- REFERENCE STANDARDS
- REGULATION (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR).
- GENERAL DECREE OF THE SPANISH EPISCOPAL CONFERENCE ON THE PROTECTION OF DATA OF THE CATHOLIC CHURCH IN SPAIN, approved by the CXI Plenary Assembly of the Spanish Episcopal Conference of 16 to 20 April 2018, in force since 25 May 2018 and published in the Official Bulletin of the Spanish Episcopal Conference and on its official website, in accordance with canons 455 §§ 2 – 3 and 8 § 2 CIC and article 15 of the Statutes of the Spanish Episcopal Conference (General Decree).
- Spanish state regulations on the protection of personal data and information society services: Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights, and Law 34/2002, of 11 July, on information society services and electronic commerce.
2. PROTECTION OF PERSONAL DATA
Below, we provide you with further information on the processing of personal data that you share with the Convent of the Purísima Concepción of Monforte de Lemos.
Who is the controller of the processing of your personal data?
The Diocese of Lugo, with Tax Identification Number (CIF) R-2700002-E, located at Plaza Santa María, 1, 27001, Lugo, with contact telephone number (34) 982 231 143 and email address of its Data Protection Officer dpo@diocesisdelugo.org, is the controller of the processing of those personal data collected or generated as a consequence of users' access, use, and browsing of the Website and the control of said Website.
Why does the protection of your personal data matter to us?
The Diocese of Lugo takes this opportunity to greet you and thank you for your interest in the services offered by the same. For the Diocese of Lugo, the privacy of the personal data of its Users and other interested parties in its services is fundamental. Therefore, our commitment is to exercise the greatest possible diligence in the protection of personal data and the security of the information provided, to contribute to improving as much as possible the attention given to our Users.
Likewise, it is vital to offer the highest quality services that endorse the trust placed in us by our Users. Therefore, to achieve a greater degree of satisfaction and trust, the Diocese of Lugo has implemented a personal data protection management system that guarantees compliance with current legislation in this area, always seeking continuous improvement.
The categories of data processed are:
- Identification data
- Postal or electronic addresses
- Any other data provided by users for the provision of the requested service.
For what purpose will the personal data you provide us through the website be processed?
The processing of personal data collected or generated as a consequence of users' access, use, and browsing of the website will have the purpose of enabling browsing and managing requests for information, content, or services expressly requested by users or processed with their consent.
In addition to the foregoing purpose, and to the extent that its lawful pursuit requires or permits it, additional processing may be carried out — following the provision of specific information to users — aimed at:
- Executing contracts to which users are parties and, where applicable, at their request, applying the corresponding pre-contractual measures.
- Complying with legal obligations of the Diocese of Lugo.
- Protecting the vital interests of users or other natural persons.
- Carrying out the functions proper to the Catholic Church or the canonical powers entrusted to ecclesiastical authorities.
- Pursuing legitimate interests pursued by the Diocese of Lugo or by a third party (in particular, improving the Website, its management and security, conducting studies to analyze the relevance and use of said Website — including through anonymized information — and, where permitted by applicable law, informing users about news of the Diocese of Lugo through the sending of invitations, publications, and other initiatives) provided that such interests do not override the interests or fundamental rights and freedoms of users which require the protection of personal data, in particular when users are minors. The provisions of this last point shall not apply to processing carried out by ecclesiastical authorities in the exercise of their functions.
Processing for a purpose other than those mentioned above shall only be lawful if the GDPR, the General Decree, or any other state or ecclesiastical regulation allows or orders it, within the possibilities conferred by the legal system; if users have given their consent; if it is obvious that the processing reflects the interests of users and there is no reason to believe that they would withhold their consent, or that such assumption is incorrect; if the data are publicly accessible or the Diocese of Lugo could publish them in any case, unless the legitimate interest of users in avoiding the change of purpose clearly prevails; if processing is necessary to prevent a risk to security or other relevant public or ecclesiastical interests; if processing is necessary to prevent the commission of crimes or administrative offences, for their investigation, prosecution of those responsible, their prosecution or the execution of sentences; if processing is necessary to prevent a serious violation of the rights of a third party; if processing is necessary for the performance of the functions proper to the Catholic Church or the canonical powers entrusted to ecclesiastical authorities.
Personal data processed solely for monitoring, backup purposes, or to ensure the proper functioning of a processing system may only be used for such purposes.
How long will we keep your personal data?
The data will be kept as long as there are contractual obligations derived from the services or content requested by users and, subsequently, until the expiration of legal, contractual, or deontological responsibilities that require their retention (e.g., until the expiration of liability arising from data protection or cybersecurity regulations). In the event that data are processed for sending information about the Diocese of Lugo, the data may be kept only as long as the user does not object to receiving such information by any of the various free and simple means made available to them.
What is the basis that legitimises us to process your personal data?
The processing carried out by the Diocese of Lugo of your personal data is based on your express consent, by selecting the checkbox included in the contact form.
The legal basis for the processing of your personal data is the proper execution of the services provided by the Diocese of Lugo, consisting of the monitoring, control, and management of activities and events within the scope of its activity.
To which recipients will your data be communicated?
The Diocese of Lugo will not transfer the data of its owner to third parties without their express consent.
What are your rights when you provide us with your data?
Interested parties have the right to access their personal data, as well as to request the rectification of inaccurate or imprecise data, or, where appropriate, request their deletion when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
For reasons related to their particular situation, interested parties may request the restriction of the processing of their data, in which case we will only retain them for the exercise or defence of potential claims. Likewise, interested parties may object to the processing of their data, in which case the Diocese of Lugo will cease to process the information, unless necessary for legitimate reasons, or the exercise or defence against potential claims.
Interested parties may also request their right to the portability of their personal data in a structured, commonly used, and machine-readable format, and to transmit them to another controller without hindrance from the controller to whom they had been provided.
They may send their requests to the Diocese of Lugo, Plaza Santa María, 1, 27001, Lugo, or to the following contact email: dpo@diocesisdelugo.org, duly proving their identity by means of a photocopy of their ID card or Passport.
If you are not satisfied with the exercise of your rights, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD): https://sedeagpd.gob.es/sede-electronica-web/