ElsterSecure – the authentication app from ELSTER

ElsterSecure offers you the possibility to log in to ELSTER and services that use the ELSTER login with your mobile device (e.g. smartphone, tablet). A certificate is no longer required for this type of login. You can use your mobile device to complete the registration for My ELSTER and securely store an access key on your mobile device in ElsterSecure. This allows you to access My ELSTER from any location. ElsterSecure can be installed via Google Play and the Apple App Store. 

Data protection notice

General

Data protection and data security for the citizen are top priorities for our financial administration. Therefore, the protection of your personal data while you are using our app is very important to us. This data protection notice statement explains what information we collect on our servers while you use the app and how that information is used. The operator of this app is the Bavarian State Tax Office – IuK division – (Bayerische Landesamt für Steuern, Bereich IuK). Data protection with ELSTER

Processing of personal data for the ElsterSecure service

Type and scope of data processing

Login and completion of registration

When using our app, the information provided and stored as part of the registration process is transmitted by My ELSTER to the app and processed there. It is also possible to complete the registration started in My ELSTER in the app. In this case, the necessary data is also transferred from My ELSTER to the app. This data is displayed in the app and processed as necessary.

This includes the following data:

  • For a natural person: last name, first names, title, identification number, e-mail address, user name
  • In the case of a legal entity or association of persons: company name, legal form, registered office, in particular, place of management, tax number, e-mail address, user name

Sharing log files with technical support:

In the application, a user can initiate the transfer of log files to My ELSTER technical support if required. These show all activities when using the application. This data is used exclusively for technical support.

Purpose and legal basis for recording this data

Login and completion of registration

In order to establish the identity of a user, the tax authority may, in accordance with Section 8 (2) Online Access Act (Onlinezugangsgesetz) and Sections 29c and 30 (4) (1) Fiscal Code (AO), retrieve data from the Federal Central Tax Office and corresponding data stored by the tax offices for taxation purposes from these tax authorities in an automated procedure with the consent of the user, and transmit any data retrieved to the user’s account or eGovernment service with the consent of the user.

The legal basis for the above-mentioned processing of your personal data is Article 6 (1) 1 (e), (2), (3) (b) and (4) General Data Protection Regulation (GDPR) in conjunction with Section 8 of the Online Access Act (Onlinezugangsgesetz) and Sections 29c and 30 Fiscal Code (AO).

Accordingly, we are permitted to process the personal data necessary to fulfil a task incumbent upon us. You are not obliged to disclose this personal data. Without your personal data, however, it is not possible for you to use the services offered here.

Sharing log files with technical support:

The legal basis for the processing is Art. 6 (1) Sentence 1 lit. a) General Data Protection Regulation (GDPR). There is also a legitimate interest in processing to optimise system security and stability in accordance with Art. 6 (1) Sentence 1 lit f) General Data Protection Regulation (GDPR). 

Storage period of personal data

Insofar as we process personal data within the scope of the services offered here, the following applies: personal data will only be stored for the duration of the respective use of the service provided for this purpose.

Access permissions required for the app to function on mobile devices

  • Storage:
    For storing and accessing security keys and configuration settings. Access to data selected by the user for transmission to the service.
  • Network, connections and internet data:  
    For communication with the respective online service used.
  • Camera:
    For scanning QR codes to open the app in a specific context. Also for taking photos that the user wants to submit to a service.
  • Biometric hardware:  
    Enables the use of fingerprint or facial recognition as a second factor in user authentication. The processing is carried out by the end device. Only the result of the check is transmitted to the app.