logo_new

    PRIVACY NOTICE ON THE PROCESSING OF PERSONAL DATA (Arts. 13-14 EU Reg. 2016/679)

     

    The Santuario di Santa Filomena, P.zza Umberto I – 83027 Mugnano del C.le (AV)  (hereinafter the “Controller”), as data controller, informs you, pursuant to Art. 13 of EU Regulation no. 2016/679 (GDPR), that your data will be processed in the following ways and for the following purposes:

     

    1. Subject of the Processing

    The Controller processes personal and identifying data (e.g. first name, last name, company name, address, telephone, e-mail, bank and payment details) provided by you when entering into contracts for the Controller’s services (e-commerce).

     

    Special Categories of Data: Pursuant to Art. 9 GDPR, the Controller may process data revealing religious beliefs, inferable from the type of sacred items purchased or from prayer requests/intentions linked to the order. Such data are processed solely for the performance of the sales contract or on explicit consent.

     

    2. Purposes of Processing and Legal Basis

    Your personal data are processed without your express consent (Art. 6(1)(b) and (e) GDPR), for the following Service Purposes:

    ·       To enter into contracts for the Controller’s products/services;

    ·       To fulfil pre-contractual, contractual and tax obligations arising from relationships with you;

    ·       To fulfil obligations provided by law, regulations, EU rules or an order of the Authority;

    ·       To exercise the Controller’s rights, e.g. the right of defence in court.

    Only with your specific and separate consent (Art. 7 GDPR), for the following Marketing Purposes:

    ·       To send you by e-mail, mail and/or SMS and/or phone contacts, newsletters, commercial communications and/or advertising material on products or services offered by the Sanctuary and to measure satisfaction with service quality.

     

    3. Processing Methods

    The processing of your personal data is carried out by means of the operations indicated in Art. 4 no. 2) GDPR, namely: collection, recording, organisation, storage, consultation, processing, alteration, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of data. Your personal data are processed both on paper and electronically and/or by automated means.

     

    4. Data Retention

    The Controller will process personal data for the time necessary to fulfil the purposes above and in any case:

    ·       For no longer than 10 years from termination of the relationship for Service Purposes (civil and tax obligations).

    ·       For no longer than 24 months from data collection for Marketing Purposes.

     

    5. Access to Data and Disclosure

    Your data may be made accessible for the purposes referred to in Art. 2:

    ·       To employees and collaborators of the Controller, in their capacity as authorised persons and/or internal processing managers;

    ·       To third-party companies or other subjects (credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, express couriers, etc.) that carry out outsourced activities on behalf of the Controller, in their capacity as external processors.

    Without the need for express consent (Art. 6(1)(b) and (c) GDPR), the Controller may disclose your data for the purposes referred to in Art. 2.A) to supervisory bodies, judicial authorities, as well as to those subjects to whom disclosure is mandatory by law for the performance of said purposes.

     

    6. Transfer of data to non-EU countries

    Your personal data are stored on servers located within the European Union. It is in any case understood that the Controller, should it be necessary for technical-operational needs (e.g. use of cloud services, international e-commerce platforms or payment gateways based in the USA), will be entitled to transfer data to countries outside the European Union or the European Economic Area (EEA).

    In such case, the Controller hereby ensures that the transfer will take place in compliance with applicable legal provisions and according to the following alternative safeguards:

    • Adequacy Decisions: To countries that ensure an adequate level of protection approved by the European Commission (Art. 45 GDPR);
    • Standard Contractual Clauses (SCC): By signing with non-EU suppliers the contract templates approved by the European Commission that ensure rights and safeguards similar to the European ones (Art. 46 GDPR);
    • Data Privacy Framework (DPF): In the case of transfers to the United States, the Controller will verify that the supplier is certified in the “EU-U.S. Data Privacy Framework” list, thus ensuring a recognised security standard.

    The data subject may request at any time information on the third-party recipients of the data and a copy of the safeguards adopted by writing to the Controller’s email address.

     

    7. Data Subject’s Rights

    In your capacity as data subject, you have the rights under Art. 15 GDPR and specifically the rights to:

    1.     Obtain confirmation as to whether or not personal data concerning you exist;

    2.     Obtain an indication of the origin, purposes, processing methods and the logic applied;

    3.     Obtain updating, rectification or integration of the data;

    4.     Obtain erasure (right to be forgotten) or restriction of processing;

    5.     Object to processing;

    6.     Right to data portability;

    7.     Lodge a complaint with the Data Protection Authority.

     

    8. How to exercise rights

    To exercise the rights referred to in point 7, the data subject may contact the Santuario di Santa Filomena by sending a registered letter with return receipt to: Santuario di Santa Filomena, P.zza Umberto I - 83027 Mugnano del Cardinale (AV) or an e-mail with the subject “PERSONAL DATA” to: segreteria@santuariosantafilomena.it

    The request, whatever form is used, must be accompanied by the data subject’s first and last name, a photocopy of an identity document and an indication of the right you wish to exercise.

    Please note that we may refuse to act on requests that we deem frivolous, harmful to others’ privacy, or contrary to a lawful use of data where this is aimed at ensuring the safety of people, environments or property.

     

    9. Controller, Processor and Authorised Persons

    The Data Controller is the Santuario di Santa Filomena - Mugnano del Cardinale (AV) Italy, in the person of its pro tempore Legal Representative. The updated list of processors and authorised persons is kept at the Controller’s registered office.