Privacy Policy

PRIVACY POLICY ON THE PROCESSING OF PERSONAL DATA

This privacy policy is intended to inform users about how their personal data (hereinafter “Personal Data”) is processed when visiting the website www.aimedicine.va (hereinafter “Portal”).

Below you will find information about how we collect, use, and transfer the Personal Data of users (hereinafter “User”), meaning any information that may be used to identify or contact the User.

1. DATA CONTROLLER

The Data Controller is the Pontifical Academy for Life (hereinafter “PAV”), located at Piazza San Calisto, 16,  00120 Vatican City (Vatican City State), e-mail: health@pav.va

2. PERSONAL DATA SUBJECT TO PROCESSING

The Personal Data being processed includes information that identifies or makes the User identifiable. Specifically, the Personal Data processed through the Portal includes:

a. Browsing Data
The IT systems and software procedures used to operate the Portal acquire, during their normal operation, certain Personal Data whose transmission is implicit in the use of Internet communication protocols. This category includes IP addresses or domain names of the computers used by the User to connect to the Portal, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the server's response status (success, error, etc.), and other parameters related to the User’s operating system and IT environment. These data are used exclusively to gather anonymous statistical information about Portal usage and to ensure proper operation, detect anomalies and/or abuse. The data may be used to establish responsibility in the event of potential cybercrimes against the Portal or third parties.

b. Social Media Interaction Data
The Portal includes direct links to the official PAV pages on Twitter and Facebook via Social Buttons. When the User uses these interaction features, the use of social media involves the processing of Personal Data according to the specific privacy policies of those social media platforms, which the User is required to review before accessing them. The PAV assumes no responsibility in this regard.

The Portal also enables sharing of some content through social media (WhatsApp, Twitter, Facebook) via social buttons located near the content. In this case too, the same considerations apply and the User is required to consult the privacy policies of the respective social media platforms.

c. Data Provided Voluntarily by the User
When using specific services (e.g., newsletter), the User may be asked to provide additional Personal Data such as name, surname, and email address, which the User will voluntarily submit to access such services.

For donations to the PAV through the Portal, the User will be asked to provide some Personal Data, which will be processed directly by third parties, according to high security standards and in full respect of personal rights. The PAV does not collect or process this User Data.

3. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

Most of the information we collect comes directly from the User: either voluntarily provided or necessary for the provision of our services.

Providing Personal Data—used solely for the purposes listed in section 2.c—is optional.

4. PURPOSE AND METHODS OF PROCESSING

The processing of the User’s Personal Data, with specific consent where necessary, serves the following purposes:

a. To allow browsing and access to the Portal and its contents;
b. To enable the provision of requested services (e.g., newsletter);
c. To ensure data preservation, security, and storage;
d. To comply with legal obligations;
e. To ensure security and prevent fraudulent activities.

The PAV will not use the User’s Personal Data for purposes other than those explicitly stated above.

The PAV will not make automated decisions based on the information provided.

All collected Personal Data are processed using automated and manual tools, for the time strictly necessary to achieve the purposes outlined above, and in a way that guarantees the integrity, confidentiality, and security of the data.

5. DATA RECIPIENTS

Personal Data may be disclosed by the PAV to public and private entities only as required by law, regulation, or judicial authority.

Collected Personal Data are processed by authorized personnel (PAV employees or third parties engaged for maintenance and development of the systems managing the Personal Data, as well as those managing network traffic). These persons act under specific instructions regarding the purposes and methods of processing, in compliance with confidentiality and security measures related to the services provided.

Some of the User’s Personal Data may be shared and/or transferred for the processing purposes outlined in section 4 to recipients located outside Vatican City State. In any case, the PAV will adopt all appropriate safeguards and codes of conduct to preserve data integrity and confidentiality in accordance with applicable laws.

6. COOKIES AND OTHER TRACKING TECHNOLOGIES

The PAV uses its own technical session cookies (non-persistent) strictly limited to what is necessary for safe and efficient browsing of the Portal. The PAV also uses third-party cookies for data analysis.

For detailed information about the types of cookies used, please refer to our specific Cookie Policy.

7. DATA STORAGE, SECURITY, AND RETENTION

The PAV retains collected Personal Data accurately, completely, and up to date, as long as necessary for the delivery of services linked to the Data.

Specifically, regarding the newsletter, Personal Data is stored for as long as the subscription is active.

Browsing data will be retained for 12 months in order to verify responsibility in case of cybercrimes against the Portal or third parties, upon request by law enforcement authorities.

We assure you that all necessary steps have been taken to ensure the security of Personal Data once collected, using restricted access IT systems and secure storage solutions that follow best-practice security standards.

The PAV implements specific security measures to prevent data loss, illicit or improper use, and unauthorized access.

8. RIGHTS OF DATA SUBJECTS

Users whose Personal Data are processed, as data subjects, may exercise the following rights at any time:

• Right of access or to obtain a copy of the Personal Data, enabling them to know the type of Personal Data processed and the characteristics of the processing;

• Right to request rectification in case of errors or omissions;

• Right to erasure or restriction of processing;

• Right to object to processing.

The data subject also has the right to withdraw their consent at any time, without affecting the lawfulness of processing based on consent given before the withdrawal.

9. EXERCISING YOUR RIGHTS AND UNSUBSCRIBING FROM OPTIONAL SERVICES

To exercise the rights listed in section 8, the data subject may contact the PAV by sending an email to: health@pav.va with the subject line “PERSONAL DATA”.

If the User has subscribed to the newsletter, they may unsubscribe at any time by clicking the “Unsubscribe Newsletter” link at the bottom of the communications received. The corresponding Personal Data will be deleted.

10. CHANGES

This privacy policy will automatically incorporate any legislative changes that may occur. The PAV reserves the right to amend this privacy policy to update its content. Users are responsible for periodically reviewing any updates.

If acceptance is required for changes to this policy, the User will be prompted to provide new consent.

By browsing the Portal, the User accepts this Privacy Policy.