Privacy Policy

(Art. 10 of the Legislative Decree 18th may 2018 n. 51)

 

The right of the data subject to access relevant data in the Information System for the Processing of Schengen Data is provided for by Articles 41, 42 and 43 of Regulation (EC) No 1987/2006 of the European Parliament and of the Council and by Articles 58 and 59 of Council Decision 2007/533/JHA as well as by the Personal Data Protection Code and subsequent amendments and additions.   

Information is not provided when the conditions of Article 42  of Regulation (EC) No 1987/2006 of the European Parliament and of the Council are met.

The Data Protection Authority, in its capacity as the Authority monitoring the national section of the Schengen Information System (N.SIS), exercises control over the processing of personal data recorded in the SIS making sure, ex officio or upon request of the data subject, that the processing and use of data entered in said files do not infringe the data subject’s rights.

The Personal Data Protection Code (Legislative Decree No 196 of 30th June 2003 and subsequent amendments and additions) introduced amendments to the data subject’s exercise of the right of access to the SIS and to further related rights (amendment, integration or cancellation).

As of 1st January 2004 the right of access and related rights can be exercised directly by addressing to the authority responsible at central level for the SIS national section (so-called "direct" access) and no more via the Data Protection Authority (so-called "indirect" access) only, applying to the Ministry of the Interior – Department of Public Security, namely:

Ministero dell'Interno - Direzione Centrale della Polizia Criminale
Servizio per il Sistema Informativo Interforze ​
5^ Divisione N.SIS
Via Torre di Mezzavia, 9
00173 Roma

The holders of a certified email box can submit their applications to the following address:

dipps009.1005@pecps.interno.it

 

1.Data Controller

Pursuant to Article 2 (h) of Legislative Decree No 51 of 18th May 2018 the Controller is the competent authority that, alone or jointly with others, determines the purposes and means of the processing of personal data; when the purposes and means of said processing are established by the EU law or by the State law, the Controller or the specific criteria applicable to its appointment can be envisaged by the EU law or by the State law.

The Controller of the N.SIS is the Department of Public Security. The Controller’s contact details are the following:

 

Ministero dell’Interno

Dipartimento della Pubblica Sicurezza

Piazza del Viminale, 1

00184 Roma

 

2.Purpose of Processing

Pursuant to Article 1 of Regulation (EU) No 1987/2006, the purpose of processing shall be to ensure a high level of security within the area of freedom, security and justice of the European Union, including the maintenance of public security and public policy and the safeguarding of security in the territories of the Member States, and to apply the provisions of Title IV, Part Three of the Treaty on the freedom of movement in the territory of Member States using the information forwarded via the Schengen Information System.

 

3. Exercise of the right of access to personal data processed by the Schengen Information System

 

The right of access to data entered in the Schengen Information System is the possibility for any data subject to request the confirmation of the existence of personal data and communication of such data in intelligible form as well as to request cancellation should data turn out to have been processed in violation of law and/or Regulation provisions in force. This right is supplemented with the right to amendment, when data contain factual errors.

Pursuant to Article 41 of Regulation (EU) No 1987/2006:

- the right of persons to have access to data relating to them entered in SIS II shall be exercised in accordance with national law;

- information shall not be communicated to the data subject if this is indispensable for the performance of a lawful task in connection with an alert or for the protection of the rights and freedoms of third parties;

- any person has the right to have factually inaccurate data relating to him corrected or unlawfully stored data relating to him deleted;

- the individual concerned shall be informed as soon as possible and in any event not later than 60 days from the date on which he applies for access;

- the individual shall be informed about the follow-up given to the exercise of his rights of correction and deletion as soon as possible and in any event not later than three months from the date on which he applies for correction or deletion.

 

The Data Protection Authority, in its capacity as the national Authority monitoring the Schengen Information System, exercises control over the processing of personal data performed according to   Legislative Decree No 51 of 18th May 2018 complying with the requirements envisaged by Legislative Decree No 196 of 30th June 2003 (Personal Data Protection Code) and subsequent amendments and additions and by Regulation (EU) 2016/679 (General Data Protection Regulation). The same Authority, upon request of the data subject, delivers opinions on the exercise of data protection rights ensuing from the provisions of Legislative Decree No 51 of 18th May 2018.

The right of access and related rights can be exercised filling in the application form and forwarding it, together with a signed photostatic copy of a valid identity document, to the following address:

Ministero dell'Interno

Dipartimento della Pubblica Sicurezza

Direzione Centrale della Polizia Criminale

Servizio per il Sistema Informativo Interforze

V^ Divisione N-SIS

Via Torre di Mezzavia, 9

00173 Roma

 

The holders of a certified email box can submit their applications to the following address:

dipps009.1005@pecps.interno.it

In the event of a reply which is deemed unsatisfactory, the person concerned may lodge a complaint with the Data Protection Authority at the following address:

Garante per la protezione dei dati personali

Piazza Venezia n. 11

00187 Roma

Tel.: (+39) 06.696771

Fax: (+39) 06.69677.3785

garante@gpdp.it

 

In order to expedite the reply, applications should be written either in Italian or in English and signed by the person concerned or, alternatively, contain a delegation in favour of the writer.

Moreover, the documents sent should be perfectly legible and contain the address of the applicant (either a postal or a certified email address) for the data subject to easily receive a reply.

 

4.Personal Data Retention Period

The personal data retention period is envisaged by Article 32 of Regulation (EC) No 1987/2006 of the European Parliament and of the Council :

1.   Article 31(2) does not prejudice the right of a Member State to keep in its national  files the SIS II data in connection with which action has been taken on its territory. Such data shall be kept in national files for a maximum period of three years except if specific provisions of national law provide for a longer retention period.

2.   Article 31(2) shall not prejudice the right of a Member State to keep in its national files data contained in a particular alert issued in SIS II by that Member State.

 

5.Data Protection Officer

According to Article 28 of Legislative Decree No 51 of 18th May 2018 the Data Protection Officer (DPO) operates within the Central Criminal Police Directorate of the Department of Public Security.

The Data Protection Officer can be contacted at the following certified email address:

dpo.nsis@pecps.interno.it

 

6.Further Information of Interest

For further information on the procedures for the exercise of the right of access please refer to the ad hoc vademecum.