Skip to main content
Information to the interested party on data protection

5.83. Visits and staff from the AEAT and service companies

Description of the activity

Maintenance of Security at the AEAT headquarters through access control to the AEAT buildings.


To guarantee the safety of people, goods and facilities.

Registration and control of visits.


Access control to AEAT buildings is carried out following certain security protocols that culminate in the authorization of access by personnel from outside the building.

In this way, all personnel outside a building are subjected to various identity checks and radiological inspections, both personally (carried out using metal detector arcs) and the belongings they carry and intend to bring into the building (carried out using ray inspection equipment). X).

Only personal and belongings checks are carried out on taxpayers who access public service areas.

In any case, the data collection carried out on a person who accesses a building is done for security reasons. The data collected is the minimum necessary to correctly identify the person who accesses the building, whether for the first time or occasionally.

This is based on article 32 “Security guards and their specialty” of Law 5/2014 on Private Security, which establishes:

"1. Security guards will perform the following functions:

a) Exercise surveillance and protection of assets, establishments, places and events, both private and public, as well as the protection of people who may be in them, carrying out the necessary checks, records and preventions to comply with their duties. mission.

b) Carry out identity checks on personal objects, packages, merchandise or vehicles, including their interior, at the access or inside buildings or properties where they provide services, without, in any case, being able to retain personal documentation. , but it does prevent access to said buildings or properties. Refusal to display identification or allow control of personal items, packages, merchandise or vehicles will entitle individuals to prevent access or order them to abandon the property or property that is the object of their protection.”

According to this, and in accordance with what is established in article 6.1.f of the Regulation, the consent of the interested parties is not necessary, since art. 51 of Law 4/2014 recognizes the right to “equip themselves with private security measures aimed at protecting people and property and ensuring the normal development of their personal or business activities.”

The reason for access is not distinguished since the generic concept is access to the building of a person who is not registered there as a regular user and, therefore, to authorize access, the affiliation must be known reliably and unquestionably. of who is going to access and verify the veracity of the reason for their access.


  • Visitors, staff at the service of the AEAT and any other employee, public or private, who performs their duties in AEAT buildings


  • NIF/DNI/NIE/PASSPORT, Name and Surname
  • Date and time of entry and exit, person to visit, reason for visit
  • Vehicle details, if applicable
  • Biometric data (fingerprint), if applicable
  • Information related to judicial notifications or rulings


  • Collection
  • Record
  • Storage
  • Structuring
  • Modification
  • Update
  • Copy
  • Analysis
  • Enquiry
  • Extraction
  • Promotion
  • Interconnection
  • Limitation
  • Suppression
  • Destruction
  • Other


are not foreseen

International transfers

are not foreseen

Planned deadlines for deletion

The data collected will be deleted within a maximum period of one month.


Does not apply

Technical/organizational measures

All data processed has been evaluated through a risk analysis, having obtained a list of technical and organizational measures to apply.

These measures have been applied in accordance with the approved adaptation plan.