With this information we wish to inform you about how we process the personal data of users (hereinafter "Personal Data") who consult the website www.osservatoreromano.va (hereinafter "Portal").
Below you will find information on how we collect, use and transfer the User's Personal Data (hereinafter "User"), or all that information that can be used to identify or contact the User.
1. DATA CONTROLLER
The Data Controller is the Dicastery for Communication / Vatican Printing Press – L’Osservatore Romano (hereinafter referred to as "DPC/OR"), Dicastero per la Comunicazione (hereinafter "DPC/OR") - Via della Conciliazione 5, 00120 - Vatican City, e-mail: firstname.lastname@example.org.
2. PERSONAL DATA SUBJECT OF THE PROCESSING
The Personal Data being processed will consist of data suitable for making the User identified or identifiable. In particular, the Personal Data processed through the Portal are as follows:
a. Navigation data
During their normal operation, the IT systems and software procedures used to operate the Portal acquire some Personal Data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers used by the User who connect to the Portal, the addresses in URI (Uniform Resource Identifier)notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the User's IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Portal and to check its correct functioning, to identify anomalies and / or abuses. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the Portal or third parties.
b. Data for interaction with social media
The Portal contains direct links to social media to the official DPC/OR pages on Twitter and Facebook via social buttons. If the User uses this interaction function with social media, the use of the same involves the processing of Personal Data according to the information and policies specific to these social media, which the User is required to view before accessing and for which the DPC/OR has no responsibility.
In addition, the Portal allows the sharing of some content via social media (WhatsApp, Twitter, Facebook) always through the aforementioned social buttons placed near the content to be shared. Also in this case, the same indications as above are considered applicable and the User is required to consult the privacy policies of said social media for the processing of personal data by them.
c. Data voluntarily provided by the User
In the use of particular services (i.e. newsletter), the User may be required to provide additional Personal Data, such as name, surname, email that the User will voluntarily provide if he wishes to use these services.
Also in order to support the DPC/OR by donations via its Portal page: https://donatio.catholica.va/donatio/OR/start.page, User will need to supply Personal Data that will be treated by third parties guaranteeing high security standards and full respect for person’s rights. DPC/OR does not keep and treat such User’s Personal Data.
3. LEGITIMACY OF THE PROCESSING OF YOUR PERSONAL DATA
The information we collect mostly comes directly from the User: it was voluntarily provided to us or was necessary for the provision of our services.
The provision of Personal Data, which is used exclusively for the purposes listed in point 2. c., Is optional.
4. PURPOSE AND METHOD OF TREATMENT
The processing of the User's Personal Data, with specific consent, where necessary, has the following purposes:
a. allow navigation and consultation of the Portal and its contents;
b. allow the provision of the requested services (i.e. newsletter);
c. ensure the conservation, security and custody of data;
d. fulfill legal obligations;
e. guarantee security and prevent fraudulent conduct.
DPC/OR will not process the information provided by the User for purposes other than those explicitly indicated above.
Furthermore, the DPC/OR will not make automated decisions based on the information provided.
All Personal Data collected are processed with automated and manual tools for the time strictly necessary to achieve only the purposes indicated above and in order to guarantee their integrity, confidentiality and security.
5. RECIPIENTS OF THE DATA
Personal Data may be communicated by the DPC/OR to other public and private subjects only by virtue of the law, regulation and / or related order of the Judicial Authority.
The Personal Data collected are processed by specifically authorized personnel (employees of the DPC/OR or third parties in charge of the maintenance and development services of the systems used for the computerized management of Personal Data as well as third parties who manage the management of network traffic) exclusively for purposes related to the exercise of their functions. They act on the basis of specific instructions provided regarding the purposes and methods of the processing itself in compliance with the confidentiality and security of the Personal Data themselves and in relation to the services to which they are assigned.
Some of the User's Personal Data may be shared and / or transferred, again for the processing purposes referred to in the previous point 4. with recipients who are outside the Vatican City State. In any case, the DPC/OR will put in place all the appropriate precautions and rules of conduct useful for preserving the integrity and confidentiality of the data according to the applicable regulations.
6. COOKIES AND OTHER TRACKING SYSTEMS
The DPC/OR uses its own session technical cookies (non-persistent) strictly limited to what is necessary for safe and efficient navigation of the Portal. The DPC/OR also uses third-party cookies for data analysis.
7. STORAGE, SECURITY AND DATA CUSTODY
The DPC/OR keeps the collected Personal Data, accurately, completely and updated, as long as these are necessary for the provision of the services to which the Personal Data are linked.
Specifically, for what regards the newsletter, Personal Data are kept strictly only for the period of subscription duration
Browsing data only will be kept for a period of 12 months for ascertaining responsibility in case of hypothetical computer crimes against the Portal or third parties in the event of a request by the competent Police Authorities.
We can assure you that all the necessary steps have been taken to guarantee the security of the Personal Data to the User once they have been collected, through the use of computer systems with limited access and the use of protected storage solutions according to the standards of security provided for the security measures indicated by best practices.
The DPC/OR adopts specific security measures to prevent data loss, illicit or incorrect use and unauthorized access.
8. INTERESTED PARTIES RIGHTS
Users to whom the Personal Data refer, in their capacity as interested parties, can at any time exercise:
- the right of access or to have a copy of the Personal Data, allowing you to know the type of User Personal Data processed by the DPC and the characteristics of the treatment that is performed;
- the right to request the correction of Personal Data in the event of omissions or errors;
- cancellation or limitation of treatment;
- the right to object to the processing.
The interested party also has the right to withdraw / revoke his consent at any time, without however affecting the lawfulness of the treatment based on the consent given before the revocation / withdrawal.
9. METHOD OF EXERCISE OF THE RIGHTS OF THE INTERESTED PARTY AND DELETION OF OPTIONAL SERVICES
For the exercise of the rights, referred to in point 8, the interested party may contact the DPC by sending an email to email@example.com with the subject "PERSONAL DATA".
Should the User have subscribed to the newsletter, he may at any time revoke his consent clicking on link “Unsubscribe Newsletter” found at bottom of received information and Personal Data will be cancelled.
If this policy is subject to acceptance in case of whatsoever modification (including newsletter subscription), it will be subject to new acceptance by the User.