MESSENGER OF SAINT ANTHONY UK

Messenger of Saint Anthony UK (Charity Reg. Number: 1180228, (hereinafter referred to as “Charity” or “Controller”) is a charity registered in England and Wales founded by the Conventual Franciscan Friars of the Basilica of Saint Anthony in Padua (Italy) details of which can be found at Companies House and Charity Commission for England and Wales.

Messenger of Saint Anthony UK is the controller and responsible for your personal data and for this website. The processing operations are carried out by the Provincia Italiana di S. Antonio di Padova dei Frati Minori Conventuali Area Messaggero di S. Antonio Editrice (Processor), in the role of the Processor of the Messenger of Saint Anthony

If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact us using the details set out below.

Contact details

If you have any questions about this privacy policy or our privacy practices, please contact us in the following ways:

Full name of legal entity: Messenger of Saint Anthony UK

Email address: info.messengeruk@santantonio.org

Operating address: Via Orto Botanico 11, 35123 Padova (Italy)

Registered office address: SLIG LAW LLP, Hamilton House, 1 Temple Avenue, EC4Y 0HA, London (UK)

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Changes to the privacy policy and your duty to inform us of changes

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

Identity Data includes first name, maiden name, last name, username or similar identifier, title and date of birth.

Contact Data includes billing address, delivery address, email address and telephone numbers.

Financial Data includes bank account and payment card details.

Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.

Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

Usage Data includes information about how you use our website, products and services.

Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We usually do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data) and information about criminal convictions and offences. However, it may happen that, by pure chance, specific data may also be processed (just think, for instance, if your mail were to reveal your religious or political orientation).

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, for the conclusion of a contract, the subscription to a newsletter or to make a donation). In this case, we may have to cancel a product you have with us but we will notify you if this is the case at the time.

How is your personal data collected?

We use different methods to collect data from and about you including through:

Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

make donations online;

Signing up to Gift Aid;

Setting up Standing Orders;

subscribe to our publications;

request marketing to be sent to you;or

give us feedback or contact us.

Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our cookie policy for further details.

How we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Where we need to perform the contract we are about to enter into or have entered into with you.

Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

Where we need to comply with a legal obligation.

Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

Purposes for which we will use your personal data

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity	Type of data	Lawful basis for processing including basis of legitimate interest
To register you as a new customer	(a) Identity (b) Contact	Performance of a contract with you
To process and deliver your order including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us	(a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications	(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy (b) Asking you to leave a review or take a survey	(a) Identity (b) Contact (c) Profile (d) Marketing and Communications	(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)	(a) Identity (b) Contact (c) Technical	(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you	(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical	Necessary for our legitimate interests (to study how donors use our products to develop them.
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences	(a) Technical (b) Usage	Necessary for our legitimate interests (to keep our website updated and relevant, to develop our charity.

Marketing

We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).

You will receive marketing communications from us if you have requested information from us or purchased goods from us and you have not opted out of receiving that marketing.

Third-party marketing

We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

Opting out

You can ask us or third parties to stop sending you marketing messages at any time by contacting us at any time.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product purchase, product/service experience or other transactions.

Cookies and other tracking system

Cookies are not used to profile users, nor are other tracking methods used.

Instead, session cookies (non persistent) are used, but in a way that is strictly limited to the bare necessities of a safe and efficient browsing of the sites. The memorization of the session cookies in terminals and in browsers is under the user’s control where, on the servers, at the end of the HTTP sessions, information regarding cookies remain recorded in the service log files. Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Disclosures of your personal data

We may share your personal data with the Processor for the purposes set out in the table Purposes for which we will use your personal data above.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

International transfers

We do not transfer your personal data outside the European Economic Area (EEA).

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Data retention

How long will you use my personal data for?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us. In some circumstances you can ask us to delete your data: see your legal rights below for further information.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. Please click on the links below to find out more about these rights:

Request access to your personal data

Request correction of your personal data.

Request erasure of your personal data.

Object to processing of your personal data.

Request restriction of processing your personal data.

Request transfer of your personal data.

Right to withdraw consent.

If you wish to exercise any of the rights set out above, please contact us.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Glossary

LAWFUL BASIS

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.

THIRD PARTIES

External Third Parties

Service providers acting as processor based in Italy and United Kingdom who provide IT and system administration services.

Professional advisers including lawyers, bankers, auditors and insurers based in Italy and United Kindgdom who provide consultancy, banking, legal, insurance and accounting services.

HM Revenue & Customs, the Charity Commission for England and Wales, ICO and other regulators and authorities in the United Kingdom who require reporting of processing activities in certain circumstances.

YOUR LEGAL RIGHTS

You have the right to:

Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

If you want us to establish the data's accuracy.

Where our use of the data is unlawful but you do not want us to erase it.

Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.

You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

MESSENGER OF SAINT ANTHONY UK

PISAPFMC MESSAGGERO DI SANT'ANTONIO

PISAPFMC MESSAGGERO DI SANT'ANTONIO

Publishing House division

INFORMATION NOTICE ON DATA PROCESSING
PURSUANT TO ART. 13
OF EU REGULATION 2016/679

Purpose of this information notice

In this section we describe the processing methods applied to the personal data of the users of this web site.

First of all we would like to clarify that the web site you are visiting (hereinafter referred to as ‘Site’) is owned and directed by Provincia Italiana di S. Antonio di Padova dei Frati Minori Conventuali, Messaggero di S. Antonio Editrice (P.I.S.A.P.F.M.C.)

This information notice is not to be considered valid for other web sites which may be visited through links present on this internet site and which are not managed by PISAPFMC, and to which PISAPFMC is in no way responsible.

Through consultation of this present site data regarding either indentified or identifiable persons may be processed, either to allow browsing or, if necessary, for the execution of a contract you may have requested.

Hereinafter we are therefore clarifying, pursuant to article 13 of the General Data Protection Regulation (GDPR), the methods and aims of the management of this site with reference to the processing of the personal data which may be used in either one or the other case.

First of all we emphasize that this processing shall be performed in accordance with the principles of lawfulness and propriety, and in compliance with current laws.

Identity of contact of the Controller and of the Data Protection Officer (DPO)

Pursuant to art. 13 and 14 of the GDPR we inform you that the Controller of your personal data acquired through the site is Provincia Italiana di S. Antonio di Padova dei Frati Minori Conventuali, Messaggero di S. Antonio Editrice (P.I.S.A.P.F.M.C.), with registered office in Piazza del Santo, 11 in Padova, Italy, and with operating headquarters in Via Orto Botanico, 11, in Padova, Italy.

The Data Protection Officer (DPO) may be contacted through a letter addressed to DPO-Provincia Italiana di S. Antonio di Padova dei Frati Minori Conventuali; Via Orto Botanico, 11 – 35123 Padova; Italy; or via email at the following address: dpo@santantonio.org

The list of privacy delegates (subjects who control the application of the GDPR in the various areas pertaining to PISAPFMC) and the external firms responsible for the processing will be kept updated and will be shown to the data subject (yourself) upon specific request.

What data do we process? For what purposes?

We specify that the information relating to a natural person, either identified or identifiable, such as the name, the email address, the telephone number, to postal address or the computer IP address are all personal data.

Those data that reveal the racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership as well as genetic data, biometric data which confirm the unique identification of a natural person, information relating to the health or the sex life and orientation of a person are defined as specific data.

In our site we generally only process personal data (these are the only data necessary for the conclusion of a contract or for the subscription to a newsletter). However, it may happen that, by pure chance, specific data may also be processed (just think, for instance, if your mail were to reveal your religious or political orientation).

We specify that in the site you are browsing now the following personal data are being collected:

Data supplied by yourself

These are the personal data you supplied in the registration fields in order to access the newsletters we are offering to create a personal user account or to stipulate a contract with us. These data are processed by us for the following reasons:

The sale or purchase or products or services present on the web site and for activities either directly or indirectly connected with them, such as, for instance, the opening and execution of a contract or the execution of possible pre-contract procedures in view of the conclusion of the proposed contract as well as all the obligations either directly or indirectly connected to it.
To fulfill legal obligations of fiscal, administrative or tax reasons (for instance the administration of clients/suppliers; the management of the contractual relationship; invoicing; the management of orders; cash receipts and payments; delivery of goods).
To pursue the legitimate interest of the Controller (for instance, in this indicative but not exhaustive list: in case of defense in court proceedings where necessary, but also in case of direct marketing), but in any case in compliance with the prevalent rights and fundamental liberties of the data subject (yourself) demanding the protection of personal data.
For the sending of messages and newsletters regarding products and services or events relating to the Controller upon specific request of the data subject (yourself).

In these cases the legal basis of the processing is constituted by the fulfillment of the contract and by the legal obligation to process the data (see GDPR art. 6 points b), c), f), as well as your consent for the newsletter (GDPR art. 6 point a)).

In the case (which, as mentioned earlier, is only a mere possibility) of the processing of specific data, the legal basis of this processing is constituted by the fact that the processing is performed by the Controller, which is an Ecclesiastical Institution, and which pursues religious aims with regard to the processing of its members, ex-members or people who have regular contact with the foundation, the association or organization on account of its aims when the personal data are not disclosed outside the Ecclesiastical Institution) and by consent in the residual hypothesis (GDPR art. 9 paragraphs a) d) e) f)).

Finally, we specify that the sending of optional, explicit and voluntary messages to the contact addresses of the Controller, as well as the compilation and sending of the forms present in the site imply the acquisition of the contact details of the sender in order to answer, as well as all the personal data included in the communications.

Browsing data

The information systems and the software procedures responsible for the functioning of this site acquire, in the course of their normal operation, some personal data whose transmission is implicit during the use of internet communication protocols.

The data included in this category are:

the address of the page you are visiting on our web site
the IP address of the device
the address of the last web site previously visited (the so-called “referrer”)
the date and time of your visit
the characteristics of the device, in particular the operating system, the browser used and the dimensions of the browser window
the domain names of the computers and of the terminals used by the users
The URI/URL (Uniform Resource Identifier/Locator) address notation of the requested resources
the request time
the method used to submit the request to the server
the dimension of the file received in the answer
the numerical code which indicates the state of the response supplied by the server (successful, error, etc.)
other parameters regarding the operating system and the system environment of the user.

This data, necessary for the fruition of the web services, are also processed for the purpose of:

obtaining statistical information on the use of the services (the most visited pages, the number of visits per time slot and day slot, geographical areas of provenance, etc.)
control the proper working of the services offered

The browsing data does not remain for more than seven days and is immediately cancelled after their anonymisation (with the exception of a necessity by a judicial authority to detect possible offences).

Cookies and other tracking systems

Cookies are not used to profile users, nor are other tracking methods used.

Recipients of the personal data

The data will be processed within the structure by authorized personnel responsible for managing the web site and by the accounting and administration departments, and may be communicated to the following subjects which have been nominated external Processor:

NEXTEP as the supplier of development and maintenance services of the web platform.

The updated list of nominated external Processors will be supplied upon a simple request.

The personal data may also be communicated to banking institutions and external societies (for instance consortia) which supply services for the execution of a contract.

The data acquired will in no way be disseminated.

Period of conservation of personal data

The data supplied for the conclusion of a contract will be kept for the duration of the contract and for the successive time period dictated by law. In particular, we specify that accounting entries, invoices, and correspondence will be kept for 10 years as prescribed by law; the data necessary for the management of a possible dispute or debt recovery will be kept until the settlement of the dispute.

The data supplied for the subscription to the newsletters will be kept for as long as the service is active.

Compulsory data conferment

Data conferment is mandatory and necessary for the performance of the contract stipulated between you and the Controller, and to receive the newsletters. Therefore, the possible refusal to confer the personal data requested implies the termination of the relationship.

Moreover, the Controller declares that a possible non communication or erroneous communication, of any of the mandatory data will have, as a consequence, the impossibility, on the part of the Controller, to guarantee the adequacy of the processing itself to the contractual terms under which the contract is to be performed, and the possible lack of correspondence of the results of the processing to the requirements imposed by the fiscal, administrative and work norms to which the processing is directed.

Rights of the Data Subject

You, the data subject, are entitled to claim from the Controller, at any moment, access to your personal data and to rectify or erase them, or restrict the processing or object to the processing (art. 15 and following of the GDPR), as well as the right to data portability, as provided for in art. 12 paragraph 2 point b) of the GDPR.

Erasure is not permissible for data contained in those Acts which require, according to law, mandatory conservation.

Consent may be withdrawn at any time without affecting the lawfulness of the processing based on consent before its withdrawal.

You have, moreover, the right to lodge a complaint with a supervisory authority, as provided for in art. 77 of the GDPR itself, or to apply proceedings before the courts against the Controller (art. 79 of the GDPR) if you consider that the processing of your personal data performed by this site infringes the norms set by the GDPR.

Methods of exercising your rights

You may at any time exercise your rights via registered return mail addressed to Provincia Italiana di S. Antonio di Padova dei Frati Minori Conventuali Messaggero di s. Antonio Editrice, via Orto Botanico 11, 35123 - Padova, Italy, or via email addressed to: privacy@santantonio.org indicating the words: “Accesso Privacy” in the subject line.

Useful Documents:

General Data Protection Regulation