You are in


Publication: 21/12/2021


within the meaning of Articles 13 and 14 of Regulation (EU) 2016/679


In accordance with Regulation (EU) 2016/679 (hereinafter "EU Regulation"), the processing modalities of the personal data of the insured persons concerned (hereinafter “data subjects”) and their rights according to the EU regulation are discussed on the basis of this information from the NISF.

The right holder of the data processing is the NISF, based in Rome, via Ciro il Grande No. 21, which informs the data subjects that all personal data legally supplied or collected by these or third parties in accordance with the conditions and restrictions of the EU regulation and Legislative Decree No. 196 of June 30, 2003, amended and supplemented by Legislative Decree No. 101 of August 10, 2018 on the "Provisions for the adaptation of state provisions to Regulation (EU) 2016/679".
The personal data of the data subjects, including those relating to special categories according to Article 9 of the EU Regulation or criminal convictions and offenses within the meaning of Article 10 of the EU Regulation, are processed in compliance with the statutory provisions. In any case, data processing is strictly geared towards the handling of institutional tasks in the provision, insurance (confirmation and auditing), social assistance, tax and health administration areas as well as the handling of directly related purposes and compliance with legal obligations.

The NISF will issue its own special instructions for certain processing operations.

The purposes of the processing relate strictly to the initiation, administration and termination of the proceedings of the data subjects and are geared towards this.

According to the law, the ordinances or the EU provisions, which contain the services and the associated obligations, it is mandatory in this area to provide the necessary data. Failure to provide the requested data can prevent or slow down the implementation of the procedures, and in some cases provided for by the relevant provisions, this failure can also lead to the application of fines.
If the NISF is not obliged to provide information (e.g. giving the telephone number), the parties concerned are expressly informed that the data transfer is optional and that the omission of data will not have any substantial consequences or at most affect the processing of the application (example: if the E -Mail address cannot be assigned a PIN).
The data already available to the NISF will only be processed if they are indispensable for the aforementioned institutional purposes; The principles of legality, minimization, restriction, security, correctness and integrity according to the EU regulation must be observed.

With regard to the various objectives and purposes of data collection and processing, it is communicated that the personal data will be stored for the legally stipulated duration or the time required to achieve the objective and purpose.

The NISF applies adequate organizational and technical security measures to ensure an appropriate security standard with regard to the risks involved in processing; iB in relation to destruction, loss, modification, unauthorized disclosure of the data or access to the transmitted personal information (both unintentional and unlawful) that has been transmitted, stored or otherwise processed.

The personal data of the data subjects can be processed with the help of electronic, manual and telematic instruments that are strictly geared to the objectives of the data collection, while maintaining security and confidentiality and in accordance with the requirements of Articles 5 to 11 of the EU Regulation.

In detail, the processing of personal data is mainly carried out by authorized and trained employees of the institute who act under its direct responsibility. Only in exceptional cases can the data be communicated to other carriers who act as agents, authorized and appointed responsible persons by the NISF in compliance with and appropriate compliance with the EU regulation.

The personal data of those affected can only be forwarded if this is regulated by a statutory provision or, if stipulated by law, by an ordinance.
In the cases provided by the legal provisions or ordinances (if stipulated by law) and the restrictions set by them, the personal data can be communicated by the NISF to other public or private carriers; These are autonomous data processing rights holders who act exclusively for the purposes of the data communication that has taken place.

When processing by the NISF, the data can be passed on to third countries (EU and / or non-EU countries) in some cases and for the above-mentioned purposes. In this case, the NISF guarantees compliance with the EU regulation, in particular with Article 45. The data will therefore only be transmitted to those countries that offer an adequate security standard.

The data subjects have the right to receive confirmation of the existence or non-existence of the personal data concerning them at any time and / or to check the use by the NISF.
In addition, according to the modalities set out in the ordinance, the data subjects can request that the inaccurate or incomplete personal data be corrected or supplemented; In the cases according to the EU regulation and subject to the special regulation for some processing, the data subjects can also request data deletion or restriction of processing after the intended storage period has expired. In the event of a special situation, the data subjects can oppose the data processing, provided there are no legitimate reasons for further data processing.
The relevant application must be submitted to the NISF data controller (INPS - Responsabile della Protezione dei dati personali, Via Ciro il Grande, 21, cap . 00144, Roma; posta elettronica certificata: ).

If the data subjects consider that the processing of their personal data has violated the EU regulation, they can either lodge a complaint with the data protection officer (state supervisory authority) in accordance with Article 77 of the EU regulation or with the court in accordance with Article 79 of the EU regulation .

Further information on the rights of the data subjects can be found on the website of the data protection officer at