Privacy & Cookies Policy

This Privacy Policy is effective as from May 25th 2018. The Privacy Policy may be changed at any time. Such changes shall be published and amended to this document.

This policy is compliant with the General Data Protection Regulation (the “GDPR”), (Regulation (EU) 2016/679). It is also compliant with the General Decree on the Protection of Data hereinafter referred to as the “Church Internal Rules”.

1. Introduction

This Privacy Policy governs the manner in which the Communications Office of the Secretariat for Catholic Education of Malta (“we”, “the Controller”), collects, uses, maintains and discloses information collected from users (each, a “User”) of the www.csm.edu.mt website (“Site”). This privacy policy applies to the Site and all products and services offered by the Secretariat for Catholic Education of Malta. This policy is based on the following data protection principles:

i. personal data must be processed fairly and lawfully;

ii. personal data must always be processed after consent has been obtained;

iii. personal data must only be collected for specific, explicitly stated and legitimate purposes;

iv. personal data must not be processed for any purpose that is incompatible with that for which the information is collected;

v. personal data that is processed must be adequate and relevant in relation to the purpose of the processing;

vi. no more personal data must be processed than is necessary having regard to the purposes of the processing;

vii. personal data that is processed must be correct and, if necessary, up to date;

viii. all reasonable measures must be taken to complete, correct, block, or erase data to the extent that such data is incomplete or incorrect, having regard to the purposes for which they are processed;

ix. personal data must not be kept for a period longer than is necessary, having regard to the purposes for which they are processed;

x. personal data must be protected against accidental destruction or loss or unlawful form of processing;

xi. personal data must not be transferred to third countries that do not offer adequate level of protection.

2. Definitions

“You” – The user of the Website.

“Personal Data” means information that specifically identifies an individual or that is linked to information that identifies a specific individual.

“Visitor” means an individual other than a User, who uses the public area, but has no access to the restricted areas of the Site or Service.

3. Information we collect

Personally Identifiable Information

We may collect Personally Identifiable Information (PII) from Users in a variety of ways, including, but not limited to, when Users visit our site, register on the site, place an order, subscribe to the newsletter, respond to a survey, fill out a form, and in connection with other activities, services, features or resources we make available on our Site. Users may be asked for, as appropriate, name, email address, mailing address, phone number, credit card information. Users may, however, visit our Site anonymously. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Site related activities.

Non-Personally Identifiable Information

We may collect non-personally identifiable information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.

Web Browser Cookies

Our Site may use “cookies” to enhance User experience. Cookies are small pieces of data that the site transfers to the user’s computer hard drive when the user visits the website. We do not collect information from the user’s computer through cookies. They will typically store information in the form of a session identification that does not personally identify the user. If you do not want ‘cookies’ to be used please adjust your browser settings to disable them.

Click here to learn more.

4. How we use your information

The Secretariat for Catholic Education may collect and use Users personal information for the following purposes:

To improve customer service: Information you provide helps us respond to your customer service requests and support needs more efficiently.

To personalize user experience: We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site.

To improve our Site: We may use feedback you provide to improve our products and services.

To process payments: We may use the information Users provide about themselves when placing an order only to provide service to that order. We do not share this information with outside parties except to the extent necessary to provide the service.

To run a promotion, contest, survey or other Site feature: To send Users information they agreed to receive about topics we think will be of interest to them.

To send periodic emails: We may use the email address to respond to their inquiries, questions, and/or other requests. If User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, related product or service information, etc. If at any time the User would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email or User may contact us via our Site.

Any other purpose directly related to our work and for which you have provided consent (where it is reasonably required by law).

5. Sharing your information

We only use your personal and sensitive information for the reason we collect it as set out above and for the purpose(s) for which it was collected, or as otherwise permitted by law. We will not disclose the above information that we collect to affiliates or third parties without prior informing you, or without your consent where applicable. We may disclose information to third parties in the following circumstances:

any entities or other institutions of the Archdiocese of Malta, trusted third parties which assist us in our daily operations or administer activities on our behalf, including (but not limited to) IT support staff, designers, and web developers;

any contractors or other advisers auditing any of our processes or who have the need to access such information for the purpose of advising us;

any law enforcement body which may have any reasonable requirement to access your Personal Information; and

any regulatory body or authorised entity which may have any reasonable requirement to access your Personal Information.

6. Data subject rights

The Policy adopts the same data subject rights in line with the Church Internal Rules. These include the following:

i. the right to be informed;

ii. the right of access;

iii. the right to rectification;

iv. the right to erasure;

v. the right to restrict processing;

vi. the right to data portability;

vii. the right to object;

viii. the right not to be subject to automated decision-making including profiling;

ix. the right to complain to a supervisory authority; and

x. the right to withdraw consent.

Should you wish to exercise any such rights you may contact us as set forth in the “Contact us” section. We will acknowledge your request within seventy-two (72) hours and handle it promptly. We will respond to these requests within a month, with a possibility to extend this period for particularly complex requests in accordance with Applicable Law.

In accordance with Applicable Law, we reserve the right to withhold personal data if disclosing it would adversely affect the rights and freedoms of others. If a request is refused the individual will be informed of the reason for refusal and of his right to lodge a complaint with the supervisory authority. Moreover, we reserve the right to charge a fee for complying with such requests if they are deemed manifestly unfounded or excessive.

7. Data Protection Officer (DPO)

The Church Internal Rules provide for the appointment of a DPO whose functions include monitoring internal compliance and co-operating with the Supervisory Authority, with regards to, amongst others, security matters, official complaints and notification/communication of data breaches. The DPO is not the controller or the processor who is required to ensure and to be able to demonstrate that the processing is performed in accordance with the Regulation. In this regard, any questions regarding this document, as well as any requests for the exercise of data subject rights, should be directed to the respective DPC.

Data Protection Officer
Archbishop’s Curia,
St Calcedonius Square
Floriana, Malta
[email protected]

Data Protection Coordinator
Secretartiat for Catholic Education 16,
The Mall
Floriana, Malta
——————-

8. Security

We take appropriate security measures to protect your data against loss, misuse and unauthorized access, alteration, disclosure, or destruction of your information. Our IT systems are password protected and comply with applicable security standards. Only authorised personnel are permitted to access these details.

It is our policy to:

destroy personal information once there is no longer a legal or business need for us to retain it;

use data networks protected, inter alia, by industry standard firewall and password protection; and

deploy, operate and maintain up-to-date effective anti-virus software on all computer systems that are liable to attack from malicious software.

To review our Information Technology Systems Policy, E-mail and Internet Acceptable Use Policy, and E-mail Etiquette policy, please visit our website on:

https://www.csm.edu.mt/it-services

9. Confidentiality of data

The Secretariat for Catholic Education mandates that personal data is handled with the appropriate care in order to protect it from unauthorised access or disclosure. All present and past staff members, other non-Church staff, consultants and third party service providers insofar as they come into contact with personal data through their dealings with the Secretariat for Catholic Education are bound by the Secretariat’s Data Protection Policies and Code of Ethics.

10. International data transfers

When the Secretariat for Catholic Education intends to transfer personal data to a third country, it will do so only subject to the provisions of the Secretariat Internal Rules. We will take all necessary steps to ensure that your privacy rights continue to be protected, as outlined in this privacy policy and in accordance with data protection laws.

11. Links to other websites

Our website may contain links to third party websites, and third party websites may also have links to our website. Our privacy policy does not apply to external links or other websites and we are not responsible for the practices employed by websites linked to or from our Site. The operators of other websites may collect your personal information. We encourage you to read the privacy policies of any website you link to from our website.

12. Data retention

The Secretariat for Catholic Education shall not keep personal data for a period of time longer than is necessary, having regard to the purposes for which it is processed. We will retain and use information as necessary to comply with our legal obligations, resolve disputes, protect your vital interests or the vital interests of another natural person and enforce our agreements as follows:

Correspondence – We will keep your information for as long as it takes to settle your enquiry, and for a further period of time in line with statutory obligations, after which point your data will be erased.

Mailing list – We will keep your information which you used to sign up for the Archdiocese’s newsletter for as long as you remain subscribed or once the service is no longer operating, whichever occurs first.

Order information – We will keep your information used to place an order for our goods (photos) and/or services, for a minimum period of six years following the end of the financial year in which you placed your order, in line with our statutory obligation to retain records for tax purposes under the VAT Act, Chapter 406 of the Laws of Malta.

In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria:

  • what the purpose(s) was for which your information was collected in the first place;
  • whether there are any statutory obligations, obliging us to continue to process your information;
  • whether we have a legal basis in place to continue to process your information, including but not limited to consent;
  • what the value attached to your information is;
  • whether there are any industry practices stipulating how long information should be retained;
  • the risk, cost and liability attached to such retention; and
  • any other relevant circumstances.

13. Changes to this policy

Please note that the Secretariat for Catholic Education has the discretion to update this privacy policy at any time. When we do, we will revise the updated date at the bottom of this page. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.

When data processing requires consent, if the changes to data processing are likely to impact the validity of previous consent attained, or the changes are not in line with existing expectations, we will advise you of the choices you may have as a result of those changes.

14. Your acceptance of these terms

By using this Site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.

15. Minors and children’s privacy

Protecting the privacy of minors is especially important. We will not knowingly collect, use or disclose Personal Data from a minor under the age of 16, without obtaining prior consent from a person with parental responsibility (e.g., a parent or guardian) through direct off-line contact. We will provide the parent with (i) notice of the specific types of personal data being collected from the minor, and (ii) the opportunity to object to any further collection, use, or storage of such information. If you have any question regarding this topic, please contact us as indicated in the “Contacting us” section below.

16. Contacting us

If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us at:

Secretartiat for Catholic Education 16, The Mall Floriana FRN 1472

[email protected]

This document was last updated on May 23rd 2018.