Information on the processing of personal data pursuant to Articles 13 and 14 of EU Regulation 2016/679 (hereinafter referred to as the GDPR)

Under the EU Regulation 2016/679 and the Resolution issued by the Municipal Council dated 15/05/2018, number 150, which approved the criteria and organisational methods of the personal data protection system of the Municipality of Venice, in reference to the data processing activities governing the implementation of the payment of the Access Fee for entry to the Historic City of Venice or the minor islands of the Venetian Lagoon, executed by the Economic and Finance Area, the following information is provided:

1. The Data Controller and the Data Protection Officer

2. Data Subjects, Purposes, Legality Conditions (Legal Basis)

a) Data Subjects:

• Individuals exempt/excluded who are not required to submit any communication (born or residing in the Municipality of Venice);
• Individuals paying the Access Fee through the dedicated online platform;
• Individuals requesting exemption or exclusion from the payment of the Access Fee through the platform;
• Individuals requesting exemption or exclusion from the payment of the Access Fee through alternate means;
• Additional individuals (such as accompanying persons, family members, employers, etc.) whose personal data are processed in compliance with the obligations required to implement the Access Fee payment

b) Scope:

The scope of the processing relates to the implementation of a Municipal Tax (the Access Fee to the Historic City of Venice or the minor islands of the Venetian Lagoon) and is represented by the fiscal requirement of verifying the correct fulfilment of the related obligations by the subjects involved (verification of payment made or the truthfulness of the statements declared to benefit from the exemption/exclusion of paying the Access Fee).

c) Statutory Conditions (Legal Basis):

The statutory conditions (legal basis) of the processing are as follows: the execution of a task of public interest or connected to the exercise of public authority vested in the Municipality of Venice (pursuant to Article 6, paragraph 1, letter e) of the GDPR).

The following legal bases are particularly relevant:

• Article 1, paragraph 1129, of Italian Law dated December 30 2018, number 145, which provides the option for the Municipality of Venice to establish and govern, with a regulation to be adopted pursuant to Article 52 of Italian Legislative Decree dated December 15 1997, number 446, the Access Fee referred to in Article 4, paragraph 3 bis, of Italian Legislative Decree dated March 14 2011, number 23, for the entry to the Historic City of Venice and the minor islands of the Venetian Lagoon;
• Article 4, paragraph 3 bis, of Italian Legislative Decree dated March 14 2011, number 23, which regulates the Landing Tax;
• Article 52 of Italian Legislative Decree dated December 15 1997, number 446, governing the regulatory power of Municipalities and Provinces;
• Article 1, paragraphs 161 and the subsequent paragraphs of Italian Law dated December 27 2006, number 296, regulating the terms of assessment in connection with non-payment of local taxes;
• Articles 16 and 17 of Italian Legislative Decree dated December 18 1997, number 472, referred to in Article 1, paragraph 161, of Italian Law dated December 27 2006, number 296;
• Article 1, paragraph 164 and the subsequent paragraphs of Italian Law dated December 27 2006, number 296, regulating the terms of tax refunds by local authorities;
• Article 1, paragraphs 179 and the subsequent paragraphs of Italian Law dated December 27 2006, number 296, regulating the possibility of entrusting assessment activities to entities enrolled in the "Register for the assessment and collection of revenues of local revenues" issued by the Italian Ministry of Economy and Finance pursuant to Article 53 of Italian Legislative Decree dated December 15 1997, number 446;
• Article 7 bis of Italian Legislative Decree dated August 18 2000, number 267, regulating provisions related to violations of Municipal regulations;
• The Municipal Regulation for the establishment and governing of the Access Fee, with or without a carrier, to the Historic City of Venice and the other minor islands of the Venetian Lagoon approved with Resolution issued by the Municipal Council dated 12/09/2023, number 51, which was subsequently amended with Resolution dated 21/12/2023, number 71;
• The Resolution of the Municipal Council dated November 23 2023, number 236, which determines the amount of the Access Fee and the days of its application;
• The Resolution of the Municipal Council dated December 12 2023, number 249, governing the operational methods for the implementation of the Access Fee in execution of the Municipal Regulation referred to above.

3. Categories and sources of personal data

The processing applies to the following categories of personal data:

• General identification data (such as name, surname, place and date of birth, residence in cases provided for by the application of the Access Fee);
• Contact data (such as an e-mail address and telephone number);
• Data required for applying any exclusions, including specific data relating to medical conditions.

In compliance with Article 14 of the GDPR, if the information has not been communicated directly by the Data Subjects, please be informed that the data will be transferred by a third party via the Portal.

4. Processing Methods

The processing is carried out in compliance with the principles regulated by Article 5 of EU Regulation 2016/679 and the rights of the Data Subject governed in Chapter III of the same Regulation.

Processing is executed in computerised and paper form. It includes the operations or set of operations necessary to implement the specified objectives.

Specifically, the processing is performed by using the following tools and procedures:

• Portal for the purchase of the ticket, which is proof of payment of the Access Fee or for the acquisition of the title of exclusion/exemption from payment;
• Computer tools and applications used during inspections performed on the territory;
• The verification of any documentation submitted for the granting of the title of exclusion/exemption from the payment of the Access Fee

The Data Controller does not execute any profiling activities.

Any office inspections aimed at verifying the truthfulness of the statements made for the purposes of exemption/exclusion are the object of subsequent processing regulated by the standards of Italian Tax Legislation.

5. Security Measures

The data are processed to ensure, in compliance with Article 32 of EU Regulation 2016/679, complete security with adequate protective measures in order to reduce the risks of destruction or loss of data, alteration, unauthorised disclosure, or accidental or illegal access. The processing is carried out by individuals authorised to carry out the relevant procedures.

6. Communication

The personal data being processed may be communicated to third parties, public and private, in compliance with the relevant legal, regulatory and/or contractual obligations.

Where necessary, third parties are appointed by the Data Controller as Processors under Article 28 of the GDPR. At any time, the Data Subject is entitled to request an updated list of all the Processors appointed by the Data Controller.

7. Transfer of Data to a Third Country or an International Organisation

The data is processed on a computer infrastructure implemented using cloud solutions from nonEuropean suppliers adequately contracted in compliance with the conditions of Article 35 of the GDPR.

8. Obligation to Provide Personal Data

The provision of data is mandatory, and failure to provide the data results in the impossibility of obtaining the necessary justificatory title to access the Historical City of the Municipality of Venice or the other minor islands of the Venetian Lagoon.

9. Data Retention Period

The data of individuals who pay the Access Fee on the specific platform are stored until the 5th year following the day of payment, the final term, under Article 1, paragraph 164, of Italian Law dated December 27 2006, number 296, in order to allow for refund claims for amounts paid and not due.

The data of subjects for whom an exclusion/exemption title has been requested and whose presence is not found during territorial inspections is deleted at 12:00 a.m. midnight on the last day of validity of the specific title.

The data of the subjects whose presence in the territory will be recorded is stored until December 31 of the 5th year following the inspection, which is the deadline, under Article 1, paragraph 161 of Italian Law dated December 27 2006, number 296. This term is necessary for the issuance of tax assessment notices that the Municipality is to notify if it verifies that the reason declared for the exclusion/exemption is not truthful.

10. Rights of the Data Subject

Under certain conditions, as a Data Subject, you are entitled to exercise the rights provided for in Chapter III of EU Regulation 2016/679 and specifically the right to access your personal data, to request their rectification, restriction or deletion, and to object to their processing, subject to the existence of legitimate grounds held by the Data Controller.

For this purpose, you can contact: the Municipality of Venice, the Director of the Economic and Finance Area and the Data Protection Officer under Article 37 of EU Regulation 2016/679.

If the Data Controller of the Municipality of Venice processes personal data collected for a purpose that is different from the one identified above, it undertakes to provide the Data Subject with all the information relating to this different purpose, as well as any additional information necessary.

11. Right to Lodge a Complaint

In accordance with Article 77 of EU Regulation 2016/679, in the event of alleged violations of the Regulation, the Data Subject is entitled to lodge a complaint with the Italian Supervisory Authority - Guarantor for the protection of personal data, without prejudice to any other form of administrative or judicial recourse.