PERSONAL DATA PROCESSING - PRIVACY POLICY
With this information we wish to inform you about how we process the personal data of users (hereinafter "Personal Data") who consult the website https://photo.vaticanmedia.va (hereinafter "Portal").
Below you will find information on how we collect, use and transfer the User's Personal Data (hereinafter "User"), or all that information that can be used to identify or contact the User.
1. DATA CONTROLLER
The Data Controller is the Dicastery for Communication (hereinafter "DPC"), - Via della Conciliazione 5, 00120 - Vatican City, e-mail: spc@spc.va.
2. PERSONAL DATA SUBJECT OF THE PROCESSING
The Personal Data being processed will consist of data suitable for making the User identified or identifiable. In particular, the Personal Data processed through the Portal are as follows:
a. Navigation data
During their normal operation, the IT systems and software procedures used to operate the Portal acquire some Personal Data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers used by the User who connect to the Portal, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the User's IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Portal and to check its correct functioning, to identify anomalies and / or abuses. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the Portal or third parties.
b. Data voluntarily provided by the User
For ordering the products (hereinafter the "Products") available on the Portal, either by registering on the Portal (by selecting "Login" - "Don't have an account yet? Create one here now") or by not registering for it (by selecting "Order without register "), it is necessary to process some Personal Data of the User in order to be able to process the request, such as his name and surname, email address and shipping address.
By registering on the Portal, in addition to the above data, a password must be provided. The password chosen by the User to access the Portal must be kept by the same with the utmost care and under his sole responsibility, and can only be used personally and in any way disclosed to third parties. The DPC cannot be in any way responsible for the loss and / or disclosure of the same. To this end, the User undertakes to log in and log out correctly and carefully, to immediately notify the DPC of any unauthorized use of their account, as well as any other breach of the security rules of which they become aware.
The password can be changed at any time by the User by entering the email address used for registration in the area called "Log in to your account" by clicking on the link "Forgot your password". The User will then be asked to enter the email address used for registration to receive a temporary link to reset password. From this link, visible via email, the User can proceed to create a new password to access the Portal.
By registering on the Portal, after authentication by entering the email address and password, the User will also have access to a reserved area where a series of information regarding their account will be available (by selecting "Your account"), such as Personal data relating to name and surname, e-mail and password ("Information" section), shipping addresses ("addresses" section), information relating to orders placed ("history and order details" section), any credits issued to the User after the cancellation of an order ("credit notes" section) and vouchers ("vouchers" section). It will also be possible for the User to access their Personal Data at any time ("Access to my data") and make requests for modification and cancellation of all or part of the information and / or Personal Data ("Rectification & Erasure requests" ).
If the User in relation to an order makes a payment in the options in the Terms of Use, in particular for what concerns the payment by bank / postal transfer, the DPC will process the Personal Data provided by the User in the payment certificates only for the purpose of fulfilling the order itself and will in no way have visibility of the processing of Personal Data carried out by third-party intermediaries to whom payment will be delegated.
It should be noted that, in the event that the User makes payment by credit card or prepaid card, he must access the epay service available on the website https://idp.catholica.va. The service manager will ask the User to provide some Personal Data for the purpose of correct identification and to be able to process the related payment. The DPC will not be aware of the aforementioned Personal Data and therefore will not carry out any processing of the same.
Every detail relating to the methods of placing an order for the Products and use of the Contents on the Portal is governed by the Terms of Use.
Finally, in order to send a message to Customer Service or the Webmaster from the "Contact Us" section, the DPC will ask the User to provide their e-mail address so that their request can be answered.
The provision of Personal Data is optional. Refusal to provide Personal Data makes it impossible to obtain all or part of the requested services.
3. LEGITIMACY OF THE PROCESSING OF YOUR PERSONAL DATA
The information we collect mostly comes directly from the User: it was voluntarily provided to us or was necessary for the provision of our services.
The provision of Personal Data, which is used exclusively for the purposes listed in point 2. b., Is optional.
4. PURPOSE AND METHOD OF TREATMENT
The processing of the User's Personal Data, with specific consent, where necessary, has the following purposes:
a. allow navigation and consultation of the Portal and its contents;
b. allow the provision of the requested services (i.e. orders, etc.);
c. ensure the conservation, security and custody of data;
d. fulfill legal obligations;
e. guarantee security and prevent fraudulent conduct.
DPC will not process the information provided by the User for purposes other than those explicitly indicated above.
Furthermore, the DPC will not make automated decisions based on the information provided.
All Personal Data collected are processed with automated and manual tools for the time strictly necessary to achieve only the purposes indicated above and in order to guarantee their integrity, confidentiality and security.
5. RECIPIENTS OF THE DATA
Personal Data may be communicated by the DPC to other public and private subjects only by virtue of the law, regulation and / or related order of the Judicial Authority.
The Personal Data collected are processed by specifically authorized personnel (employees of the DPC or third parties in charge of the maintenance and development services of the systems used for the computerized management of Personal Data as well as third parties who manage the management of network traffic) exclusively for purposes related to the exercise of their functions. They act on the basis of specific instructions provided regarding the purposes and methods of the processing itself in compliance with the confidentiality and security of the Personal Data themselves and in relation to the services to which they are assigned.
Some of the User's Personal Data may be shared and / or transferred, again for the processing purposes referred to in the previous point 4. with recipients who are outside the Vatican City State. In any case, the DPC will put in place all the appropriate precautions and rules of conduct useful for preserving the integrity and confidentiality of the data according to the applicable regulations.
6. COOKIES AND OTHER TRACKING SYSTEMS
The DPC uses its own session technical cookies (non-persistent) strictly limited to what is necessary for safe and efficient navigation of the Portal. The DPC also uses third-party cookies for data analysis.
For detailed information on the type of cookies used, you can consult our specific Cookie Policy information page.
7. STORAGE, SECURITY AND DATA CUSTODY
The DPC keeps the collected Personal Data, accurately, completely and updated, as long as these are necessary for the provision of the services to which the Personal Data are linked.
At the end of this period, the User can register again by entering the requested Personal Data and accepting the relevant policy on the processing of Personal Data.
Browsing data only will be kept for a period of 12 months for ascertaining responsibility in case of hypothetical computer crimes against the Portal or third parties in the event of a request by the competent Police Authorities.
It is understood that the Personal Data provided by the User to order the Products, if they are used to carry out billing operations, will be kept for the time required by the applicable regulations in force.
DPC assures that all the necessary steps have been taken to guarantee the security of the Personal Data to the User once they have been collected, through the use of computer systems with limited access and the use of protected storage solutions according to the standards of security provided for the security measures indicated by best practices.
The DPC adopts specific security measures to prevent data loss, illicit or incorrect use and unauthorized access.
8. INTERESTED PARTIES RIGHTS
Users to whom the Personal Data refer, in their capacity as interested parties, can at any time exercise:
- the right of access or to have a copy of the Personal Data, allowing you to know the type of User Personal Data processed by the DPC and the characteristics of the treatment that is performed;
- the right to request the correction of Personal Data in the event of omissions or errors;
- cancellation or limitation of treatment;
- the right to object to the processing.
The interested party also has the right to withdraw / revoke his consent at any time, without however affecting the lawfulness of the treatment based on the consent given before the revocation / withdrawal.
9. METHOD OF EXERCISE OF THE RIGHTS OF THE INTERESTED PARTY AND DELETION OF OPTIONAL SERVICES
For the exercise of the rights, referred to in point 8, the interested party may contact the DPC by sending a request on section “Contact us” or by email to policies@spc.va.
10. CHANGES
This privacy policy will automatically accept the regulatory changes that may intervene on the matter. The DPC reserves the right to modify this Privacy Policy to update its content; it is the User's responsibility to periodically check for any changes.
If this policy is subject to acceptance, in case of whatsoever modification it will be subject to new acceptance by the User.
Browsing the Portal implies acceptance of this Privacy Policy.