2. Definitions “You” - The user of the Website. “Personal Data” means information that specifically identifies an individual or that is linked to information that identifies a specific individual. “Visitor” means an individual other than a User, who uses the public area, but has no access to the restricted areas of the Site or Service.
3. Information we collect: Personally Identifiable Information We may collect Personally Identifiable Information (PII) from Users in a variety of ways, including, but not limited to, when Users visit our site, register on the site, place an order, subscribe to the newsletter, respond to a survey, fill out a form, and in connection with other activities, services, features or resources we make available on our Site. Users may be appropriately asked for, name, email address, mailing address, phone number, credit card information. Users may, however, visit our Site anonymously. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Site-related activities.
Non-Personally Identifiable Information We may collect non-personally identifiable information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.
Web Browser Cookies Our Site may use “cookies” to enhance User experience. Cookies are small pieces of data that the site transfers to the user’s computer hard drive when the user visits the website. We do not collect information from the user’s computer through cookies. They will typically store information in the form of a session identification that does not personally identify the user. If you do not want ‘cookies’ to be used please adjust your browser settings to disable them. Click here to learn more.
4. How we use your information: We may collect and use Users personal information for the following purposes: To improve customer service: Information you provide helps us respond to your service requests and support needs more efficiently. To personalize user experience: We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site. To improve our Site: We may use feedback you provide to improve our services. To process payments: We may use the information Users provide about themselves when placing an order only to provide service to that order. We do not share this information with outside parties except to the extent necessary to provide the service. To run a promotion, contest, survey or other Site feature: To send Users information they agreed to receive about topics we think will be of interest to them. To send periodic emails: We may use the email address to respond to their inquiries, questions, and/or other requests. If User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, related product or service information, etc. If at any time the User would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email or User may contact us via our Site. Any other purpose directly related to our work and for which you have provided consent (where it is reasonably required by law).
5. Sharing your information We only use your personal and sensitive information for the reason we collect it as set out above and for the purpose(s) for which it was collected, or as otherwise permitted by law. We will not disclose the above information that we collect to affiliates or third parties without prior informing you, or without your consent where applicable. We may disclose information to third parties in the following circumstances: any entities or other institutions of the our Congregation, trusted third parties which assist us in our daily operations or administer activities on our behalf, including (but not limited to) IT support staff, designer, and web developers; any contractors or other advisers auditing any of our processes or who have the need to access such information for the purpose of advising us; any law enforcement body which may have any reasonable requirement to access your Personal Information; and any regulatory body or authorised entity which may have any reasonable requirement to access your Personal Information.
6. Data subject rights The Policy adopts the same data subject rights in line with the our Internal Rules. These include the following: i. the right to be informed; ii. the right of access; iii. the right to rectification; iv. the right to erasure; v. the right to restrict processing; vi. the right to data portability; vii. the right to object; viii. the right not to be subject to automated decision-making including profiling; ix. the right to complain to a supervisory authority; and x. the right to withdraw consent.
Should you wish to exercise any such rights you may contact us as set forth in the “Contact us” section. We will acknowledge your request within seventy-two (72) hours and handle it promptly. We will respond to these requests within a month, with a possibility to extend this period for particularly complex requests in accordance with Applicable Law.
In accordance with Applicable Law, we reserve the right to withhold personal data if disclosing it would adversely affect the rights and freedoms of others. If a request is refused the individual will be informed of the reason for refusal and of his right to lodge a complaint with the supervisory authority. Moreover, we reserve the right to charge a fee for complying with such requests if they are deemed manifestly unfounded or excessive.
7. Data Protection Officer (DPO) The Congregation's Internal Rules provide for the appointment of a DPO whose functions include monitoring internal compliance and co-operating with the Supervisory Authority, with regards to, amongst others, security matters, official complaints and notification/communication of data breaches. The DPO is not the controller or the processor who is required to ensure and to be able to demonstrate that the processing is performed in accordance with the Regulation. In this regard, any questions regarding this document, as well as any requests for the exercise of data subject rights, should be directed to the respective DPC.
8. Security We take appropriate security measures to protect your data against loss, misuse and unauthorized access, alteration, disclosure, or destruction of your information. Our IT systems are password protected and comply with applicable security standards. Only authorised personnel are permitted to access these details. It is our policy to:
destroy personal information once there is no longer a legal or business-related need for us to retain it;
use data networks protected, inter alia, by industry standard firewall and password protection; and
deploy, operate and maintain up-to-date effective anti-virus software on all computer systems that are liable to attack from malicious software.
9. Confidentiality of data The Congregation's Internal Rules mandate that personal data is treated with full confidentiality and handled with the appropriate care in order to protect it from unauthorised access or disclosure, in compliance to the General Data Protection Regulation (GDPR).
11. Data retention The Congregation shall not keep personal data for a period of time longer than is necessary, having regard to the purposes for which it is processed. We will retain and use information as necessary to comply with our legal obligations, resolve disputes, protect your vital interests or the vital interests of another natural person and enforce our agreements as follows:
Correspondence – We will keep your information for as long as it takes to settle your enquiry, and for a further period of time in line with statutory obligations, after which point your data will be erased.
Mailing list – We will keep your information which you used to sign up for the Archdiocese’s newsletter for as long as you remain subscribed or once the service is no longer operating, whichever occurs first.
In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria:
what the purpose(s) was for which your information was collected in the first place;
whether there are any statutory obligations, obliging us to continue to process your information;
whether we have a legal basis in place to continue to process your information, including but not limited to consent;
what the value attached to your information is;
whether there are any industry practices stipulating how long information should be retained;
the risk, cost and liability attached to such retention; and
any other relevant circumstances
13. Your acceptance of these terms By using this Site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.
14. Minors and children’s privacy Protecting the privacy of minors is especially important. We will not knowingly collect, use or disclose Personal Data from a minor under the age of 16, without obtaining prior consent from a person with parental responsibility (e.g., a parent or guardian) through direct off-line contact. We will provide the parent with (i) notice of the specific types of personal data being collected from the minor, and (ii) the opportunity to object to any further collection, use, or storage of such information. If you have any question regarding this topic, please contact us as indicated in the “Contact us” section below.