Privacy Policy

Privacy Policy

General information

This Privacy Policy applies to the website operating at the Internet address https://vaticanjp2.va/ or its developments (hereinafter referred to as the "Website") and defines the principles of processing and protection of personal data of persons using the Website (hereinafter referred to as each individually as "User" or jointly as "Users").

The administrator of the Users' personal data is the Vatican Foundation of John Paul II with its registered office in the Vatican at the address: Via del Pellegrino s.n.c. 00120 Città del Vaticano (hereinafter referred to as the "Administrator").

Personal data are processed by the Administrator in accordance with the applicable provisions of law, i.e. Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the "GDPR") and other provisions of generally applicable law.

Scope of personal data processing

For the purposes of providing services by the Administrator through the Website, the Users' personal data available in cookies and provided by the Users for the performance of individual services are processed, in particular: e-mail address, name, surname and other data contained in the content of the message sent by the User.

The Administrator processes the data of persons who:

  • contacted the Administrator via the contact form available on the Website,
  • have contacted the Administrator via telephone, traditional letter, e-mail, instant messaging or social media,
  • are recipients of the newsletter,
  • are recipients of commercial information sent electronically,
  • are active on the Administrator's social media profiles,
  • have applied for or are participants in events organized by the Administrator, including webinars, meetings and workshops.

The data is processed for the purpose of providing services and communication with data subjects, including in particular for the following purposes:

  • provision of services by electronic means on the Website – the legal basis for the processing of personal data is a contract for the provision of services by electronic means on the Website, concluded as a result of accepting the Terms and Conditions of the Website (Article 6(1)(b) of the GDPR).
  • provision of the newsletter service – the legal basis for the processing of personal data is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) in the form of direct marketing.
  • providing commercial information services sent electronically – the legal basis for the processing of personal data is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) in the form of direct marketing.
  • maintaining the Administrator's social media profiles – the legal basis for the processing of personal data is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) consisting in promoting the Administrator's own activities, in particular events organized by the Administrator.
  • handling inquiries of data subjects via the contact form, e-mail, traditional mail, social media or by phone – the legal basis for the processing of personal data is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) in the form of responding to inquiries of individuals.
  • improving the services provided on the Website, for the purpose of keeping statistics and analyses, including profiling (excluding profiling referred to in Article 22(1) and (4) of the GDPR), improving content and services, including matching content to the interests of Users – the legal basis for data processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), where the legitimate interest is to ensure the operation of the Website and the best quality of services on the Website, as well as to adapt information.
  • handling complaints regarding online payments and related to problems with the operation of the Website – the legal basis for the processing of personal data is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) in the form of handling complaints.
  • implementation of events organized by the Administrator – the legal basis for the processing of personal data is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) in the form of keeping records or enabling participation in events organized by the Administrator.

Rights of the data subject

The User has the right to request from the Administrator the following: access, corrections, deletion, restriction of processing, data portability, objection.

In connection with the processing of the User's personal data by the Administrator, the User has the right to lodge a complaint with the supervisory authority, which, in accordance with Article 3 and Article 10 of the General Data Protection Regulation of the Vatican City State of 6.11.2025 (Regolamento Generale sulla protezione dei Dati personali dello Stato della Città del Vaticano), available at https://www.vaticanstate.va/it/privacy-policy.html, is the General Councilor of the Vatican City State (Responsabile della Protezione dei Dati (RPD) è il Consigliere Generale dello Stato della Città del Vaticano).

Providing personal data is voluntary and comes from the data subject and is necessary to use certain services provided by the Administrator through the Website.

Cookies

The website uses cookies.

Cookies are IT data, in particular text files, which are stored on the User's end device and are intended for the use of the Website's websites. Cookies usually contain the name of the website from which they originate, the time they are stored on the end device and a unique number.

To a strictly defined extent, the Administrator may collect personal data automatically via cookies.

Among cookies, we can distinguish those that are necessary for the operation of the Website's websites. Cookies belonging to this category are used to ensure:

  • maintaining the User's session,
  • saving the status of the User's session,
  • monitoring the availability of services.

On the Website's websites, there may be plug-ins and functionalities of third parties that have their own Privacy Policies and personal data processing rules. These functionalities are used in order to:

  • monitoring traffic on the Website's websites,
  • collecting statistics to understand how Users use the Website and enabling the content of the Website to be tailored to the needs of Users,
  • use of a communication tool,
  • integration with social networks,
  • online payments.

By default, web browsing software (web browser) usually allows cookies to be stored on the User's end device. The user can change the settings in this regard. Your web browser allows you to delete cookies. It is also possible to automatically block cookies. For details, see your web browser's help or documentation.

Restrictions on the use of cookies may affect some of the functionalities available on the Website.

How long do we process your personal data

The Users' personal data will be processed by the Administrator no longer than it is necessary to perform related activities specified in separate regulations and to provide services by the Administrator. With regard to the newsletter service and commercial information sent electronically, until you unsubscribe from this service.

Complete removal of the e-mail address provided as part of the newsletter service or commercial information sent electronically requires a connection to the Administrator's website using the Internet address (the so-called "link") located at the end of each message sent as part of the service.

The data subject has the right to object to the processing of their personal data at any time in order to pursue the legitimate interests pursued by the Administrator (legal basis for processing Article 6(1)(f) of the GDPR). In the event of an objection, the Administrator will cease processing the personal data covered by the objection, unless it is able to demonstrate that there are legally justified grounds for processing that override the interests, rights and freedoms of the data subject or the personal data will be necessary for the possible establishment, exercise or defence of claims.

Sharing Users' Personal Data

The Administrator does not transfer the Users' personal data to third parties without a legal basis, subject to the next sentence. In order to provide services on the Website, the Administrator uses external entities providing services to the Website. For these reasons and for technical reasons, the Administrator may entrust the processing of personal data, within the meaning of Article 28 of the GDPR, to another entity by way of a contract or other legal instrument without changing the purpose of processing the User's personal data indicated in this document, in particular entities providing IT, accounting and legal services.

The Administrator makes the Users' personal data available to the entity providing the hosting service to him, exclusively for the purposes related to the operation of the Website.

Based on the User's personal data, the Administrator will not make automated decisions against the User, including decisions resulting from profiling.

The Administrator does not intend to transfer the Users' personal data to a third country or to international organizations.

Contact with the Administrator

The User may contact the Administrator via traditional mail by sending a letter to the address of the Administrator's registered office or electronically via e-mail address: administration@vaticanjp2.va or by phone at +39 06 6861 844.

Final provisions

The Administrator may change the Privacy Policy at any time. These changes do not limit the rights acquired before the changes come into force.

The Administrator will inform about the content of the changes to the Privacy Policy by posting on the website https://vaticanjp2.va/ a message about the changes, and this message will be maintained on the website for a period of at least 10 (ten) consecutive calendar days.

All interested persons may access the Privacy Policy at any time via a link on the website: https://vaticanjp2.va/privacy-policy, and then copy the content to a file and print it.

This site uses cookies to analyse traffic. You can accept or decline analytics tracking. Learn more.