Skip to main content
Information for the interested party on data protection

5.74. Access record

Description of the activity

Record for subsequent audit and comparison, if necessary, of the accesses and actions carried out by both citizens and internal users who access the services and information systems made available to them.

Purpose

Effective implementation of the state tax and customs system.

Internal management and administration of the AEAT.

Legitimation

Article 6 of Regulation 2016/679 (EU), relating to the legality of the treatment, in this case in section 1, letter e) which states that “The treatment will be lawful if the least one of the following conditions: (…) c) the treatment is necessary for the (…) exercise of public powers conferred on the person responsible for the treatment (…)”.

For its part, article 95 of 58/2003, of December 17, General Tax Law establishes the confidential nature of data with tax significance, and in its point 3 states “The tax administration will adopt the necessary measures to guarantee the confidentiality of tax information and its proper use.”

Interested parties

  • Users
  • Taxpayers

 Details

  • NIF/DNI, Name and Surname, IP Address
  • Record of actions carried out on the different assets that make up the AEAT Information System
  • Queries and modifications made to taxpayers, as well as information on user behavior in information systems

Treatments

  • Collection
  • Record
  • Storage
  • Structuring
  • Modification
  • Update
  • Copy
  • Analysis
  • Enquiry
  • Extraction
  • Promotion
  • Interconnection
  • Limitation
  • Suppression
  • Destruction
  • Other

Recipients

Other public administrations

International transfers

Not foreseen

Profiling

Does not apply

Technical/organizational measures

All data processed has been evaluated through a risk analysis, obtaining the list of technical and organizational measures to be applied.

These measures have been applied in accordance with the approved adaptation plan.