Privacy

Information on the processing of personal data of INPS users, pursuant to Articles 13 and 14 of (EU) Regulation 2016/679

In accordance with (EU) Regulation 2016/679 (hereinafter "EU Regulation"), INPS describes how the personal data of the users concerned (hereinafter "Individuals concerned") is processed and what their rights are, as recognized by the EU Regulation.

INPS, as data controller, with its registered office in Rome, via Ciro il Grande, 21, informs the data subjects that their personal data, provided directly by them or acquired from third parties in accordance with the law, are processed in compliance with the conditions and limits established by the EU Regulation and Legislative Decree no. 196 of 30 June 2003, as amended and supplemented, containing the "Code for the protection of personal data".

The personal data of the data subject, including those belonging to special categories referred to in Article 9 of the EU Regulation or relating to criminal convictions and offences pursuant to Article 10 of the EU Regulation, are treated by INPS, in compliance with the legitimate legal bases, only to the extent necessary regarding the purposes pursued in the performance of institutional functions in the field of social security, insurance, welfare, certification and verification, fiscal, statistical and administrative on a health basis, as well as for functions directly related to these purposes or to ensure compliance with legal obligations.

Therefore, the purposes of data processing are strictly connected to, and instrumental to, the institutional administrative activities carried out by the Institute, having as its main purpose the initiation, management and conclusion of procedures that concern users.

In these contexts, the provision of data is often compulsory, since it is provided for by laws, regulations or Community legislation, which govern the performance and related obligations; in such cases, failure to provide the claimed data may make procedures impossible to carry out, or delayed. In certain cases identified by the legislation mentioned, penalties may occur.

When there is no obligation for data subjects to communicate information to Inps, they are duly informed at the time of collection that the provision of data is optional and failure to provide it may have substantial consequences or, at most, may make it impossible to obtain the claimed information.

The data already in the Institute's possession are processed only if they are indispensable for the performance of the aforementioned institutional functions, and in compliance with the principles of lawfulness, minimization, limitation, security, correctness and integrity as set forth in the EU Regulation.

In relation to the different purposes and the aims for which they have been collected and processed, personal data is kept for the time set out in the relevant legislation or for the time strictly necessary to achieve the purposes.

Special information is provided by INPS for specific activities or for particular services.

INPS implements appropriate technical and organisational security measures to ensure a level of security appropriate to the risks presented by the processing, in particular with regard to the destruction, loss, modification, unauthorised disclosure or access, whether accidental or unlawful, to personal data transmitted, stored or otherwise processed.

The processing of the personal data of data subjects may take place through the use of computerized, electronic and manual tools, with a logic which is strictly related to the purposes for which the data is collected, so as to ensure security and confidentiality, in compliance with what is set out in the EU Regulation, specifically Articles 5 to 11.

More specifically, the processing of personal data is carried out mainly by dependent workers of the Institute, who are authorized and instructed to do so, who operate under its direct authority and, only exceptionally, the data may also be known and processed by other individuals, who provide specific services or carry out necessary activities on behalf of INPS and operate as authorized persons or processors, designated by the Institute in compliance with the guarantees for this purpose indicated in the EU Regulation.

The personal data of the data subjects may be disclosed only if this is provided for by the relevant legal basis and, in line with this requirement, the communication of selected data subject to processing by INPS to other public or private entities is also allowed; these are independent data controllers, who will operate within the limits strictly necessary for the sole purpose for which the communication was made.

In cases provided for by regulatory provisions or, if provided for by law, specific regulations, within the limits set, personal data may be communicated by INPS to other public or private institutes; these are independent data controllers, who will operate within the limits strictly necessary for the sole purpose for which the communication was made.

Some data processing procedures carried out by Inps, for the purposes listed above, may involve the transfer of personal data abroad, within and/or outside the European Union. If this is necessary, Inps guarantees compliance with the EU Regulation with particular reference to the provisions of Article 45, i.e. the transfer will only take place to those countries that provide an adequate level of protection.

The data subjects have the right, at any time, to claim and receive confirmation of the existence or not of personal data concerning them and/or to verify the use of them by INPS.

Data subjects, moreover, have the right to claim, in the forms provided for by the law, the rectification of inaccurate personal data and the completion of incomplete data; in the cases indicated by the EU Regulation, without prejudice to rules provided for certain processing, they may also claim the deletion of the data, after the prescribed storage periods, or the limitation of processing; opposition to processing, for reasons related to their particular situation, is allowed unless there are legitimate reasons for the continuation of processing.

The appropriate claim to INPS is made by contacting the Data Protection Officer at INPS (INPS - Data Protection Officer, Via Ciro il Grande, 21, postal code 00144, Rome; certified e-mail: responsabileprotezionedati.inps@postacert.inps.gov.it).

Data subjects who believe that the processing of their personal data carried out by INPS is in violation of the provisions of the EU Regulation have the right to lodge a complaint with the Guarantor for the protection of personal data (National Supervisory Authority), as provided for in Article 77 of this Regulation, or to take appropriate legal action (Article 79 of the EU Regulation).

Additional information regarding the rights of the data subjects can be found on the site of the Privacy Guarantor for the protection of personal data at www.garanteprivacy.it.