Skip menu

For the latest information on COVID-19 travel restrictions in Italy. Click here.

Privacy Policy

Information on the processing of personal data of users consulting the website pursuant to Article 13 of Regulation (EU) 2016/679

Pursuant to Regulation (EU) 2016/679 (hereinafter the "Regulation"), information is provided below regarding the processing of personal data of users consulting the institutional website of the Ministry of Tourism (hereinafter "MiTur" or "Ministry" or the "Owner") and taking advantage of the services made available, accessible via telematic tools at the following address:

(Hereafter the 'Site'),

The information provided does not concern other sites, pages or online services that can be reached via hypertext links that may be published, but which refer to resources outside the Controller's domain.

Data Controller

Following consultation of the website, data relating to identified or identifiable natural persons may be processed.

The Data Controller is the Ministry of Tourism, with head office in Via di Villa Ada n.55 - 00199 Rome (Italy).

Data Protection Officer

Pursuant to Article 37 of the Regulation, the Data Protection Officer (RDP or DPO) is Dr Alessia Vaccaro, who can be reached at the following address:

Types of personal data

The Controller processes the following personal data of the data subject: first name, surname, e-mail address, photo (hereinafter the 'Data').

This data is provided by the data subject himself who decides to create an account.

Each time the user accesses the Site, the Controller will collect and process the following data:

  • Technical information, such as but not limited to, IP address, access data, browser used, operating system.
  • Information about your visit to the Site, including addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested pages, information about your interaction on the Site.
  • Information obtained through cookies, or similar technologies, used by the Data Controller on the Site, as better specified in the Cookie Policy published on the Site itself.

Purpose of the treatment and legal

The processing of the data of the interested party is carried out for the following purposes:

  • allow the user to access the website and use the services it provides through a registration procedure for the creation of an account and authentication credentials that allow, after logging in, the possibility of saving the content viewed as favourites in their account. The legal basis is identified in art.6, par. 1, lett. B) of the Regulation ([...]) the processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the data subject's request. The provision of personal data for this purpose is optional, but failure to provide it will make it impossible to activate or provide the services requested by the user.
  • for the fulfilment of legal obligations to which the Controller is subject. The legal basis is identified in art.6, par. 1, lett. C) of the Regulation.
  • For sending promotional communications and newsletters by the Ministry by means of remote communication tools, such as e-mail (hereinafter "Direct Marketing Purposes"); the legal basis is based on Article 6(1)(A) of the Regulation ([...] the data subject has given consent to the processing of his/her personal data for one or more specific purposes
  • For sending promotional communications and newsletters from the Ministry by remote communications tools, such as e-mail (hereinafter "Direct Marketing Purposes"); the legal basis is based on art.6, par.1, lett. A) of the Regulation ([...] the data subject has given consent to the processing of his/her personal data for one or more specific purposes
  • for the sending of promotional communications by the Ministry's Partners, to whom the Data will be disclosed, by remote communication tools, such as e-mail (hereinafter "Third Party Outbound Marketing Purposes"; the legal basis is based on art.6, par.1, lett. A) of the Regulation ([...] the data subject has given consent to the processing of his/her personal data for one or more specific purposes
  • for profiling the Data Subject to make the above-mentioned promotional communications better focused on the needs, habits and interests of the Data Subjects, on the basis of the content displayed and the information provided during registration (hereinafter ‘’Profiling Purposes’’); the legal basis is based on art.6, par.1, lett. A) of the Regulation ([...] the data subject has given consent to the processing of his/her personal data for one or more specific purposes.

At any time, the data subject may revoke any consent given in the manner described at the end of this notice.

Communication of data to possible recipients

The user's personal data may be accessed or communicated, in compliance with the regulations in force and the purposes described above, to subjects appointed by the Ministry to carry out services of various kinds such as, by way of example, the maintenance of computer systems and to measure the quality of the service. Therefore, the Ministry shall designate such entities as Data Processors pursuant to Article 28 of the Regulation, from among those that present sufficient guarantees to implement adequate technical and organisational measures so that processing meets the requirements of the Regulation and ensure the protection of the rights of data subjects.

Personal data may also be disclosed to other entities or public administrations if this is necessary to comply with a legal obligation.

Personal data will be processed within the borders of the European Union.        

Data retention

The retention time of users' personal data is limited to the period during which the user's account is active; concerning newsletters, personal data is retained until the user revokes his or her consent.

This is without prejudice to the case in which the Ministry retains such data to ascertain, exercise or defend one of its rights in court.

Thereafter, all data will be permanently deleted or anonymised.

Rights of the data subject

The data subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him/her are being processed and, if so, to obtain access to the personal data and the following information for the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated (including recipients in third countries or international organisations), the expected period of storage of the personal data or, if this is not possible, the criteria used to determine this period, the origin of the personal data where not collected from the data subject, the existence of an automated decision-making process including profiling and information on the logic used.

In addition, the data subject has the right, where applicable, to obtain:

  • Correction of inaccurate personal data,
  • Integration of incomplete personal data,
  • Deletion (right to be forgotten),
  • Limitation of the processing of personal data (in which case, the data are processed only with the consent of the data subject, except for the necessary storage of the same and in the other cases permitted by the applicable legislation),
  • Portability of data, including transmitting the data subject's personal data from one Data Controller to another, where technically feasible,
  • Opposition to their processing.

Such requests should be addressed to the Data Controller, using the contact details provided by the latter in this notice or at The same e-mail address can be used to request cancellation of the account or to stop receiving newsletters.

In addition, in the event of a personal data breach likely to present a high risk to the rights and freedoms of the data subject, the Data Controller shall notify the data subject of the breach without undue delay, pursuant to Article 34 par.1 of the Regulation.

Right of complaint

Should the data subject consider that the processing of personal data carried out through this website is in breach of the provisions of the Regulation, he/she is entitled to lodge a complaint with the Data Protection Authority pursuant to Article 77 of the Regulation itself, or to take legal action (Article 79 of the Regulation).