Privacy policy and legal notice

Privacy Policy

This website does not collect personal data from users without their knowledge, nor is it transferred to third parties.

The portal of which AESA is owner contains links to third party websites, whose privacy policies are foreign to that of AESA. By accessing such websites you can decide whether to accept their privacy and cookie policies. In general, if you browse the internet you can accept or reject third party cookies from the configuration options of your browser.

Basic information on data protection

Below, we inform you about AESA’s data protection policy.

Data controller

The personal data that could be collected directly from the interested party will be treated confidentially and will be incorporated into the corresponding processing activity owned by AESA.

The updated list of the treatment activities that AESA carries out is available at the following link: Personal Data Processing Register.


The purpose of the data processing corresponds to each of the processing activities carried out by AESA. They are accessible in the Personal Data Processing Register.


The processing of your data is carried out for compliance with legal obligations by AESA, for the performance of tasks carried out in the public interest or in the exercise of public powers conferred on AESA, as well as when the purpose of the processing requires your consent, which must be provided through a clear affirmative action.

You can consult the legal basis for each of the processing activities carried out by AESA in the Personal Data Processing Registry.

Data retention

The personal data provided will be kept for the time necessary to fulfill the purpose for which they are collected and to determine the possible responsibilities that may arise from the purpose, in addition to the periods established in the regulations of archives and documentation.

Data communication

AESA is the recipient of the treatments and will only communicate the personal data to:

  • Those third parties, bodies and public institutions of the General State Administration, of the regional and local administrations, including the courts to which it is legally obliged to provide them.
  • The information can be transferred to third parties and make international transfers within the established legal framework, for the management of personal data, only for the purposes described in the Personal Data Processing Registry.
  • The information may be processed by the processor on behalf of AESA to collaborate in the management of personal data, only for the purposes described in the Personal Data Processing Registry.

Security measures applied to your personal data

AESA will take all necessary measures in accordance with the Organic Law on Data Protection and Digital Rights Guarantees Additional Provision first. Security measures in the field of the public sector and the General Data Protection Regulation (Article 32 Security of processing and Article 25 Data protection by design and by default), those that have been established by Royal Decree 311/2022 of 3 May, regulating the National Security Scheme, and those that decide the result of an Impact Assessment on Data Protection (if necessary).

Exercise of the rights of data subjects

To request access, rectification, deletion, opposition or limitation of the processing of personal data, in the case of the requirements established in the General Data Protection Regulation, as well as in Organic Law 3/2018, of December 5, Protection of Personal Data and guarantee of digital rights, you can write to the controller, in this case, AESA, through the following means:

  • In the AESA electronic register or in the other electronic registers of any of the subjects referred to in Article 2.1 of Law 39/2015, of October 1, of the Common Administrative Procedure of Public Administrations.
  • Face-to-face through the AESA Entry Register or any other administration. 
  • In the Post Offices, in the form established by regulation.

In the event that the interested party considers that the above rights have not been addressed in accordance with the law in force, he/she may submit the corresponding claim for protection of rights before the Spanish Agency for Data Protection.

DPD contact details: 

To contact the DPD, please go to the AESA website, in the link "Contact us", selecting in the subject: "Consultations to the Data Protection Delegate".



This portal, whose owner is the State Aviation Safety Agency (AESA), with CIF Q2801615B, and with its registered office at Paseo de la Castellana 112 C.P. 28046, Madrid, and telephone (+ 34) 91 396 80 00, is constituted by the websites associated with the domains, and sede.

Intellectual and industrial property

The design of the portal and its source code, as well as the logos, brands and other distinctive signs that appear on it belong to AESA and are protected by the corresponding intellectual and industrial property rights.

Responsibility for content

AESA is not responsible for the legality of other third-party websites from which the portal can be accessed. AESA is also not responsible for the legality of other websites of third parties, which may be linked or linked from this portal.

AESA reserves the right to make changes to the website without prior notice, in order to keep your information updated, adding, modifying, correcting or eliminating the published contents or the design of the portal.

AESA will not be responsible for the use that third parties make of the information published on the portal, nor for any damages suffered or economic losses that, directly or indirectly, cause or may cause economic, material or data damage caused by the use of such information.

Reproduction of contents

The total or partial reproduction of the contents published on the portal is prohibited, unless the source of origin is cited. However, the contents that are considered as open data at the Electronic Headquarters may be reproduced, in accordance with the provisions of Royal Decree 1495/2011, of October 24, on the development of Law 37/2007, on the reuse of public sector information, for the public sector.

Electronic Headquarters

In accordance with the provisions of Article 12 of Royal Decree 203/2021, of 30 March, approving the Regulation of action and operation of the public sector by electronic means, AESA is responsible for the integrity, veracity and updating of the information and services that can be accessed through its Electronic Headquarters (

Transparency portal

Through the information published in the transparency portal, AESA regularly and up-to-date attends the principle of active advertising established by Law 19/2013, of 9 December, on transparency, access to public information and good governance, with the appropriate mechanisms to facilitate accessibility, interoperability, quality and reuse of information, as well as its identification and location.

Applicable law

The applicable law in case of dispute or conflict of interpretation of the terms that make up this legal notice, as well as any question related to the services of this portal, will be Spanish law.