If all the fields in the form are correctly filled out, the system produces a PDF with the application form.

Covid-19 epidemiological surveillance data request


"Request for data from epidemiological surveillance of Covid-19"

(Made pursuant to EU Regulation 2016/679 and the Privacy Code, as amended by Legislative Decree 101/2018)

ISTITUTO SUPERIORE DI SANITA' with registered office in viale Regina Elena n. 299 - 00161 Rome, Tax Code 80211730587 - VAT number 03657731000 (hereinafter "ISS", together "Owner")


pursuant to art. 13 and 14 of the EU Regulation n. 679/2016 (hereinafter "GDPR") and of the Privacy Code, as amended by Legislative Decree 101/2018, that personal data will be processed in the following ways and for the following purposes:

1. Purpose and Legal Basis of the Processing

The personal data collected are processed exclusively for the purpose of managing requests for access to data relating to the Covid 19 epidemiological surveillance sent to the Istituto Superiore di Sanita' pursuant to OCDPC n. 691 of 4 August 2020.

The legal basis of the processing is found in art. 6, par. 1, lett. c) GDPR, as "the processing is necessary to fulfill a legal obligation to which the data controller is subject".

2. Categories of Personal Data

For the purposes referred to in point n. 1, the following categories of personal data may be collected and subsequently processed:

  • personal data;
  • contact;
  • related to the profession.

3. Methods of Treatment

The processing of personal data is carried out by means of the operations indicated in art. 4, par. 1, no. 2 GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.

The data are processed by the Data Controller only with methods, tools and IT procedures, strictly necessary to achieve the purposes described in point n. 1.

The Data Controller prepares physical, technical and organizational security measures pursuant to art. 32 GDPR to prevent data loss, illicit or incorrect use and unauthorized access (Data Breach).

4. Retention period

Personal data will be kept for 12 months from receipt of the request or until the request for cancellation.

5. Access to personal data

Personal data may be accessible for the purposes referred to in point n. 1 by the staff of the Istituto Superiore di Sanita' in charge of receiving and managing data requests and / or from third parties to whom the Data Controller has a legal or contractual obligation to communicate.

6. Rights of the interested party

The interested party has the rights referred to in art. 15 GDPR et seq., More precisely right of access, right of rectification, right of cancellation, right of limitation of treatment, right to data portability, right of opposition, as well as the right to lodge a complaint with the Guarantor Authority (Article 77 of the GDPR and 141 of the Privacy Code, as amended by Legislative Decree 101/2018).

7. Methods of exercising rights

The interested party may at any time exercise the rights by sending a specific communication to the PEC address of the Data Controller:

ISTITUTO SUPERIORE DI SANITA' with registered office in viale Regina Elena n. 299 - 00161 Rome protocollo.centrale@pec.iss.it

8. Identity and contact details of: