The Data Controller collects and processes your personal data when you browse or use the online services at www.dehoniani.org.
By personal data we mean any information that can be used to identify you as an individual.
We have always protected your personal data and we make every effort to handle it with care, keep it secure and meet the requirements of the new European Union Regulation 2016/679 (hereinafter “GDPR”).
The purpose of this policy consists in providing you with a clear and detailed explanation of how, when and why we collect and process your data. It is designed to illustrate our data protection policy in a simple and transparent way, and to explain how you can effectively exercise your rights.
Therefore, we encourage you to regularly check and review this policy, so that you are always aware of what information we collect, how we use it and with whom we share it.
TABLE OF CONTENTS
- Who is the Controller of my data?
- When do you collect my data?
- What data will you process?
- For what additional purposes can you use my data?
- With whom will you share my data?
- How will you process my data?
- Is my data processed outside Europe?
- How long will you keep my data?
- What are my rights and how can I protect my privacy?
- Can I lodge a complaint?
- How can I contact the Data Controller?
1. Who is the Controller of my data?
This website’s Controller of users’ personal data is:
Priests of the Sacred Heart
Via del Casale san Pio V, 20
00165 Rome, Italy
The Data Controller decides how and for what purposes your personal data is processed and you may contact the Controller by using the contact details you will find in section “How can I contact the Data Controller?”.
2. When do you collect my data?
The Data Controller will collect the information provided directly by you:
- when you browse the website;
- when you access your personal page on the website;
- when you access services or request the newsletter service;
- when you send us questions or suggestions and use the dedicated sections to do so;
- when you make donations via the website.
3. What data will you process?
When you browse, use services or make purchases on the Controller’s website, the following types of data may be processed:
a) Browsing data
Some personal data whose reporting is implicit when you browse the website, including but not limited to data traffic, and which concern your location, weblog and other communications data inherent to the resources you access through your device, are acquired by the IT systems that allow the website to function properly. Although this information is not collected for the purpose of associating it with identified data subjects, it could allow users to be identified — by nature of this information and through processing and association with data held by third parties. For example, data include the IP addresses or the domain names of the computers used by users who browse the website, the unique addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server and other parameters relating to the operating system and the browser used.
This personal data is processed to allow you to browse the website correctly. Sometimes, the Controller may decide to process data in an anonymous and aggregate form with first party tools, in order to prevent cyber attacks and/or to obtain statistics on user behaviour on the website to improve its services. In this case, the Data Controller will always process personal data in an anonymous and aggregate manner, and will refrain from combining the information obtained with other personal data relating to the user the Controller has at its disposal. You may always request your personal data to be deleted by contacting the Data Controller at the addresses indicated below in Section 11.
Purpose (i): allow you to browse the website and prevent cyber attacks and, possibly, (ii) obtain statistics on user behaviour on the website, based on aggregated and anonymized data.
Lawfulness of processing: for the purpose referred to in point (i), the legitimate interest of the Data Controller in the proper functioning of the website and in browsing security, duly balanced with the rights of the data subject (Article 6, Paragraph 1, Point f, GDPR); for the purpose referred to in point (ii), the legitimate interest of the Data Controller in optimising the performance of the website and improving the services provided through the website, balanced with the rights of the data subject (Article 6, Paragraph 1, Point f, GDPR).
b) Data voluntarily provided by the user (Information request via e-mail)
You may contact us by using the details provided, by clicking on the mailto links on the website to request information or assistance; this entails the subsequent collection of the data you have shared with us (i.e. your e-mail address and the information given in your communication) and, obviously, this means you authorise us to send you replies, if any, using the contact details you provided at the time of the request. In addition, you may always contact us by sending us an e-mail to the addresses provided on the website: in this case too, we will only need to know your e-mail address in order to reply to you.
Purpose: provide you with adequate support in relation to your needs or requests.
Lawfulness of processing: provision of the service you have requested (Article 6, Paragraph 1, Point b, GDPR)
The Data Controller’s newsletter is sent via e-mail to those who explicitly request it by filling out the specific form on the website, and by authorising the Controller to process their personal data for the above-mentioned purpose.
Consent: The service is provided only after the user has given explicit and specific consent (by checking the appropriate box), and the provision of data is required only for the purpose of receiving the newsletter. Refusal to consent will make it impossible to obtain the service, without further consequences.
With a separate expression of consent, the user may decide to let the Data Controller know if and when he or she reads the newsletter and if he or she uses links to the website. The data thus collected may be used to send personalized content. In this regard, please also note that most e-mail providers allow you to block the display of images for each individual e-mail received. If you do not wish to provide the Data Controller with read receipts concerning communications, you can block them.
Methods: The data collected will be processed using IT tools, including partially automated ones.
The newsletter service is provided through first-party functions integrated into the website.
Unsubscribing: to stop receiving the newsletter, simply click on the unsubscribe link at the end of each e-mail, or send a request to this effect to the e-mail address email@example.com.
Unsubscribe requests are handled in a partially automated manner, so that newsletters may continue to be sent for a period of time following unsubscribing, up to a maximum of 72 hours after unsubscribing, if sending them has been planned before the unsubscribe request was received.
Purpose: (i) send the Data Controller’s newsletter and, subject to the expression of a separate consent, (ii) send personalized communications.
Lawfulness of processing: the user’s consent (Article 6, Paragraph 1, Point a, GDPR), freely given and revocable at any time by sending a communication to the Data Controller, at the addresses indicated in Section 11 below or by selecting the unsubscribe link at the bottom of each communication.
e) Data voluntarily provided by the user (donations)
Users may choose to provide their personal data to receive a reminder to make a donation. To this end, the users’ identification data, their contact details and the characteristics of the donation they wish to make are necessary.
The information thus collected may be used by the Data Controller to send the reminder. Moreover, in the event of a subsequent donation, such data may also be used to contact the donor again, in order to ascertain the validity and effectiveness of the donation or to fulfil legal obligations, including accounting, taxation and fiscal ones.
Purpose: (i) send a reminder to the user to make the donation and, in the event that the donation is made, to contact the user again (ii) to allow the proper performance of a contract or (iii) to comply with legal obligations.
Lawfulness of processing: for the purpose referred to in point (i), the provision of the service you have requested (Article 6, Paragraph 1, Point b, GDPR); for the purpose referred to in point (ii), the performance of the contract related to the donation (Article 6, Paragraph 1, Point b, GDPR); for the purpose referred to in point (iii), compliance with legal obligations (Article 6, Paragraph 1, Point c, GDPR).
(f) Data provided voluntarily by the user (access to personal account)
Administrator users and editors of the website can access the restricted area. For this purpose, the e-mail address or username and password of their user profiles are collected. The password is generated automatically by the WordPress platform and is not known to the Data Controller.
By accessing the restricted area, it is possible to manage the content published online and, more generally, to use the website’s functionalities.
Purpose: allow administrator and editor users to use the functionalities and services of the restricted area.
Lawfulness of processing: provision of the service you have requested (Article. 6, Paragraph 1, Point b, GDPR)
g) Social media plugins
On the website, you will find some buttons that redirect the user to the Data Controller’s social network profiles. After clicking these buttons, some cookies may be activated for marketing and profiling purposes by the third parties that manage the social networks. The website’s owner does not directly manage these tools, but informs you of the possibility that, by using the website’s functionalities, they may be activated. For further information, including how to disable these cookies, we invite you to read social networks’ policies on personal data processing.
4. For what additional purposes can you use my data?
Finally, your personal data may also be used for the following purposes:
- Comply with legal obligations and requests from public and governmental authorities;
- Manage any disputes or litigations and thus defend the rights of the Data Controller, both in and out of court.
In such cases, the lawfulness of processing will be:
- Compliance with a legal obligation in the case of point 1 (Article 6, Paragraph 1, Point c, GDPR);
- legitimate interest of the Data Controller in the protection of its rights, appropriately balanced with the rights of the data subject, in the case of point 2 (Article 6, Paragraph 1, Point f, GDPR).
5. With whom will you share my data?
Therefore, access to your personal data will be expressly authorised by the Data Controller, who, should it prove necessary, pursuant to Articles 28 and 29 of the GDPR, may appoint as Data Processors the parties it relies on to provide the services and to carry out the activities falling within its responsibilities.
In this regard, it should be specified that:
- Google Ireland Limited (Registered Number: 368047), Gordon House, Barrow Street Dublin 4, Ireland, provides Google Maps and Youtube services.
We also wish to remind you that the list of authorised parties and Data Processors is available at the registered office of the Data Controller or else, you can request it by using the contact details provided in section “How can I contact the Data Controller?”.
6. How will you process my data?
Your personal data will also be processed by resorting to electronic means for the time strictly necessary to achieve the purposes for which it was collected.
The Data Controller will adopt the technical and organisational measures necessary to prevent the loss, unlawful or incorrect use of the data, as well as to prevent any form of unauthorised access by third parties.
Therefore, the Data Controller will guarantee the security of your personal data by limiting the number of parties who will be allowed to access the servers or databases, and by setting up protection systems aimed at averting the risk of cyber attacks.
7. Is my data processed outside Europe?
The data processed by the Controller will be stored in servers located within the Italian territory.
In these cases, personal data is also stored in servers located in the United States, but always in compliance with the provisions of Articles 45 et seq. of the GDPR. Therefore, all necessary precautionary measures will be taken to ensure the highest protection of personal data by basing such transfer on: a) adequacy decisions adopted by the European Commission concerning the destination or third countries; b) adequate guarantees provided by the recipient third party pursuant to Article 46 of the Regulation; c) the adoption of corporate binding rules.
These requirements are always met by the Data Controller’s service providers.
8. How long will you keep my data?
The Data Controller will process your personal data for as long as is reasonably necessary to achieve only the purposes set out in the previous sections. At the end of the retention period, your personal data will be deleted or made irreversibly anonymous and aggregated.
Browsing data is processed for the time necessary to allow the website to function properly. Should the said personal data be used for statistical purposes, it will be stored in the database for two months, after which it will be automatically deleted.
Data on donations made voluntarily by users will be stored in the website’s database for two months and, in any case, within the time limit set out by law.
Data relating to users’ newsletter reading behaviour, if collected, will be stored for three months.
9. What are my rights and how can I protect my privacy?
In relation to your personal data and in accordance with the GDPR, the Controller informs you that you have the right to request:
- access to your data;
- the amendment and correction of any error in our databases relating to your data;
- the deletion of your data if they are held in the absence of the legal prerequisites;
- limitation to the processing of your data;
- opposition to the processing of your data;
- data portability.
Templates and more information are also available here:
YOUR RIGHT – HOW CAN YOU EXERCISE IT?
The following section explains in detail how to exercise your rights:
- Ask for confirmation about any processing concerning your personal data;
- Obtain a copy of your data;
- Ask for additional information about your personal data that is not already included in this policy
You may request the rectification of inaccurate or incomplete personal data.
Before rectifying them, we will check the accuracy of the data in our files.
Deletion/Right to be forgotten
You can request the deletion of your personal data, but only if:
- Your personal data is no longer necessary in relation to the purposes for which it was collected;
- You have withdrawn your previously given consent (where processing is based on consent);
- The personal data has been unlawfully processed;
- Is necessary to comply with a legal obligation to which the Data Controller is subject (in relation to an order from an Authority).
You can ask us to restrict the use of your personal data, but only in the event that:
- Its accuracy has already been questioned;
- It is no longer necessary for the purposes for which it was collected, but there is a legal challenge to its use;
Following your request for limitation, the use of your personal data is nevertheless permitted if:
- Your consent is still valid;
- It is necessary to take or respond to legal action;
- It is necessary to protect the rights of another natural or legal person involved in the processing.
You can request a copy of your personal data in a structured, readable and commonly used format.
You can object at any time to the processing of your personal data when:
- the basis of lawfulness of processing is the legitimate interest of the Data Controller;
- the personal data is processed for direct marketing purposes including profiling insofar as it is related to such direct marketing.
When you object:
- to processing for direct marketing purposes, your personal data will no longer be processed for such purposes;
- in the case of a legitimate interest of the Data Controller, processing may only continue provided the Controller demonstrates compelling legitimate grounds for processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
It is also possible to exercise the right to object by automated means using technical specifications, such as those made available on the website, on the personal page, and in e-mails (link to cancellation).
The Data Controller shall ensure that any requests concerning your rights will be answered within thirty days of receipt.
If you believe that the processing carried out by the Data Controller is unlawful or involves a clear infringement of GDPR provisions, you have the right to lodge a complaint with the relevant supervisory authorities (in Italy, the Garante per la protezione dei dati personali). Further details are available in the following section.
10. Can I lodge a complaint?
You have the right to lodge a complaint with the Garante per la protezione dei dati personali if you believe that the processing carried out by the Data Controller infringes European Regulation no. 2016/679 and national legislation.
In Italy, the competent authority is the Garante per la protezione dei dati personali, whose contact details are available at http://www.garanteprivacy.it/.
More information and the sample document to be used for the complaint are available here:
In addition, if the conditions set out in Articles 78 and 79 of the GDPR are met, you have the right to an effective judicial remedy, to be brought before the competent judicial authority.
11. How can I contact the Data Controller?
You can contact the Data Controller at the following addresses: