In compliance with EU Regulation 2016/679 and Municipal Council Resolution No. 150 of 15/05/2018, which approved the criteria and organisational methods for the personal data protection system of the Municipality of Venice, the following information is provided regarding the processing of data related to the implementation of the Access Fee to the Ancient City of the Municipality of Venice or to the other minor islands of the Venetian Lagoon, executed by the Economy and Finance Area:
The Data Controller: | Municipality of Venice |
Competent Officer: |
Director of the Economy and Finance direzionefinanziaria@pec.comune.venezia.it |
The Data Protection Officer: |
rpd@comune.venezia.it rpd.comune.venezia@pec.it |
the purpose of the processing relates to the implementation of a municipal fee (Access Fee to the Historic City of the Municipality of Venice or to the other minor islands of the Venetian Lagoon) and is aimed at fulfilling tax-related requirements. Specifically, it involves verifying the proper fulfilment of the relevant obligations by the data subjects, including checking the payment made or the accuracy of the information provided to benefit from exclusion/exemption from the tax obligation).
The lawfulness conditions (legal basis) for processing are as follows: the execution of a task in the public interest or connected to the exercise of public authority vested in the Municipality of Venice (under Article 6, paragraph 1, letter e) of the GDPR).
The following legal bases are particularly relevant:
The processing concerns the following categories of personal data:
In compliance with Article 14 of the GDPR, if the data has not been provided directly by the data subjects, it is hereby stated that it is submitted through the Portal by the third-party applicant.
Data processing is performed in compliance with the principles prescribed by Article 5 of EU Regulation 2016/679 and the rights of the Data Subject governed by Chapter III of EU Regulation 2016/679.
Processing is executed using both digital and paper-based methods and includes the operations or set of operations necessary to achieve the specified purposes.
In particular, processing is executed with the following tools and procedures:
The Data Controller does not engage in any profiling activities.
Any official checks or inspections on the declarations issued for exclusion/exemption purposes may be processed following the verification of access to the Ancient City of Venice and are governed by Italian tax regulations.
Data is processed in compliance with Article 32 of EU Regulation 2016/679, ensuring security through appropriate protection measures to reduce the risks of data destruction or loss, alteration, unauthorised disclosure, or accidental or unlawful access. Processing is performed by authorised individuals responsible for executing and performing the relevant procedures.
The personal data processed may be disclosed to third parties, both public and private, in compliance with the relevant legal, regulatory, and/or contractual obligations, exclusively for the purpose of verifying the validity of the reasons provided for exclusion/exemption from the payment of the Access Fee.
Where necessary, third parties are appointed as Data Processors by the Data Controller under Article 28 of the GDPR. At any time, the Data Subject is entitled to request an updated list of all Data Processors appointed by the Data Controller.
Data is processed on an IT infrastructure implemented using cloud solutions from non-European providers, which are properly contracted in compliance with the conditions set out in Article 45 of the GDPR.
Providing data is mandatory, and failure to do so results in the inability to obtain the necessary justification document for entry and access to the Ancient City of the Municipality of Venice or to the other minor islands of the Venetian Lagoon.
The data of individuals who have made payments through the designated platform is retained until the 5th year following the date of payment, which is the final deadline, under Article 1, paragraph 164, of Italian Law No. 296 of 27 December 2006, for requesting a refund of amounts paid but not due.
The data of individuals who have requested an exclusion/exemption document and whose presence is not confirmed during inspections in the territory are deleted at 12:00 a.m. (midnight) on the last day of validity of the document.
The data of individuals whose presence in the territory is registered are retained until December 31 of the 5th year following the inspection. This is the final deadline, under Article 1, paragraph 161, of Italian Law No. 296 of December 27, 2006, for issuing tax assessment notices that the Municipality must notify if it verifies that the declared reason for exclusion/exemption is not truthful.
Data Subjects are entitled, under certain conditions, to exercise the rights provided for in Chapter III of EU Regulation 2016/679 and specifically the right to access their personal data, to request their rectification, restriction or deletion as well as to object to their processing, subject to the existence of legitimate reasons by the Data Controller.
In order to exercise these rights, Data Subjects may submit requests to: The Municipality of Venice, the Director of the Economy and Finance Department and the Data Protection Officer in compliance with Article 37 of EU Regulation 2016/679.
In the event of new circumstances and/or changes to the data processing as described above, the Data Controller, which is the Municipality of Venice, undertakes to provide the Data Subject with any additional information required.
Under Article 77 of EU Regulation 2016/679, in the event of alleged violations of the regulation, the data subject may lodge a complaint with the Italian Supervisory Authority - the Data Protection Authority, without prejudice to any other form of administrative or judicial remedy.