Privacy Policy
Information on the processing of personal data of users using the App pursuant to Article 13 of Regulation (EU) 2016/679
Pursuant to Regulation (EU) 2016/679 (hereinafter referred to as the "Regulation"), the following information is provided concerning exclusively the processing of personal data of users accessing and using the Italia.it application (hereinafter referred to as the "App" or "App Italia.it") of the Ministry of Tourism (hereinafter referred to as "MiTur" or "Ministry" or the "Data Controller") and making use of the services made available.
The information provided does not concern other sites, pages or online services that can be reached via hypertext links that may be published, but which refer to resources outside the Controller's domain.
Data controller
Types of personal data
The Data Controller processes the following personal data of the data subject:
a) Common personal data referred to in art. 4, point 1 GDPR: first name, last name, e-mail address, photo, (hereinafter the "Data").
b) Navigation and device data: the IT and telematic systems and the software procedures used to operate the App in their normal operation acquire certain data whose transmission is implicit for its normal operation. This category of data includes for example: device name, operating system version, telephone operator name, App name and version, device resolution, device language and other parameters related to the device operating system.
c) Identifiers: The App uses identifiers and specific SDKs (software libraries that are installed together with the App and allow collecting information on the device and navigation data) for technical purposes (e.g., to ensure the functioning of the App, registration, language, login or access to reserved functions), and to carry out statistical analysis activities in a way that avoids the information being able to be traced back to the user. In addition, these identifiers are used, only with specific voluntary consent, to collect information about the App user experience and to target promotional content in line with the user's interests.
d) Location Data: The Data Controller may process the location data provided by the User’s device if the User has chosen to enable that functionality. The collection of this data allows Users to view activities/attractions/places near their location and related to the interests they stated during registration and to view the results close to their location when using booking services. In addition, the Data Controller may process user location data in order to provide the best possible experience of browsing the App and to make suggestions or recommendations in line with their detected location and to send custom promotional communications. This data may be collected only when the App is active and only if the user has authorized the App to use their location data and they can revoke the authorization directly from the settings of their device.
e) Specifically for the booking services available to users, the Data Controller also processes the following personal data: booking ID, booking URL, booking data (booked service ID, number of participants, booking date, price if available), booking status data (booking outcome – confirmed, changed, cancelled).
Data Protection Officer
List of Software Development Kits (SDKs)
SDKs are a set of tools for the development and documentation of software that are equated, for the purposes of data protection legislation, with cookies.
This App uses:
· SDKs with technical functionalities: SDKs used with technical functionalities are indispensable for the functioning of the App and to provide a service requested by the user.
Without the use of such tools, some operations on this App may not be performed or may be more complex and/or less secure.
Such tools are set by default and users' prior consent is not required.
· SDKs with profiling functionalities: SDKs with profiling functionalities are used to link specific actions or behavioral patterns recurring in the use of the offered functionalities (pattern) to specific identified or identifiable subjects, in order to group the different profiles within homogeneous clusters of different size. Profiling also makes it possible, among other things, to modulate increasingly customised promotional actions, beyond what is strictly necessary for browsing the App, as well as to send targeted promotional messages, i.e. in line with the preferences expressed by the user when browsing the web, and, lastly, to customize the contents used by the user in the App on the basis of his/her preferences.
SDKs currently used
(updated 13/02/2023)
ID | Name of sdk | Categorization | Description |
1 | Google Login | tecnic | This SDK allows the user to provide their Google account information (First Name, Last Name, Email, Profile Photo) to create an Italia.it account. |
2 | Facebook Login | tecnic | This SDK allows the user to provide their Facebook account data (First Name, Last Name, Email, Profile Photo) to create an Italia.it account. |
3 | Gygia (SAP) | tecnic | This SDK allows the user to sign up for Italia.it, retrieve their Italia.it account data so that they can use the app with their connected user. Through it, the user can change the email communication preferences that Italia.it offers. |
4 | Adobe Experience Platform | profiling | The Adobe Experience Platform SDKs allow the app to communicate with the same back office platform provided by Adobe, with the purpose of tracking the actions that the user performs in the app (analytics) and establishing, for those who allow it, the user's preferences (profiling). |
Purpose of processing and legal basis
The data subject's data is processed for the following purposes:
- Allowing the user access to the App and the use of the services it provides through a registration procedure for the creation of the account and authentication credentials (including through one's own social account). The legal basis is identified in art. 6, par.1, lett. b) of the Regulation ([...]) the processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the data subject's request). The provision of personal data for this purpose is optional, but failure to provide it will make it impossible to activate or provide the services requested by the user.
- For the fulfilment of legal obligations to which the Controller is subject. The legal basis is identified in art. 6, par.1, lett. c) of the Regulation.
- To allow the geo-localised user in Italy to view, close to the place where he/she is, activities/attractions/places related to his/her interests expressed during registration by means of geo-localisation: the legal basis is based on art. 6, par.1, lett. a) of the Regulation ([...] the data subject has given consent to the processing of his/her personal data for one or more specific purposes).
- For the sending of promotional communications and newsletters by the Ministry by means of remote communication tools, such as e-mail (hereinafter 'Direct Marketing Purposes'); the legal basis is identified in art. 6, par.1, lett. a) of the Regulation ([...] the data subject has given consent to the processing of his/her personal data for one or more specific purposes).
- For the sending by Partners of the Ministry, to whom the Data will be disclosed, of promotional communications by means of distance communication tools, (hereinafter referred to as "Third Party Outbound Marketing Purposes"); the legal basis is identified in art. 6, par.1, lett. a) of the Regulation ([...] the data subject has given consent to the processing of his/her personal data for one or more specific purposes).
- For the profiling of the Data Subject in order to make the above mentioned promotional communications better focused on the needs, habits and interests of the Data Subjects, on the basis of the content displayed and of the information provided during registration and to allow a personalised browsing experience of the Mobile App on the basis of user attributes, of similar or popular contents with respect to the pages visited and on the basis of the geolocalised geographical position on the Italian territory, also through the use of special SDKs (hereinafter "Profiling Purposes"); the legal basis is based on art.6, par.1, lett. a), of the Regulation ([...] the data subject has given consent to the processing of his/her personal data for one or more specific purposes).
- For access to storage space and camera: in order to provide the services of the App (e.g., wallet for storing travel documents) the User must expressly authorise the App to access this information via settings on his device. The User may revoke the authorisation in the same manner. The legal basis is based on art.6, par.1, lett. a) of the Regulation ([...] the data subject has consented to the processing of his or her personal data for one or more specific purposes).
At any time, the data subject may revoke any consent given in the manner described at the end of this notice.
Communication of data to possible recipients
The personal data of the Interested Party may be accessed or communicated, in compliance with the regulations in force and the purposes described above, to parties appointed by the Ministry to perform services of various kinds, such as, for example, maintenance of IT systems and for measuring the quality of the service.
Personal data may also be shared, for the purposes set out above, with third parties who provide accessory or instrumental services to the activities of the Data Controller, in relation to the development, provision and operational management of the App or the products and services offered by the same and with the Ministry's Partners.
Personal data may also be communicated to other subjects or public administrations if this is necessary to fulfil a legal obligation.
The parties may act, as the case may be, as data processors or autonomous data controllers.
Personal data will be processed within the borders of the European Union.
Data retention
The retention time of users' personal data is limited to the period during which the user's account is active; regarding newsletters and the sending of commercial communications and profiling, personal data is retained until the user revokes his or her consent.
Except if the Ministry retains this data for the purpose of ascertaining, exercising or defending one of its rights in court.
Thereafter, all data will be permanently deleted or anonymised.
Rights of the data subject
The data subject has the right to obtain from the Controller confirmation as to whether or not personal data relating to him are being processed and, if so, to obtain access to the personal data and to the following information the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed (including recipients in third countries or international organisations), the period for which the personal data are to be retained or, if this is not possible, the criteria used to determine this period, the origin of the personal data if not collected from the data subject, the existence of an automated decision-making process including profiling and information on the logic used.
In addition, the data subject has the right, where applicable, to obtain:
· Rectification of inaccurate personal data;
· Integration of incomplete personal data;
· Deletion (right to be forgotten);
· Limitation of the processing of personal data (in which case, the data are processed only with the consent of the data subject, except for the necessary storage of the data and in other cases permitted by law);
· Data portability, including by transmitting the data subject's personal data from one data controller to another, where technically feasible;
· Opposition to their processing.
Corresponding requests should be forwarded to the Data Controller, using the contact details provided by him in this notice or at info@italia.it. The same e-mail address may be used to request cancellation of the account or to stop receiving newsletters.
The interested party may also cancel the account or change his/her consent choices through the appropriate interface of the App.
At any time, the User can revoke the permissions provided for geolocation, access to storage space and camera in the Settings on his device.
In addition, in the event of a personal data breach likely to present a high risk for the rights and freedoms of the data subject, the Data Controller shall notify the data subject of the breach without undue delay, pursuant to Article 34 par. 1 of the Regulation.
Right of Complaint
Should the data subject consider that the processing of personal data carried out through this site is in breach of the provisions of the Regulation, he/she has the right to lodge a complaint with the Data Protection Authority pursuant to Article 77 of the Regulation, or to take legal action (Article 79 of the Regulation).