Privacy Policy

Pursuant to articles 13-14 of Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR)


The following information only concerns the processing of personal data relating to this website and does NOT concern the processing of personal data kept in the Electronic Health Record (EHR).
In order to ask about the processing of your personal data kept within the EHR, please check the information provided by each Region and available on the Regional EHR portals.


Data controllers

AGID – Agency for Digital Italy
Address: Via Liszt 21 - 00144 Roma
PEC-certified e-mail:

CNR – National Research Council of Italy
Address: Piazzale Aldo Moro, 7 - 00185 Roma
PEC-certified e-mail:

Data Protection Officers
Address: Via Liszt 21 - 00144 Roma

Addres: Piazzale Aldo Moro, 7 - 00185 Roma, presso CNR

Supervisory Authority
Garante per la Protezione dei dati personali (Italian data protection Authority)

Purposes of the processing

Your personal data will be processed only if considered indispensable regarding the objective of the Electronic Health Record (EHR) project, in compliance with the provisions of current legislation on the protection of personal data and in accordance with the provisions of the Italian Data Protection Authority.

Personal data collected by the data subject: name, surname, tax code, institutional telephone number, institutional e-mail.

In particular, the regional contact person for the EHR, identified by each Region, is required to forward the access request via e-mail to the address Once authorized, the contact person communicates to the same address the contact details of those who have to be enabled to access the management area; these above mentioned subjects, who are Region staff members, have already given consent to the processing of their own personal data. Upon access, they will log in to the management area using the username and first temporary password provided to them by the regional contact person.

These personal data, collected for accessing the reserved area of the website, are processed in order to allow the upload of the quarterly monitoring information which will allow to keep the public website up to date.

It is also pointed out that forwarding communication to the contact address implies obviously the acquisition of all transmitted personal data voluntarily included in the text of the communication.

All the protection measures provided in the legislation on the personal data protection and in the EHR project applicable legislation are implemented. In particular, your personal data will be processed exclusively by the data controllers, by the scientific member of staff in charge and/or by authorized persons in the context of the realization of the EHR project, with automated and non-automated tools, exclusively to allow carrying out the aforementioned purpose and all related operations and activities.

Legal basis for the processing

The legal basis of the data processing is identified in the article 6 (1), letter e) of GDPR, because the data processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controllers; this includes the national infrastructure necessary to ensure the interoperability of Electronic Health Records pursuant to article 12 (15-ter) of the D.L. 179/2012 and subsequent amendments.

Categories of recipients of personal data

The data controllers process personal data independently through their own personnel, and do not transfer any personal data to third countries or to international organizations.

Data storing period

Browsing data are not processed beyond the browsing session closing.

Personal data collected by data subjects are stored up to ten days after the request for cancellation or replacement.

Nature of the provision of personal data

The provision of your personal data is indispensable for carrying out the Project and does not derive from any regulatory and/or contractual obligation. Failure to provide personal data will not allow to take part in the Project.

Data subjects’ rights

Data subjects have the right to obtain from AgID and CNR, where appropriate, access to their personal data, rectification or erasure of such data, the restriction of the processing, to object the processing and the right to data portability.

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with the supervisory authority, if the data subject considers that the processing of personal data relating to him or her infringes the Regulation.

The data controllers guarantee that there is no automated decision-making process that has legal effects on data subjects.

Browsing data and cookie

The information systems and software procedures relied upon to operate this website acquire, as part of their standard functioning, some personal data which transmission is an inherent feature of Internet communication protocols (e.g. personal data acquired through site access logs until the session expires). These data are processed for the technical management of the website and for the collection of analytical data on the related traffic.

This website uses only technical session cookies for reasons strictly related to its functioning.

In any case, the user can block or limit the reception of cookies through the options of his or her browser and delete the cookies installed in the past. However, by completely disabling cookies in the browser, it may not be possible to use all the interactive features of the website.

To disable cookies, you can change the settings of your browser according to the instructions made available by the relevant suppliers at the links indicated below:




Internet Explorer