Skip to main content


Pursuant to Article 13 of the EU Regulation 2016/679

The information provided below describes, as required by the EU Regulation 2016/679, the processing operations performed on the personal data of the users visiting the Italian Medicines Agency (hereinafter, the "AIFA") websites. Those websites include the following:

The information provided does not concern other online websites, pages or services that can be accessed via hyperlinks on the above websites but relate to resources outside the AIFA's domain.

Data Controller

Visiting the websites listed above may result into processing data relating to identified or identified natural persons.

The data controller is the Italian Medicines Agency, located in via del Tritone, 181, IT-00187, Roma (Email:, phone (switchboard): +39 06. 5978401).

Data Protection Officer

The AIFA's Data Protection Officer (DPO) can be contacted here: Agenzia Italiana del Farmaco - Responsabile della Protezione dei dati personali, Via del Tritone, 181, IT-00187, Roma, email: .

Categories of personal data and purposes of the processing

Browsing data

The information systems and software procedures relied upon to operate this web site acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols.

This data category includes the IP addresses and/or the domain names of the computers and terminal equipment used by any user, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and other parameters related to the user's operating system and computer environment.

These data are necessary to use web-based services and are also processed in order to

- extract statistical information on service usage (most visited pages, visitors by time/date, geographical areas of origin, etc.);

- check functioning of the services.

Browsing data are kept for no longer than seven days (except where judicial authorities need such data for establishing the commission of criminal offences). 

Data communicated by users

Sending messages, on the basis of the user’s free, voluntary, explicit choice, to the AIFA’s contact addresses, or sending private messages to the AIFA’s social media pages and profiles (where this option is available), and filling in and sending the forms made available on the AIFA’s websites entail the acquisition of the sender’s contact information – which is necessary to provide a reply – as well as of any and all the personal data communicated in that manner.

Specific information notices will be displayed on the pages of the AIFA's websites that are used for providing certain services.

Cookies and other tracking devices

No cookies are used to profile users nor are other user tracking systems implemented.

So-called session (non-persistent) cookies are used exclusively to the extent this is necessary to enable secure, efficient browsing. Storage of session cookies in terminal equipment or browsers is under the user's control, whilst cookie-related information is stored server-side after HTTP sessions in the service logs for no longer than seven days like all other browsing data.

Legal basis for the processing

The personal data mentioned on this page are processed by the AIFA in discharging its tasks that serve the public interest or are related to the exercise of its official authority; this includes  raising public awareness and fostering public knowledge of the risks, rules, safeguards and rights concerning the processing of personal data as well as promoting data controllers' and processors' knowledge of the obligations imposed on them by the Regulation (Article 57(1), letters b) and d), of the Regulation).

Data Recipients

The data provided by the user are processed for the time necessary to perform the services requested and to carry out the functions and tasks assigned to the Agency, subject to a longer period of retention, where required by law, regulation, or where processing is necessary to fulfill legal purposes. The treatment will take place exclusively by authorized and adequately trained employees and collaborators, as well as, for the performance of specific activities, by external, public and / or private bodies, previously designated, through a specific agreement pursuant to art. 28 of the GDPR, data controllers. The data - in the cases provided for by law - may also be communicated to the European  Medicines Agency (EMA) and will not be subject to any transfer outside the European Union.

Data subjects' rights

Data subjects have the right to obtain from the AIFA, where appropriate, access to their personal data as well as rectification or erasure of such data or the restriction of the processing concerning them, and to object to the processing (pursuant to Articles 15 to 22 of the Regulation). Please contact the AIFA's DPO (Agenzia Italiana del Farmaco - Responsabile della Protezione dei dati personali, via del Tritone, 181, IT-00187, Roma, email: to lodge all requests to exercise these rights.


Right to lodge a complaint

If a data subject considers that the processing of personal data relating to him or her as performed via this website infringes the Regulation, he or she has the right to lodge a complaint with the AIFA pursuant to Article 77 of the Regulation, or else to bring a judicial proceeding against the AIFA pursuant to Article 79 of the Regulation.

Place of treatment

The data processed by the Data Controller is stored within the European Union.

Further information on how your data are processed by AIFA

Legal defense

The personal data of the user can be used by the Data Controller, in court or in the stages leading to its eventual establishment. The user is aware that the Data Controller may communicate the personal data of the user to the Public Authorities, if specifically requested.

Changes to this Privacy Policy

The data controller reserves the right to make changes to this Privacy Policy, giving users publicity on this page. Users are therefore invited to periodically consult this page, taking as a reference the date of last modification indicated at the end of the text. If the changes made to this Privacy Policy are not accepted, the user can request the Data Controller to remove his personal data. Unless otherwise specified, the previous privacy policy will continue to apply to personal data collected up to that point.

Open Data – Limitations on the re-use of personal data

Data issued by AIFA were licensed under the CC-BY (Attribuzione) 4.0

Personal data are processed only under the conditions in force in the current legislation on the re-use of public data (EU directive 2003/98 / EC and Legislative Decree 36/2006 transposing the same), in terms compatible with the objectives for which they were collected and recorded, in compliance with the legislation on the protection of personal data. Further information can be found in the "Guidelines on the processing of personal data, also contained in administrative documents and deeds, required for advertising publicity and visibility on the website of Garante Privacy

Skip to main content Skip to the top of the page