This Data Protection Policy reflects the agreement between you and St. John’s Co-Cathedral (SJ) with respect to the processing and security of data in relation to the General Data Protection Regulation (GDPR).
2. Scope of Data Protection Legislation.
The General Data Protection Regulation 2016 / 679 (GDPR) is in place to protect the data subjects from unlawful processing of their personal information. SJ will take all the steps reasonably necessary to ensure that the personal data is treated securely and in accordance of this Data Protection Policy, and in accordance to the GDPR.
3. Personal Data
“Personal Data” is information that identifies an individual, including but not limited to:
- Email address;
- Postal address;
- Contact number;
- Date of birth;
- Identification number.
4. The information we collect
This Data Protection Policy provides specific details of how we treat any personal data you provide us.
We collect and process your personal information mainly to provide you with access to our services and products, and to help us improve our offerings.
We may collect personal information about you from different sources. Types of personal information that we may process include the following:
- Information given to us directly by yourself;
- Information collected automatically when you use SJ Website;
- Information collected from other publicly available sources.
5. Scope of Processing.
When you provide information to SJ in any manner, which constitutes personal data within the meaning of the Data Protection, SJ will process data for the following purposes only, namely:
- To be able to provide the service that is being applied for;
- To provide its products and services;
- For internal assessment and analysis;
- For the detection and prevention of fraud and other criminal activity which SJ is bound to report;
- To develop and improve SJ’s products and services;
- For direct marketing, such as to inform you, by mail, telephone, e-mail or other electronic means, about other products and services supplied by SJ, its subsidiaries, associates, agents and by other carefully selected third parties, and for research purposes.
Please note that your personal data may be disclosed to or exchanged with all employees of SJ, its subsidiaries, associates and agents, including trusted third parties.
Your information may be transferred to and stored in locations outside the European Economic Area (EEA), including countries that may not have the same level of protection for personal information. When we do this, we will make sure that it has an appropriate level of protection and that the transfer is lawful. We may need to transfer your information in this way to carry out our contract with you, to fulfil a legal obligation, to protect the public interest and/or for our legitimate interests. We will only share your information with people who have the right to see it.
6. Other Products and Services
From time to time we would like to tell you about our other products and services and those arranged by us with other suppliers.
Any personal information you provide in the process of enquiring/arranging any of our other products and services is provided in the strictest confidence. We will only use this for the purposes specified in your enquiry and we will never pass your personal details to these third parties or any other companies for any other reason.
If you have already provided your consent, we will continue to rely on this permission until you request us to stop sending you information.
7. Information we share.
We do not share personal information with companies, organisations and individuals outside of SJ unless one of the following circumstances applies:
- With your consent – We will share personal information with companies, organisations or individuals outside of SJ when we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information.
- For external processing – We provide personal information to our affiliatesor other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Data Protection Policy and any other appropriate confidentiality and security measures.
- For legal reasons – We will share personal information with companies, organisations or individuals outside of SJ if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- meet any applicable law, regulation, legal process or enforceable governmental request;
- enforce applicable Terms of Service, including investigation of potential violations;
- detect, prevent, or otherwise address fraud;
- protect against harm to the rights, property or safety of RB, our users or the public as required or permitted by law.
8. Data Retention
SJ will not retain your personal information for longer than it is required for the maintenance of your account, or for any legal or regulatory requirements.
9. Data Security
We make sure to use reasonable measures to protect the personal data within SJ.
If you have reason to believe that your interaction with us is no longer secure, please immediately advise us.
11. Data Subject Rights
Your rights in connection with personal information under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
12. Access Requests and Marketing Options
If you wish to exercise your rights or change your marketing preferences, you may do so directly at SJ, or by submitting a written request to SJ, or by sending an email to [email protected]. Should you not visit SJ in person, SJ may need to contact you in order to verify your identity.
13. Updates to this Data Protection Policy
We reserve the right to update this Data Protection Policy at any time. The updated Data Protection Policy will be published on our website www.stjohnscocathedral.com.
14. Contact details of SJ and the Supervisory Authority
Land Line: +356 2122 0536
Address: St. John’s Street, Valletta, VLT1156. Malta
Email: [email protected]
Supervisory Authority Contact Details:
Land Line: (00356) 2328 7100
Email: [email protected].