Go to content
open box image

Mi Carpeta Ciudadana - More Information

Mi Carpeta Ciudadana keeps open a channel of proactive communication with the citizens. We look forward to receiving your proposals for improvement about the portal and about the Apps .
In addition, we will keep the the roadmap  of incorporation of new functionalities for the short and medium term.

If you have any additional incident or doubt you can use our contact form .

Privacy Policy

Please, as a user of the service "Mi Carpeta Ciudadana" (hereinafter Mi Carpeta Ciudadana), read this privacy policy carefully. In it you can find all the information about the data that is collected about you, how it is used and what control you have over it.

1. Who is responsible for the processing of your data as a user of Mi Carpeta Ciudadana?

The person responsible for the processing of your data as a user of Mi Carpeta Ciudadana is:

  • Name: Secretaria General de Administración General (hereinafter, the AEAD)
  • Data Protection Officer: (dpd@digital.gob.es)  Send  email
  • Direction DPD: Calle Poeta Joan Maragall, 41, floor 12, 28046 Madrid

The entity responsible for the service “Mi Carpeta Ciudadana” is the State Digital Administration Agency, a governing body dependent on the Secretary of State for Public Function of the Ministerio para la Transformación Digital y de la Función Pública

2. What data do we process about you?

The information we process about you as a Data Controller comes from personal data that you may provide to us through external services or personal data that comes from other Data Controllers.

The data relating to you that are treated in “Mi Carpeta Ciudadana” belong to the following typologies:

  • Identifying or contact data: name, surname, ID, postal address or email, among others.
  • Identification data of your device.
  • Data relating to your citizenship and residence: what is your Autonomous Community, province or municipality, municipal register data, etc.
  • Data related to upcoming events and appointments that you have arranged with the Public Bodies integrated in “Mi Carpeta Ciudadana”.
  • Data relating to the field of education: degrees obtained, scholarships and study grants, etc.
  • Health data and the scope of social services: certificates of disability, degree, dependency status, benefits, aids, etc.
  • Occupational and retirement data: employment situation, job demand, working life, benefits, retirement request, etc.
  • Housing and urban planning data: rustic or urban real estate, cadastral registration, etc.
  • Vehicle and transport data: vehicles owned by you, driving licence, points of your card, etc.
  • Data on issued notifications of which you are the interested party: data from the Single Bulletin Board of the BOE (TEU), such as, for example, those relating to the organ/department issuing the notification and date of publication.
  • Data of a public registry: number, office of origin/destination, date of registration, data of the interested party, status, etc.

In addition, to facilitate access to the mobile app the user can optionally enable the biometric authentication mechanisms provided by the different mobile platforms (iOS, Android…) that manage and store on your mobile device your biometric identification data, such as face recognition or fingerprint.

The rest of the information, such as the information that may be necessary to obtain your data for the generation of some justification, comes from external sources and will be treated appropriately by each of the Treatment Managers. The AEAD is responsible for the processing of such personal data.

3. How does “Mi Carpeta Ciudadana” get your data and where does it come from?

Personal data are obtained through other Public Administrations for which the AEAD is in charge of treatment.

4. What is the legal basis for the processing of your data?

The processing of personal data that can be carried out through the “Mi Carpeta Ciudadana” service is based on:

  • The interested party gave his consent in accordance with Article 6.1.a) of the GDPR. You have the right to withdraw your consent at any time, although this withdrawal will not affect the legality of the treatment based on the consent prior to its withdrawal. The interested party gives his/her consent associated with the following data: privacy preference settings, ads settings and personal summary.
  • Performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller in accordance with Article 6.1.e) of the GDPR.

In addition, we inform you that the regulations applicable to the treatments offered are as follows.

  • Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights.
  • Law 39/2015, of 1 October, on the Common Administrative Procedure of Public Administrations.
  • Law 40/2015, of 1 October, on the Legal Regime of the Public Sector.
  • Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)
  • Royal Decree 203/2021, of 30 March, approving the Regulation on the operation and functioning of the public sector by electronic means.
  • Royal Decree 311/2022, of 3 May, regulating the National Security Scheme.

5. Why and why do we use your data?

The information and data collected in Mi Carpeta Ciudadana will be treated solely for the purpose of offering the corresponding service. For this purpose, we use your data to offer you the following services:

  • Receive notices (provided you give your prior consent) in your email or PUSH notifications (if you use the mobile APP) when you have a prior appointment in a Public Administration or an event that is of interest to you.
  • Possibility to adapt the presentation of "Mi Carpeta Ciudadana" according to your preferences.
  • Present your data directly without having to consult them again each time you access "Mi Carpeta Ciudadana".

The purpose of the treatment of “Mi Carpeta Ciudadana” is to facilitate your relationship with the Public Administrations, by offering you in a single access personalized information about your relationship with these and their public agencies and related or dependent entities. In addition, in the event that you decide to use the conversational assistant, we will process your data in order to provide you with a quick search for the information, notices, supporting documents or other data that you request and that are available through the “Mi Carpeta Ciudadana” service.

6. For how long do we store your data?

The retention period will depend on the type of data:

  • In relation to the information relating to the paragraph “Personal summary” from the website, will be automatically deleted if you do not access “Mi Carpeta Ciudadana” for a period of 3 months. However, you can withdraw your consent at any time and such information will not be stored. Through the APP a query will be made every time you access Mi Carpeta Ciudadana, however, from the Web such information will not be shown.
  • The data processed in “Upcoming Events” will be stored for a maximum period of two years from your last access to the service.
  • Regarding the relative data of the other sections (“My data”, “My files”, “My notifications” and “My writings and requests submitted”), these are not stored, they are only presented since you make the query or request of the same (by clicking on said section or section).
  • Data processed through the use of the conversational assistant is automatically deleted when your session ends or when at least 30 minutes of chat inactivity elapses.
  • In relation to the information regarding the configuration of notices, recent, favorites and personal photo, the data provided will be stored for a maximum period of two years counted from your last access to the service.

7. Who has access to your data?

Only you have access to your data. Without prejudice to the above, in certain cases (for example, to resolve an incident or query that you ask us) we may need to access the data strictly necessary in order to resolve the incident or respond to your query.

8. What are your rights and how can you control your data?

The regulation gives you a number of rights in relation to the data and information we process about you. Specifically, the rights of access, rectification, deletion and portability of data, limitation and opposition to their treatment.

For those data in which the AEAD is responsible for the processing You can exercise the rights established in Article 15 and following of the GDPR, at any time and free of charge, by sending an email to protecciondatos.sgad@correo.gob.es or by sending a postal mail to the address Calle del Mármol, 2, 28005 Madrid.

You can consult the full scope and detail of these rights on the website of the Agencia Española de Protección de Datos (AEPD) .

You also have the right to complain to the Data Protection Delegate of the Ministerio para la Transformación Digital y de la Función Pública, either through the email dpd@digital.gob.es or by sending postal mail to the address Calle Poeta Joan Maragall, 41, plant 12, 28046 Madrid.

For the information processed by the AEAD from other Public Administrations, that is, when the AEAD is in charge of treatment, these rights will be exercised with the Data Controller in each case. All information regarding the processing of your personal data is available in the following link of the Ministerio para la Transformación Digital y de la Función Pública: Registro de actividades de tratamiento .

Apart from all the above, you have the right at all times to file a claim with the Agencia Española de Protección de Datos (AEPD) .

9. How do we protect your data?

The AEAD guarantees the security, secrecy and confidentiality of your data, communications and personal information and has adopted the most demanding and robust security measures and technical means to prevent its loss, misuse or access without your authorization.

The security measures implemented correspond to those provided for in Annex II (Security Measures) of Royal Decree 311/2022, of 3 May, which regulates the National Security Scheme.

In addition, we promise to act quickly and responsibly in the event that the security of your data may be in danger, and to inform you if it is relevant. Security incident management protocols and personal data security gaps are available, which include notifications to supervisory authorities and users in the cases provided for in the legislation.

Finally, we inform you that both the storage and the rest of the activities of the processing of your data will always be located within the European Union.

10. Security gaps

If you are aware of the existence of a security breach for which the AEAD is responsible for processing your personal data, please send us an email (protecciondatos.sgad@correo.gob.es).