Skip to main content
Information to the interested party on data protection

5.74. Access record

Description of the activity

Record for subsequent audit and comparison, if necessary, of the accesses and actions carried out by both citizens and internal users who access the services and information systems made available to them.

Purpose

Effective application of the state tax and customs system.

Management and internal administration of the AEAT.

Legitimation

Article 6 of Regulation 2016/679 (EU), relating to the legality of the treatment, in this case in section 1, letter e) which states that “The treatment will be lawful if the least one of the following conditions: (…) c) the treatment is necessary for the (…) exercise of public powers conferred on the person responsible for the treatment (…)”.

For its part, article 95 of 58/2003, of December 17, General Tax establishes the reserved nature of data with tax significance, and in point 3 it states “The Tax Administration will adopt the necessary measures to guarantee the confidentiality of tax information and its appropriate use.”

Interested

  • Users
  • Taxpayers

 Details

  • NIF/DNI, Name and Surname, IP Address
  • Record of actions carried out in the different assets that make up the AEAT Information System
  • Consultations and modifications made to taxpayers, as well as information on user behavior in information systems

Treatments

  • Collection
  • Record
  • Storage
  • Structuring
  • Modification
  • Update
  • Copy
  • Analysis
  • Enquiry
  • Extraction
  • Promotion
  • Interconnection
  • Limitation
  • Suppression
  • Destruction
  • Other

Recipients

Other AAPP

International transfers

are not foreseen

Planned deadlines for deletion

The data collected will not be deleted and will remain in the databases of the State Tax Administration Agency (AEAT) in order to cover possible legal requirements or other types of claims that may arise.

Profiling

Does not apply

Technical/organizational measures

All data processed has been evaluated through a risk analysis, having obtained a list of technical and organizational measures to apply.

These measures have been applied in accordance with the approved adaptation plan.