Information on the processing of personal data in compliance with articles 13 and 14 of EU Regulation 2016/679 (referred to below as the GDPR)

In compliance with EU Regulation 2016/679 and Municipal Council Resolution No. 150 of 15/05/2018, which approved the criteria and organisational methods for the personal data protection system of the Municipality of Venice, the following information is provided regarding the processing of data related to the implementation of the Access Fee to the Ancient City of the Municipality of Venice or to the other minor islands of the Venetian Lagoon, executed by the Economy and Finance Area:

1. Data Controller and Data Protection Officer

The Data Controller: Municipality of Venice
Competent Officer: Director of the Economy and Finance
direzionefinanziaria@pec.comune.venezia.it
The Data Protection Officer: rpd@comune.venezia.it
rpd.comune.venezia@pec.it

2. Data Subjects, purpose, and lawfulness conditions (legal basis)

a) Data Subjects:

  • Natural persons paying the Access Fee through the dedicated online platform;
  • Natural persons exempt/excluded who are not required to provide any data to benefit from the exclusion/exemption;
  • Natural persons requesting an exemption/exclusion from the payment of the Access Fee through the platform;
  • Natural persons requesting an exemption or exclusion from the payment of the Access Fee through alternative methods;
  • Natural persons whose data is processed in compliance with the obligations arising from the implementation regulations of the Access Fee, in order to carry out the necessary checks in fulfillment of the implementing regulations of the access fee.

b) Puropse:

the purpose of the processing relates to the implementation of a municipal fee (Access Fee to the Historic City of the Municipality of Venice or to the other minor islands of the Venetian Lagoon) and is aimed at fulfilling tax-related requirements. Specifically, it involves verifying the proper fulfilment of the relevant obligations by the data subjects, including checking the payment made or the accuracy of the information provided to benefit from exclusion/exemption from the tax obligation).

c) Lawfulness conditions (legal basis):

The lawfulness conditions (legal basis) for processing are as follows: the execution of a task in the public interest or connected to the exercise of public authority vested in the Municipality of Venice (under Article 6, paragraph 1, letter e) of the GDPR).

The following legal bases are particularly relevant:

  • Article 1, paragraph 1129, of Italian Law No. 145 of 30 December 2018, which authorised the Municipality of Venice to establish and regulate, through a regulation adopted according to Article 52 of Italian Legislative Decree No. 446 of 15 December 1997, the Access Fee referred to in Article 4, paragraph 3-bis, of Italian Legislative Decree No. 23 of 14 March 2011, for access to the Ancient City or to the other minor islands of the Venetian Lagoon;
  • Article 4, paragraph 3-bis, of Italian Legislative Decree No. 23 of 14 March 2011, governing the landing tax;
  • Article 52 of Italian Legislative Decree No. 446 of 15 December 1997, regulating the legislative authority of Municipalities and Provinces;
  • Article 1, paragraphs 161 and following, of Italian Law No. 296 of 27 December 2006, governing the time limits for assessment in cases of non-payment of local taxes;
  • Articles 16 and 17 of Italian Legislative Decree No. 472 of 18 December 1997, referenced by Article 1, paragraph 161, of Italian Law No. 296 of 27 December 2006;
  • Article 1, paragraph 164 and following, of Italian Law No. 296 of 27 December 2006, governing the time limits for tax refunds by local authorities;
  • Article 1, paragraphs 179 and following, of Italian Law No. 296 of 27 December 2006, governing the possibility of assigning assessment activities to entrusted entities registered in the "Register for the Assessment and Collection of Local Authority Revenues" established at the Italian Ministry of Economy and Finance under Article 53 of Italian Legislative Decree No. 446 of 15 December 1997;
  • Article 7-bis of Italian Legislative Decree No. 267 of 18 August 2000, governing provisions on violations of Municipal regulations;
  • Municipal Regulation for the establishment and regulation of the Access Fee, with or without a carrier, to the Ancient City of the Municipality of Venice or to the other minor islands of the Venetian Lagoon, approved by Municipal Council Resolution No. 51 of 12/09/2023 and subsequently amended by Resolution No. 71 of 21/12/2023 and subsequent modifications and integrations;
  • Municipal Executive Committee Resolution No. 249 of 12 December 2023, which approved the agreement templates governing relations with carriers regarding the implementation of the Access Fee;
  • Municipal Executive Committee Resolution No. 189 of 24 October 2024, which determined the amount of the Access Fee and the days of application on an experimental basis for the year 2025;
  • Municipal Executive Committee Resolution No. 20 of 18/02/2025, governing the payment methods for the Access Fee;
  • Municipal Executive Committee Resolution No. 34 of 13/03/2025, governing the operational procedures for the implementation of the Access Fee following the previously mentioned Municipal Regulation

3. Categories of data and their source

The processing concerns the following categories of personal data:

  • Common identifying data (such as name and surname) in cases of fee payment through the portal;
  • Common identifying data (such as name, surname, place and date of birth, and residence) when provided without Italian digital authentication services such as with SPID/CIE/CNS;
  • Common identifying data (such as name, surname, place and date of birth, and tax code) when provided with authentication via SPID/CIE/CNS;
  • Contact information (such as e-mail address and telephone number);
  • Data necessary for potential checks on the reasons provided for exclusion/exemption from the payment of the Access Fee.

In compliance with Article 14 of the GDPR, if the data has not been provided directly by the data subjects, it is hereby stated that it is submitted through the Portal by the third-party applicant.

4. Processing Methods

Data processing is performed in compliance with the principles prescribed by Article 5 of EU Regulation 2016/679 and the rights of the Data Subject governed by Chapter III of EU Regulation 2016/679.

Processing is executed using both digital and paper-based methods and includes the operations or set of operations necessary to achieve the specified purposes.

In particular, processing is executed with the following tools and procedures:

  • Portal for purchasing the document certifying the payment of the Access Fee or for obtaining the document confirming exclusion/exemption from payment;
  • Totem devices for obtaining certain exclusion/exemption documents on-site;
  • Digital tools and software applications used during inspections conducted in the territory;
  • Verification of any documentation submitted for the granting of the title of exclusion/exemption from the payment of the Access Fee.

The Data Controller does not engage in any profiling activities.

Any official checks or inspections on the declarations issued for exclusion/exemption purposes may be processed following the verification of access to the Ancient City of Venice and are governed by Italian tax regulations.

5. Security measures

Data is processed in compliance with Article 32 of EU Regulation 2016/679, ensuring security through appropriate protection measures to reduce the risks of data destruction or loss, alteration, unauthorised disclosure, or accidental or unlawful access. Processing is performed by authorised individuals responsible for executing and performing the relevant procedures.

6. Communication and disclosure

The personal data processed may be disclosed to third parties, both public and private, in compliance with the relevant legal, regulatory, and/or contractual obligations, exclusively for the purpose of verifying the validity of the reasons provided for exclusion/exemption from the payment of the Access Fee.

Where necessary, third parties are appointed as Data Processors by the Data Controller under Article 28 of the GDPR. At any time, the Data Subject is entitled to request an updated list of all Data Processors appointed by the Data Controller.

7. Transfer of data to a third country or an international organisation

Data is processed on an IT infrastructure implemented using cloud solutions from non-European providers, which are properly contracted in compliance with the conditions set out in Article 45 of the GDPR.

8. Obligation to provide personal data

Providing data is mandatory, and failure to do so results in the inability to obtain the necessary justification document for entry and access to the Ancient City of the Municipality of Venice or to the other minor islands of the Venetian Lagoon.

9. Data retention period

The data of individuals who have made payments through the designated platform is retained until the 5th year following the date of payment, which is the final deadline, under Article 1, paragraph 164, of Italian Law No. 296 of 27 December 2006, for requesting a refund of amounts paid but not due.

The data of individuals who have requested an exclusion/exemption document and whose presence is not confirmed during inspections in the territory are deleted at 12:00 a.m. (midnight) on the last day of validity of the document.

The data of individuals whose presence in the territory is registered are retained until December 31 of the 5th year following the inspection. This is the final deadline, under Article 1, paragraph 161, of Italian Law No. 296 of December 27, 2006, for issuing tax assessment notices that the Municipality must notify if it verifies that the declared reason for exclusion/exemption is not truthful.

10. Rights of the Data Subject

Data Subjects are entitled, under certain conditions, to exercise the rights provided for in Chapter III of EU Regulation 2016/679 and specifically the right to access their personal data, to request their rectification, restriction or deletion as well as to object to their processing, subject to the existence of legitimate reasons by the Data Controller.

In order to exercise these rights, Data Subjects may submit requests to: The Municipality of Venice, the Director of the Economy and Finance Department and the Data Protection Officer in compliance with Article 37 of EU Regulation 2016/679.

In the event of new circumstances and/or changes to the data processing as described above, the Data Controller, which is the Municipality of Venice, undertakes to provide the Data Subject with any additional information required.

11. Right to lodge a complaint

Under Article 77 of EU Regulation 2016/679, in the event of alleged violations of the regulation, the data subject may lodge a complaint with the Italian Supervisory Authority - the Data Protection Authority, without prejudice to any other form of administrative or judicial remedy.