Data Controller identity and contact information
The Data Controller is Diocesi di Gibilterra, with registered office at Via Mariano Stabile 118/b, 90139 Palermo, Italy.
Data Protection Officer (“DPO”) contact information
You may contact us via the contact form.
Which data we process
Why we process your personal data and how
With your consent the Provider may process your ordinary personal data to allow the use of Website services and functions and optimise its functioning, to run statistical analysis on the visits, to manage requests and reports received through the Website, to register to any reserved areas or initiatives. Also, with your optional consent, ordinary personal data may also be used to send institutional communications (newsletters included) or perform promotional activities (marketing). Finally, your general and/or sensitive data may be processed by the Provider to defend its rights in trials. Personal data is processed using both automatic and non-automatic tools according to the very purpose of the processing and, in any case, with methods and procedures that guarantee the safety and confidentiality of the data.
Compulsory and optional processing
The forms to be filled in on this Website contain data that is essential to handle your communications and requests - marked with a [*] - which, if not entered, will prevent your requests from being processed, as well as optional data, which is not essential to process the request by the person concerned. Failing to enter this data will have no consequences.
Links to other websites
How we store data and for how long
In compliance with the provisions set out by Article 5.1.(c) of the Regulation, the way the IT systems and programs used by the Provider are set up allows to minimise the use of personal and identification data; this data is processed only to the extent necessary to achieve the purposes specified in this Policy; the data will be stored for as long as necessary to fulfill the purposes that are actually pursued and, in any case, the criteria used to determine the storage duration comply with the terms allowed for by the applicable laws and the principles of data minimisation, storage limitation and rational records management. In order to determine the right retention period for the personal data stored by the Website upon your consent, the controller also considers the following criteria: the specific purposes described in the policy for which the website stores the personal data; the type of current relationship with you (how frequently you log in to your account; if you submit requests using the contact form; if you continue to receive newsletters or commercial communications; how regularly you browse the website, etc.); any specific request to erase your data or consent withdrawal by you; the data controller’s legitimate business interest.
How we guarantee safety and the quality of personal data
The Provider commits to protect the safety of your personal data and complies with the applicable safety provisions to prevent data loss, unlawful or illegal use of and any unauthorised access to the data, with special but not exclusive reference to Articles 25-32 of the Regulation. The Provider uses multiple advanced safety technologies and procedures to protect the personal data of users; for example, personal data is stored in safe servers located in places with access control and protection measures in place. You can help the Provider update and keep your personal data correct by communicating any change to your address, qualification, contact information, etc.
Who can access data
Personal data will only be made available to those who may need it because of their tasks or positions held in the Provider and any related or affiliated entities of the Provider. These subjects, whose number will be as low as possible, will be trained appropriately in order to prevent losses, destruction, unauthorised access to or unauthorised use of the data. About the transfer of data to a third Country, including Countries that may not guarantee the same level of protection set out by the applicable regulations, the Controller informs that the processing will still occur in compliance with one of the methods allowed for by the Regulation, such as the user’s consent, the adoption of Standard Clauses approved by the European Commission, the selection of subjects which have joined international frameworks for the free movement of data (e.g. EU-USA Privacy Shield) or operate in Countries the European Commission considers safe.
Rights of users
The users to whom the data refers have the right to obtain the confirmation as to whether their personal data exist or not and to know its content and the source, check that it is correct or ask for it to be integrated or updated, or rectified, erased or restricted, or to oppose against its processing, to lodge a complaint with a supervisory authority pursuant to Article 15 of the Regulation. Additionally, pursuant to Articles 7, 15, 16, 17,18, 19, 20, 21, 22 and 77 of the same Regulation, each user has the right to ask for information about the collection and use of their personal data, to access it, rectify it, erase it (right to be forgotten), restricted processing, the notification obligation regarding rectification or erasure of personal data or restriction of processing, data portability, the anonymous transformation or the block of data processed against the law, as well as the right, in the cases set out by the law, to oppose to its processing, to lodge complaints regarding the collection and processing of personal data with the competent Supervisory Authority, to withdraw the consent to the processing of personal data at any times, without prejudice to the legitimate processing performed until then based on the consent withdrawn. If you have any requests about personal data processing by the Provider, to exercise the rights recognised by the applicable regulations, as well as to know about the updated list of subjects who can access the data, you can contact the Controller and/or the DPO using the contact details above.