Principle
The Information Technologies Department (DSI), in its capacity as data controller, uses and implements the following personal data processing in accordance with duties as set out in the regulatory provisions.
Processing of personal data by the Information Technologies Department involves the collection of user data, making it possible to identify users (e.g. surname, first name, business email address) or to make them identifiable (e.g. connection log).
In accordance with the duties entrusted to the Information Technologies Department (Sovereign Ordinance no. 7.996 of 12 March 2020 establishing the Information Technologies Department), the processing of personal data meets a legal obligation or the existence of a reason of public interest, such as:
- Ensuring that the Government’s information system remains operational and secure
- Providing operational management of the hardware and software infrastructure that makes up the Government’s information system, ensuring high availability of IT resources
- Supporting the design and architectural vision of the Government’s information systems within the Interministerial Delegation for Digital Transition
- Analysing and monitoring the deployment of the IT tools required to enable Government departments to function properly, working closely with the Digital Services Department and the Digital Platforms and Resources Department
- Establishing the rules and procedures for subcontracting and procurement of hardware, software and services that support the creation or operation of information systems and networks
- Managing and monitoring outsourced IT activities, while maintaining reversibility
- Providing government staff with modern working tools
- Ensuring data confidentiality at the operational level in compliance with current legislation on data classification and the protection of personal information
- Managing the Government’s IP telephony and Wi-Fi networks
- Managing directories and logical and physical access controls
- Providing an IT tools support centre for users
- Monitoring developments in technology
The use of personal data therefore always serves a purpose, referred to as a "purpose" ("finalité") in accordance with Monegasque legislation on the protection of personal data. The Information Technologies Department therefore uses personal data for the following purposes.
Exercise of data subjects rights
Pursuant to Articles 10 et seq. of the Act no. 1.565 of 3 December 2024 on the protection of personal data, every data subject whose personal data is used by the Information Technologies Department has:
- A right to access (Article 12)
- A right to rectification (Article 13)
- A right to limitation
- A right to object, in cases where the data processing is based on a reason of public interest or necessary to pursue a legitimate interest (Article 17)
It is specified that, where personal data are processed for scientific or historical research purposes or for statistical purposes, the data subject shall have the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out in the public interest by a legal person governed by private law entrusted with such a task, acting as a public service concessionaire, or in the exercise of official authority vested in the controller.
Data subjects can exercise their rights by submitting a request:
- To the Interministerial Delegation for Digital Transition (DITN) by post:
Délégation Interministérielle à la Transition du Numérique – Protection des données personnelles
2 rue du Gabian – Immeuble « Les Industries »
98000 Monaco - By completing the online form here
In accordance with the Act no.1.565 of 3 December 2024, a data subject who exercises their rights may be asked to provide proof of their identity by submitting a black and white copy of an identity document that includes a photograph. The copy of the identity document is destroyed once the request is processed.
Requested information is shared within one month of receipt of the request.
Data subjects may refer the matter to the Personal Data Protection Authority if they consider that the Government has not complied with its commitments regarding exercising rights.
Exchange business email management
In accordance with its duties entrusted to it by the Sovereign Ordinance no. 7.996 of 12 March 2020, the Information Technologies Department has created a messaging application to allow civil servants, public sector employees and service providers intervening on its behalf to communicate with the public in the framework of its duties.
The Information Technologies Department offers a tool with features that meet government requirements and ensure secure communication, information systems and networks in line with the State Information Systems Security Policy, the State Information Systems Charter and the State Information Systems Administrative Charter.
Such processing, for the purpose of “Exchange business email management”, is the remit of the Information Technologies Department and is necessary as per a legal obligation stipulated in the following texts:
- Sovereign Ordinance no. 7.996 of 12 March 2020 establishing the Information Technologies Department
- Ministerial Decree no. 2022-331 of 13 June 2022 on the application of Article 23 of the Act n° 1.435 of 8 November 2016 on combating technological crime, setting out the security measures of State Information Systems
- The State Information Systems Charter in annexe to the Ministerial Decree No. 2015-703 of 26 November 2015
- The State Information Systems Administrative Charter in annexe to the Ministerial Decree no. 2018-281 of 4 April 2018
The data collected for the above-mentioned processing is mandatory. Otherwise, the public will not be able to contact government departments or be contacted by them.
Government departments will not undertake to disclose this data to third parties except in cases provided for by law. The information is never shared for commercial or advertising purposes.
Categories of collected data | Retention period |
Identity | As long as the contact is active |
Contact details | |
Message | 60 days to archive all items in the inbox Permanent deletion of all messages after 30 days |
Temporal information | Twelve months |
Message-related information | Twelve months |
With the exception of time information generated by the system, the information originates, as the case may be, with the government department representative.
The following categories of persons are permitted access to this information:
- Administrative or judicial authorities, as third parties permitted in accordance with Act no. 1.565 of 3 December 2024 in the course of their legally conferred duties
- Any government department that contacts the person
- The Information Technologies Department, for the administration of the solution
Video surveillance of e-Embassy in Luxembourg
In accordance with its duties entrusted to it by the Sovereign Ordinance no. 7.996 of 12 March 2020, the Information Technologies Department has installed a video surveillance system to ensure the security of property, resources and people within Monaco’s e-Embassy in Luxembourg.
The Information Technologies Department offers a video surveillance system with features that meet government requirements and ensure secure communication, information systems and networks in line with the State Information Systems Security Policy, the State Information Systems Charter and the State Information Systems Administrative Charter.
Such processing, for the purpose of "Video surveillance of the e-Embassy in Luxembourg", is the remit of the Information Technologies Department and is necessary as per a legal obligation stipulated in the following texts:
- Sovereign Ordinance no. 7.996 of 12 March 2020 establishing the Information Technologies Department
- Ministerial Decree no. 2022-331 of 13 June 2022 on the application of Article 23 of the Act n° 1.435 of 8 November 2016 on combating technological crime, setting out the security measures of State Information Systems
- The State Information Systems Charter in annexe to the Ministerial Decree No. 2015-703 of 26 November 2015
- The State Information Systems Administrative Charter in annexe to the Ministerial Decree no. 2018-281 of 4 April 2018
The data collected as part of the processing described above is mandatory in nature. Individuals will not be able to enter the e-Embassy premises unless they provide it.
Government departments will not undertake to disclose this data to third parties except in cases provided for by law. The information is never shared for commercial or advertising purposes.
Only persons duly authorised as part of their duties are able to view and record the images.
Categories of collected data | Retention period |
Identity, Temporal information | Thirty days |
With the exception of temporal information generated by the system, the information originates from the video system.
The following categories of persons are permitted access to this information:
- Administrative or judicial authorities, as third parties permitted in accordance with Act no. 1.565 of 3 December 2024 in the course of their legally conferred duties
- The Police Department
- The Information Technologies Department, for the administration of the solution
- The service provider, who has access to images only where required to carry out work