Transparency portal

Ministry of Health

Follow us on:

Privacy Policy

pursuant to article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016

The management methods of the Site (hereinafter also just "site") are described here with reference to the processing of personal data of users who consult it. This is a document of a general nature which informs about the criteria for the correct processing of personal data carried out on or through the site. The information relating to the individual services that the user will use, drawn up pursuant to article 13 of the General Regulation EU/679/2016 on data protection and their free circulation (hereinafter Regulation), can be consulted on the site web in the specific sections and available at the owner's offices.

This information is provided pursuant to Article 13 of the Regulation to those who interact with the site's web services and does not include processing carried out on other sites that may be consulted by the user via links on the site itself. Users are invited to read this information carefully before submitting any type of personal information.


The owner of the processing of personal data

Following consultation of this site, data relating to identified or identifiable persons may be processed (interested pursuant to the User Regulations from now on). The data controller of personal data is the National Agency for Regional Health Services – AGE.NA.S (hereinafter, for brevity, also just “AGE.NA.S” or “data controller”). As of today, any information relating to the owner, together with the updated list of managers and system administrators possibly designated, can be found at the headquarters of AGE.NA.S., in Via Puglie n. 23 – 00187 Rome, email – PEC


Purpose, lawfulness of processing, types of data and criteria used to determine the retention period of personal data


Browsing the site involves the acquisition of some personal data whose transmission is implicit in the use of Internet communication protocols (browsing data). This is information that is not collected to be associated with identified users, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP (Internet Protocol) addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) ​​notation of the requested resources, the time of the request, the method used in submitting the request to the server on which the site is located or which manages the provision of the requested services, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc. ) and other parameters relating to the operating system and the users' IT environment.


The purposes for which the user's personal data are processed are listed:

·        use of the site;

·        any statistics on the use of the service (most visited pages, number of visitors per time slot or daily, geographical areas of origin, etc.);

·        any checks on the correct functioning of the services offered.

All the user's personal data are processed by the owner for carry out a task of public interest or connected to the exercise of public powers (article 6.1 letter e) of the Regulation).

The user's personal browsing data are stored for the period necessary to achieve the purposes for which they are collected and in any case not exceeding 7 days, without prejudice to the time necessary to satisfy requests received from the Judicial Authority for the purposes of defense and/or security of the State and/or prevention, detection or repression of crimes or to satisfy requests received from the Guarantor Authority for the protection of personal data .


      Contact section

The personal data provided by the user who sends requests to the contacts indicated in the relevant section will be used for the sole purpose of providing feedback to what has been requested. The optional, explicit and voluntary sending of e-mail messages to the addresses indicated on the site, by its very nature, involves the subsequent acquisition of the sender's e-mail address necessary to respond to requests, as well as any other personal data included in the message.

The lawfulness of the processing of personal data is based on the need to execute a contract of which the user is a party or the execution of pre-contractual measures adopted at the request of the same (art. 6.1 letter b) of the Regulation) or to carry out a task of public interest or connected to the exercise of public powers (art. 6.1 letter e) of the Regulation) which consists in responding to requests received.

The user's personal data are kept for the time necessary to provide feedback to the user and in any case for no longer than to manage possible appeals and/or disputes.

Failure to provide personal data will make it impossible for the Data Controller to provide feedback to the user.  


Methods of processing personal data

The processing of personal data of the user takes place at the headquarters of the owner, or if necessary, at the headquarters of any Personal Data Processors identified and designated pursuant to art. 28 of the Regulation or to the subjects indicated in the paragraph "Communication and dissemination of personal data". Personal data is processed with automated tools. Specific security measures are observed to prevent the loss, illicit and/or incorrect use, unauthorized access of data. The processing of personal data is carried out within the limits of what is strictly necessary for the performance of the functions for which the service is requested, excluding processing when the purposes pursued can be achieved using anonymous data or methods that allow the user to be identified only in case of necessity.


Communication and dissemination of personal data

If necessary, personal data may be communicated (with this term meaning giving knowledge of it to one or more specific subjects) to subjects whose right to access the data is recognized by national and European Union law provisions, as well as to employees/collaborators of the owner, as part of their duties and/or any contractual obligations (including those responsible for the processing of personal data, identified and appointed pursuant to the Regulation). Personal data are in no case disclosed, this term meaning making them known in any way to a plurality of indeterminate subjects.

Social network plugins

The site also incorporates plugins and/or buttons for social networks, in order to allow easy sharing of content on the user's favorite social networks. These plugins are programmed so as not to set any cookies when accessing the page, to safeguard the user's privacy. Cookies are possibly set, if so provided by social networks, only when the user makes effective and voluntary use of the plugin. Please note that if the user uses the social network by authenticating themselves using their authentication credentials, they have therefore already consented, at the time of registration, to the use of cookies. The collection and use of information obtained through the plugins are governed by the respective privacy policies of the social networks, to which please refer.


Changes to the information

The data controller reserves the right to make changes to this information at any time by advertising them to the user on this page. The user is therefore invited to consult this page frequently to be constantly updated.


Data Protection Officer (DPO) / Data Protection Officer (DPO)
The Data Protection Officer/Data Protection Officer identified by the organization is the following person:



Piazza /way






Via della Conciliazione, 10



Luigi Recupero

The Data Protection Officer can be found at the AGE.NA.S. corporate headquarters, in Via Puglie n. 23 – 00187 Rome. In the case of written requests/communications to be sent digitally, the Data Protection Officer can be contacted using the Institution's institutional contact details ( indicated on the Institution's website.


Rights of the interested party (user)

We inform you that, at any time, the user can exercise the following rights:

  • right to receive the personal data concerning him/her provided to a data controller in a structured, commonly used and machine-readable format and has the right to transmit such data to another data controller without impediments by the data controller to whom he provided them;
  • right to obtain access to your personal data;
  • right to obtain rectification of your personal data where this does not conflict with current legislation on data retention;
  • right to obtain the deletion of your personal data where this does not conflict with current legislation on data retention;
  • right to obtain the limitation of processing of your personal data;
  • right to object at any time, for reasons related to your particular situation, to the processing of your personal data.

The user can exercise the above rights with a request addressed without formalities to the owner of the processing of personal data or by contacting the Data Protection Officer/Protection Manager.

The interested party may exercise the above rights with a request addressed without formalities to the data controller of the personal data by hand delivery, traditional mail, registered letter, fax or e-mail to the following address:

To facilitate the exercise of these rights, the Italian Personal Data Protection Authority has prepared a specific form that can be downloaded from the website.


Right to lodge a complaint

The user has the right to lodge a complaint with a supervisory authority (in particular the Italian Personal Data Protection Authority).



The specific information describing the use of cookies carried out by the site is available and consultable in the document "Cookie policy”.


Specify the health problem