PRIVACY NOTICE pursuant to Art. 13 of Regulation (EU) No. 2016/679

The Congregation of the Legionaries of Christ, an ecclesiastical entity with its legal headquarters in Rome, Via Aurelia 677, tel. 0688961, in its capacity as the controller of personal data (hereinafter referred to as the “Controller” or also the “Congregation”), informs you, in accordance with Art. 13 of Regulation (EU) No. 2016/679 “General Data Protection Regulation” (hereinafter “GDPR”), in your capacity as the “data subject”, about the methods used for processing your personal data on our website.

Questions and Information

For questions and information regarding the processing of data and to exercise your rights, you may use the following contact details: tel. 0688961, email: privacy@legionaries.org.

Types of Data Processed

The Controller collects the minimum amount of personal data necessary to provide the corresponding service. These data are those entered in the various contact forms and consist of common and special personal data such as: first and last name, email address, country, and reason for the message.

Due to the confessional nature of the Controller, your registration data may allow third parties to infer your religious affiliation. Therefore, such data are considered special categories of data whose processing is permitted to the Controller under Art. 9, para. 2, letter d) of the GDPR.

Purpose and Legal Basis for Processing

Data are processed solely for contact and management purposes. The legal basis for processing is the explicit consent provided. Failure to give consent may result in the inability to access the requested services.

Method of Processing

Your personal data are processed using digital tools that may be located either within or outside the European Union, in any case in compliance with applicable legal provisions and the standards established by the European Commission.

It is understood that, as the Congregation operates worldwide, data may also be accessed from outside the European Union, in accordance with Recital No. 48 of the GDPR.

Data Processor

The technical management of the digital tools through which data are handled is entrusted to a company based in Mexico, which has been appointed as data processor pursuant to Art. 28 of the GDPR. The data transfer is carried out according to the procedures prescribed by European Commission Decision No. 914/2021.

Data Disclosure

The Congregation may disclose the data to other companies, whether national or international, entities and/or institutions internally linked to the Congregation. These parties will use the data in their capacity as independent data controllers, assuming all obligations and responsibilities that the Congregation undertakes under this Privacy Notice.

Retention Period

The Congregation will retain your personal data no longer than necessary to fulfill the purposes for which they are processed, and in accordance with the parameters established in Art. 5, para. 1, letter e) of the GDPR.

Rights of the Data Subjects

As a data subject, you have the right to obtain, in accordance with Articles 15–22 of the GDPR, the following: the rectification of personal data; the restriction of processing of personal data concerning you, when: a) you contest the accuracy of the personal data, for a period enabling the Controller to verify the accuracy of the personal data; b) the processing is unlawful under the GDPR and you oppose the erasure of the personal data and request the restriction of their use instead; c) the personal data are required by you to establish, exercise, or defend a legal claim; or the erasure of the personal data themselves.

You specifically have the right to request the erasure of personal data and/or to object to their processing. This request for objection or erasure of data is inadmissible if it concerns data relating to the celebration of the sacrament of Holy Orders or otherwise connected to personal status, or if the data processing is necessary for establishing, exercising, or defending a legal claim.

You may lodge a complaint with the Italian Data Protection Authority, in accordance with Art. 77 of the GDPR, as the lead supervisory authority, or with the supervisory authority in your country, which will then activate the cooperation procedure set out in Articles 60 et seq. of the GDPR.

How to Exercise Your Rights

You may exercise the rights described in point 8 of this Privacy Notice by submitting a written request, either personally or through a legally appointed representative, to the Controller, also via email to the following address: privacy@legionaries.org. Your request will be reviewed as promptly as possible.