authega logo
More options
Your browser is not supported

Your browser or browser version is not (or no longer) supported by authega. This may lead to display or functional problems. In order to continue using authega, we therefore recommend to use a current and supported browser.

For more information, please see the Help under System requirements.

Warning

Help

Back to overview

Privacy

Privacy

As the provider of authega, we would like to inform you about the processing of your personal data. Personal data is all information that relates to an identified or identifiable natural person.

authega is an authentication service. With the help of authega, you can register and log in to different specialist procedures. Upon registration, you will receive an authega account, which you can use to manage your access to the chosen specialist procedure.

The authega authentication service is operated by the Bavarian State Tax Office (Bayerisches Landesamt für Steuern).

Controller:

Bayerisches Landesamt für Steuern
Sophienstr. 6
80333 München
Tel.: 089/9991-0
Fax: 089/9991-1099
E-Mail: poststelle@lfst.bayern.de

Data Protection Officer:

Official data protection officer of the Bavarian State Tax Office
Krelingstr. 50
90408 Nürnberg
Tel.: 0911/991-1004
Fax: 0911/991-491004
E-Mail: datenschutz@lfst.bayern.de

When you visit our website, your browser automatically transmits data to us. This is stored in so-called server log files.

The following data is stored when the website is accessed:

  • IP address of the requesting computer
  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, files not found, etc.)
  • Browser type, browser version and operating system used
  • Amount of data transferred

The collected data is required to provide the web services and improve the website. For the technical provision of the authega web services, calls and accesses are collected in anonymized form for statistical evaluations and troubleshooting. The legal basis is Art. 6 Para. 1 S. 1 lit. e GDPR in conjunction with Art. 4 Para. 1 BayDSG. Data will only be transmitted to service providers if and to the extent that this is necessary to rectify technical malfunctions.

Personal data will be deleted after seven days at the latest, unless longer storage is required for evidence purposes or to rectify technical problems. The data will be deleted once the technical problem has been rectified or the preservation of evidence has been completed.

When you access this website, we store cookies on your hard drive to ensure the functionality of the website. Cookies are small text files that are stored on the user's computer so that they are available for subsequent visits to this website. The information contained in cookies enables the secure and convenient use of our website. Technically necessary cookies are those required for the smooth functioning of our website; these are deleted after 30 minutes.

The legal basis for data processing is Art. 6 Para. 1 Subpara. 1 lit. e GDPR in conjunction with Art. 4 Para. 1 BayDSG in conjunction with Section 25 Para. 2 TDDDG. Most browsers are set to accept the use of cookies. However, you can switch this function off for the current session or permanently via your internet browser settings. Deactivating cookies, however, means that registration and login to authega are no longer possible. Session cookies are automatically deleted by your web browser after the end of your visit.

As part of the registration process for individual specialist procedures and the management of user accounts by users, we process the following personal data on behalf of the client (specialist procedure):

  • E-mail address
  • If applicable, personnel number (depending on the specialist procedure)
  • If applicable, date of birth (depending on the specialist procedure)
  • authega ID (identification number of the user account)
  • Last login
  • Specialist procedure
  • Language
  • If applicable, security question and answer (depending on the specialist procedure)
  • Access Type
  • If applicable, display name (depending on the specialist procedure/access type)
  • If applicable, certificate (depending on the specialist procedure/access type)
  • If applicable, IP address of the computer requesting the specialist procedure (depending on the specialist procedure)

Your personal data is collected/matched to enable secure authentication for the respective specialist procedure. We are authorized to do this within the framework of the commissioned processing agreed with the clients in accordance with Art. 28 GDPR or Art. 38 BayDiG. The clients remain the controllers within the meaning of Art. 4 No. 7 GDPR. For further information, please refer to the data protection notices of the respective specialist procedure.

The data collected upon completion of registration and management of the user account will be deleted at the latest 10 years after the deactivation of the user account. The security question and the associated answer are deleted immediately upon deactivation of the user account. After the currently assigned certificate file has expired, automatic deactivation takes place after 90 days. Data such as a personnel number or a date of birth, which are exclusively necessary for a specialist procedure as part of the registration, are deleted in authega immediately after processing as part of the registration process.

Data located on the signature card and used in authega (the certificate used for authentication) is deleted in authega immediately after login. The unique identifier of the certificate (issuer and serial number) and the expiry date of the certificate will be deleted at the latest 10 years after the deactivation of the user account. If a registration has not been completed, all registration data provided will be deleted after 90 days. Disclosure to service providers only takes place as part of troubleshooting.

Depending on the selected specialist procedure, further personal data may be collected; further information can be found in the data protection notices on the website of the respective specialist procedure.

The data you provide to our hotline or the hotline of the specialist procedure will be used for the purpose of processing malfunctions. Please note that encrypted communication with our hotline (both by telephone and by e-mail) is not possible and therefore the transmitted data could potentially be read by third parties during transmission. Therefore, please do not provide us with any personal data via these channels.

In the event of an error, it may also be possible for us to pass on log files to service providers. They will only be passed on if and to the extent that this is necessary for troubleshooting. These log files may contain personal data. Data processing is carried out in each case on the basis of Art. 6 Para. 1 S. 1 lit. e GDPR in conjunction with Art. 4 Para. 1 BayDSG.

You have the right:

  • In accordance with Art. 15 GDPR, to request information about your personal data processed by us and some other important criteria, such as the purposes of processing or the duration of storage.
  • In accordance with Art. 16 GDPR, to immediately request the rectification of incorrect or the completion of your personal data stored by us.
  • In accordance with Art. 17 GDPR, to request the immediate erasure of your personal data stored by us, unless processing is necessary to fulfill a legal obligation, for reasons of public interest, or to assert, exercise, or defend legal claims.
  • In accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is contested by you, the processing is unlawful but you refuse its erasure and we no longer need the data, but you need it to assert, exercise, or defend legal claims, or you have lodged an objection to the processing in accordance with Art. 21 GDPR.
  • In accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request transmission to another controller.

Regardless of this, you have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR. The competent supervisory authority for Bavarian public bodies is the Bavarian State Commissioner for Data Protection (Bayerischer Landesbeauftragter für den Datenschutz). You can reach them at the following contact details:

Postal address: Postfach 22 12 19, 80502 Munich

Address: Wagmüllerstraße 18, 80538 Munich

Telephone: 089 212672-0

Fax: 089 212672-50

E-mail: poststelle@datenschutz-bayern.de

Internet:  https://www.datenschutz-bayern.de

For security reasons, communication with our servers is only possible via TLS encryption. According to the current state of technology, this guarantees the secure transmission of your data.

Depending on your browser, you can recognize an encrypted connection by "https://" instead of "http://" in the address bar of your browser or by a (green) padlock symbol.

authega is operated in an independent infrastructure that is isolated from other administrative systems and is ISO 27001 certified according to  BSI - Baseline Protection in Information Security.

No responsibility is taken for the correctness and proper translation of the English version. In case of doubt the German version shall be valid exclusively.

As of: May 11, 2026

Privacy Policy authega.pdf