• Privacy Policy

    PRIVACY POLICY AND PERSONAL DATA PROCESSING NOTICE

    With this notice we wish to inform you about the methods of processing the personal data of users (hereinafter “Personal Data”) who browse the website www.dce.va (hereinafter the “Website”).

    Below you will find information on how we collect, use and transfer the Personal Data of the user (hereinafter the “User”), namely all information that may be used to identify or contact the User.

    1. DATA CONTROLLER

    The Data Controller is the Dicastery for Culture and Education (hereinafter “DCE”) – Piazza Pio XII, 3 - 00120 Vatican City, email: info@dce.va

    2. PERSONAL DATA SUBJECT TO PROCESSING

    The Personal Data subject to processing shall consist of data capable of identifying or making the User identifiable. In particular, the Personal Data processed through the Portal are the following:

    a. Browsing Data

    The computer systems and software procedures used to operate the Portal acquire, during their normal operation, certain Personal Data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the computers used by the User connecting to the Portal, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response provided by the server (successful, error, etc.), and other parameters relating to the User’s operating system and IT environment.

    These data are used solely for the purpose of obtaining anonymous statistical information regarding the use of the Portal and to verify its proper functioning, as well as to identify anomalies and/or abuses. The data may also be used to ascertain liability in the event of hypothetical cybercrimes against the Portal or third parties.

    b. Data for Interaction with Social Media

    The Portal contains direct links to the social media platforms Twitter, Flickr and Facebook through Social Buttons. If the User uses such social media interaction functionality, the use of these platforms entails the processing of Personal Data in accordance with the notices and policies of the relevant social media platforms, which the User is required to consult before accessing them, and for which the DCE bears no responsibility.

    Furthermore, some videos available on the Portal are displayed directly through YouTube or Facebook. In such cases, these social media platforms track, through the Portal, the acquisition of Personal Data that are processed in relation to the User’s browsing activity, as further specified in the Cookie Policy.

    In addition, the Portal allows certain contents to be shared through social media platforms (WhatsApp, Twitter, Facebook) by means of the aforementioned Social Buttons placed near the content to be shared. In this case as well, the same indications set out above shall apply, and the User is required to consult the privacy policies of such social media platforms regarding their processing of personal data.

    c. Data Voluntarily Provided by the User

    When using particular services (e.g. newsletter), the User may be requested to provide additional Personal Data such as first name, surname and email address, which the User voluntarily provides should they wish to use such services.

    d. Data Related to Database Management

    In relation to “information provision” obligations arising from compliance with multilateral treaties signed by the Holy See, certain personal data useful for identifying ecclesiastical institutions and higher education faculties (specifically contact details and the names of persons holding governing positions) are made visible to the User on the website www.dce.va, following a search carried out by the User. Such data are managed and updated by the DCE.

    Please note that, through the DONATIONS section, the User may carry out financial transactions in favour of the DCE. For the processing of personal data carried out in the case of donations, reference should be made to the privacy policy of the payment service provider.

    3. LEGAL BASIS FOR THE PROCESSING OF THE USER’S PERSONAL DATA

    The information we collect mostly comes directly from the User: it has been voluntarily provided, is necessary for the provision of our services, or is required for compliance with legal obligations.

    The provision of Personal Data, used exclusively for the purposes listed under point 2.c., is optional.

    4. PURPOSES AND METHODS OF PROCESSING

    The processing of the User’s Personal Data, subject to specific consent where required, is carried out for the following purposes:

    a. to allow browsing and consultation of the Portal and its contents;

    b. to provide the requested services (e.g. newsletter);

    c. to ensure the preservation, security and safekeeping of data;

    d. to comply with legal and regulatory obligations;

    e. to ensure security and prevent fraudulent conduct.

    The DCE shall not process the information provided by the User for purposes other than those expressly indicated above.

    Furthermore, the DCE shall not make automated decisions based on the information provided.

    All collected Personal Data are processed through automated and manual tools for the time strictly necessary to achieve exclusively the purposes indicated above and in such a way as to guarantee their integrity, confidentiality and security.

    5. RECIPIENTS OF THE DATA

    Personal Data may be disclosed by the DCE to other public and private entities solely pursuant to legal provisions, regulations and/or orders issued by Judicial Authorities.

    The collected Personal Data are processed by expressly authorized personnel (employees of the DCE or third parties entrusted with maintenance and development services for the systems used for the computerized management of Personal Data, as well as third parties responsible for network traffic management) exclusively for purposes connected with the performance of their duties. They act on the basis of specific instructions provided regarding the purposes and methods of processing, in compliance with the confidentiality and security of the Personal Data and in relation to the services for which they are responsible.

    Some of the User’s Personal Data may be shared and/or transferred, always for the processing purposes referred to in point 4 above, with recipients located outside Vatican City State. In any case, the DCE shall adopt all appropriate safeguards and rules of conduct necessary to preserve the integrity and confidentiality of the data in accordance with applicable regulations.

    6. COOKIES AND OTHER TRACKING SYSTEMS

    The DCE uses its own session technical cookies (non-persistent) strictly limited to what is necessary for the secure and efficient browsing of the Portal. The DCE also uses third-party cookies for data analysis. Please refer to the relevant YouTube and Google terms of service pages for further information.

    For detailed information regarding the types of cookies used, please consult our dedicated Cookie Policy page.

    7. DATA RETENTION, SECURITY AND SAFEGUARDING

    The DCE stores the collected Personal Data accurately, completely and up to date, for as long as they are necessary for the provision of the services to which such Personal Data are related.

    Specifically, regarding the newsletter, personal data are retained for the duration of the subscription.

    Browsing data alone shall be retained for a period of 12 months for the purpose of ascertaining liability in the event of hypothetical cybercrimes against the Portal or third parties, where requested by the competent Police Authorities.

    We assure you that all necessary steps have been taken to guarantee the security of the User’s Personal Data once collected, through the use of restricted-access IT systems and protected storage solutions in accordance with security standards and best practices.

    The DCE adopts specific security measures to prevent data loss, unlawful or improper use, and unauthorized access.

    8. RIGHTS OF DATA SUBJECTS

    Users to whom the Personal Data refer, in their capacity as data subjects, may at any time exercise:

    • the right of access or to obtain a copy of the Personal Data, enabling them to know the type of Personal Data processed by the DCE and the characteristics of the processing carried out;
    • the right to request rectification of Personal Data in the event of omissions or errors;
    • the right to erasure or restriction of processing;
    • the right to object to processing.

    The data subject also has the right to withdraw/revoke consent at any time, without however affecting the lawfulness of processing based on consent given prior to such withdrawal/revocation.

    9. EXERCISE OF DATA SUBJECT RIGHTS AND UNSUBSCRIPTION FROM OPTIONAL SERVICES

    To exercise the rights referred to in point 8, the data subject may contact the DCE by sending an email to dataprotection@cultura.va with the subject line “PERSONAL DATA”.

    Should the User have subscribed to the newsletter service, they may at any time withdraw their consent by clicking on the “Newsletter Unsubscribe” link located at the bottom of the received communications, and the personal data will be deleted.

    10. AMENDMENTS

    This Privacy Policy shall automatically incorporate any regulatory changes that may occur in this field. The DCE reserves the right to amend this Privacy Policy in order to update its contents; it is the User’s responsibility to periodically verify any changes.

    Where this Policy is subject to acceptance (including in the case of subscription to the newsletter service), any amendments shall be submitted again for acceptance by the User.

    Browsing the website implies acceptance of this Privacy Policy.