Privacy policy

  1. You are here:  
  2. Home
  3. Privacy Policy

INFORMATIVE ADVISORY ON THE PROCESSING OF PERSONAL DATA

Dear User,
We wish to inform you that the General Regulation on the Protection of Personal Data, promulgated by Decree of the Pontifical Commission for the Vatican City State, No. DCLVII, dated April 30, 2024, contains provisions for the protection of natural persons with regard to the processing of personal data as well as rules on the free movement of such data.
Pursuant to Article 8 of the aforementioned Regulation, we provide you with the following information.
The personal data you provide will be processed in accordance with the provisions of the Regulation and in compliance with the principles of lawfulness, fairness, transparency, good faith, and proportionality provided therein.

1. Data Controller

The Data Controller, pursuant to Article 11 of the aforementioned Regulation, is the Governorate of the Vatican City State, represented by the Secretary General of the Governorate.

2. Data Processor

The Data Processor, pursuant to Article 12 of the aforementioned Regulation, is the Directorate of Telecommunications and Information Systems of the Governorate of the Vatican City State. It can be contacted for the purposes of this notice at the following email address: direzione.tlc@scv.va.

3. Data Protection Officer (DPO)

The Data Protection Officer (DPO) is the General Counsel of the Vatican City State.

4. Source and Type of Data Processed

The data collected when you interact with the “Contact” form on the website www.postevaticane.va (hereinafter, the “Website”) are:

  • personal identification data (first and last name), and contact details (email address), collected through use of certain site functions.

The data collected when you fill in the Simplified Customs Declaration (CN 22) on the Website are:

  • personal identification data (first and last name, postal address), contact details (telephone number and email address), personal identification data of another person indicated by you as the recipient (first and last name, postal address), and contact details (telephone number and email address), as well as internet browsing and activity data on online systems.
5. Purpose and Legal Basis of Processing the Data

In accordance with the principles set out in Article 4 of the Regulation, your personal data will be collected and processed within the activities of the Data Controller and only to the extent strictly necessary to achieve the following purposes:
a. to allow the receipt of detailed information requested by you;
b. to enable the provision of the requested service (postal shipments containing goods);
c. to ensure the storage, security, and protection of the data;
d. to comply with legal obligations;
e. to ensure security and prevent fraudulent behavior.

The Governorate will not process the data you provide for purposes other than those explicitly indicated above.

The legal basis that justify the processing are:

  • the performance of a task in the public interest or related to the exercise of official authority vested in the Data Controller, connected with the provision of the requested service;
  • the performance of a contract to which you are a party, the execution of pre-contractual measures taken at your request, or compliance with a legal obligation under the laws of the Vatican City State to which the Data Controller is subject.
6. Methods of Processing

Your data will be processed electronically and/or on paper, using manual and/or telematic tools for the time strictly necessary to achieve only the purposes indicated in this notice. In all cases, the confidentiality and security of your data will be ensured, including through automated tools, in compliance with the security measures set forth in Article 14 of the Regulation.

7. Entities to Whom the Data May Be Communicated or Who May Become Aware of It

Your personal data will not be disseminated (i.e., made available to an indefinite number of individuals). They may be shared, within the limits and in the manner described above, with:

a) entities acting as Data Processors;
b) individuals acting as Contacts and/or persons expressly authorized to process personal data (e.g., employees of the Directorate of Telecommunications and Information Systems), in order to perform tasks closely related to the purposes for which the data were collected and described in this notice;
c) entities, organizations, or authorities to whom your personal data must be disclosed by legal obligation or court order, or in fulfillment of a contractual or pre-contractual obligation related to a contractual relationship in which you are involved, or third parties to whom the data may be communicated upon your explicit consent or at your explicit request.

Regarding the entities under point (c), your personal data may also be transferred to recipients located in foreign countries, within the limits and in the manner described above.

8. Data Retention Period

Your data will be stored at the office of the Data Controller and, where necessary, at the offices of the other entities mentioned above. Your data may be retained for no longer than is necessary to achieve the purposes specified in this notice. The Data Controller may be required to retain your data for a longer period for purposes of public interest archiving (e.g., legal obligations, authority orders), scientific or historical research.

9. Your Rights

If the relevant conditions are met, you may exercise the following rights under Title VI of the Regulation:

a) request confirmation as to whether or not your personal data is being processed;
b) obtain information regarding the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom your data has been or will be disclosed, and, when possible, the retention period;
c) obtain the rectification of your personal data;
d) obtain the deletion of your personal data;
e) obtain the portability of your personal data, i.e., receive them from the Data Controller in a structured, commonly used, and machine-readable format and transmit them to another Data Controller without hindrance;
f) object at any time to the processing of your personal data;
g) obtain, where applicable, the restriction of processing;
h) withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

You may exercise these rights by submitting a written request, either on paper or electronically, to the Data Controller at the following email address: direzione.tlc@scv.va.

10. Right to File a Complaint with the Data Protection Officer

Without prejudice to legal recourse before the Judicial Authority of the Vatican City State, you have the right to lodge a written complaint with the DPO, pursuant to Article 25 of the Regulation.