What is the September 16, 2021 Decree?
Since the entry into force of the September 16, 2021 Decree, the regulatory framework on public security in Italy has strengthened the identification and registration requirements for accommodation establishments. Specifically, the decree mandates the registration and transmission of guests' personal data to the Italian authorities through the AlloggiatiWeb platform, which is managed by the Ministry of the Interior.
Who Does the September 16, 2021 Decree Apply To?
The Decree primarily applies to those responsible for accommodation establishments in Italy. Below is a breakdown of the specific entities it targets:
- Accommodation establishments: Any establishment in Italy that offers lodging to guests, whether temporary or permanent, is required to comply with this regulation.
- Tourist accommodations: This includes not only hotels but also any place that hosts tourists, as mentioned above.
- Private accommodations: Although the regulation is mainly aimed at commercial establishments, it may also apply to certain private accommodations, depending on specific circumstances.
Data Communication and Privacy Compliance
This decree also adheres to privacy regulations, complying with the EU General Data Protection Regulation (GDPR) and Legislative Decree No. 51 of 2018, which adapts the 2016 European Directive on personal data protection. This establishes a clear framework for the processing of personal data, ensuring that such data is used solely for public security purposes and under strict protective measures.
What are the details of the Decree?
The following highlights the key points to consider for its proper implementation:
-
Request and access to the data transmission system: Accommodation managers must submit a request to the questura (provincial police station) to obtain access credentials. These credentials allow them to log in and send guest data through a secure web system.
-
Alternatives in case of technical issues: In the event of technical difficulties preventing the use of the web system, data transmission via fax or certified email is allowed.
-
Data storage and controlled access: The collected data will be stored by each questura in a national IT infrastructure. Through the "Alloggiati Web" portal, the data will be accessible for a period of 15 days, after which only police officers with special profiles will have access.
-
Data retention period: Data in the "Alloggiati Web" system must be kept for a maximum of five years, and accommodation managers are required to delete the transmitted digital data once the receipt confirmation is generated.
Technical specifications for data transmission
Guest data must be transmitted electronically through the AlloggiatiWeb platform, managed by the Ministry of the Interior. The data must be sent within 24 hours of the guest's arrival, or at the time of arrival if the stay is shorter than 24 hours. This transmission must be carried out confidentially and in electronic format to comply with security and privacy regulations.
What data must I send obligatorily?
-
Guest personal data:
- Full name.
- Date of birth.
- Nationality.
- Identity document number (ID card, passport, residence permit, etc.).
- Type of identity document.
-
Guest's arrival and departure dates.
-
Permanent residence address (city and country).
-
Accommodation details:
- Type of accommodation establishment (hotel, guesthouse, tourist apartment, etc.).
- Room number or accommodation unit assigned to the guest.
-
Guest's signature.
Field | Mandatory | Description |
---|---|---|
Reservation block | Unique block. Contains contract data. | |
reservationCode | Yes | Contract reference number. |
numPeople | Yes | Number of people. |
checkInDate | Yes | Check-in date at the accommodation. Format dd-MM-yyyy . |
checkOutDate | Yes | Check-out date at the accommodation. Format dd-MM-yyyy . Maximum 30 days from check-in date. |
Per person block | Block that repeats 1 to n times. Contains data of a person staying at the establishment. | |
role | Yes | Number indicating the person's role. 16: 'SINGLE GUEST' 17: 'HEAD OF FAMILY' 18: 'GROUP LEADER' 19: 'FAMILY MEMBER' 20: 'GROUP MEMBER' |
firstName | Yes | Person's first name. |
lastName | Yes | All surnames. |
gender | Yes | 1 (M) - 2 (F). |
documentType | Mandatory if holder | Document type code. table: accepts IDENT for ID and PASOR for everything else. |
documentNumber | Mandatory if holder | Document number. |
documentIssuePlace | Mandatory if holder | Country in stati table format. |
citizenship | Yes | Country in stati table format. |
birthDate | Yes | Person's date of birth. Format dd-MM-yyyy . |
birthCountry | Yes | Country in stati table format. |
birthProvince | Holder if birth country is Italy Group if state is Italy |
Province abbreviation. |
birthCity | Holder if birth country is Italy Group if state is Italy |
Country in table format. comuni |