INFORMATION ON THE PROCESSING OF PERSONAL DATA
INFORMATION ON THE PROCESSING OF PERSONAL DATA
in accordance to the Law (EU) 2016/679
According to the Law (EU) 2016/679 (GDPR), we wish to inform you about the modalities of processing personal data of users who visit the Vatican Apostolic Library or consult its website: www.vaticanlibrary.va. Below you will find information on how we collect, use and transfer your personal data, that is, any information that can be used to identify or contact you.
TITLE HOLDER OF DATA PROCESSING
The Title Holder of data processing is the Vatican Apostolic Library, located in Vatican City, 00120
(email:bav@vatlib.it; telephone: +39 06.69879411).
LEGAL BASIS OF DATA PROCESSING
Most of the information we collect comes directly from you: it has been voluntarily provided to us or has been necessary
for the provision of our services. The Library processes your personal data in different ways and for different needs, in order to
carry out its role as an institution of culture and conservation, and for the exercise, development, and improvement of services offered to users.
The data is collected and processed for:
- the issuance of a reader’s card;
- when you have given your explicit consent for special purposes (sending the newsletter, invitations or communications);
- necessarily, for the purchase of publications or reproductions of the Library;
- necessarily, for the performance of our institutional tasks (security of collections and locations).
- automatically, during the browsing of the Library site.
- the provision of on-site services (consultation, access to the internal portal, use of institutional wireless internet);
- permitting the purchase of Library publications both online and on-site;
- permitting the request of reproductions and/or publication rights;
- allowing the reservation of volumes for consultation;
- carrying out the activities of fundraising, promotion and development (invitations and announcements, newsletter subscriptions);
- carrying out the activities of the Vatican School of Library Science (teaching and communications to students);
- the creation of statistical data for internal purposes, for checks, analysis and research aimed at improving the services offered.
TYPES OF DATA PROCESSED AND PURPOSE OF THE PROCESSING
The data collected is processed by staff members who are expressly authorized by the Library, which acts on the basis of specific instructions and in compliance
with the confidentiality and security of the data and in relation to the services to which it corresponds. The persons authorized for the processing, employees of the
Library or third parties in charge of maintaining and developing the systems used for the digital management of data, may have knowledge of the data exclusively for
purposes related to the exercise of their functions.
The processing of data takes place through computer systems or through software procedures that obtain personal information through the normal course of operation; the
transmission of this data is implicit to the use of Internet communication protocols.
The collected data is not disseminated nor communicated to third parties.
The data processed implies personal information that allows us to identify you, and includes information such as:
- name and surname
- age and date of birth
- gender
- access credentials (username and password)
- mailing address
- telephone number
- photograph (when the access card is issued)
- email address
- information on the connection device (IP addresses or domain names of computers and terminals used by users, operating system or type of browser used)
- online surfing activities and habits (URI addresses/URLs of visited resources, date and time and method used in submitting the request to the server, file size obtained in response, status of the response given by the server and other parameters related to the operating system and to the user’s computer use)
- information on the presence in the Library,
- payment information
- details about profession, curriculum of studies and research activities
- information related to security (camera footage, tracking of movements in Library areas)
The data that must be saved for the correct provision of the library services (for example, for the issuance of the access card) is stored in electronic and/or paper form.
The Library reserves the right to share personal data with the Vatican security authorities where it is necessary for the security or protection of persons or property.
The data related to the use of web services is also processed for the purpose of:
- obtaining statistical information on the use of services (most visited pages, number of visitors per hour or day, geographical areas of origin, etc.);
- check the correct functioning of the services offered.
Cookies and other tracking systems
The Library uses session cookies (non-persistent) strictly limited to what is necessary for the safe and efficient navigation of the site. For details about the type of cookies collected, please consult our specific page that displays this information:Cookie Policy
Social media
The Library is officially present on the Twitter platform for purposes related to its legitimate interests and the provision of its services. We remind you that when you interact with us through Twitter, the platform itself is responsible for the processing of your data and the privacy policies it applies, according to the terms of use relative to your account.DATA CONSERVATION AND CUSTODY
The Library stores personal data collected in a careful, complete and updated manner, as long as it is necessary for the provision of the services relative to the data. We can assure you that all the necessary steps have been taken to ensure the security of your personal data once it has been collected, through the use of limited access information systems and of protected storage solutions.
RIGHTS OF THOSE CONCERNED
You have the right to obtain the following from the Library:
- the copying or accessing of your personal data;
- the correction of your personal data when inaccurate or incomplete;
- the cancellation of your personal data when no longer necessary;
- the suspension of the sending of newsletters, invitations or communications for which you have previously given your consent.