As a provider of authega, we would like to inform you about the processing of your personal data. Personal data is all information that relates to an identified or identifiable natural person.

authega is an authentication service. With the help of authega, you can register and register for different procedures. When registering, you will receive an authega account with which you can manage your access to the selected specialist procedure.

The authega authentication service is operated by the Bavarian State Tax Office.


Bayerisches Landesamt für Steuern
Sophienstr. 6
80333 München
Tel.: 089/9991-0
Fax: 089/9991-1099

Data protection officer:

Official data protection officer of the Bavarian State Tax Office
Sophienstr. 6
80333 München
Tel.: 089/9991-0
Fax: 089/9991-1099

When you visit our website, your browser automatically transmits data to us. These are stored in so-called server log files.

The following data is saved when you access the website:

  • IP address of the requesting computer
  • Date and time of the request
  • Name of the requested file
  • The page from which the file was requested
  • Access status (file transferred, files not found, etc.)
  • Browser type, browser version and operating system used
  • Amount of data transferred

The data collected is only used to improve the website and in anonymous form for statistical evaluations. The legal basis is Article 6 (1) sentence 1 letter e EU GDPR in conjunction with Art. 4 para. 1 Bavarian Data Protection Act (BayDSG). The data will only be transmitted to service contractors if and insofar as this is necessary to remedy technical faults.
The personal data will be deleted after seven days at the latest, unless longer storage is necessary for evidence purposes. The data will be deleted at the latest when the technical problem has been resolved or the unauthorized access has been clarified.

When you access this website, we store cookies on your hard drive to ensure the functionality of the website. Cookies are small text files that are stored on the user's computer in order to be available for later visits to this website.

The information contained in cookies enables a safe and comfortable use of our website. The legal basis for data processing is Art. 6 para. 1 sentence 1 letter f DSGVO.

Most browsers are set to accept the use of cookies. However, this function can be switched off for the current session or permanently by setting the Internet browser. Deactivating the cookies means that registration and login to authega are no longer possible.

The following data is collected by authega:

  • E-mail address
  • last login
  • Procedure language
  • Possibly Security question and answer
  • Access type

If authentication is carried out using a signature card, the data on your smart card is compared with the authega account for authentication. Your personal data is collected / reconciled to enable secure authentication in the respective specialist process. The data collection / comparison is in accordance with Art. 6 Para. 1 Letter e GDPR in conjunction Art. 8 para. 4 Bavarian E-Government Act (BayEGovG) in conjunction with §§ 2, 3 Bavarian regulation for the creation of barrier-free information technology (BayBITV), article 4 paragraph 1 Bavarian data protection law (BayDSG) permitted. The security question and answer are saved as long as the account exists. The data on the smartcard is deleted in authega immediately after the comparison. The other data will be deleted or anonymized immediately after the registration has been completed or canceled.

Disclosure to service contractors only takes place within the framework of troubleshooting.

Depending on the selected method, further personal data will be collected. You can find more information on this in the data protection information on the website of the respective specialist procedure.

The data you provide to our hotline or the hotline for the third-party procedure will be used for the purpose of troubleshooting. Please note that encrypted communication with our hotline (both by telephone and email) is not possible and the transmitted data may therefore be read by third parties during transmission. Therefore, please do not provide us with any personal data in this way.

In the event of an error, it may also be possible that we pass on your log files to service contractors. The data will only be passed on if and insofar as this is necessary for troubleshooting. These log files can contain personal data.

The legal basis is Article 6 (1) sentence 1 letter e EU GDPR in conjunction with Art. 4 para. 1 Bavarian Data Protection Act (BayDSG).

You have the right

  • to request information about your personal data processed by us and some other important criteria, such as the processing purposes or the duration of storage, in accordance with Art. 15 DSGVO;
  • in accordance with Art. 16 DSGVO to immediately request the correction of incorrect or incomplete personal data stored by us;
  • According to Art. 17 DSGVO, to request the immediate deletion of your personal data stored by us, unless the processing is necessary to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • to demand the restriction of the processing of your personal data in accordance with Art. 18 DSGVO, provided that the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or need to defend legal claims or you have objected to processing in accordance with Art. 21 DSGVO;
  • According to Art. 20 DSGVO, to receive your personal data, which you have provided to us, in a structured, common and machine-readable format or to request the transmission to another person responsible and
  • on complaint according to Art. 77 DSGVO.

For security reasons, communication with our servers is only possible with TLS 1.2 encryption. According to the current state of the art, this guarantees a secure transfer of your data.

Depending on the browser, you can recognize an encrypted connection by an https: // instead of http: // in the address line of your browser or by a (green) lock.

authega is and is operated in an independent infrastructure that is isolated from other administrative systems ISO 27001 to BSI IT baseline protection certified.

Further information on data security at authega is available here.