This policy is compliant with the General Data Protection Regulation (the “GDPR”), (Regulation (EU) 2016/679). It is also compliant with the General Decree on the Protection of Data hereinafter referred to as the “Church Internal Rules”.
i. personal data must be processed fairly and lawfully;
ii. personal data must always be processed after consent has been obtained;
iii. personal data must only be collected for specific, explicitly stated and legitimate purposes;
iv. personal data must not be processed for any purpose that is incompatible with that for which the information is collected;
v. personal data that is processed must be adequate and relevant in relation to the purpose of the processing;
vi. no more personal data must be processed than is necessary having regard to the purposes of the processing;
vii. personal data that is processed must be correct and, if necessary, up to date;
viii. all reasonable measures must be taken to complete, correct, block, or erase data to the extent that such data is incomplete or incorrect, having regard to the purposes for which they are processed;
ix. personal data must not be kept for a period longer than is necessary, having regard to the purposes for which they are processed;
x. personal data must be protected against accidental destruction or loss or unlawful form of processing;
xi. personal data must not be transferred to third countries that do not offer adequate level of protection.
“You” – The user of the Website.
“Personal Data” means information that specifically identifies an individual or that is linked to information that identifies a specific individual.
“Visitor” means an individual other than a User, who uses the public area, but has no access to the restricted areas of the Site or Service.
3. Information we collect
Personally Identifiable Information
We may collect Personally Identifiable Information (PII) from Users in a variety of ways, including, but not limited to, when Users visit our site, register on the site, place an order, subscribe to the newsletter, respond to a survey, fill out a form, and in connection with other activities, services, features or resources we make available on our Site. Users may be asked for, as appropriate, name, email address, mailing address, phone number, credit card information. Users may, however, visit our Site anonymously. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Site related activities.
Non-Personally Identifiable Information
We may collect non-personally identifiable information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.
Web Browser Cookies
Our Site may use “cookies” to enhance User experience. Cookies are small pieces of data that the site transfers to the user’s computer hard drive when the user visits the website. We do not collect information from the user’s computer through cookies. They will typically store information in the form of a session identification that does not personally identify the user. If you do not want ‘cookies’ to be used please adjust your browser settings to disable them.
4. How we use your information
The Communications Office may collect and use Users personal information for the following purposes:
To improve customer service: Information you provide helps us respond to your customer service requests and support needs more efficiently.
To personalize user experience: We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site.
To improve our Site: We may use feedback you provide to improve our products and services.
To process payments: We may use the information Users provide about themselves when placing an order only to provide service to that order. We do not share this information with outside parties except to the extent necessary to provide the service.
To run a promotion, contest, survey or other Site feature: To send Users information they agreed to receive about topics we think will be of interest to them.
To send periodic emails: We may use the email address to respond to their inquiries, questions, and/or other requests. If User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, related product or service information, etc. If at any time the User would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email or User may contact us via our Site.
Any other purpose directly related to our work and for which you have provided consent (where it is reasonably required by law).
5. Sharing your information
We only use your personal and sensitive information for the reason we collect it as set out above and for the purpose(s) for which it was collected, or as otherwise permitted by law. We will not disclose the above information that we collect to affiliates or third parties without prior informing you, or without your consent where applicable. We may disclose information to third parties in the following circumstances:
any entities or other institutions of the Archdiocese of Malta, trusted third parties which assist us in our daily operations or administer activities on our behalf, including (but not limited to) IT support staff, designers, and web developers;
any contractors or other advisers auditing any of our processes or who have the need to access such information for the purpose of advising us;
any law enforcement body which may have any reasonable requirement to access your Personal Information; and
any regulatory body or authorised entity which may have any reasonable requirement to access your Personal Information.
6. Data subject rights
The Policy adopts the same data subject rights in line with the Church Internal Rules. These include the following:
i. the right to be informed;
ii. the right of access;
iii. the right to rectification;
iv. the right to erasure;
v. the right to restrict processing;
vi. the right to data portability;
vii. the right to object;
viii. the right not to be subject to automated decision-making including profiling;
ix. the right to complain to a supervisory authority; and
x. the right to withdraw consent.
Should you wish to exercise any such rights you may contact us as set forth in the “Contacting us” section. We will acknowledge your request within seventy-two (72) hours and handle it promptly. We will respond to these requests within a month, with a possibility to extend this period for particularly complex requests in accordance with Applicable Law.
In accordance with Applicable Law, we reserve the right to withhold personal data if disclosing it would adversely affect the rights and freedoms of others. If a request is refused the individual will be informed of the reason for refusal and of his right to lodge a complaint with the supervisory authority. Moreover, we reserve the right to charge a fee for complying with such requests if they are deemed manifestly unfounded or excessive.
7. Data Protection Officer (DPO)
The Church Internal Rules provide for the appointment of a DPO whose functions include monitoring internal compliance and co-operating with the Supervisory Authority, with regards to, amongst others, security matters, official complaints and notification/communication of data breaches. The DPO is not the controller or the processor who is required to ensure and to be able to demonstrate that the processing is performed in accordance with the Regulation. In this regard, any questions regarding this document, as well as any requests for the exercise of data subject rights, should be directed to the respective DPC.
Data Protection Officer
St Calcedonius Square
Data Protection Coordinator
St Calcedonius Square
We take appropriate security measures to protect your data against loss, misuse and unauthorized access, alteration, disclosure, or destruction of your information. Our IT systems are password protected and comply with applicable security standards. Only authorised personnel are permitted to access these details.
It is our policy to:
destroy personal information once there is no longer a legal or business need for us to retain it;
use data networks protected, inter alia, by industry standard firewall and password protection; and
deploy, operate and maintain up-to-date effective anti-virus software on all computer systems that are liable to attack from malicious software.
To review our Information Technology Systems Policy, E-mail and Internet Acceptable Use Policy, and E-mail Etiquette policy, please visit our website on:
9. Confidentiality of data
The Archdiocese mandates that personal data is handled with the appropriate care in order to protect it from unauthorised access or disclosure. All present and past staff members, other non-Church staff, consultants and third party service providers insofar as they come into contact with personal data through their dealings with the Church are bound by the Archdiocese’s Data Protection Policies and Code of Ethics.
10. International data transfers
11. Links to other websites
12. Data retention
The Archdiocese shall not keep personal data for a period of time longer than is necessary, having regard to the purposes for which it is processed. We will retain and use information as necessary to comply with our legal obligations, resolve disputes, protect your vital interests or the vital interests of another natural person and enforce our agreements as follows:
Correspondence – We will keep your information for as long as it takes to settle your enquiry, and for a further period of time in line with statutory obligations, after which point your data will be erased.
Mailing list – We will keep your information which you used to sign up for the Archdiocese’s newsletter for as long as you remain subscribed or once the service is no longer operating, whichever occurs first.
Order information – We will keep your information used to place an order for our goods (photos) and/or services, for a minimum period of six years following the end of the financial year in which you placed your order, in line with our statutory obligation to retain records for tax purposes under the VAT Act, Chapter 406 of the Laws of Malta.
In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria:
what the purpose(s) was for which your information was collected in the first place;
whether there are any statutory obligations, obliging us to continue to process your information;
whether we have a legal basis in place to continue to process your information, including but not limited to consent;
what the value attached to your information is;
whether there are any industry practices stipulating how long information should be retained;
the risk, cost and liability attached to such retention; and
any other relevant circumstances.
13. Changes to this policy
When data processing requires consent, if the changes to data processing are likely to impact the validity of previous consent attained, or the changes are not in line with existing expectations, we will advise you of the choices you may have as a result of those changes.
14. Your acceptance of these terms
By using this Site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.
15. Minors and children’s privacy
Protecting the privacy of minors is especially important. We will not knowingly collect, use or disclose Personal Data from a minor under the age of 16, without obtaining prior consent from a person with parental responsibility (e.g., a parent or guardian) through direct off-line contact. We will provide the parent with (i) notice of the specific types of personal data being collected from the minor, and (ii) the opportunity to object to any further collection, use, or storage of such information. If you have any question regarding this topic, please contact us as indicated in the “Contacting us” section below.
16. Contacting us
The Archdiocese of Malta Communications Office
Archbishop’s Curia, St Calcedonius Square, Floriana, Malta
This document was last updated on May 23rd 2018.