Online Services - Italian Treasury Department

The Ministry of the Economy and Finance (hereinafter also referred to as the "MEF"), as the Data Controller, protects and guarantees the confidentiality of the personal data of the Data Subject and ensures the necessary protection against any event that may put them at risk of breach. The MEF provides this information through the Department of the Treasury.

The Ministry of Economy and Finance has appointed a Data Protection Officer (DPO), who can be contacted via responsabileprotezionedati@mef.gov.it.

The personal data of the data subject, such as personal data, contact details and delivery details, as well as the relationship with the entity to which the Data Subject belongs, and IT data (e.g. user profile and account for the restricted area and related logs), collected during registration and authentication on the Treasury Portal, are processed for access to the services offered through the aforementioned Portal, also according to the user's membership with the entities listed on the Portal, all in compliance with the institutional purposes for which the Portal's services are intended.

Personal data may also be collected through sources other than the Data Subject For example, when users are managed, in their allocation and in relation to the services they access, by subjects ( so-called micro and macro managers) who are identified for their specific functions and because they have special profiles assigned for the administration of the services mediated by the Portal, and who act on behalf of or in the interest of the entities to which they belong. The above operations are considered legitimate by the entity to which they belong, in compliance with the relevant obligations of the latter with regard to the protection of personal data.

The provision of personal data is necessary, otherwise the registration procedure and therefore access to the services offered through the Treasury Portal cannot be used. The data will be used with the required guarantees of security, by means of computerised or telematic methods strictly for this purpose, by the Data Controller, by the subjects authorised by them and by the providers of computer systems who also act through subjects who are under their authority, as data processors of the personal data thus identified pursuant to art. 28 of the Regulation.

It should be noted that the processing of personal data, including the communication of the same, does not require the consent of the person concerned in the event that the same occurs against legal obligations or to implement the obligations arising from the relationship established following registration for access to services offered through the Treasury Portal in the manner set out in the user manual, or otherwise when necessary to achieve the institutional purposes of the Data Controller; Furthermore, there is no need for consent should there be any other case of exclusion, when expressly provided for or dependent on the rules and regulations applied by the Data Controller, as well as through third parties identified as data controllers.

Personal data will not be transferred abroad, it may be communicated to the aforementioned subjects and with the guarantees provided for the purpose, and the data (especially identification data) may be communicated to other users registered with the same group or belonging to the same entity, in relation to the application to which they are authorised. Personal data will be kept for the time necessary to provide the services for which the user has registered with the Treasury Portal, except in cases where users are deactivated, excluded or revoked from access to the services offered through the Portal, including through the persons who have mediated the assignment (eg micro / macro managers), in accordance with the procedures provided for in the user manual published on the homepage of the Portal. Any deactivation of the user does not affect access to the public area of the above.

In compliance with specific legal obligations (detection and notification of personal data violation incidents) and also depending on the technical and regulatory regulations, including those deriving from the Ministerial Decree and the Agid technical discipline, the Data Controller will also check and monitor the services displayed on the network and on the relevant platforms and made available to the interested parties.

The Data Subject has the right to obtain access to personal data, its correction, deletion, restriction of processing or, where possible, its transfer from the Data Controller; they also have the right to object to the processing itself (pursuant to articles 15 et seq. of the Regulation). The Data Subject will submit an application to privacy.dt@mef.gov.it, which will be responded to without delay and, in any case, no later than one month after receipt of the data subject's request, unless extended up to two months, if necessary taking into account the complexity and number of requests received.

Without prejudice to any other administrative or judicial action, in the event that the Data Subject discovers violations deriving from the processing of personal data, they may submit a complaint to the authority responsible for the protection of personal data, unless the violation of the relevant legislation occurs in another EU country.

Any update of this information will be communicated to the data subject in a timely manner and by appropriate means and the data controller will also inform the data subject if they are processed for purposes other than those referred to in this information notice, before proceeding with such processing and in order to carry out the ensuing obligations.

This site uses technical cookies for contractual purposes and statistical cookies configured in anonymized mode for evaluation of site performance, usage statistics or to improve services.