Schengen Information System
Privacy Policy
(Art. 10 of the Legislative Decree 18th may 2018 n. 51)
The right of the data subject to access relevant data in the Information System for the Processing of Schengen Data is provided for by Articles 52, 53 and 54 of Regulation (EU) No 2018/1861 of the European Parliament and of the Council of 28 November 2018 and by Articles 67 and 68 of the Council of 28 November 2018 as well as by the Personal Data Protection Code and subsequent amendments and additions.
Information is not provided when the conditions provided for by Article 52 and 53 of Regulation (EU) No 2018/1861 of the European Parliament and of the Council and by article 67 of Regulation (EU) No 2018/1861 of the European Parliament and of the Council are met.
The Data Protection Authority, in its capacity as the Authority monitoring the national section of the Schengen Information System (N.SIS), exercises control over the processing of personal data recorded in the SIS making sure, ex officio or upon request of the data subject, that the processing and use of data entered in said files do not infringe the data subject’s rights.
The Personal Data Protection Code (Legislative Decree No 196 of 30th June 2003 and subsequent amendments and additions) introduced amendments to the data subject’s exercise of the right of access to the SIS and to further related rights (amendment, integration or cancellation).
As of 1st January 2004 the right of access and related rights can be exercised directly by addressing to the authority responsible at central level for the SIS national section (so-called "direct" access) and no more via the Data Protection Authority (so-called "indirect" access) only, applying to the Ministry of the Interior – Department of Public Security, namely:
Ministero dell'Interno - Dipartimento della Pubblica Sicurezza
Direzione Centrale della Polizia Criminale
Servizio per i Sistemi Informativi Interforze
5^ Divisione N.SIS
Via Torre di Mezzavia, 9
00173 Roma
The holders of a certified email box can submit their applications to the following address:
dipps009.1005@pecps.interno.it
Pursuant to Article 2 (h) of Legislative Decree No 51 of 18th May 2018 the Controller is the competent authority that, alone or jointly with others, determines the purposes and means of the processing of personal data; when the purposes and means of said processing are established by the EU law or by the State law, the Controller or the specific criteria applicable to its appointment can be envisaged by the EU law or by the State law.
The Controller of the N.SIS is the Department of Public Security. The Controller’s contact details are the following:
Ministero dell’Interno
Dipartimento della Pubblica Sicurezza
Piazza del Viminale, 1
00184 Roma
Pursuant to Article 1 of Regulation (EU) No 2018/1861 of the European Parliament and of the Council, the purpose of processing shall be to ensure a high level of security within the area of freedom, security and justice of the European Union, including the maintenance of public security and public policy and the safeguarding of security in the territories of the Member States, and to apply the provisions of Part Three, Title V, Chapter 2 of TFEU relating to the movement of persons on their territories, using information communicated through this system.
Moreover, pursuant to Article 1 of Regulation (EU) No 2018/1862 of the European Parliament and of the Council, the purpose of processing shall be to ensure a high level of security within the area of freedom, security and justice of the European Union, including the maintenance of public security and public policy and the safeguarding of security in the territories of the Member States, and to ensure the application of the provisions of Part Three, Title V, Chapter 4 and 5 of TFEU relating to the movement of persons on their territories, using information communicated through this system.
The right of access to data entered in the Schengen Information System is the possibility for any data subject to request the confirmation of the existence of personal data and communication of such data in intelligible form as well as to request cancellation should data turn out to have been processed in violation of law and/or Regulation provisions in force. This right is supplemented with the right to amendment, when data contain factual errors.
Pursuant to Article 53 of Regulation (EU) 2018/1861 and Article 67 of Regulation (EU) 2018/1862
- Data subjects may exercise their rights under Articles 15, 16 and 17 of Regulation (EU) 2016/679 and Articles 14, as well as 16 (1) and (2) of Directive (EU) 2016/680, and referred to in Chapter II "Rights of the data subject" of Legislative Decree No. 51 of 18 May 2018
The Data Protection Authority, in its capacity as the national Authority monitoring the Schengen Information System, exercises control over the processing of personal data performed according to Legislative Decree No 51 of 18th May 2018 complying with the requirements envisaged by Legislative Decree No 196 of 30th June 2003 (Personal Data Protection Code) and subsequent amendments and additions and by Regulation (EU) 2016/679 (General Data Protection Regulation). The same Authority, upon request of the data subject, delivers opinions on the exercise of data protection rights ensuing from the provisions of Legislative Decree No 51 of 18th May 2018.
The right of access and related rights can be exercised filling in the application form and forwarding it, together with a signed photostatic copy of a valid identity document, to the following address:
Ministero dell'Interno - Dipartimento della Pubblica Sicurezza
Direzione Centrale della Polizia Criminale
Servizio per i Sistemi Informativi Interforze
V^ Divisione N-SIS
Via Torre di Mezzavia, 9
00173 Roma
The holders of a certified email box can submit their applications to the following address:
dipps009.1005@pecps.interno.it
In the event of a reply which is deemed unsatisfactory, the person concerned may lodge a complaint with the Data Protection Authority at the following address:
Garante per la protezione dei dati personali
Piazza Venezia n. 11
00187 Roma
Tel.: (+39) 06.696771
Fax: (+39) 06.69677.3785
In order to expedite the reply, applications should be written either in Italian or in English and signed by the person concerned or, alternatively, contain a delegation in favour of the writer.
Moreover, the documents sent should be perfectly legible and contain the address of the applicant (either a postal or a certified email address) for the data subject to easily receive a reply.
The personal data retention period is envisaged by Article 42 of Regulation (EU) No 2018/1861 of the European Parliament and of the Council, which states:
1. Article 41(2) shall be without prejudice to the right of a Member State to keep in its national files SIS data in connection with which action has been taken on its territory. Such data shall be kept in national files for a maximum period of three years, except if specific provisions in national law provide for a longer retention period.
2. Article 41(2) shall be without prejudice to the right of a Member State to keep in its national files data contained in a particular alert entered in SIS by that Member State.
The data retention period, for the purposes set out in Regulation (EU) 2018/1862 of the European Parliament and of the Council, is envisaged by Article 57 which states:
1. Article 56(2) shall be without prejudice to the right of a Member State to keep in its national files SIS data in connection with which action has been taken on its territory. Such data shall be kept in national files for a maximum period of three years, except if specific provisions in national law provide for a longer retention period.
2. Article 56(2) shall be without prejudice to the right of a Member State to keep in its national files data contained in a particular alert entered in SIS by that Member State.
According to Article 28 of Legislative Decree No 51 of 18th May 2018 the Data Protection Officer (DPO) operates within the Central Criminal Police Directorate of the Department of Public Security.
The Data Protection Officer can be contacted at the following certified email address:
(modificato il 06/11/2024)