INFORMATION NOTICE PURSUANT TO ART. 13 OF REGULATION (EU) 2016/679 CONCERNING THE PROCESSING OF PERSONAL DATA OF SITE USERS
Pursuant to art. 13 of the Regulation (EU) 2016/679 (hereafter, the “GDPR”), we hereby provide You with information concerning the processing of personal data relating to You carried out by the Casa Generalizia dell’Ordine dei Padri Carmelitani Scalzi (hereafter, the “Controller”) during navigation of the site www.carmelholylanddco.org (the “Site”).
- CATEGORIES OF PERSONAL DATA
The Controller will process the following personal Data which You provided:
- Personal details: name and surname;
- Contact information: e-mail address;
- Browsing data: IP address.
- PURPOSES AND LEGAL BASIS OF THE PROCESSING
Your Data will be processed for the following purposes:
- a) requirements related to the use of the Site (e.g. ensuring You access to the Site, browsing, use of online services made available on the Site, etc.);
- b) obligations related to the performance of a contract, pre-contractual measures and/or the provision of services;
- c) compliance with legal obligations under European and/or national regulations.
The legal basis for the processing is:
- For the purpose referred to in the lett. a) and b), the performance of the contract to which You are party or the implementation of pre-contractual measures;
- For the purpose referred to in the lett. c), fulfilling legal obligations.
The provision of Data for the purposes referred to in lett. a), b) and c) is not mandatory, but any refusal to provide Your Data will not allow the Controller to pursue the purposes indicated therein.
- MODALITIES OF PROCESSING
The Data provided through the Site are mainly processed with automated tools only for the purposes indicated above and for the time strictly necessary to pursue the purposes for which they were collected.
Specific security measures are observed to prevent, counteract and minimize the risks of destruction or loss, even accidental, of the Data, unauthorized access or processing that is not allowed or does not comply with the purpose of the collection.
This Site allows You to make interactions with social networks by viewing sponsored pages. The interactions and information acquired by the portal will in any case be subject to the user’s privacy and cookie settings related to each social network.
Even if the user does not use the interaction service on this web page, the service itself may acquire traffic data.
The Data acquired and the use of them by third-party services are regulated by the respective Privacy Policies to which You are asked to please refer.
Facebook Likes button and social widgets (Facebook, Inc.)
Cloudflare is a traffic optimization and distribution service provided by Cloudflare Inc.
Cloudflare’s integration modes require that it filters all the traffic of this Application, that is to say, the communications between this Application and the user’s browser, also allowing the collection of statistical data on it.
This type of service analyses the traffic of this Application, potentially containing Users’ Personal Data, in order to filter it from parts of traffic, messages and content recognized as SPAM.
Google reCAPTCHA is a SPAM protection service provided by Google Inc.
Widget Google Maps (Google Inc.)
Google Maps is a map viewing service operated by Google Inc. which allows this Application to integrate such content within its own pages.
Personal Data collected: Cookies and Usage Data.
Widget Video YouTube (Google Inc.)
YouTube is a video content viewing service run by Google Inc. which allows this Application to integrate such content within its own pages.
Personal Data collected: Cookies and Usage Data.
- RECIPIENTS OR CATEGORIES OF RECIPIENTS
The Data given to the Controller may be made accessible, brought to the attention of or communicated to the following subjects:
- employees and/or collaborators, in any capacity, of the Controller;
- public or private entities, both natural or legal entities, which the Controller uses to carry out activities functional to the pursuit of the above purposes or to which the Controller is required to disclose Your personal Data, under legal or contractual obligations.
Subjects belonging to the categories to which Data can be disclosed will process the Data and use them, as appropriate, in their capacity of Processors, specially appointed by the Controller under the law, or rather as Autonomous Controllers.
Personal Data will not be communicated to third parties and/or disclosed, unless there are investigative requests from Judicial Authorities or the Judicial Police.
- PERIOD OF PROCESSING AND RETENTION PERIOD
The Data collected by the Site during its operation will be stored for the time strictly necessary to carry out the above mentioned activities. At the expiration date they will be cancelled or rendered non-traceable, unless there are additional purposes for their storage.
- TRANSFER OF DATA TO THIRD COUNTRIES
Your Data may be transferred abroad (e.g. cloud-storage) in accordance with current legislation, even in extra-EU countries where the Controller may be pursuing his interests.
Transfer to extra-EU countries, in addition to cases where this is guaranteed by the European Commission’s Adequacy Decisions, is carried out in a way that provides appropriate and opportune guarantees according to articles 46 or 47 or 49 of the GDPR.
- DATA SUBJECT’S RIGHTS
We inform You that at any time, in relation to Your Data, You may have the rights set out within the limits and conditions of Articles 7 and 15-22 of the GDPR.
For the exercise of these rights, described below, please contact the Controller at the email address firstname.lastname@example.org; You will have a suitable reply without delay within 30 days.
In detail, as data subject, You will have the right to:
- withdraw the consent previously given, without prejudice to the lawfulness of the consent-based processing before withdrawal;
- ask the Controller for access, rectification or erasure (“Right to be forgotten“) or the limitation of the processing of personal Data affecting You or to object to their processing;
- obtain data portability;
- lodge a complaint with the Data Protection Authority.
- CONTROLLER, PROCESSORS AND DATA PROTECTION OFFICE
The Controller is the Casa Generalizia dell’Ordine dei Padri Carmelitani Scalzi, in the person of its Legal Representative pro tempore Father Paolo De Carli, with registered office in Corso d’Italia 38, CAP 00198 Rome (RM).
The up-to-date list of Processors is available at the Controller’s registered office and may be requested by sending a notice to the e-mail address: email@example.com.
The Data Protection Office can be contacted at the e-mail address: firstname.lastname@example.org.
Last updated: June 2020