Notice on the protection of natural persons with regard to the processing of personal data via the Web channel
(General Data Protection Regulation (EU) 2016/679, Art. 13)
Please be advised that the Ministry of Foreign Affairs and International Cooperation, with registered office at Piazzale della Farnesina 1 – 00135 Rome (hereinafter, the “Data Controller”), in its capacity as data controller, informs you pursuant to Article 13 of EU Regulation No. 2016/679 (hereinafter, “GDPR”) that your data will be processed in the manner and for the purposes set out below.
This website, dedicated to the tourism and genealogical activities of the Italea project, collects personal data through contact, itinerary request, and genealogical consultancy forms. The data collected include, by way of example: first name, last name, email, city of departure and destination, region of roots, information on family ties, travel dates, tourism interests, as well as genealogical data relating to ancestors (name, year of birth, place of origin). Such data are stored in the Italea database and, to enable effective handling of requests, may be forwarded to regional contacts responsible according to the location indicated by the user.
The Data Controller processes personal and identifying data, such as: first name, last name, company name, address, telephone, email, spaces (hereinafter, “personal data”), when communicated by you, for the performance of services connected to the Data Controller’s activities.
In addition to the purposes indicated above, the personal data provided via the site’s forms will be used to: process and respond to requests for tourist itineraries or genealogical consultancy; put the user in contact with regional or local representatives responsible for handling requests; improve the offering of tourism and cultural services connected to Italian roots. The processing of such data will always take place in compliance with the principles of lawfulness, fairness and transparency.
Your personal data that you provide through this website may be used:
A) Without your express consent (Art. 6, letters b) and e) of the GDPR) for the following purposes:
B) Only with your specific and separate consent (Art. 7 GDPR), in order to activate services based on your specific personal needs that you choose to communicate.
The processing of your personal data is carried out by means of the operations indicated in Art. 4(2) GDPR, namely: collection, recording, organisation, storage, consultation, processing, alteration, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of data. Your personal data may be processed in paper form and electronically, but not by automated means.
The Data Controller will process personal data for the time necessary to fulfil the purposes indicated above, and in any case for no longer than 10 years from termination of the relationship for Service Purposes and for no longer than 2 years from data collection for Marketing Purposes.
Your data may be made accessible for the purposes referred to in Art. 2.A) and 2.B):
A) Only to employees, collaborators and companies of the Data Controller, in Italy and abroad, in their capacity as persons authorised to process data and/or Data Processors and/or system administrators.
The data collected may be communicated to regional contacts or tourism and genealogical partners entrusted with handling itinerary or genealogical consultancy requests, solely for purposes connected with the service requested by the user and in accordance with the GDPR. No data will be disclosed for purposes other than those indicated.
Without the need for express consent (Art. 6, letters b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in Art. 2.A) to supervisory bodies, judicial authorities, insurance companies for the provision of insurance services, as well as to those to whom communication is mandatory by law, in order to pursue the aforementioned purposes. Such parties will process the data in their capacity as Independent Data Controllers. Your data will not be disseminated in other ways.
Personal data are stored on servers located within the European Union. It is nonetheless understood that the Data Controller, where necessary, may move servers outside the EU. In such cases, the Data Controller hereby ensures that the transfer of data outside the EU will take place only in accordance with applicable law, after signing the Standard Contractual Clauses provided by the European Commission.
Providing data in the “Itinerary Request”, “Genealogical Consultancy” and “General Contact” forms is necessary to enable intake and handling of requests. If data are not provided, the Controller will be unable to provide the requested services. Express consent to the processing of data is mandatory for the handling and transmission of information to the competent regional contacts.
Providing data for the purposes referred to in Art. 2.A) is mandatory. In their absence, we cannot guarantee you the services referred to in Art. 2.A).
Providing data for the purposes referred to in Art. 2.B) is optional. You may therefore decide not to provide any data or to later deny the possibility of processing data already provided: in such cases, you will be unable to continue using the services offered by the Data Controller. You will in any case remain entitled to the services referred to in Art. 2.A).
As a data subject, you have the rights set out in Art. 15 GDPR and specifically the rights to:
Where applicable, you also have the rights referred to in Arts. 16–21 GDPR (Right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Supervisory Authority.
You may exercise your rights at any time by:
Last updated: 29 October 2025