Il presente sito web utilizza cookie tecnici per garantire il corretto funzionamento delle procedure e migliorare l'esperienza di uso delle applicazioni online.

close
0 Item

Shopping cart(0)

There are no more items in your cart
Included taxes €0.00
Total (VAT incl.) €0.00

Legislative Decree 30 June 2003, n. 196

"Code regarding the protection of personal data"


published in the Official Journal n. 174 of 29 July 2003 - Ordinary Supplement n. 123

Data controller Pursuant to art. 13 of Legislative Decree 30 June 2003 n. 196, regarding the protection of personal data, we inform you that the data controller of the data provided by you is Digital Distribution SRLS, with registered office in Via G.La Farina, 11 - 90141, Palermo
THE PRESIDENT OF THE REPUBLICSEE the articles 76 and 87 of the Constitution;HAVING REGARD to Article 1 of the Law of 24 March 2001, n. 127, authorizing the Government to issue a single text on the processing of personal data;HAVING REGARD TO Article 26 of the Law of 3 February 2003, No. 14, containing provisions for the fulfillment of obligations deriving from Italy's membership of the European Communities (Community law 2002);GIVEN the law of 31 December 1996, n. 675, and subsequent amendments;GIVEN the law of 31 December 1996, n. 676, authorizing the Government to protect individuals and other subjects regarding the processing of personal data;GIVEN the directive 95/46 / CE of the European Parliament and of the Council, of 24 October 1995, concerning the protection of natural persons with regard to the processing of personal data, as well as to the free circulation of data;GIVEN the directive 2002/58 / CE of the European Parliament and of the Council, of 12 July 2002, concerning the processing of personal data and the protection of private premises in the electronic communications sector;GIVEN the preliminary deliberation of the Council of Ministers, adopted in the meeting of May 9, 2003;HEARD the Guarantor for the protection of personal data;ACQUIRED the opinion of the competent parliamentary commissions of the Chamber of Deputies and the Senate of the Republic;HAVING REGARD TO the resolution of the Council of Ministers, adopted at the meeting of 27 June 2003;ON THE PROPOSAL of the President of the Council of Ministers, the Minister for Public Function and the Minister for Community Policies, in concert with the Ministers of Justice, the Economy and Finance, Foreign Affairs and Communications;EMANA
the following legislative decree:PART I
GENERAL PROVISIONSTitle I
GENERAL PRINCIPLESArt. 1
(Right to the protection of personal data) 1. Everyone has the right to the protection of personal data concerning them.Art. 2
(Finalness)1. This unique text, hereinafter referred to as "code", guarantees that the processing of personal data will be carried out with respect for fundamental rights and freedoms, as well as for the dignity of the data subject, with particular reference to confidentiality, identity personal data and the right to the protection of personal data.2. The processing of personal data is governed by ensuring a high level of protection of the rights and freedoms referred to in paragraph 1 in compliance with the principles of simplification, harmonization and effectiveness of the procedures provided for their exercise by the interested parties, as well as and for the fulfillment of the obligations by the data controllers.Art. 3
(Principle of necessity in data processing) 1. The information systems and computer programs are configured to minimize the use of personal data and identification data, so as to exclude the treatment when the purposes pursued in individual cases can be achieved through, respectively, anonymous data or appropriate methods that allow to identify the person concerned only in case of need.Art. 4
(Definitions)1. For the purposes of this code we mean:
a) "treatment", any operation or set of operations, carried out even without the use of electronic means, concerning the collection, registration, organization, conservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, deletion and destruction of data, even if not recorded in a data bank;
b) "personal data" means any information relating to a natural person, legal person, entity or association, identified or identifiable, even indirectly, by reference to any other information, including an identification number personnel;
c) "identification data", personal data that allow the direct identification of the person concerned;
d) "sensitive data", personal data that can reveal racial and ethnic origin, beliefs religious, philosophical or other, political opinions, adherence to parties, trade unions, associations or organizations of a religious, philosophical, political or trade union nature, as well as the personal data suitable for revealing the state of health and sexual life;
e) "judicial data", personal data capable of revealing provisions pursuant to Article 3, paragraph 1, letters a) to o) and from r) to u), of the Presidential Decree November 14, 2002, n. 313, in the matter of criminal records, of the registry of administrative sanctions depending on the crime and the related pending charges, or the quality of the accused or suspect pursuant to articles 60 and 61 of the criminal procedure code;
f) "owner", the natural person, the juridical person, the public administration and any other body, association or body which is responsible, also together with another holder, for the decisions concerning the purposes, the methods of processing personal data and the used tools, including the security profile;
g) "responsible", the natural person, the legal person, the public administration and any other body, association or organization appointed by the owner to process personal data;
h) "appointees", the natural persons authorized to carry out processing operations by the owner or manager;
i) "interested", the natural person, the legal person, the institution or the association c the personal data refer to them;
l) "communication", the disclosure of personal data to one or more specific subjects different from the interested party, from the owner's representative in the State territory, from the manager and the appointees, in any form, including by making them available or consulted;
m) "dissemination", giving knowledge of personal data to undetermined subjects, in any form, including through their provision or consultation;
n) "anonymous data", the data that originally, or following processing, cannot be associated with an identified or identifiable interested party;
o) "block", the storage of personal data with temporary suspension of any other processing operation;
p) "data bank", any organized set of personal data, divided into one or more units located in one or more sites;
q) "Guarantor ", the authority referred to in article 153, established by law 31 dicem bre 1996, n. 675,2. For the purposes of this code we also mean, for:
a) "electronic communication", any information exchanged or transmitted between a finite number of subjects through an electronic communication service accessible to the public. Information transmitted to the public via an electronic communications network, as part of a broadcasting service, is excluded, unless the same information is linked to a subscriber or a receiving, identified or identifiable user;
b) "call", the connection established by a telephone service accessible to the public, which allows two-way communication in real time;
c) "electronic communication networks", transmission systems, switching or routing equipment and other resources that allow to transmit signals via cable, radio, optical fibers or con other electromagnetic means, including satellite networks, mobile and fixed terrestrial networks with circuit switching and packet switching, including the Internet, networks used for the circular broadcasting of sound and television programs, systems for transporting electric current, to the extent that they are used to transmit signals, cable television networks, regardless of the type of information carried;
d) "public communications network", an electronic communications network used entirely or mainly to provide services of electronic communication accessible to the public;
e) "electronic communication service" means services consisting exclusively or mainly of transmitting signals on electronic communications networks, including telecommunications services and transmission services in networks used for broadcasting Broadcasting Circular, within the limits set by Article 2, lett era c) of Directive 2002/21 / EC of the European Parliament and of the Council of 7 March 2002;
f) "subscriber" means any natural person, legal person, entity or association party to a contract with a supplier of electronic communication services accessible to the public for the provision of such services, or in any case recipient of such services via prepaid cards;
g) "user", any natural person who uses a publicly available electronic communication service, for private or commercial reasons, without necessarily subscribing to them;
h) "traffic data", any data processed for the purpose of transmitting a communication over an electronic communications network or for billing it;
i) "location data" means any data processed in an electronic communication network that indicates the geographical location of the terminal equipment of the user of an electronic communication service. publicly available;
l) "value added service" means the service that requires the processing of traffic data or location data other than traffic data, in addition to what is necessary for the transmission of a communication or related billing;
m) "electronic mail", messages containing texts, voices, sounds or images transmitted through a public communications network, which can be stored on the network or in the receiving terminal equipment, until the recipient has read it.3. For the purposes of this code we also mean, for:
a) "minimum measures", the set of technical, IT, organizational, logistic and procedural security measures that configure the minimum level of protection required in relation to risks foreseen in article 31;
b) "electronic tools", computers, computer programs and any electronic or automated device used for processing;
c) "computer authentication", the set of electronic tools and procedures for the indirect verification of the identity;
d) "authentication credentials", the data and devices, in possession of a person, known by it or univocally to it related, used for computer authentication;
e) "keyword", component of an authentication credential associated with a person and to this note, consisting of a sequence of characters or other data in electronic form;
f) "authorization profile" is the set of information, univocally associated with a person, that allows identifying the data it can access, as well as the processing allowed to it;
g) "authorization system", the set of tools and procedures that enable access to the data and the processing methods of the same, according to the applicant's authorization profile.4. For the purposes of this code we mean:
a) "historical purposes", the purpose of studying, investigating, researching and documenting figures, facts and circumstances of the past;
b) "statistical purposes" , the purposes of statistical investigation or production of statistical results, including by means of statistical information systems;
c) "scientific purposes", the purposes of study and systematic investigation aimed at developing scientific knowledge in one specific sector.Art. 5
(Subject and scope of application) 1. This code governs the processing of personal data, also held abroad, carried out by anyone established in the territory of the State or in a place in any case subject to the sovereignty of the State.2. This code also applies to the processing of personal data carried out by anyone established in the territory of a country not belonging to the European Union and employs, for exampler the treatment, instruments located in the State territory also different from the electronic ones, unless they are used only for the purpose of transit in the territory of the European Union. In the case of application of this code, the data controller designates a representative established in the territory of the State for the purpose of applying the discipline on the processing of personal data.3. The processing of personal data carried out by natural persons for exclusively personal purposes is subject to the application of this code only if the data are intended for systematic communication or dissemination. In any case, the provisions concerning data liability and security as per articles 1 and 31 apply.Art. 6
(Discipline of treatment) 1. The provisions contained in this Part apply to all data processing, except as provided, in relation to some processing, by the supplementary or amending provisions of Part II.Title II
RIGHTS OF THE INTERESTED PARTYArt. 7
(Right of access to personal data and other rights) 1. The interested party has the right to obtain confirmation of the existence or not of personal data concerning him, even if not yet recorded, and their communication in intelligible form.2. The interested party has the right to obtain the indication:
a) of the origin of the personal data;
b) of the purposes and methods of the processing;
c) of the logic applied in case of processing carried out with the aid of electronic means;
d) of the identification data concerning the data controller, data processors and the designated representative pursuant to Article 5, paragraph 2;
e) of the subjects or categories of subjects to whom personal data can be communicated or who can learn about them as appointed representative in the State, managers or appointees.3. The interested party has the right to obtain:
a) updating, rectification or, where interested therein, integration of the data;
b) cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those for which conservation is not necessary in relation to the purposes for which the data were collected or subsequently processed;
c) the attestation that the operations referred to in the letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case where such fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right.4. The interested party has the right to object, in whole or in part:
a) for legitimate reasons to the processing of personal data concerning him, even if pertinent to the purpose of the collection;
b) to the processing of data personal data concerning him for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication.Art. 8
(Exercise of rights) 1. The rights referred to in Article 7 are exercised with a request addressed without formalities to the owner or manager, also through a designated person, to whom suitable feedback is provided without delay.2. The rights referred to in article 7 may not be exercised by request to the data controller or to the controller or with an appeal pursuant to article 145, if the processing of personal data is carried out:
a) based on the provisions of the decree -law 3 May 1991, n. 143, converted, with modifications, by the law July 1991, n. 197, and subsequent amendments, regarding money laundering;
b) based on the provisions of the decree-law of 31 December 1991, n. 419, converted, with modifications, by the law 18 February 1992, n. 172, and subsequent amendments, concerning support for victims of extortion requests;
c) from parliamentary committees of inquiry established pursuant to Article 82 of the Constitution;
d) from a public entity, other than by economic public bodies, based on the express provision of the law, for exclusive purposes related to monetary and currency policy, to the payment system, to the control of intermediaries and credit and financial markets, as well as to the protection of their stability; br /> e) pursuant to Article 24, paragraph 1, letter f), limited to the period during which an actual and concrete prejudice could arise for the conduct of defensive investigations or for the exercise of the right in court; br /> f) from providers of electronic communication services accessible to the public regarding incoming telephone communications, you knowthat a real and concrete prejudice could arise for the conduct of defensive investigations pursuant to the law of 7 December 2000, n. 397;
g) for reasons of justice, at judicial offices of any order and degree or the Superior Council of the Judiciary or other self-governing bodies or the Ministry of Justice;
h) pursuant to Article 53 , without prejudice to the provisions of the law of 1 April 1981, n. 121.3. The Guarantor, also on the recommendation of the interested party, in the cases referred to in paragraph 2, letters a), b), d), e) and f), provides in the ways referred to in articles 157, 158 and 159 and, in the cases of referred to in letters c), g) and h) of the same subparagraph, shall make the arrangements referred to in article 160.4. The exercise of the rights referred to in article 7, when it does not concern objective data, can take place except where the rectification or integration of personal data of an evaluation nature, relating to judgments, opinions or other appreciations of subjective type, as well as indication of conduct to be held or decisions being taken by the data controller.Art. 9
(Exercise mode) 1. The request addressed to the owner or manager can also be sent by registered letter, fax or e-mail. The Guarantor can identify another suitable system with reference to new technological solutions. When it concerns the exercise of the rights referred to in article 7, paragraphs 1 and 2, the request can also be formulated orally and in this case it is noted in summary form by the person in charge or the manager.2. In the exercise of the rights referred to in Article 7, the interested party may grant, in writing, a proxy or proxy to individuals, institutions, associations or organizations. The interested party may also be assisted by a trusted person.3. The rights referred to in Article 7 referring to personal data concerning deceased persons may be exercised by those who have an interest of their own, or acts to protect the data subject or for family reasons worthy of protection.4. The identity of the data subject is verified on the basis of suitable elements of assessment, also by means of documents or documents available or by displaying or attaching a copy of an identity document. The person acting on behalf of the interested party exhibits or attaches a copy of the power of attorney, or of the proxy signed in the presence of an appointee or signed and presented together with an unauthenticated photocopy of an identification document of the interested party. If the interested party is a legal person, an institution or an association, the request is made by the natural person legitimized on the basis of the respective statutes or regulations.5. The request referred to in Article 7, paragraphs 1 and 2, is formulated freely and without constraints and may be renewed, unless there are justified reasons, at a time of no less than ninety days.Art. 10
(response to the interested party) 1. To ensure the effective exercise of the rights referred to in Article 7, the data controller is required to take appropriate measures, in particular:
a) to facilitate access to personal data by the data subject, also through the use of specific computer programs aimed at an accurate selection of the data concerning individual identified or identifiable interested parties;
b) to simplify the modalities and to reduce the times for the reply to the applicant, also in the field of offices or services in charge of relations with the public.2. The data is extracted by the manager or the appointees and can be communicated to the applicant also orally, or offered for viewing by electronic means, provided that in such cases the understanding of the data is easy, considering also the quality and quantity of the information. If requested, the data will be transposed on paper or electronically, or transmitted electronically.3. Unless the request refers to a particular processing or to specific personal data or categories of personal data, the reply to the interested party includes all the personal data concerning the interested party, however, treated by the owner. If the request is addressed to an operator in a health profession or to a healthcare organization, the provision referred to in article 84, paragraph 1 is followed.4. When the extraction of data is particularly difficult, the response to the request of the interested party can also take place through the exhibition or the copying of documents and documents containing the personal data requested.5. The right to obtain communication in intelligible form of the data does not concern personal data relating to third parties, except for the breakdown of the data processed or the practivation of some elements makes the personal data concerning the interested party incomprehensible.6. The communication of the data is carried out in an intelligible form also through the use of an understandable spelling. In the case of communication of codes or abbreviations, the parameters for understanding the relative meaning are provided, also through the appointees.7. When, following the request referred to in article 7, paragraphs 1 and 2, letters a), b) and c), the existence of data concerning the interested party has not been confirmed, a contribution to expenses not exceeding the costs actually incurred for the research carried out in the specific case.8. The contribution referred to in paragraph 7 may not however exceed the amount determined by the Guarantor with a general provision, which may identify it as a flat rate in relation to the case in which the data are processed by electronic means and the answer is given orally. With the same provision, the Guarantor can provide that the contribution can be requested when the personal data appear on a special medium for which reproduction is specifically requested, or when, with one or more owners, a considerable use of means is determined in relation to the complexity or extent of the requests and the existence of data concerning the interested party is confirmed.9. The contribution referred to in paragraphs 7 and 8 is also paid by post or bank transfer, or by payment or credit card, where possible upon receipt of the reply and in any case not later than fifteen days from such reply.Title III
GENERAL RULES FOR DATA PROCESSINGCHAPTER I
RULES FOR ALL TREATMENTSArt. 11
(Processing methods and data requirements) 1. The personal data subject to processing are:
a) processed in a lawful and correct manner;
b) collected and recorded for specific, explicit and legitimate purposes, and used in other processing operations in terms compatible with such purposes;
c) accurate and, if necessary, updated;
d) relevant, complete and not excessive in relation to the purposes for which they are collected or subsequently processed;
e) stored in a form that allows the identification of the data subject for a period of time not exceeding that necessary for the purposes for which they were collected or subsequently processed.2. The personal data processed in violation of the relevant regulations concerning the processing of personal data cannot be used.Art. 12
(Codes of deontology and good conduct) 1. The Guarantor promotes within the categories concerned, in compliance with the principle of representativeness and taking into account the directive criteria of the Council of Europe recommendations on the processing of personal data, the signing of codes of ethics and good conduct for certain sectors , verifies compliance with the laws and regulations also by examining the observations of interested parties and contributes to ensuring their dissemination and compliance.2. The codes are published in the Official Journal of the Italian Republic by the Guarantor and, by decree of the Minister of Justice, are shown in Annex A) of this code.3. Compliance with the provisions contained in the codes referred to in paragraph 1 is an essential condition for the lawfulness and correctness of the processing of personal data carried out by private and public entities.4. The provisions of this article also apply to the code of ethics for the processing of data for journalistic purposes promoted by the Guarantor in the manner referred to in paragraph 1 and in article 139.Art. 13
(Information)1. The interested party or the person where the personal data are collected are previously informed orally or in writing about:
a) the purposes and methods of the data processing;
b) the mandatory or optional nature of providing data;
c) the consequences of a refusal to respond;
d) the subjects or categories of subjects to whom personal data may be communicated or who may receive them aware of as data supervisors or appointees, and the scope of dissemination of the data;
e) the rights referred to in article 7;
f) the identification details of the owner and, if designated , of the representative in the territory of the State pursuant to article 5 and of the person responsible. When the owner has designated more responsible persons, at least one of them is indicated, indicating the site of the communication network or the modalities through which it is easily known. the updated list of those responsible. When a person responsible has been designated to reply to the interested party in the event of exercise of the rights referred to in article 7, this person is indicated.2. The information referred to in paragraph 1 also contains the elements envisaged by specific provisions of this code and may not include the elements already known to the person providing the data or whose knowledge can actually obstruct the performance, by of a public entity, of inspection or control functions carried out for purposes of defense or security of the State or of prevention, detection or repression of crimes.3. The Guarantor can identify with its own provision simplified procedures for the information provided in particular by telephone assistance and public information services.4. If personal data are not collected from the data subject, the information referred to in paragraph 1, including the categories of data processed, is given to the interested party at the time of data registration or, when their communication is envisaged , not later than the first communication.5. The provision referred to in paragraph 4 does not apply when:
a) the data is processed on the basis of an obligation established by law, regulation or EU legislation;
b) the data is processed at purposes of carrying out defensive investigations pursuant to the law of 7 December 2000, n. 397, or, in any case, to assert or defend a right in court, provided that the data are processed exclusively for these purposes and for the period strictly necessary for their pursuit;
c) the information to the interested party involves the use of means that the Guarantor, prescribing any appropriate measures. declares manifestly disproportionate with respect to the protected right, or it proves, in the opinion of the Guarantor, impossible.Art. 14
(Definition of profiles and the personality of the interested party) 1. No judicial or administrative act or measure involving an assessment of human behavior can be based solely on an automated processing of personal data aimed at defining the profile or personality of the person concerned.2. The interested party may object to any other type of determination adopted on the basis of the treatment referred to in paragraph 1, pursuant to Article 7, paragraph 4, letter a), unless the determination was made on the occasion of the conclusion or execution of a contract, in acceptance of a proposal of the interested party or on the basis of adequate guarantees identified by this code or by a provision of the Guarantor pursuant to Article 17.Art. 15
(damage caused by the treatment) 1. Anyone who causes damage to others due to the processing of personal data is required to pay compensation pursuant to Article 2050 of the Civil Code.2. Non-pecuniary damage is refundable even in the event of a violation of Article 11.Art. 16
(Termination of treatment) 1. In the event of termination, for whatever reason, of a treatment the data are:
a) destroyed;
b) transferred to another owner, provided that they are destined for a treatment in terms compatible with the purposes for which the data is collected;
c) stored for exclusively personal purposes and not intended for systematic communication or dissemination;
d) stored or transferred to another holder, for historical, statistical or scientific purposes, in accordance with the law, to regulations, community legislation and the codes of ethics and good conduct signed pursuant to article 12.2. The transfer of data in violation of the provisions of paragraph 1, letter b), or other relevant provisions concerning the processing of personal data is ineffective.Art. 17
(Treatment with specific risks) 1. The processing of data other than sensitive and judicial data which presents specific risks for fundamental rights and freedoms, as well as for the dignity of the data subject, in relation to the nature of the data or the methods of processing or the effects that it may 'determine, is admitted in compliance with measures and precautions to guarantee the interested party, where prescribed.2. The measures and precautions referred to in paragraph 1 are prescribed by the Guarantor in application of the principles sanctioned by this code, as part of a preliminary verification at the beginning of the treatment, carried out also in relation to certain categories of holders or treatments, also following a request from the owner.HEADING II
ADDITIONAL RULES FOR PUBLIC PARTIESArt. 18
(Principles applicable to all treatments performed by sogpublic jets) 1. The provisions of this chapter apply to all public entities, excluding economic public bodies.2. Any processing of personal data by public subjects is allowed only for the performance of institutional functions.3. In processing the data the public subject observes the conditions and limits established by this code, also in relation to the different nature of the data, as well as the law and the regulations.4. Except as provided in Part II for operators in the health professions and public health bodies, public subjects must not request the consent of the interested party.5. The provisions of article 25 regarding communication and dissemination are observed.Art. 19
(Principles applicable to the processing of data other than sensitive and legal data) 1. The processing by a public entity of data other than sensitive and judicial data is permitted, without prejudice to the provisions of article 18, paragraph 2, even in the absence of a law or regulation provision expressly providing for this.2. The communication by a public subject to other public subjects is allowed when required by a law or regulation. In the absence of such a rule, the communication is allowed when it is in any case necessary for the performance of institutional functions and can be started if the deadline referred to in Article 39, paragraph 2 has expired and the different one has not been adopted determination therein indicated.3. The communication by a public subject to private or public economic bodies and the dissemination by a public subject are allowed only when they are provided for by a law or regulation.Art. 20
(Principles applicable to the processing of sensitive data) 1. The processing of sensitive data by public subjects is allowed only if authorized by the express legal provision which specifies the types of data that can be processed and the operations that can be performed and the purposes of significant public interest pursued.2. In cases where a legal provision specifies the purpose of significant public interest, but not the types of sensitive data and executable operations, processing is allowed only with reference to the types of data and operations identified and made public by of the subjects who carry out the treatment, in relation to the specific aims pursued in the individual cases and in compliance with the principles referred to in article 22, with a regulatory act adopted in accordance with the opinion expressed by the Guarantor pursuant to article 154 , paragraph 1, letter g), also on standard schemes.3. If the treatment is not expressly provided for by a provision of the law, the public subjects may request the Guarantor to identify the activities, among those delegated to the same subjects by the law, which pursue objectives of significant public interest and for which it is consequently, pursuant to article 26, paragraph 2, the processing of sensitive data is authorized. Data processing is permitted only if the public entity also identifies and discloses the types of data and transactions in the manner set forth in paragraph 2.4. The identification of the types of data and operations referred to in paragraphs 2 and 3 is updated and supplemented periodically.Art. 21
(Principles applicable to the processing of judicial data) 1. The processing of judicial data by public subjects is allowed only if authorized by the express provision of the law or provision of the Guarantor that specify the purposes of significant public interest of the processing, the types of data processed and operations that can be performed. >2. The provisions of article 20, paragraphs 2 and 4, also apply to the processing of judicial data.Art. 22
(Principles applicable to the processing of sensitive and judicial data) 1. The public subjects conform the treatment of sensitive and judicial data according to modalities aimed at preventing violations of the rights, fundamental freedoms and dignity of the interested party.2. In providing the information referred to in Article 13 public subjects expressly refer to the legislation that provides for the obligations or tasks on the basis of which the processing of sensitive and judicial data is carried out.3. The public subjects can only treat the sensitive and judicial data necessary to carry out institutional activities that cannot be fulfilled, case by case, through the processing of anonymous data or personal data of a different nature.4. Sensitive and judicial data are collected, as a rule, pthe interested party.5. Pursuant to article 11, paragraph 1, letters c), d) and e), public entities periodically verify the accuracy and updating of sensitive and judicial data, as well as their relevance, completeness, non-excessiveness and indispensability 'with respect to the aims pursued in individual cases, also with reference to the data that the interested party provides on its own initiative. In order to ensure that sensitive and judicial data are indispensable with respect to the obligations and tasks assigned to them, public entities specifically evaluate the relationship between the data and the obligations. The data that, even after the verifications, are excessive or irrelevant or not indispensable cannot be used, except for the possible preservation, according to the law, of the deed or document containing them. Specific attention is paid to verifying the indispensability of sensitive and judicial data referring to persons other than those to whom the services or obligations relate directly.6. Sensitive and judicial data contained in lists, registers or databases, kept with the aid of electronic instruments, are treated with encryption techniques or through the use of identification codes or other solutions which, given the number and nature of the processed data, make them temporarily unintelligible even to those who are authorized to access it and allow the identification of data subjects only in case of need.7. The data suitable to reveal the state of health and sexual life are stored separately from other personal data processed for purposes that do not require their use. The same data are processed in the manner described in paragraph 6 even when they are kept in lists, registers or databases without the use of electronic means.8. The data suitable to reveal the state of health cannot be disclosed.9. With respect to the sensitive and judicial data indispensable pursuant to paragraph 3, public entities are authorized to carry out only the processing operations indispensable for the pursuit of the purposes for which the processing is permitted, even when the data is collected in the performance of supervisory, control or inspection duties.10. Sensitive and judicial data cannot be processed in the context of psycho-aptitude tests aimed at defining the profile or personality of the person concerned. The operations of comparison between sensitive and judicial data, as well as the processing of sensitive and judicial data pursuant to article 14, are carried out only after a written record of the reasons.11. In any case, the operations and treatments referred to in paragraph 10, if carried out using databases of different owners, as well as the dissemination of sensitive and judicial data, are allowed only if provided for by the express provision of the law.12. The provisions of this article bear applicable principles, in accordance with the respective legal systems, to the treatments governed by the Presidency of the Republic, the Chamber of Deputies, the Senate of the Republic and the Constitutional Court.CHAPTER III
ADDITIONAL RULES FOR PRIVATE PERSONS AND ECONOMIC PUBLIC INSTITUTIONSArt. 23
(Consciousness)1. The processing of personal data by private individuals or economic public bodies is allowed only with the express consent of the interested party.2. Consent may relate to the entire processing or one or more operations of the same.3. The consent is validly provided only if it is expressed freely and specifically with reference to a clearly identified treatment, if it is documented in writing, and if the information referred to in Article 13 has been given to the interested party. 4. Consent it is expressed in writing when the processing concerns sensitive data.Art. 24
(Cases where processing can be performed without consent) 1. Consent is not required, other than in the cases provided for in Part II, when the processing:
a) is necessary to fulfill an obligation required by law, regulation or EU legislation;
b) it is necessary to perform obligations deriving from a contract of which the interested party is a party or to fulfill, before the conclusion of the contract, specific requests of the interested party;
c) concerns data from public registers, lists, deeds or documents available to anyone, without prejudice to the limits and methods that the laws, regulations or legislation establish for the knowledge and publicity of the data;
d) regards data relating to the performance of economic activities, treated in compliance with current legislation on business and industrial secrecy;
e) It is necessary for safeguarding the life or physical safety of a third party. If the same purpose concerns the interested party and the latter cannot consent to physical impossibility, inability to act or incapacity to intend or wish, the consent is expressed by the person who legally exercises the potesta ', or from a close relative, from a family member, from a cohabitant or, in their absence, from the person in charge of the facility where the person is staying. The provision referred to in article 82, paragraph 2 is applied;
f) with the exclusion of disclosure, it is necessary for the purposes of carrying out defensive investigations pursuant to the law of 7 December 2000, n. 397, or, in any case, to assert or defend a right in a court of law, provided that the data are processed exclusively for these purposes and for the period strictly necessary for their pursuit, in compliance with current legislation on business and industrial secrecy ;
g) with the exclusion of disclosure, it is necessary, in the cases identified by the Guarantor on the basis of the principles sanctioned by the law, to pursue a legitimate interest of the data controller or third party recipient of the data, also with reference to the activity 'of banking groups and subsidiaries or affiliated companies, if the fundamental rights and freedoms, the dignity or a legitimate interest of the interested party do not prevail;
h) with exclusion of the external communication and the diffusion , is carried out by associations, bodies or non-profit organizations, including non-recognized ones, with reference to subjects who have regular or adherent contacts with them, for the pursuit of aims determined and legitimate identified by the deed of incorporation, by-laws or collective bargaining agreement, and with terms of use expressly provided for with determination made known to the parties concerned at the time of the information pursuant to article 13;
i) and 'necessary, in accordance with the respective codes of ethics set out in Annex A), for exclusive scientific or statistical purposes, or for exclusive historical purposes in private archives declared of considerable historical interest pursuant to Article 6, paragraph 2, of the Legislative Decree of 29 October 1999, n. 490, for the approval of the consolidated text on cultural and environmental heritage or, according to the same codes, in other private archives.Art. 25
(Communication and distribution bans) 1. The communication and the diffusion are forbidden, besides in case of prohibition ordered by the Guarantor or by the judicial authority:
a) in reference to personal data of which the cancellation has been ordered, or when the period of time indicated in article 11, paragraph 1, letter e);
b) for purposes other than those indicated in the notification of treatment, where required.2. The communication or dissemination of data required, in compliance with the law, by police forces, judicial authorities, information and security bodies or other public subjects pursuant to Article 58, paragraph 2, is reserved. for purposes of defense or state security or prevention, detection or repression of crimes.Art. 26
(Guarantees for sensitive data) 1. Sensitive data can be processed only with the written consent of the interested party and subject to authorization by the Guarantor, in compliance with the requirements and limits established by this code, as well as by law and regulations.2. The Guarantor communicates the decision taken on the authorization request within forty-five days, after which the failure to pronounce is equivalent to rejection. With the authorization provision, or subsequently, also on the basis of any checks, the Guarantor may prescribe measures and measures to guarantee the interested party, which the data controller is required to adopt.3. Paragraph 1 does not apply to the processing:
a) of data relating to members of religious denominations and to subjects who, with regard to purely religious purposes, have regular contact with the same confessions, carried out by the relative bodies, or by bodies that are civilly recognized, provided that the data are not disseminated or communicated outside the same confessions. The latter determine appropriate guarantees with regard to the treatments carried out, in compliance with the principles indicated in this regard with the authorization of the Guarantor;
b) of the data concerning the adhesion of trade union or trade associations or organizations to other associations, organizations or trade union or trade union confederations.4. Sensitive data can be processed even without consent, subject to authorization by the Guarantor:
a) when the processing is effective used by non-profit associations, organizations or organizations, including those that are not recognized, of a political, philosophical, religious or trade union nature, including political parties and movements, for the pursuit of specific and legitimate goals identified by the articles of association, by-laws or by the collective agreement, in relation to the personal data of the members or subjects who, in relation to these purposes, have regular contact with the association, organization or body, provided that the data are not communicated externally or disseminated and the organization, association or body determines suitable guarantees with regard to the treatments carried out, expressly providing for the use of the data with determination made known to the interested parties at the time of the information pursuant to article 13;
b) when the treatment is necessary for the protection of the life or physical safety of a third party. If the same purpose concerns the interested party and the latter cannot consent to physical impossibility, inability to act or incapacity to intend or wish, the consent is expressed by the person who legally exercises the potesta ', or from a close relative, from a family member, from a cohabitant or, in their absence, from the person in charge of the facility where the person is staying. The provision of article 82, paragraph 2 applies;
c) when the processing is necessary for the purposes of carrying out defensive investigations pursuant to the law of 7 December 2000, n. 397, or, in any case, to assert or defend in court a right, provided that the data are processed exclusively for these purposes and for the period strictly necessary for their pursuit. If the data are suitable to reveal the state of health and sexual life, the right must be of equal rank to that of the interested party, or consisting in a right of personality or in another right or fundamental and inviolable freedom; br /> d) when it is necessary to fulfill specific obligations or duties provided for by law, by a regulation or by the community legislation for the management of the employment relationship, also in matters of hygiene and safety at work and of the population and social security and assistance, within the limits set by the authorization and without prejudice to the provisions of the code of ethics and good conduct referred to in Article 111.5. The data suitable to reveal the state of health cannot be disclosed.Art. 27
(Judicial data warranties) 1. The processing of judicial data by private individuals or economic public bodies is allowed only if authorized by the express provision of the law or provision of the Guarantor that specify the relevant public interest purposes of the processing, the types of data processed and operations that can be performed .TITLE IV
SUBJECTS CARRYING OUT THE TREATMENTArt. 28
(Data Controller) 1. When the processing is carried out by a juridical person, a public administration or any other body, association or organization, the data controller is the entity as a whole or the unit or peripheral body that exercises a power completely independent decision-making on the purposes and methods of processing, including the security profile.Art. 29
(Data Processor) 1. The manager is designated by the owner optionally.2. If designated, the person in charge is identified among subjects who, due to experience, capacity and reliability, provide a suitable guarantee of full compliance with the current provisions on the subject of treatment, including the safety profile.3. Where necessary for organizational needs, more responsible persons may be designated, including by subdivision of tasks.4. The tasks assigned to the manager are analytically specified in writing by the owner.5. The person in charge performs the processing in accordance with the instructions given by the owner who, also through periodic checks, monitors the timely compliance with the provisions referred to in paragraph 2 and of his own instructions.Art. 30
(Processors) 1. Processing operations can only be carried out by persons in charge who operate under the direct authority of the owner or manager, following the instructions given.2. The designation is made in writing and punctually identifies the scope of the allowed processing. The documented preposition of the natural person to a unit for which it is identified, in writing, the scope of the treatment allowed to the employees of the same unit is considered as such.SECTION V
SECUREZZA OF DATA AND SYSTEMSCHAPTER I
SECURITY MEASURESArt. 31
(Security Obligations) 1. The personal data subject to processing are kept and controlled, also in relation to the knowledge acquired on the basis of technical progress, the nature of the data and the specific characteristics of the treatment, so as to minimize, by adopting suitable and preventive measures of security, the risks of destruction or loss, even accidental, of the data, unauthorized access or treatment not allowed or not in accordance with the purpose of collection.Art. 32
(Particular holders)1. The supplier of an electronic communication service accessible to the public adopts, pursuant to article 31, appropriate technical and organizational measures appropriate to the existing risk, to safeguard the security of its services, the integrity of traffic data, and data relating to 'location and electronic communications with respect to any form of use or unauthorized knowledge.2. When the security of the service or personal data also requires the adoption of measures concerning the network, the provider of the electronic communication service accessible to the public shall adopt these measures jointly with the provider of the public communications network. In the event of failure to reach an agreement, at the request of one of the suppliers, the dispute will be settled by the Authority for communications guarantees in accordance with the procedures established by current legislation.3. The provider of an electronic communication service accessible to the public informs the subscribers and, where possible, the users, if there is a particular risk of breach of the security of the network, indicating, when the risk is outside the scope of application of the measures that the supplier is required to adopt pursuant to paragraphs 1 and 2, all possible remedies and the related presumable costs. Similar information is given to the Guarantor and the Authority for communications guarantees.CHAPTER II
MINIMUM SECURITY MEASURESArt. 33
(Minimum measures) 1. Within the framework of the more general security obligations referred to in article 31, or provided for by special provisions, the data controllers are in any case required to adopt the minimum measures identified in this chapter or in accordance with article 58, paragraph 3, times to ensure a minimum level of protection of personal data.Art. 34
(electronic tools) 1. The processing of personal data by electronic means is allowed only if the following minimum measures are adopted, in the ways provided for by the technical specifications contained in Annex B):
a) IT authentication;
b) adoption of authentication credentials management procedures;
c) use of an authorization system;
d) periodic updating of the identification of the scope of the processing allowed to the single appointees and employees in charge of management or maintenance electronic tools;
e) protection of electronic instruments and data with respect to unlawful data processing, unauthorized access and certain computer programs;
f) adoption of procedures for the custody of security copies, restoring the availability of data and systems;
g) keeping an updated security policy document;
h) adopting encryption techniques or identification codes for d and processing of data suitable for revealing the state of health or sexual life carried out by health authorities.Art. 35
(Treatments without electronic tools) 1. The processing of personal data carried out without the use of electronic means is allowed only if the following minimum measures are adopted, in the ways provided for by the technical regulations contained in Annex B):
a) periodic updating of the identification of the scope of the processing allowed to the single appointees or to the organizational units;
b) provision of procedures for an adequate custody of the documents and deeds entrusted to the appointees for the performance of the relative tasks;
c) forecast of procedures for the preservation of specific acts in archives with selected access and discipline of the access modalities aimed at identifying the appointees.Art. 36
(Adjustment)1. The technical specification referred to in Annex B), concerning the minimum measures referred to in this chapter, is periodically updated by decree of the Minister of Justice in agreement with the Minister for Innovations and Technologies, in relation to the evolution youand the experience gained in the sector.Title VI
OBLIGATIONSArt. 37
(Treatment notification) 1. The owner notifies the Guarantor of the processing of personal data which he intends to proceed, only if the processing concerns:
a) genetic, biometric data or data indicating the geographical position of persons or objects through an electronic communication network;
b) data suitable to reveal the state of health and sexual life, treated for the purpose of assisted procreation, provision of health services via data transmission relating to data banks or to the supply of goods, epidemiological investigations, detection of mental illnesses, infectious and diffusive, seropositivity, organ and tissue transplantation and monitoring of health expenditure;
c) data suitable to reveal the sexual life or the mental sphere treated by associations, bodies or non-profit organizations, even if not recognized , of a political, philosophical, religious or trade union nature;
d) data processed with the help of electronic means aimed at defining the profile or personality of the person concerned, or ad to increase consumption habits or choices, or to monitor the use of electronic communication services with the exclusion of technically indispensable treatments to provide the same services to users;
e) sensitive data recorded in databases for the purpose of selecting the personnel for third parties, as well as sensitive data used for opinion polls, market research and other sample searches;
f) data recorded in special databases managed by electronic means and relating to the risk on economic solvency, to financial situation, the correct fulfillment of obligations, unlawful or fraudulent behavior.2. The Guarantor may identify other treatments that could prejudice the rights and freedoms of the data subject, due to the relative procedures or the nature of the personal data, with its own provision adopted also pursuant to article 17. With a similar provision published on the Official Journal of the Italian Republic the Guarantor can also identify, in the context of the treatments referred to in paragraph 1, any processing not likely to bear such prejudice and therefore removed from the notification requirement.3. Notification is made with a single act even when the processing involves the transfer of data abroad.4. The Guarantor inserts the notifications received in a treatment register accessible to anyone and determines the modalities for its free consultation electronically, also through agreements with public subjects or at its own Office. The news accessible through the consultation of the register can be treated for the exclusive purpose of applying the discipline regarding the protection of personal data.Art. 38
(Notification mode) 1. The notification of the treatment is presented to the Guarantor before the start of the treatment and only once, regardless of the number of operations and the duration of the treatment to be performed, and may also concern one or more treatments with related purposes. / p>2. Notification is validly made only if it is transmitted electronically using the form prepared by the Guarantor and observing the prescriptions given by the latter, also as regards the signing procedures with digital signature and confirmation of receipt of the notification.3. The Guarantor favors the availability of the model by telematic means and the notification also through agreements stipulated with authorized subjects on the basis of the legislation in force, also with trade associations and professional orders.4. A new notification is required only before the termination of the treatment or the change of some of the elements to be indicated in the notification itself.5. The Guarantor can identify another suitable notification system with reference to new technological solutions required by current legislation.6. The data controller who is not required to notify the Guarantor pursuant to Article 37 provides the information contained in the model referred to in paragraph 2 to those who request it, unless the processing concerns public records, lists, deeds or documents that can be known by anyone.Art. 39
(Communication obligations) 1. The data controller is required to communicate to the Guarantor the following circumstances beforehand:
a) communication of personal data by a public subject to another public entity not provided for by a law or regulation, carried out in any also form by convention;
b)processing of data suitable to reveal the state of health required by the biomedical or health research program referred to in article 110, paragraph 1, first sentence.2. The processing subject to disclosure pursuant to paragraph 1 may be initiated after forty-five days from the receipt of the communication, unless the Guarantor has also determined otherwise.3. The communication referred to in paragraph 1 is sent using the form prepared and made available by the Guarantor, and transmitted to the latter by electronic means observing the method of subscription with digital signature and confirmation of receipt referred to in Article 38, paragraph 2, or by fax or registered letter.Art. 40
(General authorizations) 1. The provisions of this code that provide for an authorization by the Guarantor are also applied by issuing authorizations relating to certain categories of holders or processing, published in the Official Journal of the Italian Republic.Art. 41
(Authorization requests) 1. The data controller who falls within the scope of application of an authorization issued in accordance with Article 40 is not required to submit an authorization request to the Guarantor if the treatment he intends to carry out complies with the relevant provisions. >2. If an authorization request concerns an authorized treatment pursuant to Article 40, the Guarantor can provide the request in any case if the specific methods of treatment justify it.3. Any request for authorization is formulated using only the model prepared and made available by the Guarantor and transmitted to the latter by electronic means, observing the procedures for signing and confirming the receipt referred to in Article 38, paragraph 2. The same request and authorization may also be transmitted by fax or registered letter.4. If the applicant is invited by the Guarantor to provide information or to produce documents, the forty-five day deadline referred to in Article 26, paragraph 2, starts from the expiry date of the deadline set for the requested fulfillment.5. In the presence of particular circumstances, the Guarantor may issue a temporary temporary authorization.TITLE VII
TRANSFER OF DATA ABROADArt. 42
(Transfers within the European Union) 1. The provisions of this code cannot be applied in such a way as to restrict or prohibit the free circulation of personal data between the Member States of the European Union, without prejudice to the adoption, in accordance with the same code, of any measures in the event of data transfers made in order to circumvent the same provisions.Art. 43
(Transfers allowed in third countries) 1. The transfer, even temporary, outside the territory of the State, with any form or medium, of personal data subject to processing, if directed to a country not belonging to the European Union is allowed when:
a) the interested party has expressed their express consent or, in the case of sensitive data, in writing;
b) is necessary for the execution of obligations deriving from a contract of which the interested party is a party or to fulfill, before the conclusion of the contract, to specific requests of the interested party, or for the conclusion or execution of a contract stipulated in favor of the interested party;
c) is necessary for the protection of a significant public interest identified by law or by regulation or, if the transfer concerns sensitive or judicial data, specified or identified in accordance with articles 20 and 21;
d) it is necessary for the protection of the life or physical safety of a third party. If the same purpose concerns the interested party and the latter cannot consent to physical impossibility, inability to act or incapacity to intend or wish, the consent is expressed by the person who legally exercises the potesta ', or from a close relative, from a family member, from a cohabitant or, in their absence, from the person in charge of the facility where the person is staying. The provision referred to in article 82, paragraph 2 applies;
e) is necessary for the purposes of carrying out defensive investigations pursuant to the law of 7 December 2000, n. 397, or, in any case, to assert or defend a right in a court of law, provided that the data are transferred exclusively for these purposes and for the period strictly necessary for their pursuit, in compliance with current legislation on business and industrial secrecy ;
f) is performed in acceptance of una request for access to administrative documents, or a request for information that can be extracted from a public register, list, act or document that can be accessed by anyone, in compliance with the regulations governing the subject;
g) is necessary, in compliance with the respective codes of ethics set forth in Annex A), for exclusive scientific or statistical purposes, or for exclusive historical purposes in private archives declared to be of considerable historical interest pursuant to Article 6, paragraph 2, of Legislative Decree 29 October 1999, n. 490, of approval of the consolidated text on cultural and environmental heritage or, according to the same codes, at other private archives;
h) the processing concerns data concerning legal persons, bodies or associations.Art. 44
(Other transfers allowed) 1. The transfer of personal data subject to processing, directed to a country not belonging to the European Union, is also permitted when authorized by the Guarantor on the basis of adequate guarantees for the rights of the interested party:
a) identified by the Guarantor also in relation to guarantees given with a contract;
b) identified with the decisions provided for in articles 25, paragraph 6, and 26, paragraph 4, of Directive 95/46 / EC of the European Parliament and of the Council, of 24 October 1995, with which the European Commission notes that a country not belonging to the European Union guarantees an adequate level of protection or that some contractual clauses offer sufficient guarantees.Art. 45
(Forbidden transfers) 1. Out of the cases referred to in articles 43 and 44, the transfer, even temporary, outside the territory of the State, with any form or medium, of personal data subject to processing, directed towards a country not belonging to the European Union, is forbidden when the The organization of the country of destination or transit of data does not ensure an adequate level of protection of persons. The methods of transfer and the treatments envisaged, the relative purposes, the nature of the data and the security measures are also evaluated.PART II
PROVISIONS RELATING TO SPECIFIC SECTORSTITLE I
TREATMENTS IN JUDICIAL AREAHEAD OF I
GENERAL PROFILESArt. 46
(Data Controllers) 1. The judicial offices of all levels, the Superior Council of the Judiciary, the other self-governing bodies and the Ministry of Justice hold personal data relating to the respective attributions conferred by law or regulation.2. By decree of the Minister of Justice, the non-occasional treatments referred to in paragraph 1 carried out with electronic instruments are identified in Annex C to this code, relating to central databases or to the interconnection of several offices or data controllers. The provisions with which the Superior Council of the Judiciary and the other self-governing bodies referred to in paragraph 1 identify the same treatments they carry out are shown in Annex C) by decree of the Minister of Justice.Art. 47
(Treatments for reasons of justice) 1. In the case of processing of personal data carried out at judicial offices of any order and degree, at the Superior Council of the Judiciary, the other self-governing bodies and the Ministry of Justice, they do not apply, if the processing is carried out for reasons of justice, the following provisions of the code:
a) articles 9, 10, 12, 13 and 16, from 18 to 22, 37, 38, paragraphs from 1 to 5, and from 39 to 45;
b) Articles 145 to 151.2. For the purposes of this code, the processing of personal data directly related to the judicial processing of business and disputes, or which, with regard to the legal and economic treatment of the judiciary personnel, have a direct effect on the jurisdictional function, is understood to be carried out for reasons of justice , as well as' inspection activities on judicial offices. The same reasons of justice do not recur due to the ordinary administrative and managerial activity of personnel, vehicles or structures, when the secrecy of acts directly connected to the aforementioned treatment is not affected.Art. 48
(Court offices' data banks) 1. In cases where the judicial authority of any order and degree can acquire data, information, deeds and documents from public subjects in compliance with the current procedural provisions, the acquisition can also be carried out electronically. To this end the judicial offices may avail themselves of the standard agreements stipulated by the Ministry of Justice with public entities,aimed at facilitating the consultation by the same offices, through electronic communication networks, of public registers, lists, files and databases, in compliance with the relevant provisions and the principles set out in articles 3 and 11 of this code.Art. 49
(Implementing provisions) 1. By decree of the Minister of Justice they are adopted, also in addition to the decree of the Minister of grace and justice of 30 September 1989, n. 334, the regulatory provisions necessary for the implementation of the principles of this code in criminal and civil matters.CHAPTER II
MINORSArt. 50
(News or images relating to minors) 1. The prohibition referred to in Article 13 of the Presidential Decree of 22 September 1988, n. 448, of publication and disclosure by any means of news or images suitable to allow the identification of a minor is observed even in the event of involvement by the minor in any way in judicial proceedings in matters other than the criminal one.CHAPTER III
LEGAL INFORMATICSArt. 51
(General principles) 1. Without prejudice to the provisions of the procedural provisions concerning the viewing and release of extracts and copies of deeds and documents, the identification data of the issues pending before the judicial authority of any order and level are made accessible to those who have an interest also through electronic communication networks, including the institutional website of the same authority on the Internet.2. The judgments and other decisions of the judicial authority of any order and degree filed at the registry or secretariat are also made accessible through the information system and the institutional website of the same authority on the Internet, observing the precautions provided for in this chapter. / p>Art. 52
(Identifying data of interested parties) 1. Without prejudice to the provisions of the provisions concerning the preparation and content of judgments and other jurisdictional measures of the judicial authority of any order and degree, the interested party may request for legitimate reasons, with a request filed in the registry or office secretary that proceeds before the relative grade of judgment is defined, that an annotation aimed at precluding, in case of reproduction of the sentence or provision in any form, is affixed by the same registry or secretariat, on the original of the sentence or provision. , for purposes of legal information in legal journals, electronic media or through electronic communication networks, the indication of the generalities and other identifying data of the same concerned reported in the sentence or provision.2. On the request referred to in paragraph 1, the authority that pronounces the sentence or adopts the provision provides with a decree, without further formalities. The same authority may have the office to affix the annotation referred to in paragraph 1, to protect the rights or dignity of the persons concerned.3. In the cases referred to in paragraphs 1 and 2, upon the filing of the sentence or provision, the registry or secretariat shall affix to it and sign the following annotation with the indication of the details of this article: "In case of diffusion omit the generalities and other identification data of .... ".4. In case of dissemination also by third parties of judgments or other provisions bearing the annotation referred to in paragraph 2, or of the related legal maxims, the indication of the generalities and other identifying data of the interested party is omitted. / p>5. Without prejudice to the provisions of Article 734-bis of the Criminal Code relating to persons offended by acts of sexual violence, anyone who disseminates judgments or other jurisdictional measures of the judicial authority of any order and degree is obliged to omit in any case, even in the absence of the annotation referred to in paragraph 2, the generalities, other identification data or other data also relating to third parties from which the identity of minors, or of the parties in the proceedings relating to family relations, can also be inferred indirectly and status of people.6. The provisions of this article also apply in the event of an award of the award pursuant to Article 825 of the Code of Civil Procedure. The party can make to the arbitrators the request referred to in paragraph 1 before the award is issued and the arbitrators affix the notation referred to in paragraph 3 on the award, also pursuant to paragraph 2. The arbitration panel established at the arbitration chamber for public works pursuant to article 32 of the law of 11 Februaryaio 1994, n. 109, provides similarly in the event of a request from a party.7. Out of the cases indicated in this article, the dissemination in any form of the content, even in its entirety, of judgments and other jurisdictional measures is allowed.TITLE II
TREATMENTS BY POLICE FORCESHEAD OF I
GENERAL PROFILESArt. 53
(Application area and data controllers) 1. To the processing of personal data carried out by the Data Processing Center of the Public Security Department or by police forces on data intended to flow into them under the law, or by public security organs or other public subjects for the purpose of protecting the order and public security, prevention, detection or repression of crimes, carried out on the basis of an express provision of law that specifically provides for the treatment, the following provisions of the code do not apply:
a) articles 9, 10, 12, 13 and 16 , from 18 to 22, 37, 38, paragraphs from 1 to 5, and from 39 to 45;
b) articles from 145 to 151.2. The Decree of the Minister of the Interior identifies, in Annex C) to this code, the non-occasional treatments referred to in paragraph 1 carried out with electronic instruments, and the related titles.Art. 54
(Processing methods and data flows) 1. In cases where the public security authorities or police forces may acquire data, information, deeds and documents from other parties in compliance with the laws and regulations in force, the acquisition can also be carried out electronically . To this end, the bodies or offices concerned may make use of agreements aimed at facilitating the consultation by the same bodies or offices, through electronic communication networks, of public registers, lists, files and databases, in compliance with the relevant provisions and principles referred to in articles 3 and 11. The standard agreements are adopted by the Ministry of the Interior, in accordance with the Guarantor's opinion, and establish the methods of connections and accesses also in order to ensure selective access to the necessary data only to the pursuit of the purposes referred to in Article 53.2. The data processed for the purposes referred to in article 53 are stored separately from those registered for administrative purposes that do not require their use.3. Without prejudice to the provisions of Article 11, the Data Processing Center referred to in Article 53 shall ensure the periodic updating and relevance and not excess of the personal data processed also through authorized queries of the criminal record and of the pending charges of the Ministry of justice as per the decree of the President of the Republic November 14, 2002, n. 313, or other data banks of police forces, necessary for the purposes referred to in Article 53.4. The police organs, offices and controls periodically verify the requirements referred to in article 11 with reference to the data processed even without the aid of electronic tools, and update them also on the basis of the procedures adopted by the Data Processing Center pursuant to paragraph 3, or, for the treatments carried out without the aid of electronic instruments, by annotations or additions to the documents containing them.Art. 55
(technology details) 1. The processing of personal data which implies greater risks of damage to the data subject, with particular regard to genetic or biometric databases, to techniques based on location data, to databases based on particular information processing techniques and to the introduction of particular technologies, it is carried out in compliance with the measures and precautions to guarantee the interested party prescribed pursuant to Article 17 on the basis of prior notification pursuant to Article 39.Art. 56
(Data protection) 1. The provisions of article 10, paragraphs 3, 4 and 5, of the law of 1 April 1981, n. 121, and subsequent amendments, also apply, in addition to the data destined to flow into the Data Processing Center referred to in Article 53, to data processed with the aid of electronic means by organs, offices or police commands. >Art. 57
(Implementing provisions) 1. By decree of the President of the Republic, after deliberation by the Council of Ministers, on the proposal of the Minister of the Interior, in agreement with the Minister of Justice, the modalities of implementation of the principles of the present code relative to the processing of data carried out for purposes referred to in Article 53 from the Processing Centerdata and from police organs, offices or commands, also to supplement and modify the decree of the President of the Republic 3 May 1982, n. 378, and in implementation of the Recommendation R (87) 15 of the Council of Europe of 17 September 1987, and subsequent modifications. The procedures are identified with particular regard to:
a) the principle according to which the collection of data is related to the specific purpose pursued, in relation to the prevention of a concrete danger or the repression of crimes, in particular as regards regards the treatments carried out for purposes of analysis;
b) the periodic updating of the data, also relating to assessments made on the basis of the law, to the various methods relating to the data processed without the aid of electronic instruments and to modalities to make the updates available to other bodies and offices to which the data have previously been communicated;
c) to the conditions to carry out treatments for temporary needs or connected to particular situations, also for the purpose of verifying the requirements of data pursuant to article 11, the identification of the categories of data subjects and the storage separate from other data that do not require their use;
d) al the identification of specific data retention terms in relation to the nature of the data or the tools used for their treatment, as well as the type of procedures in which they are processed or the measures are adopted;
e) to the communication to other subjects, also abroad or for the exercise of a right or a legitimate interest, and to their dissemination, where necessary in accordance with the law;
f) to the use of particular techniques of processing and searching for information, including through the use of index systems.TITLE III
DEFENSE AND SECURITY OF THE STATEHEAD OF I
GENERAL PROFILESArt. 58
(Applicable provisions) 1. To the treatments carried out by the bodies referred to in articles 3, 4 and 6 of the law of 24 October 1977, n. 801, or on data covered by State secrecy pursuant to article 12 of the same law, the provisions of this code apply only to those provided for in articles 1 to 6, 11, 14, 15, 31, 33, 58, 154, 160 and 169.2. For treatments carried out by public entities for defense or security purposes of the State, the provisions of this code shall apply, limited to those indicated in paragraph 1, as well as to the provisions of referred to in Articles 37, 38 and 163.3. The security measures relating to the data processed by the bodies referred to in paragraph 1 are established and periodically updated by decree of the President of the Council of Ministers, in compliance with the rules governing the matter.4. By decree of the President of the Council of Ministers, the modalities of application of the applicable provisions of this code are identified with reference to the types of data, data subjects, executable processing operations and appointees, also in relation to updating and storage.TITLE IV
PUBLIC TREATMENTSCHAPTER I
ACCESS TO ADMINISTRATIVE DOCUMENTSArt. 59
(Access to administrative documents) 1. Without prejudice to the provisions of article 60, the conditions, the procedures, the limits for exercising the right of access to administrative documents containing personal data, and the relative jurisdictional protection, remain governed by the law of 7 August 1990, n. 241, and subsequent amendments and other legal provisions on the subject, as well as by the relevant implementing regulations, also for what concerns the types of sensitive and judicial data and the processing operations that can be performed in execution of an access request. Activities aimed at the application of this discipline are considered to be of significant public interest.Art. 60
(Data to reveal health status and sex life) 1. When the treatment concerns data suitable to reveal the state of health or the sexual life, the treatment is allowed if the legally relevant situation that intends to protect with the request for access to the administrative documents is of rank at least equal to the rights of the interested party , or consists in a right of personality or in another right or fundamental and inviolable freedom.CHAPTER II
PUBLIC REGISTERS AND PROFESSIONAL REGISTERSArt. 61
(Use of public data) 1. The Guarantor promotes, pursuant to article 12, lto the signing of a code of ethics and good conduct for the processing of personal data coming from archives, registers, lists, deeds or documents held by public subjects, also identifying the cases in which the source of data acquisition must be indicated and providing appropriate guarantees for the association of data from multiple archives, bearing in mind the provisions of Recommendation n. R (91) 10 of the Council of Europe in relation to Article 11.2. For the purposes of the application of this code, personal data other than sensitive or judicial data, which must be entered in a professional register in accordance with the law or a regulation, may be communicated to public and private subjects or disseminated, in accordance with the Article 19, paragraphs 2 and 3, also through electronic communication networks. The existence of measures which provide for suspension or which affect the exercise of the profession may also be mentioned.3. The order or professional college may, at the request of the person registered in the register that is of interest to you, supplement the data referred to in paragraph 2 with additional pertinent data that is not excessive in relation to the professional activity.4. At the request of the interested party, the order or professional college may also provide third parties with news or information relating, in particular, to special professional qualifications not mentioned in the register, or to the availability to take on assignments or to receive scientific information material also concerning conferences or seminars.CHAPTER III
CIVIL STATE, ANAGRAPHS AND ELECTORAL LISTSArt. 62
(sensitive and judicial data) 1. The purposes related to the keeping of civil status documents and registers, of the population resident in Italy and of Italian citizens residing abroad, and of electoral lists are considered to be of significant public interest, pursuant to Articles 20 and 21. , as well as the issuing of identification documents or changes in the generalities.Art. 63
(Consultation of documents) 1. The civil status documents kept in the State Archives can be consulted within the limits set by Article 107 of Legislative Decree 29 October 1999, n. 490.HEADING IV
PURPOSE OF RELEVANT PUBLIC INTERESTArt. 64
(Citizenship, immigration and foreigner's status) 1. The purpose of the application of the discipline on citizenship, immigration, asylum, the condition of the foreigner and the refugee and on the status of refugee are considered of considerable public interest, pursuant to articles 20 and 21.2. In the context of the purposes referred to in paragraph 1, in particular, the processing of essential sensitive and judicial data is admitted:
a) the issuing and renewal of visas, permits, certificates, authorizations and documents, including health documents ;
b) the recognition of the right of asylum or refugee status, or the application of temporary protection and other institutions or humanitarian measures, or the implementation of legal obligations in the field of migration policies;
c) in relation to the obligations of employers and workers, to reunification, to the application of the current rules on education and accommodation, participation in public life and social integration.3. This article does not apply to the processing of sensitive and judicial data carried out in accordance with the agreements and conventions referred to in Article 154, paragraph 2, letters a) and b), or otherwise carried out for defense or security purposes of the State or of prevention, detection or repression of crimes, based on the express provision of the law that specifically provides for the treatment.Art. 65
(Political rights and publicity of organ activity) 1. The purposes of application of the discipline concerning:
a) active and passive electorate and exercise of other political rights, in observance of the secrecy of the vote are considered to be of significant public interest, pursuant to articles 20 and 21; , as well as the exercise of the mandate of the representative bodies or of the lists of the popular judges;
b) documentation of the institutional activity of public bodies.2. The processing of sensitive and judicial data for the purposes referred to in paragraph 1 is permitted to perform specific tasks provided by laws or regulations including, in particular, those concerning:
a) the conduct of electoral consultations and the verification of the relative regularity;
b) the referendum requests, the relative consultations and the verification of the relative regularities;/> c) ascertaining the causes of ineligibility, incompatibility or forfeiture, or removal or suspension from public office, or suspension or dissolution of the organs;
d) examination of reports, petitions , appeals and legislative proposals of popular initiative, the activity of committees of inquiry, the relationship with political groups;
e) the designation and appointment of representatives in commissions, bodies and offices.3. For the purposes of this article, the dissemination of sensitive and judicial data is permitted for the purposes referred to in paragraph 1, letter a), in particular with regard to the signing of lists, the presentation of candidacies, positions in organizations or associations policies, institutional offices and elected bodies.4. For the purposes of this article, in particular, the processing of essential sensitive and judicial data is permitted:
a) for the preparation of minutes and reports of the activities of representative assemblies, commissions and other collegiate or assembly bodies ;
b) for the exclusive performance of a control function, a political address or an inspection union and for access to documents recognized by the law and the regulations of the bodies concerned for exclusive purposes directly connected with the execution of an elective mandate.5. Sensitive and judicial data processed for the purposes referred to in paragraph 1 may be communicated and disseminated in the forms envisaged by the respective legal systems. However, the disclosure of sensitive and judicial data that is not indispensable to ensure compliance with the principle of publicity of institutional activity is not allowed, without prejudice to the prohibition of dissemination of data suitable to reveal the state of health. >Art. 66
(Tax and customs matters) 1. The activities of the public bodies directed to the application, also through their concessionaires, of the provisions regarding taxes, in relation to tax payers, substitutes and persons responsible for tax, as well as in the matter of deductions and deductions and for the application of the provisions whose execution is entrusted to customs.2. In addition, the activities relating to taxes, to the prevention and repression of violations of the obligations and to the adoption of the measures provided for by laws, regulations or Community legislation, as well as the 'to the control and the forced execution of the exact fulfillment of these obligations, to the reimbursement, to the allocation of tax quotas, and those directed to the management and alienation of state buildings, to the invention and to the qualification of the buildings and to the conservation of the immobiliart registers.Art. 67
(Control and inspection activities) 1. The aims of:
a) verification of the legitimacy, good performance, impartiality of the administrative activity, as well as the compliance of said activity with the requisites of rationality, economy, efficiency and effectiveness for which, in any case, the law assigns to public subjects control functions, feedback and inspections towards other subjects;
b) assessment, within the limits of the institutional purposes, with reference to sensitive and judicial data relating to complaints and petitions, or to acts of control or inspection pursuant to article 65, paragraph 4.Art. 68
(Economic benefits and ratings) 1. The purposes of application of the regulation on the granting, liquidation, modification and revocation of economic benefits, benefits, donations, other emoluments and qualifications are considered to be of significant public interest, pursuant to articles 20 and 21.2. Included among the treatments regulated by this article are also those indispensable in relation to:
a) communications, certifications and information required by the anti-mafia legislation;
b) to the donations of contributions provided for by the law on usury and of victims of extortion requests;
c) the payment of war pensions or the recognition of benefits in favor of persecuted politicians and internment camps and their relatives;
d) to the recognition of benefits related to civil invalidity;
e) to the granting of contributions in the field of vocational training;
f) to the granting of contributions, financing, donations and other benefits provided by law, regulations or legislation community, also in favor of associations, foundations and entities;
g) the recognition of tariff or economic exemptions, concessions or reductions, deductibles, or the release of concessions, including broadcasting, licenses, authorizations, registrations and other authorizations required by law, by a regulation or by EU legislation .3. The processing can include the diffusion only in the cases in which this is indispensable for the transparency of the activities indicated in the present article, in compliance with the laws, and for purposes of supervision and control consequent to the same activities, without remaining the prohibition of dissemination of data suitable to reveal the state of health.Art. 69
(Honors, rewards and awards) 1. The purposes of application of the discipline regarding the awarding of honors and rewards, recognition of the juridical personality of associations, foundations and bodies, even of worship, of assessment are considered to be of significant public interest, pursuant to articles 20 and 21. the requirements of integrity and professionalism for the appointments, for the profiles of competence of the public subject, to offices also of worship and to direct positions of juridical persons, companies and non-state educational institutions, as well as of release and revocation of authorizations or qualifications, granting of patronage, patronage and representation prizes, admission to honor committees and admission to ceremonies and institutional meetings.Art. 70
(Volunteering and conscientious objection) 1. The purpose of application of the discipline concerning relations between public subjects and voluntary organizations is considered of significant public interest, pursuant to Article 20 and 21, in particular as regards the granting of contributions aimed at their support, keeping general registers of the same organizations and international cooperation.2. The purposes of the application of the law of 8 July 1998, n. 230, and of the other provisions of the law concerning conscientious objection.Art. 71
(Sanctions and protection activities) 1. The following are considered to be of significant public interest, pursuant to articles 20 and 21:
a) of application of the rules on administrative sanctions and appeals;
b) aimed at enforcing the right to defense in administrative or judicial proceedings, also by a third party, also pursuant to article 391-quater of the criminal procedure code, or directly connected to the repair of a judicial error or in case of violation of the reasonable term of the trial or an unjust restriction of personal freedom.2. When the treatment concerns data suitable to reveal the state of health or the sexual life, the treatment is allowed if the right to assert or defend, of which to the letter b) of the paragraph 1, is of rank at least equal to that of the interested, or rather consists in a right of personality or in another right or fundamental and inviolable freedom.Art. 72
(Relations with religious institutions) 1. The purposes relating to the performance of institutional relations with religious institutions, religious confessions and religious communities are considered to be of significant public interest, pursuant to articles 20 and 21.Art. 73
(Other administrative and social purposes) 1. In the context of the activities that the law assigns to a public subject, the socio-welfare purposes are considered to be of significant public interest, in accordance with articles 20 and 21, with particular reference to:
a) interventions of psycho-social support and training in favor of young people or other subjects who are in conditions of social, economic or family hardship;
b) interventions also of health importance in favor of needy or not self-sufficient or incapable subjects, therein including economic assistance or home help, tele-assistance, support and transport services;
c) assistance to children, also in relation to legal proceedings;
d) psycho-social investigations related to adoption measures also international;
e) supervisory tasks for temporary assignments;
f) supervisory and support initiatives in relation to the stay of nomads;
g) interventions on the subject of architectural barriers.2. Furthermore, in the context of the activities that the law assigns to a public subject, the following purposes are considered to be of significant public interest, pursuant to Articles 20 and 21:
a) management of nursery schools;
b) concerning the management of school canteens or the provision of subsidies, contributions and educational materials;
c) recreational or promotional della culture and sport, with particular reference to the organization of stays, exhibitions, conferences and sporting events or the use of real estate or the occupation of public land;
d) of assignment of public housing housing ;
e) relating to military service;
f) administrative police, also local, except as provided for in article 53, with particular reference to hygiene services, mortuary police and environmental controls , protection of water resources and soil protection;
g) offices for relations with the public;
h) in the field of civil protection;
i) of support to the placement and to the employment start-up, in particular by local initiative centers for employment and job centers;
l) regional and local ombudsmen.CHAPTER V
DETAILS OF MARKINGSArt. 74
(Marks on vehicles and access to historic centers) 1. Marks issued for any reason for the circulation and parking of vehicles serving disabled people, or for transit and parking in areas with limited traffic, and which must be displayed on vehicles, contain the only data indispensable for identifying the authorization issued and without the affixing of symbols or wordings from which the special nature of the authorization can be deduced due to the sole vision of the mark.2. The general information and the address of the individual concerned are shown on the markings in a manner that does not allow their direct visibility, if not in the event of a request for exhibition or verification.3. The provision referred to in paragraph 2 also applies in the event that a copy of the vehicle registration document or other document is required to be shown on any vehicle.
Art. 1-74 Artt . 75-160 Artt. 161-186 Attachments A and B Annex C