Skip menu

This content was automatically translated. View the original text.

powered by google

Find out more

Privacy Policy

Information on the processing of personal data (Privacy Policy) pursuant to Article 13 of Regulation (EU) 2016/679

The Ministry of Tourism (hereinafter also referred to as the "Ministry" or "Administration"), in its capacity as Data Controller, hereby informs you, pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter also referred to as the "GDPR"), that the personal data of users who consult the Ministry's institutional website and use the services made available, accessible by electronic means at the following address: https://www.italia.it (hereinafter referred to as the "Site"), will be processed as follows.

The information provided does not concern other websites, pages or online services accessible via hypertext links that may be published, but refers to resources external to the domain of the Data Controller.

Data Controller

The Data Controller is the Ministry of Tourism, in the institutional and organisational structures provided for by Decree-Law no. 44 of 22 April 2023, converted with amendments by Law no. 74 of 21 June 2023 and subsequent amendments and additions, as well as by the decree of the President of the Council of Ministers no. 177 of 30 October 2023 and subsequent amendments and additions, with registered office at Via di Villa Ada 55, 00199 Rome.

Data Protection Officer

The Data Protection Officer (DPO) is appointed by the Data Controller to perform the functions expressly provided for in Regulation (EU) 2016/679.

The Data Protection Officer of the Ministry of Tourism can be contacted at the following email address: responsabileprotezionedati@ministeroturismo.gov.it.

Personal data processed

The following categories of personal data – provided directly by the data subject who decides to create an account – will be processed:

  • Common personal data (Article 4(1) of Regulation (EU) 2016/679).

Namely, the following data will be processed:

  • Personal data (e.g. first name, surname, photograph);
  • Contact details (email address, optional telephone number);
  • Geolocation data;
  • Data relating to booking services (booking ID, booking URL, booked service ID, number of participants, booking date, price if available, booking outcome – confirmation, modification, cancellation).

Each time the user accesses the Site, the following data will be processed:

  • Technical browsing data (IP Address, access data, browser used, operating system, URI/URL of pages visited, information on interaction on the Site);
  • Data collected through cookies or similar technologies, as detailed in the Cookie Policy published on the website itself to which reference is made.

Consequences of the failure to provide personal data

Failure to provide personal data will make it impossible to create an account and use the services offered through the Site.

Purpose of processing

Personal data will be processed in order to:

a)      allow access to the website and the use of the related services, through a registration procedure for the creation of the personal account;

b)     allow, following authentication by means of log-in details, the option of saving the content viewed as favourites in your account;

c)      allow the provision of the services requested by the user;

d)     allow the transmission of promotional messages and newsletters by the Ministry through remote communication tools, such as emails (hereinafter "Direct Marketing Purposes");

e)     allow the transmission of promotional messages by Ministry Partners, to whom the data will be disclosed, through remote communication tools (hereinafter "Outbound Marketing Purposes by third parties");

f)       allow the profiling of the data subject, in order to make the promotional messages and the browsing experience of the portal more consistent with the needs, habits and interests of users, based on the content displayed, location data (if the user has authorised it) and the information provided during registration (hereinafter "Profiling Purposes");

g)      allow the localisation of the user (hereinafter "Localisation Purposes");

h)     for statistical purposes relating to booking services and to allow unregistered users to receive a message inviting them to register on the Italia.it portal at the email address transmitted at the time of booking.

Lawfulness and legal basis for processing data

The lawfulness of the processing of personal data and the legal basis are identified:

  • for the purposes referred to in points d), e), f), g), h), in the consent of the data subject (Article 6( 1)(a) of Regulation (EU) 2016/679).

The Data Subject may, at any time, withdraw any consent given as specified at the end of this policy;

  • for the purpose referred to in point c), in the performance of a contract or pre-contractual measures requested by the data subject (Article 6(1)(b) of Regulation (EU) 2016/679);
  • to fulfil legal obligations to which the Data Controller is subject (Article 6(1)(c) of Regulation (EU) 2016/679);
  • to perform a task carried out in the public interest or in the exercise of official authority the Data Controller is endowed with (Article 6(1)(e) of Regulation (EU) 2016/679).

How personal data is processed

The processing of personal data will be carried out with electronic means and may involve operations such as, by way of example and not limited to: collection, consultation, use, archiving and storage.

The processing of personal data will be carried out, for the purposes listed above, in accordance with the provisions of Article 5 of Regulation (EU) 2016/679 and in compliance with the rules of confidentiality and security provided for by current legislation, in such a way as to prevent unauthorised access to or use of personal data.

The processing of personal data will be carried out only by authorised personnel in accordance with the official duties performed by them.

Personal data will be processed and stored in compliance with the principles of necessity, lawfulness, correctness, transparency, accuracy, data minimisation and limitation of the storage period, through the adoption of technical and organisational measures appropriate to the level of risk of the processing carried out.

Disclosure of personal data to any recipients

The data may be made accessible or transmitted, in compliance with current legislation and for the pursuit of the purposes of the Data Controller listed above:

  • to persons appointed by the Ministry to perform services of various kinds such as, by way of example, the maintenance of computer systems and measure the quality of the service;
  • to third parties who provide ancillary or instrumental services to the activities of the Data Controller, in relation to the development, provision and operational management of the Site or the products and services offered by the same and with the Ministry's partners;
  • to other entities or government agencies if necessary to fulfil a legal obligation.

The aforementioned entities may act, as the case may be, as data processors or independent data controllers.

The Data Controller shall designate the Data Processors pursuant to Article 28 of Regulation (EU) 2016/679 from among those who present sufficient guarantees to implement appropriate technical and organisational measures in such a way that the processing meets the requirements of Regulation (EU) 2016/679 and guarantees the protection of the rights of the data subjects.

Personal data will not be disclosed to unspecified parties, in a form that allows the identification of the data subjects, including by making them available or consulting them.

Transfer of personal data to third countries or international organisations

The Data Controller shall not transfer personal data to third countries (outside the European Economic Area) or international organisations.

Personal data retention period

Personal data will be stored in a form that allows the identification of data subjects for a period of time not exceeding the achievement of the purposes for which they are processed, pursuant to Article 5(1)(e) of Regulation (EU) 2016/679 and in any case for the period provided for by law, unless other criteria of lawfulness and legal basis are identified or unless Union or Member State law provides for the storage of data.

Namely, users' personal data will be kept for the duration of the account activity and until the account is deleted. With reference to newsletters and the transmission of commercial communications, personal data will be stored until the user withdraws their consent.

This is without prejudice to the fact that the Ministry may retain such data for the purpose of ascertaining, exercising or defending one of its rights in court. Subsequently, all data will be permanently deleted or anonymised.

Rights of the data subject

In the cases and within the limits provided for in Regulation (EU) 2016/679 and in the manner prescribed therein, the data subject has the right to:

  • withdraw the consent originally given pursuant to Article 7(3);
  • obtain confirmation as to whether or not personal data concerning them are being processed and, if so, obtain access to such data, in accordance with the provisions of Article 15 of Regulation (EU) 679/2016;
  • obtain the rectification of inaccurate personal data concerning them and/or the integration of incomplete personal data, in accordance with the provisions of Article 16 of Regulation (EU) 679/2016;
  • obtain the deletion ("right to be forgotten") of personal data concerning them, where the conditions for the exercise of this right are met, in accordance with the provisions of Article 17(1) of Regulation (EU) 679/2016;
  • obtain the restriction of the processing of personal data concerning them, where the conditions for the exercise of this right are met, in accordance with the provisions of Article 18(1) of Regulation (EU) 679/2016;
  • receive in a structured, commonly used and machine-readable format the personal data concerning them and transmit such personal data to another Data Controller, without hindrance by the Data Controller to whom they have provided them, where technically feasible ("right to data portability"), in accordance with the provisions of Article 20 of Regulation (EU) 679/2016;
  • object to the processing of personal data concerning them pursuant to Article 21 of Regulation (EU) 679/2016;
  • not be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or which significantly affects them in a similar way in accordance with the provisions of Article 22 of Regulation (EU) 679/2016.

Where the Data Controller intends to further process the personal data for a purpose other than that for which the personal data were originally collected, the Data Controller shall provide the data subject prior to that further processing with information on that other purpose and with any relevant further information.

To exercise the above rights, the data subject may contact the Data Controller by certified email at responsabileprotezionedati@ministeroturismo.gov.it or alternatively at info@italia.it. The latter email address can be used to withdraw consent and to request that you no longer receive newsletters.

Furthermore, in the event of a personal data breach that is likely to present a high risk to the rights and freedoms of the data subject, the Data Controller shall communicate the breach to the data subject without undue delay, pursuant to Article 34(1) of the Regulation.

If the data subject considers that the processing carried out by the Data Controller may have violated the rules in force on the protection of personal data, they have the right to lodge a complaint with the Data Protection Authority, pursuant to Article 77 of Regulation (EU) 2016/679, by:

  • registered letter with return receipt addressed to 'Garante per la Protezione dei Dati Personali', Piazza Venezia 11, 00187 Rome;
  • email to: protocollo@gpdp.it;
  • certified email to: protocollo@pec.gpdp.it;
  • fax to: 06/696773785.

Save your favorite places

Create an account or log in to save your wishlist

Do you already have an account?

Ops! An error occurred while sharing your content. Please accept profiling cookies to share the page.