Publication Date: 26/12/2023

Privacy policy

Information notice on the processing of personal data - art. 13 of EU Regulation 2016/679 of the European Parliament and of the Council (GDPR).

This page describes the methods through which the Municipality of Naples processes and uses the personal data of users who access and use the services on the website and what rights are recognized to users by EU Regulation 2016/679.

The platform POTESs (Online Platform for the Transmission and Provision of Services) is created by the Municipality of Naples as part of the European Projects called PON Metro and allows the provision of services to Citizens, for the benefit of the Municipality of Naples and the Municipalities of the metropolitan area.

Data Controller and Joint Controllers

The Municipality of Naples, with headquarters in Piazza Municipio, 80133 Naples, is the Data Controller of your data limited to the digital services within its specific competence provided through this portal.

The Municipalities of the metropolitan area of ​​Naples which have formally joined the intervention and which offer services through the POTESs platform are identified as Joint Data Controllers for the specific data processed. The data relating to the organizations participating in the platform identified as joint controllers of data processing are shown at following page.


The information provided here refers to and is limited exclusively to the processing necessary for the provision of services rendered through the website available at

It is specified that the information provided does not concern other sites, pages or online services accessible via hypertext links referring to resources external to the domain of this website.

Purpose of Processing and Legal Basis

The personal data processed through the POTESS platform are strictly necessary for the request of services carried out through the platform itself, as well as for related and instrumental activities, in the fulfillment of the institutional and public interest tasks of the Data Controller or for the obligations required by law or of regulation.

Your personal data are also provided by you during the access phase to the POTESS Portal, using the authentication methods provided by AgID (SPID, CIE); this information is acquired and processed by the platform in order to be able to provide all the information and documents relating to digital services and proceedings.

Obligation or right to provide data

The provision of Personal Data is necessary as it is functional to the use of the services offered through the portal as well as indispensable for the fulfillment of obligations established by laws, regulations or legislation of the European Union.

Without providing personal data will make it impossible for you to use the services provided by the portal.

Place and method of processing

The processing connected to the services offered by the POTESs platform takes place both at the headquarters of the Municipality of Naples which acts both as Data Controller for the data under its competence and at the offices of the Joint Data Controllers, each for the data of its own competence.

The Information Systems Office of the Municipality of Naples also acts as Data Controller in relation to the IT management of the data recorded in the platform; the processing of such data carried out only by predominantly technical personnel, authorized to process, according to the principles of correctness, lawfulness, transparency, relevance and non-excess with respect to the purposes of collection and subsequent processing.

Personal data are processed by IT, manual and telematic means using suitable security, organisational, technical and physical measures aimed at preventing data loss, illicit or incorrect use and unauthorized access, in order to guarantee that your personal data are processed appropriately and in accordance with the purposes for which they are managed.

Categories of personal data and processing

The data processing includes, by way of example only, the data necessary for the use of the portal and is processed as part of the activities of providing the services present therein.

The Data Controller also acquires further data while users browse the web portal; these data are those obtained through access logs to the site. These data are processed for technical management and for the collection of analytical data on website traffic.

This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URL (Uniform Resource Locator) notation of the requested resources, the time of the request, the method used in submitting the request to the server and other parameters relating to the operating system and the user's IT environment.

This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning.

The data in question could also be used, at the request of the competent judicial authority and with the guarantees provided by law, to ascertain responsibility in the event of any computer crimes committed against the site.

Recipients of personal data

The personal data processed in relation to the service provided through this portal are not intended for third parties or subject to communication or dissemination, unless legal or regulatory provisions provide otherwise.

Transfer of data abroad

The data processed in relation to the service displayed through this portal are not transferred to third countries.

Data retention period

The data will be stored for a period of time not exceeding the achievement of the purposes or according to the deadlines established by law.

Data Protection Officer (DPO)

The data of the Data Protection Officers for the Municipality of Naples as Data Controller and for the other Administrations as Joint Controllers are available at the following page.

Rights of data subject

The Data Controller Administration and the other Joint Controller Administrations facilitate the exercise of the rights of the data subject (natural persons to whom the data refer) according to articles 15 to 22 of the EU Regulation.

Data subject may exercise the rights provided and in particular the right to access their personal data, to request rectification or limitation, updating if incomplete or incorrect and cancellation if collected in violation of the law as well as to oppose their processing, unless there are legitimate reasons on the part of the Data Controller and the Joint Data Controllers.

These rights can be exercised by addressing the request to the competent offices of the Owner Administration and the other Joint Owner Administrations or by contacting the Data Protection Officer (DPO).