Agenzia delle Dogane e dei Monopoli

in compliance with Regulation (EU) 2016/679 of 27/04/2016

Dear User,
please be aware that starting from May 25th 2018 the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC 6/CE (hereinafter: "Regulation").

The Regulation introduces a regulatory frame of reference aimed at ensuring a consistent level of protection of natural persons with regard to the processing of personal data in all EU Member States. In compliance with such Regulation, this page informs you on the processing of your personal data, including data you provided, by the Italian Customs and Monopolies Agency (hereinafter: “Agency”).

Controller

Controller of personal data is the Italian Customs and Monopolies Agency, with legal office in Rome Via Mario Carucci, n. 71 - 00143 - E-mail address: dir.internalaudit.datipersonali@adm.gov.it, PEC: dir.internalaudit@pec.adm.gov.it, switchboard +39 06 50 24 1.

Processor

The Processor of the automated processing is, as technological partner of the Agency, Sogei S.p.A, with legal office in Rome via Mario Carucci n. 99, 00143. Contact data of Sogei S.p.A. are available in the company’s website: http://www.sogei.it .

Data protection officer

Contact details of Data protection officer/Responsabile della protezione dei dati (DPO/RPD) are as follows: address: Agenzia delle Dogane e dei Monopoli – Responsabile della protezione dei dati, Via Mario Carucci n. 71 - 00143 Roma; E-mail address: adm.dpo@adm.gov.it.

Legal base and purposes of the processing

The Agency, created under article 57 of legislative decree N° 300 of July 30th 1999, and any subsequent amendments, has legal personality under public law and is independent as regards regulatory, administrative, assets, organization, accounting and financial aspects. In particular, the Agency manages the customs duties, the national taxation of international trade and the excise duties. Moreover, the agency applies the EU customs code and all other measures, including those related to the common agricultural and commercial policies, to international trade. The Agency also controls games and tobacco, ensuring the interests of the State by collecting duties and protects the citizens by fighting crimes and managing the sector through concessionaires and regulatory acts. Lastly, the Agency helps in ensuring public health, safety and security, by controlling the goods entering the European Union.

Thus, the Agency processes your personal data in compliance with its own tasks related to public interest or with its own public powers, in order to ensure that laws are duly complied with.

Recipients of the data

Your personal data, if needed, can be transmitted:

• To persons to whom data are to be transmitted in compliance with a legal obligation, a Regulation, a EU legislation, o to comply with a decision of the Judicial Authority;
• To persons designated by the Controller as Processors, to persons authorized to process personal data acting under the Controller or the Processor’s direct authority, or to the Agency’s employees acting under specific instructions provided for the purposes and method of processing;
• To any other third persons in the cases and/or conditions established by the national and EU legislation, or if the transmission of the data is necessary for the protection of the Agency in courts, in compliance with the provisions in force concerning the protection of personal data.

Storage periods

The personal data you provided and/or produced by the Agency will be stored for the time needed to fulfil the purposes for which they were gathered and, in all cases, in compliance with the national and EU legislation in force.

Rights of data subjects

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and access to such personal data under article 15 of the Regulation. The data subject shall have the right to obtain from the controller rectification of inaccurate personal data concerning him or her, as well as the right to have incomplete personal data completed (art. 16 of the Regulation). Without prejudice to the specific guidelines for some forms of processing, according to the Regulation provisions, the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her (art. 17 of the Regulation). Moreover, the data subject shall have the right to obtain restriction of processing and also the right to object to processing, in compliance with the provisions in articles 18 and 21 of the Regulation respectively.

Contact details of the Controller, that can be contacted for exercising the above rights are as follows: Agenzia delle Dogane e dei Monopoli - Titolare del trattamento dei dati - Address: Via Mario Carucci, n. 71 - 00143, Roma - E-mail: dir.internalaudit.datipersonali@adm.gov.it

Right to lodge a complaint

Data subject shall have the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes this Regulation (art. 77 of the Regulation).

Main kinds of data processing

Customs Electronic Service and Single Portal

All data needed for the activation of the Customs Electronic Service (Servizio Telematico Doganale) and the services of the Single Portal are stored in the servers’ storage supports and protected by appropriate security measures. The access to such pages by the qualified person is strictly personal and based upon authentication credentials only used by single users. In such cases, the disclosure of data by the applicant is needed for providing services to users. The non-disclosure prevents the user from obtaining the service required.

Electronic services for holders of a licence of public games

The holders of a licence operating in the market of public games access electronic services reserved to them following authorization. Data sent during registration are stored in the Agency’s server infrastructure, within storing devices protected by appropriate security measures. The access to such pages by the qualified person is strictly personal and based upon authentication credentials only used by single users. In such cases, the disclosure of data by the applicant is needed for providing services to users. The non-disclosure prevents the user from obtaining the service required.

Navigation data

IT systems and software procedures used for the website store, in their normal activity, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of PCs and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) addresses of resources requested, time of request, method used to submit the request to the server, the size of the file obtained in reply, the numeric code indicating the state of the reply provided by the server (successful, error, etc.) and other parameters concerning the user’s operational system and IT environment.

Such data, which are necessary in order to use web services, are processed also in order to:

• Obtain statistic information on the use of services (most visited pages, number of visitors by day or time slot, geographic area of origin, etc.);
• Control the proper functioning of the services offered.

Data communicated by the user

The optional, express and voluntary transmission of messages to the Agency’s contact addresses, as well as the filling in and lodging of forms included in the Agency’s website, imply the storage of all sender’s contact details, as they are necessary to reply, as well as all other personal data included in the communications.

Other kinds of data

Specific information notes are being developed for providing certain services or administrative procedures.;

Cookies and other tracking systems

I cookies are small text files sent by the visited sites to the user’s browser, that stores them and sends them back to the same sites at the next visit. The information sent by the users is required in order to use the services offered by the Agency. The Agency invites users, in their requests, not to send third persons’ names or other personal data that are not strictly necessary ;

Session Cookies

The use of these cookies (that are not persistently stored in the user’s PC and disappear when the browser is closed) is strictly limited to the session identifiers (consisting of random numbers generated by the server) necessary for a secure and efficient site exploration. The use of such cookies allows not to use other IT techniques that could potentially affect the user’s navigation confidentiality and does not allow to store personal data identifying the user.

Functionality cookies

These cookies allow the user to navigate depending on a specific set of selected criteria, for example language, in order to improve the service offered.

Cookies web analytics

Cookies analytics are used to gather aggregate information about the number of users and how such users visit the site; data are gathered only to develop statistical anonymous information about the use of the site and in order to verify its correct functioning; navigation data could be used to identify a user only it this is necessary in order to assess IT crimes.

In this site cookies are not used for purposes of user profiling.

Cookies are not used for the transmission of personal information.

Permanent cookies can be used only if they are necessary for providing a service included in the Agency’s institutional functions.

The user may decide to enable or disable cookies from settings of navigation browsers according to the manufacturer’s instruction. Disabling session cookies will prevent the user to authenticate for the website reserved area.

Specific information will be gradually posted in the website pages for particular services on demand. ;

Data protection measures

The Agency processes the user’s data also with automated tools and adopts specific organizational, technical and physical measures in order to ensure that the user’s data are processed appropriately, in line with the purposes for which they are processed and in order to prevent unauthorized consultation, disclosure, ex-filtration, modification/destruction of personal data.

Changes to this information

The controller reserves the right to change this information, publicising the changes in this page for User’s information. Please consult regularly this page, considering its last version. Unless otherwise specified, the previous privacy concerning the processing of personal data will be applied to personal data gathered until then.

This information is not valid for other websites that may be accessed through external links contained within this website, for which the Agency cannot be held responsible. For further information concerning the data subject rights on protection of personal data, please visit the Data Protection Authority’s website at www.garanteprivacy.it.

Last updated 12/07/2018

Previous information