Data Policy


This Data Policy is effective as from May 25th 2018. The Policy may be changed at any time. Such changes shall be published and amended to this document.

1. Introduction
This Privacy Policy governs the manner in which the Congregation of the Ursuline Sisters of St. Angela Merici (“we”, “the Controller”), collects, uses, maintains and discloses information collected from users (each, a “User”) of the www.ursulinesisters.org.mt website (“Site”). This privacy policy applies to the Site and is based on the following data protection principles:

i. personal data must be processed fairly and lawfully;
ii. personal data must always be processed after consent has been obtained;
iii. personal data must only be collected for specific, explicitly stated and legitimate purposes;
iv. personal data must not be processed for any purpose that is incompatible with that for which the information is collected;
v. personal data that is processed must be adequate and relevant in relation to the purpose of the processing;
vi. no more personal data must be processed than is necessary having regard to the purposes of the processing;
vii. personal data that is processed must be correct and, if necessary, up to date;
viii. all reasonable measures must be taken to complete, correct, block, or erase data to the extent that such data is incomplete or incorrect, having regard to the purposes for which they are processed;
ix. personal data must not be kept for a period longer than is necessary, having regard to the purposes for which they are processed;
x. personal data must be protected against accidental destruction or loss or unlawful form of processing;
xi. personal data must not be transferred to third countries that do not offer adequate level of protection.

2. Definitions
“You” - The user of the Website.
“Personal Data” means information that specifically identifies an individual or that is linked to information that identifies a specific individual.
“Visitor” means an individual other than a User, who uses the public area, but has no access to the restricted areas of the Site or Service.

3. Information we collect

Personally Identifiable Information
We may collect Personally Identifiable Information (PII) from Users in a variety of ways, including, but not limited to, when Users visit our site, subscribe to the newsletter, respond to a survey, fill out a form, and in connection with other activities, services, features or resources we make available on our Site. Users may be asked for, as appropriate, name, email address, mailing address and phone number. Users may, however, visit our Site anonymously. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Site related activities.

Non-Personally Identifiable Information
We may collect non-personally identifiable information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.

Web Browser Cookies
Our Site may use “cookies” to enhance User experience. Cookies are small pieces of data that the site transfers to the user’s computer hard drive when the user visits the website. We do not collect information from the user’s computer through cookies. They will typically store information in the form of a session identification that does not personally identify the user. If you do not want ‘cookies’ to be used please adjust your browser settings to disable them.
 Click here to access our Cookie Policy
 
4. How we use your information

The Congregation may collect and use Users personal information for the following purposes:
To improve our online service: Information you provide helps us respond to your service requests and support needs more efficiently.

To personalize user experience: We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site.
To improve our Site: We may use feedback you provide to improve our website.
To run a promotion, contest, survey or other Site feature: To send Users information they agreed to receive about topics we think will be of interest to them.
To send periodic emails: We may use the email address to respond to their inquiries, questions, and/or other requests. If User decides to opt-in to our mailing list, they will receive emails that may include  news, updates or service information, etc. If at any time the User would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email or User may contact us via our Site.
Any other purpose directly related to our work and for which you have provided consent (where it is reasonably required by law).

5. Sharing your information
We only use your personal and sensitive information for the reason we collect it as set out above and for the purpose(s) for which it was collected, or as otherwise permitted by law. We will not disclose the above information that we collect to affiliates or third parties without prior informing you, or without your consent where applicable. We may disclose information to third parties in the following circumstances:
  1. Any institutions of the Archdiocese of Malta, trusted third parties which assist us in our daily operations or administer activities on our behalf, including (but not limited to) IT support staff, designers, and web developers;
  2. any contractors or other advisers auditing any of our processes or who have the need to access such information for the purpose of advising us;
  3. Any law enforcement body which may have any reasonable requirement to access your Personal Information; and
  4. Any regulatory body or authorised entity which may have any reasonable requirement to access your Personal Information.

6. Data subject rights
The Policy adopts the same data subject rights in line with our Frameworks and Rules. These include the following:

i. the right to be informed;
ii. the right of access;
iii. the right to rectification;
iv. the right to erasure;
v. the right to restrict processing;
vi. the right to data portability;
vii. the right to object;
viii. the right not to be subject to automated decision-making including profiling;
ix. the right to complain to a supervisory authority; and
x. the right to withdraw consent.
 
Should you wish to exercise any such rights you may contact us as set forth in the “Contacting us” section. We will acknowledge your request within seventy-two (72) hours and handle it promptly. We will respond to these requests within a month, with a possibility to extend this period for particularly complex requests in accordance with Applicable Law.
In accordance with Applicable Law, we reserve the right to withhold personal data if disclosing it would adversely affect the rights and freedoms of others. If a request is refused the individual will be informed of the reason for refusal and of his right to lodge a complaint with the supervisory authority. Moreover, we reserve the right to charge a fee for complying with such requests if they are deemed manifestly unfounded or excessive.

7. Data Protection Officer (DPO)
Our Policies and Procedure Framework provide for the appointment of a DPO whose functions include monitoring internal compliance and co-operating with the Supervisory Authority, with regards to, amongst others, security matters, official complaints and notification/communication of data breaches. The DPO is not the controller or the processor who is required to ensure and to be able to demonstrate that the processing is performed in accordance with the Regulation. In this regard, any questions regarding this document, as well as any requests for the exercise of data subject rights, should be directed to the our respective DPC.

Data Protection Officer 
Dar Dun Sidor,
Carm Galea Street,
Sliema SLM1934, Malta
Email:  dpo@ursulinesisters.org.mt

8. Security
We take appropriate security measures to protect your data against loss, misuse and unauthorized access, alteration, disclosure, or destruction of your information. Our IT systems are password protected and comply with applicable security standards. Only authorised personnel are permitted to access these details.

It is our policy to:
  1. destroy personal information once there is no longer a legal or business need for us to retain it;
  2. use data networks protected, inter alia, by industry standard firewall and password protection; and
  3. deploy, operate and maintain up-to-date effective anti-virus software on all computer systems that are liable to attack from malicious software.

9. Confidentiality of data
The personal data is handled with the appropriate care in order to protect it from unauthorised access or disclosure.

10. International data transfers
If the need arises for such transfer we will take all necessary steps to ensure that your privacy rights continue to be protected, as outlined in this privacy policy and in accordance with data protection laws.

11. Links to other websites
Our website may contain links to third party websites, and third party websites may also have links to our website. Our privacy policy does not apply to external links or other websites and we are not responsible for the practices employed by websites linked to or from our Site. The operators of other websites may collect your personal information. We encourage you to read the privacy policies of any website you link to from our website.

12. Data retention
The Congregation shall not keep personal data for a period of time longer than is necessary, having regard to the purposes for which it is processed. We will retain and use information as necessary to comply with our legal obligations, resolve disputes, protect your vital interests or the vital interests of another natural person and enforce our agreements as follows:
  1. Correspondence – We will keep your information for as long as it takes to settle your enquiry, and for a further period of time in line with statutory obligations, after which point your data will be erased.
  2. Mailing list – We will keep your information which you used to sign up for the newsletter for as long as you remain subscribed or once the service is no longer operating, whichever occurs first.

13. Changes to this policy
Please note that the Congregation has the discretion to update this privacy policy at any time. When we do, we will revise the updated date at the bottom of this page. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.
When data processing requires consent, if the changes to data processing are likely to impact the validity of previous consent attained, or the changes are not in line with existing expectations, we will advise you of the choices you may have as a result of those changes.

14. Your acceptance of these terms
By using this Site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.

15. Contacting us
If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us at:
The Generalate 
Dar Dun Sidor, Carm Galea Street, SLM1934, Malta
generalate@ursulinesisters.org.mt

This document was last updated on 15th January 2019.