correo.aeat.es

Address: SG Exploitation - Tax Information Technology Department - State Tax Administration Agency. Santa Maria Magdalena Street, 16, 28016 Madrid (Spain)

The State Tax Administration Agency is regulated by the Resolution of December 28, 2009, of the Presidency of the State Tax Administration Agency, which creates the electronic headquarters and regulates the electronic records of the State Tax Administration Agency published in the ( BOE December 29, 2009).

2. Who is responsible for the processing of the APP ConectAEAT User's data?

The party responsible for processing the data of the APP ConectAEAT user is the General Directorate of the State Tax Administration Agency (AEAT).

Contact details:

Infanta Mercedes Street, 37, 28020 Madrid.

3. What data is processed about the User?

The information processed about the User comes from data already in the State Tax Administration Agency, either because the user has previously provided it or because it derives from the relationship between the user and the Tax Agency, both based on article 6.1.b of Regulation 2016/679 ( EU) . As well as data relating to the activation of the application and the services offered by it.

The data relating to the user that may be processed in the ConectAEAT APP will belong to one or more of the following types and will be used exclusively for the purposes of this system:

  • Identification or contact data: DNI/NIE/passport, unique user code, telephone number.
  • Device identification data: operating system, mobile device model.
  • For internal users, other identifying data in the services provided through the APP. For example: name, surname, NUMA, corporate identification and contact information (telephone number and extension; Email address; postal address, plant and office).

As a result of the services offered by the ConectAEAT APP, the credentials for access to the AEAT Information System will be sent: INTRANET password, MOBILITY token, mobile device electronic certificate password.

Additionally, to protect access to the APP, the User must have some user authentication factor configured on the mobile device provided by the operating system: credentials (pattern, code, etc.) or biometrics (fingerprint, facial recognition, etc.).

The APP does not require granting any additional permissions on the device for its operation.

In addition, the following data that is not associated with the User's identifying data is processed:

  • Application Activity: App Interactions, information about how you interact with the App. For example, the number of times you visit a page or sections through Firebase Analytics (service provided by Google, Inc.). This data is used only for the purposes necessary to obtain statistics that allow us to improve the user experience.
  • Application information and performance: Crash logs, crash log data, and unexpected issues via Firebase Crashlytics service (service provided by Google, Inc.). These are data that are used solely for the purposes necessary to resolve problems and provide an early response to incidents.
  • In the event that push notifications from the APP are enabled on the mobile device to receive the requested requests, which is recommended, device IDs or other types: identifiers related to a device for sending push notifications to the mobile device through the Firebase Cloud Messaging service (service provided by Google, Inc.). This data is used only for the purposes necessary to provide and improve the functions of the application.

4. How does the ConectAEAT APP obtain User data and where does it come from?

The data is obtained by queries to the servers of the State Tax Administration Agency, based on the data that already exists in the State Tax Administration Agency, either because the user has previously provided it or because it derives from the relationship between the user and the Tax Agency.

The domains of the servers used to send the data are: "sede.agenciatributaria.gob.es", "www2.agenciatributaria.gob.es".

Once the User accesses the application and accepts the privacy policy and terms of service, he/she may activate the application by indicating his/her ID, NIE or passport and the unique user code, and entering an activation code that will be sent by SMS to the telephone number associated with him/her as a means of contact. The ConectAEAT APP stores the DNI, NIE or passport that you have entered and the unique user code on the device. The User can delete this data whenever he or she wishes from the “Deactivate device” option in the ConectAEAT APP.

Regarding the services offered, they are obtained through consultations with the State Tax Administration Agency applications. When accessing the services, no data is stored in the ConectAEAT APP.

5. What is the legal basis for the processing of User data?

The processing of personal data that may be carried out through the ConectAEAT APP and the applications of the State Tax Administration Agency that support it are based on the consent of the interested party in compliance with the provisions of "Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free circulation of these data (General Data Protection Regulation)" and "Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights" and other applicable regulations. Such consent implies acceptance of the terms of use and this privacy policy.

In addition, we inform you that the regulations applicable to the services offered from the ConectAEAT APP are as follows:

  • Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).
  • Organic Law 3/2018 of 5 December on Personal Data Protection and safeguarding digital rights. Royal Decree 311/2022, of May 3, regulating the National Security Scheme.
  • The Resolution of November 8, 2012 of the Presidency of the State Tax Administration Agency, approving the information security policy of the State Tax Administration Agency (BOE, November 29, 2012).
  • Information Security Standards that develop the particular principles and specific responsibilities of the Information Security Policy.

6. What is the User's data used for and why?

The purpose of the ConectAEAT APP is to make it easier for users to manage credentials for access to the Tax Agency Information System, by offering them the possibility of requesting INTRANET password recovery, obtaining the MOBILITY token and requesting the electronic certificate for mobile devices. Also showing the password to install the certificate.

Internal users are also offered the option of linking to the intranet to modify identification and contact details.

The information and data collected in the ConectAEAT APP will be processed solely for the purpose of offering a personalized service.

7. How long is User data stored?

The period of conservation of the User's data in the ConectAEAT APP will be the time that the device is active with your DNI or NIE in the APP. However, at any time the User can delete the data from the “Deactivate device” option from the ConectAEAT APP itself, activating the APP with their DNI or NIE on another mobile device or through the “Management of identified user in the mobile application” management available in the Virtual Personnel Office of the State Tax Administration Agency.

8. Who has access to the User's data?

Only the User has access to the User's data from the ConectAEAT APP. Notwithstanding the foregoing, in certain cases (for example, to resolve an incident or query raised by the User) it may be necessary to access the data strictly necessary in order to resolve the incident or respond to your query.

9. What are the User's rights and how can they control their data?

You can consult information on data protection as well as your rights at the following links:

10. How is User data protected?

The State Tax Administration Agency guarantees that personal information will be stored and used for the necessary time and only to provide you with personalized services, guaranteeing the security measures required by Royal Decree 311/2022, of May 3, which regulates the National Security Scheme.

The State Tax Administration Agency has adopted the necessary technical and organisational measures to prevent the accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or the unauthorised communication or access to such data, which may in particular cause physical, material or immaterial damage and harm. The measures adopted take into account the state of technology, the nature of the data and the risks to which they are exposed and are periodically reviewed to ensure their adaptation to new situations or risk scenarios.

11. Cookie Policy

The ConectAEAT APP uses cookies to the extent necessary for its correct operation and display.

Cookies are temporary and under no circumstances are they used to gather personal information.

12. Privacy Policy Update Date

Latest update: November 10, 2023.