Skip to main content
Information to the interested party on data protection

5.78. Training

Description of the activity

Management of the teaching staff and students who are going to participate, participate, or have participated, in the courses taught to AEAT employees.


Management and control of the training activities organized by the AEAT


Article 6 of Regulation 2016/679 (EU), relating to the legality of processing, in section 1, letter b) states that “The processing will be legal if at least one of the following conditions is met: (…) b) the processing is necessary for the execution of a contract to which the interested party is a party or for the application at the request of the interested party of pre-contractual measures (…)”.

By virtue of this precept, the processing of data is lawful, and will not require consent, when the processing of data is carried out for the fulfillment of contractual relations of an employment nature.

This provision would cover both the processing of data of external professors and the processing of data of public employees, although their relationship is not contractual in the strict sense.


  • Employees (official and labor personnel who serve in the AEAT)
  • Professor/External company (natural and/or legal persons)


  • NIF/DNI, Name and Surname, Address, Telephone, Image/Voice, email.
  • Academic and professional
  • Job Details
  • Bank details (external teachers and companies)


  • Collection
  • Record
  • Storage
  • Structuring
  • Modification
  • Update
  • Copy
  • Analysis
  • Enquiry
  • Extraction
  • Promotion
  • Interconnection
  • Limitation
  • Suppression
  • Destruction
  • Other


External training companies with which a service or agreed entities have been contracted. The essential data for the correct provision of the service will be transferred.

International transfers

are not foreseen

Planned deadlines for deletion

The data collected will not be deleted and will remain in the databases of the State Tax Administration Agency (AEAT) in order to cover possible legal requirements or other types of claims that may arise.


Does not apply

Technical/organizational measures

All data processed has been evaluated through a risk analysis, having obtained a list of technical and organizational measures to apply.

These measures have been applied in accordance with the approved adaptation plan.