Privacy Policy

Information on the processing of personal data pursuant to Article 13 of EU Regulation 2016/679

EU Regulation 2016/679 (hereinafter the "GDPR") lays down rules on the protection of natural persons with regard to the processing of personal data.

In compliance with the principle of transparency provided for in Articles 5 and 12 of the Regulation, this page describes the methods for processing the personal navigation data of users consulting the following websites (hereinafter, the "Sites"):

• Institutional website of the Autonomous Province of Trento - provincia.tn.it;
• Citizen's Room of the Autonomous Province of Trento - servizidigitali.provincia.tn.it.

The policies of the Autonomous Province of Trento on the processing of personal data are also contained, among the various sources, in Provincial Council Resolution No. 2220 of 16 December 2021 (the Province's Policy on the Protection of Personal Data).

1. WHY THIS INFORMATION NOTICE

This statement describes the methods for managing the Sites indicated in the preceding point, with reference to the processing of personal data of users, whether identified or identifiable, who consult them and interact with them and with the provincial web services accessible by telematic means. The information does not concern other sites, apps, pages or online services referring to resources external to the Province's domain, which can be reached through hypertext links published on the Sites or the display of which is directly integrated into the Sites themselves.

This information is provided pursuant to Article 13 of the GDPR and is intended to clarify the purposes and methods of processing, the storage periods and the nature of the personal data processed.

The information that users of the Sites deem to publish through the services and tools made available by the Sites, is provided by users knowingly and voluntarily, exempting the Province from any liability for any breach of law. It is up to the users to verify that they have the permissions to post content that is protected by national and international regulations.

2. DEFINITIONS

Personal data shall mean any information concerning an identified or identifiable natural person (data subject); an identifiable person is one who can be identified, directly or indirectly, by reference in particular to an identifier such as a name, an identification number, location data, an online identifier or to one or more elements that are characteristic of his or her physical, physiological, genetic, psychic, economic, cultural or social identity.

Processing of personal data shall mean any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data controller is the natural or legal person, public authority, service or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

Processor is the natural or legal person, public authority, service or other body that processes personal data on behalf of the controller.

More detailed definitions can be found in Article 4 of the GDPR.

3. DATA CONTROLLER, DATA PROCESSOR AND RPD

The Data Controller of personal data is the Autonomous Province of Trento, in the person of its legal representative (Acting President of the Province), with registered office in Piazza Dante 15 - 38122 Trento, Italy, who can be contacted at the addresses listed on the dedicated page.

The Data Processor is Trentino Digitale S.p.A., with registered office in via G. Gilli 2 - 38121 Trento, specifically appointed pursuant to art. 28 of the GDPR.

The Data Protection Officer - DPO (also known as Data protection officer - DPO) is the Director of the Electoral, Anti-corruption, Control and Personal Data Protection Service, with office located in Piazza Dante 15 - 38122 Trento, Italy - tel. 0461.494671, email: idprivacy@provincia.tn.it (please indicate in the subject line: "DPO intervention request ex art. 38 EU Reg.)

The Data Processors are:

• the pro tempore Manager of the Strategic Mission Unit for Digitalisation and Networks of the Autonomous Province of Trento, who can be contacted at the addresses listed on the dedicated page;
• the pro tempore Manager of the ICT and Digital Transformation Service of the Autonomous Province of Trento, in his capacity as Digital Transition Manager (RTD), who can be contacted at the addresses listed on the dedicated page.

The persons in charge are also the persons designated to reply to the Data Subject in case of exercise of the rights as per Art. 15 ff. of the GDPR.

4. TYPE OF DATA PROCESSED

All personal data collected through the Sites shall be processed lawfully and fairly for the purpose of providing the services requested as well as responding to users' communications and queries, and shall be kept only for the time necessary to pursue such purposes, consistent with the institutional purposes of the Autonomous Province of Trento. The personal data collected belong to the category of so-called "common" data (i.e. different from those provided for in Articles 9 and 10 of the GDPR).

Data provided voluntarily

It is possible to send requests and communications to the Autonomous Province of Trento through the contact email addresses indicated on the institutional website of the Autonomous Province of Trento. The optional, explicit and voluntary sending of email to the Province entails the subsequent processing of the sender's email address, which is necessary in order to reply to requests or to contact the sender again to obtain clarifications on what was reported, as well as any other personal data included in the message.

The personal data provided by users forwarding requests are used solely for the purpose of executing the request from time to time forwarded, and are communicated to third parties only if strictly necessary for that purpose, in compliance with European and national provisions. These data are processed by personnel specifically authorised to process them, and only if the processing is necessary for the performance of the assigned tasks. The general information forms in use by the provincial structures are available for consultation at this link.

The Institutional Site of the Autonomous Province of Trento may contain links and references to other websites. Each of these sites may involve the processing of personal data for specific purposes: for information on the relevant processing of personal data, please refer to the specific sections and notices of the sites consulted by users when browsing them.

Access data with digital identity

While browsing the institutional portal, in particular on the pages dedicated to the provincial digital services, the user may be redirected to the Citizen's Room of the Autonomous Province of Trento, accessible through the link: https://servizidigitali.provincia.tn.it.

The Stanza del Cittadino (Citizen's Room) is an online platform designed to offer citizens centralised access to the digital services provided by the Autonomous Province of Trento, accessible via smartphone or computer. This platform is aimed at simplifying interaction between citizens and public administration, allowing access to a wide range of services through a single digital access point.

Access to the Stanza del Cittadino takes place following user authentication with a digital identity, i.e. through SPID (Sistema Pubblico Identità Digitale - Public Digital Identity System), CIE (Carta d'Identità Elettronica - Electronic Identity Card) or CPS-CNS (Carta Provinciale-Nazionale dei Servizi - Provincial Services Card). At the time of authentication, the identity provider selected by the user transmits the following data to the application: first name, surname, tax code, date of birth, e-mail address, digital identity identification code. The user authorises the transmission optionally, explicitly and voluntarily.

The personal data provided at the time of authentication are used solely for the purpose of identifying the user.

The operation of the Citizen's Room is detailed in the information notice available within the application, which describes the personal data processing methods associated with all the system's functions.

Navigation data

The computer systems and software procedures used to operate the Sites acquire, in the course of their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes the IP addresses or domain names of the computers used by users who connect to the Sites, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment.

Browsing data are not used for the purpose of identifying users, but for the sole purpose of obtaining statistical information in anonymous form on the use of the Sites and their services and to check their correct functioning, and are kept for the time strictly necessary for such purposes.

In any case, any data acquired may be communicated to the Judicial Authorities in order to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the Sites or other Province websites.

Cookies

Cookies are small text files that the websites visited send to the user's terminal, where they are stored to collect information through the browser, and are then re-transmitted to the same sites on the next visit. They are used to measure and improve the quality of navigation.

The Garante per la protezione dei dati personali (Italian Data Protection Authority) has issued specific Guidelines on the subject of Cookies and other tracking tools, defining the methods for informing users and acquiring their consent for the use of cookies.

The Cookie Policy of the institutional website of the Autonomous Province of Trento is availableat this link.

5. PURPOSE OF PROCESSING AND LEGAL BASIS

The processing of personal data shall be carried out in compliance with the legislation on the protection of personal data and, in particular, with the principles of correctness, lawfulness and transparency, storage limitation and data minimisation in accordance with Articles 5 and 25 of the GDPR. The principle of minimisation provides that only personal data relevant and not excessive to the specific purposes of the processing may be collected and processed. The principle of storage limitation consists in keeping the data in a form that allows the identification of the data subjects for a period of time not exceeding the achievement of the purposes, except in cases provided for by law.

In compliance with Article 13 of the GDPR, the purpose of the processing and the legal basis for processing the data are specifically stated here.

Personal data are processed in the performance of tasks carried out in the public interest or in any case connected with the exercise of public powers and institutional activities vested in the Autonomous Province of Trento (Art. 6, co. 1, lett. e of the GDPR). In particular:

• ensuring interaction with citizens by means of information and communication technologies, pursuant to Article 12 of Legislative Decree no. 82 of 7 March 2005, Digital Administration Code;
• Make the Autonomous Province of Trento's institutional website available, as provided for by Article 53 of Legislative Decree no. 82 of 7 March 2005, Digital Administration Code;
• guarantee telematic access to Public Administration services, pursuant to Articles 3-bis and 64-bis of Legislative Decree no. 82 of 7 March 2005, Digital Administration Code;
• guarantee the right to simple and integrated online public services and allow access with a digital identity, as provided for in Articles 7 and 64 of Legislative Decree no. 82 of 7 March 2005, Digital Administration Code;
• allow users to submit applications, declarations, reports and communications, also by means of forms and forms, as provided for by art. 8, c. 2 and art. 9, c. 2 and c. 3 of Provincial Law no. 23 of 30 November 1992, Provincial Law on Administrative Activities
• Pursue the objectives set out in Article 2, para. 1 of Provincial Law no. 16 of 27 July 2012, Provisions for the promotion of the information society and digital administration and for the dissemination of free software and open data formats;
• guaranteeing accessibility to data and documents held by public administrations, pursuant to Article 1 of Legislative Decree No. 33 of 14 March 2013;

Apart from what has been specified for browsing data in the previous paragraph, users of the Sites are free to provide their personal data for requests for services or information; however, failure to provide such data will make it impossible to provide the service or to comply with the request.

6. COMMUNICATION AND DISSEMINATION

The data collected and processed through the Sites, exclusively for the purposes specified above, may be communicated, in compliance with the laws in force, to external companies appointed by the Autonomous Province of Trento, in order to perform services in the IT and technological field relating to its websites. These companies will be duly appointed as data processors.

Moreover, where necessary, the data may be disclosed to the competent judicial authorities and to other public entities requesting such information on the basis of the laws in force and in connection with investigations and proceedings relating to the prevention, detection and prosecution of criminal offences, as well as for the purposes of the judicial defence of rights.

Personal data provided by users who submit requests to the provincial administration are disclosed to third parties only if strictly necessary to execute the request.

The personal data provided shall not be disseminated in any way.

7. DATA TRANSFER OUTSIDE THE EU

Personal data is not transferred outside the European Union.

8. AUTOMATED DECISION-MAKING PROCESSES AND PROFILING

The existence of decision-making processes based on automated processing is excluded, as is any form of profiling of users.

9. METHODS AND PLACE OF DATA PROCESSING, STORAGE PERIOD

Personal data are processed by automated tools (computer/electronic) in compliance with the principle of storage limitation and kept for the time strictly necessary to achieve the public interest purposes for which they were collected or for the provision of public services requested by the user. The retention period for personal data is 10 years from the date of collection of the data, as stipulated in the discard and archive maximum of the structure responsible for the protection of personal data. After this period, the data will be deleted, without prejudice to the Controller's right to retain it further for purposes compatible with those indicated above. Specific security measures are observed to prevent data loss, unlawful or incorrect use and unauthorised access. Appropriate technical and organisational measures are also taken to minimise risks concerning confidentiality, availability and data integrity.

Processing related to the provision of digital public services takes place at the offices of the Autonomous Province of Trento, at the headquarters of Trentino Digitale S.p.A. (via G. Gilli 2 - 38121 Trento) and at the Amazon Web Services (AWS) cloud infrastructure located in Dublin, Frankfurt and Milan.

Data are processed, exclusively for the above purposes, by duly trained employees and, in particular, by specially appointed Data Processors and specifically authorised Data Processors.

10. RIGHTS OF THE DATA SUBJECTS

Data subjects (the natural persons to whom the data refer) may exercise their rights under the GDPR, vis-à-vis the Data Controller and at any time, using the contacts specified above, for all matters relating to the processing of their personal data. It is also possible to contact the Data Protection Officer, also using the application form.

In particular, Data Subjects may: request access to their personal data and obtain a copy thereof (Art. 15); if they consider it to be inaccurate or incomplete, they may request that it be corrected or supplemented (Art. 16); if the legal requirements are met, they may request that it be erased (Art. 17), exercise the right to restriction (Art. 18) and object to processing for reasons related to their particular situation (Art. 21).

To this end, it is also possible to use the present rights exercise form made available by the Data Protection Authority.

Article 77 of the GDPR allows the data subject to lodge a complaint with the Garante per la protezione dei dati personali (with head office in Rome, Piazza Venezia 11, website: www.garanteprivacy.it, telephone: (+39) 06.696771, email: protocollo@gpdp.it , pec: protocollo@pec.gpdp.it) if he/she considers that the processing concerning him/her has violated a provision of the Regulation itself.

The forms provided by the Data Protection Authority are accessible on the dedicated web page.

The data subject also has the right to take legal action (Article 79).

11. CHANGES TO THIS INFORMATION NOTICE

This Information Notice is subject to updates and changes over time, so it is the user's responsibility to periodically check the updated content.

12. FORM

Form for the exercise of the rights of the interested party

Form for the intervention of the Data Protection Officer

13. GENERAL PRIVACY NOTICES

For the sake of maximum transparency, the general information models in use at our facilities are offered for consultation at this link. As a matter of course, it should be noted that the models provided specifically to the interested party will be detailed and circumscribed in relation to the peculiarities of the relationship.

Last modified: June 2025