5.82. User census
Description of the activity
Allow the management of the identity and authorization of users who access the AEAT information systems.
Facilitate system access management by sending OTP to the personal contact information provided.
Purpose
Internal management and administration of the AEAT. Management of assets related to the operation and internal management of the AEAT (users, authorizations, statistics, etc.).
Legitimation
Article 6 of Regulation 2016/679 (EU), relating to the legality of processing, in section 1, letter b) states that “The processing will be legal if at least one of the following conditions is met: (…) b) the processing is necessary for the execution of a contract to which the interested party is a party or for the application at the request of the interested party of pre-contractual measures (…)”.
Under this provision, data processing is lawful and does not require consent when the data processing is carried out for the fulfillment of contractual relations of an employment nature.
This provision would also cover the processing of data of public employees, even if their relationship is not contractual in the strict sense.
Interested parties
- Users
Details
- NIF/DNI, Name and Surname, Image/Voice (photograph), mobile phone, email.
- Details of the job
Treatments
- Collection
- Record
- Storage
- Structuring
- Modification
- Update
- Copy
- Analysis
- Enquiry
- Extraction
- Promotion
- Interconnection
- Limitation
- Suppression
- Destruction
- Other
Recipients
Not foreseen
International transfers
Not foreseen
Profiling
Does not apply
Technical/organizational measures
All data processed has been evaluated through a risk analysis, obtaining the list of technical and organizational measures to be applied.
These measures have been applied in accordance with the approved adaptation plan.