With this information we wish to inform you about how we process the personal data of users (hereinafter "Personal Data") who consult the website www.laityfamilylife.va (hereinafter "Portal").
Below you will find information on how we collect, use and transfer the Personal Data of Users (hereinafter "User"), or all that information that can be used to identify or contact the User.
1. DATA CONTROLLER
The Data Controller is the Dicastery for Laity, Family and Life (hereinafter “DLFL”), Palazzo San Calisto (00120), Vatican City (Vatican City State), e-mail: firstname.lastname@example.org
2. PERSONAL DATA SUBJECT TO PROCESSING
The Personal Data being processed will consist of data suitable for making the User identified or identifiable. In particular, the Personal Data processed through the Portal are as follows:
a. Browsing data
When operating normally, computer systems and software procedures used to operate the Portal collect some Personal Data whose transmission is included in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the computers used by the User who connect to the Portal, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the User's operating system and IT network. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Portal and to ensure that it works properly, in order to identify anomalies and/or misuse. The data may be used to determine responsibility in case of hypothetical computer crimes against the Portal or third parties.
b. Data for interaction with social media
The Portal contains direct links to the official DLFL social media pages on Twitter, Instagram, Youtube, Flickr and Facebook via Social Buttons. If the User utilizes this feature of interaction with social media, the use of the same entails handling Personal Data in accordance with the notices and policies specific to such social media, which the User is required to read before accessing, and for which DLFL has no responsibility.
In addition, the Portal allows for sharing certain content through social media (WhatsApp, Twitter, Facebook) still through the aforementioned Social Buttons positioned near the content to be shared. The same instructions as above are intended to be applicable in this case as well, and the User is required to consult the privacy policies of said social media for the processing of the personal data they handle.
c. User Voluntary Data Sharing
When using particular services (e.g. newsletters), the User may be required to provide additional personal data such as first and last names and an email address that the User will voluntarily provide in the event that he/she wants to use such services.
3. LEGITIMACY IN PROCESSING USERS’ PERSONAL DATA
Most of the information collected comes directly from the User: it is either provided to us voluntarily or deemed necessary for providing our services.
Providing personal data, which is used exclusively for the purposes listed in 2. c., is optional.
4. PROCESSING PURPOSES AND METHODS
The processing of the User's personal data, given specific consent where necessary, has the following purposes:
a. authorize navigation and consultation of the Portal and its contents;
b. enable the delivery of requested services (e.g. newsletters);
c. ensure the storage, security and safekeeping of data
d. fulfill legal obligations;
e. guarantee security and prevent fraudulent conduct.
The DLFL will not process the information provided by the User for purposes other than those explicitly indicated above.
Furthermore, the DLFL will not make automated decisions based on the information provided.
All Personal Data collected are processed with automated and manual tools for the time strictly necessary solely to achieve the purposes indicated above and in order to guarantee their integrity, confidentiality and security.
5. RECIPIENTS OF THE DATA
Personal Data may be disclosed by the DLFL to other public and private entities solely by virtue of law, by regulation and/or by virtue of the relative order of the Judicial Authority.
The Personal Data collected are processed by specifically authorized personnel (employees of the DLFL or third parties in charge of the maintenance and development services of the systems used for the computerized management of Personal Data as well as third parties who handle the management of network traffic) exclusively for purposes related to the exercise of their duties. They act on the basis of specific instructions provided regarding the purposes and methods of the processing itself in compliance with the confidentiality and security of the Personal Data themselves and in relation to the services to which they are assigned.
Some of the User's Personal Data may be shared and/or transferred, again for the processing purposes referred to in the previous point 4. with recipients who are outside the Vatican City State. In any case, the DLFL will implement all the appropriate precautions and rules of conduct useful for preserving the integrity and confidentiality of the data according to the applicable regulations.
6. COOKIES AND OTHER TRACKING SYSTEMS
The DLFL uses its own (non-persistent) technical session cookies strictly limited to what is necessary for the safe and efficient navigation of the Portal. The DLFL also uses third-party cookies for data analysis.
7. STORAGE, SECURITY AND DATA CUSTODY
The DLFL maintains the Personal Data collected in an accurate, complete and up-to-date manner, for as long as necessary so as to provide the services to which the Personal Data are associated.
Specifically, with regard to the newsletter, Personal Data is kept for the duration of the newsletter subscription.
Only browsing data will be kept for a period of 12 months for the investigation of liability in case of any computer crimes against the Portal or third parties in the event of a request by competent Police Authorities.
We can assure you that all necessary steps have been taken to guarantee the User with the security of Personal Data once gathered, through the use of limited-access computer systems and the use of secure storage solutions in accordance with the security standards for security measures indicated by best practices.
The DLFL takes specific security measures to prevent the loss, illicit or incorrect use or unauthorized access of all data.
8. RIGHTS OF DATA SUBJECTS
In their capacity as data subjects, Users to whom the Personal Data refer, may at any time exercise:
- the right to access or obtain a copy of the Personal Data, thus allowing the User to know the type of Personal Data processed by DLFL and the characteristics of the processing that is carried out;
- the right to request correction of Personal Data in the event of omissions or errors;
- cancellation or restriction of processing;
- the right to object to the processing.
The data subject also has the right to withdraw/revoke his or her consent at any time, without, however, compromising the legitimacy of the processing based on consent given before the withdrawal/revocation.
9. WAYS OF EXERCISING THE RIGHTS OF THE DATA SUBJECT AND UNSUBSCRIBING FROM OPTIONAL SERVICES
To exercise the rights referred to in point 8, the Data Subject may write to the DLFL by sending an e-mail to email@example.com with "PERSONAL DATA" in the subject line.
If the User has subscribed to the newsletter, he or she may at any time withdraw his or her consent by clicking on the "Unsubscribe Newsletter" link located at the bottom of the information notices received and the personal data will be deleted.
In the case that this policy is accepted (including subscription to the newsletter service), in the event of any changes, it will be subject to new user consent.