authega logo
More options
Your browser is not supported

Your browser or browser version is not (or no longer) supported by authega. This may lead to display or functional problems. In order to continue using authega, we therefore recommend to use a current and supported browser.

For more information, please see the Help under System requirements.

Warning

Help

Back to overview

Privacy

Privacy

As the provider of authega, we would like to inform you about the processing of your personal data. Personal data is all information that relates to an identified or identifiable natural person.

authega is an authentication service. With the help of authega, you are able to register for different procedures. When registering, you will receive an authega account with which you can manage your access to the selected procedure.

The authega authentication service is operated by the Bavarian State Tax Office (Bayerisches Landesamt für Steuern).

Data Controller:

Bayerisches Landesamt für Steuern
Sophienstr. 6
80333 München
Tel.: 089/9991-0
Fax: 089/9991-1099
E-Mail: poststelle@lfst.bayern.de

Data protection officer (Behördlicher Datenschutzbeauftragter):

Official data protection officer of the Bavarian State Tax Office
Krelingstr. 50
90408 Nürnberg
Tel.: 0911/991-1004
Fax: 0911/991-491004
E-Mail: datenschutz@lfst.bayern.de

Visiting our website, your browser automatically transmits data to us. This data is stored in so-called server log files.

The following data is stored when you access the website:

  • IP address of the requesting computer
  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, files not found, etc.)
  • Browser type, browser version and operating system used
  • Amount of data transferred

The data collected is only used to improve the website and in anonymous form for statistical evaluations. The legal basis of processing your personal data is Article 6 (1) sentence 1 letter e EU GDPR (DSGVO) in conjunction with Art. 4 para. 1 Bavarian Data Protection Act (BayDSG). Personal data will only be transmitted to service contractors if and insofar as this is necessary to remedy technical faults.
We erase your personal data after seven days at the latest, unless longer storage is necessary for evidence purposes. Personal data will be deleted at the latest when the technical problem has been resolved or the unauthorized access has been clarified.

When accessing this website, we store cookies on your hard drive to ensure the functionality of the website. Cookies are small text files that are stored on the user's computer in order to be available for subsequent visits on this website.

The information contained in cookies enables a safe and comfortable use of our website. The legal basis for data processing is Art. 6 (1) sentence 1 letter f GDPR.

Most browsers are set to accept the use of cookies. However, this function can be switched off for the current session or permanently by adjusting the browser settings. Deactivating the cookies means that registration and login to authega are no longer possible.

The following data is collected by authega:

  • E-mail address
  • Last login
  • Selected procedure
  • Language
  • Possibly security question and answer
  • Access type

If authentication is carried out using a signature card, the personal data of your smartcard is compared with the authega account for authentication purposes. Your personal data is collected / reconciled to enable secure authentication in the respective procedure. The data collection / comparison is in accordance with Art. 6 (1) sentence 1 letter e GDPR in conjunction with Art. 8 (4) Bavarian E-Government Act (BayEGovG) in conjunction with Sect. 2, 3 Bavarian regulation for the creation of barrier-free information technology (BayBITV), Art. 4 (1) Bavarian data protection law (BayDSG). The security question and answer are stored as long as the account exists. The data from the smartcard is deleted in authega immediately after the comparison. Further data will be deleted or anonymized immediately after the registration has been completed or canceled.

Disclosure to service contractors only takes place within the process of troubleshooting.

Depending on the selected procedure, further personal data will be collected. On the website of the respective procedure you can find more information about the data protection standards of the respective procedure.

Personal data you provide to our hotline or the hotline for a third-party procedure will be used for the purpose of troubleshooting. Please note that encrypted communication with our hotline (both by telephone and email) is not possible and the transmitted data may therefore be read by third parties during transmission. Therefore, please do not provide us with any personal data via this way.

In the event of an error, it may also be possible that we pass on your log files to service contractors. Personal data will only be passed on if and insofar as this is necessary for troubleshooting. These log files can contain personal data.

The legal basis is Article 6 (1) sentence 1 letter e GDPR in conjunction with Art. 4 (1) Bavarian Data Protection Act (BayDSG).

You have the right

  • to request information about your personal data processed by us and further essential criteria, such as the processing purposes or the duration of storage, in accordance with Art. 15 GDPR;
  • in accordance with Art. 16 GDPR to immediately request the correction of incorrect or incomplete personal data stored by us;
  • according to Art. 17 GDPR, to request the immediate erasure of your personal data stored by us, unless the processing is necessary to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR, provided that the accuracy of the data is disputed by you, the processing is unlawful, you refused the deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to processing in accordance with Art. 21 GDPR;
  • according to Art. 20 GDPR, to receive your personal data, which you have provided to us, in a structured, common and machine-readable format or to request the transmission to another person responsible and
  • on complaint according to Art. 77 GDPR.

For security reasons, communication with our servers is only possible with TLS encryption. According to the current state of the art, this guarantees a secure transfer of your data.

Depending on the browser, an encrypted connection can be recognized by an https:// instead of http:// in the address line of your browser or by a (green) lock.

authega is operated from an autonomous system isolated from other systems of the administration and it is certified under ISO 27001 according to IT-Grundschutz(a systematic approach to information security that is compatible to ISO/IEC 27001) by the Federal Office for Information Security (BSI).

Further information on data security at authega is available here .

No responsibility is taken for the correctness and proper translation of the English version. In case of doubt the German version shall be valid exclusively.

As of: August 27, 2024

Privacy Policy authega.pdf

/