Informativa Privacy

Informativa Privacy


Dear Sir or Madam,

According to the legislation on the protection of personal data (Regulation (EU) 2016/679, Legislative Decree 196/2003 and Legislative Decree 101/2018), the Data Controller would like to explain the following to you in a simple and clear manner:

  1. why we process your personal data;
  2. what personal data is processed;
  3. who processes your personal data;
  4. how we process your personal data and for how long is your personal data retained;
  5. how to exercise your rights regarding the processing of your personal data

The Data Controller is the Autonomous Region of Sardinia, in the person of its Legal Representative, the pro-tempore President of the Sardinia Region -

With resolution of the Regional Council No. 51/3 of 16 October 2018, the President of the Region has delegated the tasks and functions of the Data Controller to the General Managers responsible for the matter.

The Data Processing Delegate, on behalf of the Data Controller, is the Director of the Marketing and Communications Service of the Department of Tourism, Crafts and Commerce –

The information below relates to the processing of your personal data through This privacy policy applies exclusively to the activities of this Portal and is valid for its users. The purpose of the privacy policy is to provide maximum transparency regarding the information that the Portal collects and how it is used.


Your personal data is processed for the following purposes:

  • to perform administrative, technical and control functions within the institutional tasks assigned by law;
  • for institutional information and communication activities;
  • to the extent strictly necessary and proportionate to ensure network and IT security, to monitor possible malfunctions and to ascertain any liability in the event of a cyber attack or crime.

Legal basis for the processing

We process your personal data legally:

  • because it is needed for the execution of a public interest task or connected to the exercise of public powers vested in the Region of Sardinia – including the purposes of Regional Law No. 16 of 28 July, 2017, “Regulations on Tourism and subsequent amendments. -, as the Data Controller – article 6, paragraph 1, letter e) of the Regulation.
  • because you have given your consent to the processing of your personal data – Article 6, paragraph 1, letter a).


Within the scope of the purposes indicated and based on the way the Portal is used, we specify that mere browsing of the website does not require you to provide personal data, the Data Controller processes the following data collected automatically or those provided voluntarily as described below:

Browsing data

When browsing, the computer systems and applications dedicated to the operation of the website detect certain personal data, the transmission of which is implicit in the use of Internet communication protocols. This data is not collected to identify users, but by its very nature could allow users to be identified through processing and association with data held by third parties. By way of example, this data includes:

  • Internet Protocol (IP) address;
  • type of browser;
  • parameters of the device used to connect to the website;
  • URI (Uniform Resource Identifier) notation addresses of the requested resources;
  • name of the internet service provider (ISP);
  • date and time of browsing;
  • visitor’s source (referral) and exit web pages;
  • possibly the number of clicks.

This data, required to use the website, is processed for the purpose of providing the services presented therein.

this data, needed to use the web services, may also be processed in an exclusively aggregated form to obtain statistical information on the use of the services (most visited pages, number of visitors by tie slot or daily, geographical areas of origin, etc.). The IP address is used exclusively for security purposes and is not crossed-referenced with any other data.


Cookies are small files sent by the web server to the user's browser and stored by the latter on the user's device (computer, tablet, mobile phone, or other). They enable the website to store some useful information during a session or in subsequent logins that the user makes to the website. The Sardegna Turismo portal makes use of cookies to enable safe and efficient browsing of the contents features on the portal.

This portal does not use cookies for user profiling or other user tracking systems.

For further information regarding the processing of personal data resulting from the use of cookies, please refer to the specific Cookie Policy.

Data provided voluntarily by the user

The optional and voluntary sending of messages to the contact addresses on the website results in the acquisition of the sender's contact details, necessary to reply, as well as all personal data included in the communications. This data is processed for the sole purpose of responding to the questions, requests and queries made.

Multimedia elements and social networks

The Portal integrates some social network plugins that allow you to view content hosted on external platforms directly from the pages of this website and to interact with them. The Data Controller does not have access to the data collected and processed independently by the operators of the social network platforms.

Interested users can read the privacy policies provided by the above-mentioned operators: Facebook, Twitter, Instagram, Flickr, YouTube, Open Street Maps etc.


Your data may be made accessible for the purposes you have been informed of by:

  • employees and/or collaborators of the Region of Sardinia who have been specifically designated and authorised with differentiated levels of access, depending on their duties;
  • possible data processors in order to manage and maintain the institutional web portal.


Your personal data is processed electronically through collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data.

The Data Controller strives to guarantee the logical and physical security and privacy of the personal data processed, implementing all of the appropriate technical and organisational measures for the processing.


The personal data collected for the purposes referred to under WHICH DATA DOES THE REGION OF SARDINIA PROCESS will be processed and retained for as long as is necessary to pursue the purposes referred to above, including the protection of rights and, therefore, not beyond the prescribed legal limitation period.

The data (IP address) used for site security purposes (blocking attempts to damage the website) will be retained for 30 days.

Data for analytics (statistics) purposes are only retained in aggregate form.


Data will not be transferred to non-EU countries or to international organizations. Any transfer of your data to non-EU countries will be communicated to you with a specific privacy policy.


The Region of Sardinia informs you that, as a data subject, unless the limitations provided for by law apply, you have the right to know how your personal data is processed, and for this reason you have the right to:

  • obtain confirmation of the existence in our archives of your personal data, even if not yet recorded, and that such data be provided to you in an intelligible form;
  • obtain information, and where appropriate, a copy of:
  1. the origin and category of the personal data;
  2. the logic applied in case of processing carried out with the aid of electronic devices;
  3. the purposes and methods of processing;
  4. the identity of the Data Controller and Data Processors;
  5. the people or category of people to whom your personal data may be disclosed or who may have access to them, especially if they are foreign countries or international organisations;
  6. when possible, the data retention period or the criteria used to determine this period;
  • obtain, without undue delay, the updating and correction of inaccurate data or, if interested, the integration of incomplete data;
  • revoke consent given at any time, easily and without obstruction, using, if possible, the same methods used to provide consent;
  • obtain the deletion, transformation into anonymous form or blocking of unlawfully processed data, that is no longer necessary for the purposes for which the data was collected or consequently processed, or in the case of revoked consent on which the processing is based, and there is no other legal basis, if you have objected to the processing and there is no overriding legitimate reason to continue processing, in the event of compliance with a legal obligation.
  • obtain the limitation of the data processing if:
    1. the accuracy of the personal data is challenged;
    2. the Data Controller unlawfully processes the data to prevent its deletion;
    3. your rights are exercised in a court of law;
  • verify whether the Data controller’s legitimate reasons prevail over your rights;
  • receive your personal data without obstruction and in a structured, commonly used and readable format, if your data is processed with automatic means so that the data can be transmitted to another Data Controller or, if technically feasible, have your data sent directly to another Data Controller;
  • oppose, partially or entirely:
    1. for legitimate reasons, to the processing of your personal data, even if pertinent to the purposes of the collection;
    2. to the processing of your personal data, without providing any reason, if it is carried out for marketing purposes, including the profiling related to the same.
  • lodge a complaint with the Personal Data Protection Authority.

In the above cases, where necessary, the Region of Sardinia, as Data Controller, will inform the third parties to whom your personal data was disclosed of any rights exercised by you, with the exception of specific cases (e.g. when this proves impossible or involves the use of methods manifestly disproportionate to the right that is being protected).

You may exercise your right by sending to the Data Controller:

  • a registered letter with acknowledgement of receipt of a Certified e-mail.

Fill in the appropriate form available on the institutional website of the Autonomous Region of Sardinia in the section - Documents and regulations/form for exercising data subjects’ rights or by clicking on the following link DPO - Documents and regulations 

The address to which to send the registered letter is Viale Trieste n. 105 – 09123 Cagliari, or send a Certified e-mail to:

For information about your rights to protect your personal data, you can contact the Data Protection Officer of the Autonomous Region of Sardinia at the following addresses:

viale Trieste 186 – 09123 Cagliari, telephone +39 070 6065735 or by e-mail to or to