Privacy Policy

Spread the love

This statement sets forth the privacy policy for the St. John of the Cross Parish Church web site ( It describes the practices that the site will follow with respect to the privacy of its users. The Privacy Policy may be changed at any time. Such changes shall be published and amended to this document. This policy is compliant with the General Decree on the Protection of Data hereinafter referred to as the “Church Internal Rules”.

All information collected at any time by any and all means will be kept confidential between you and the St. John of the Cross Parish Church. Your privacy is assured and respected.

This privacy policy applies to the Site and all products and services offered by the Parish Church of St John of the Cross, Ta’ Xbiex, Malta. This policy is based on the following data protection principles:

i. personal data must be processed fairly and lawfully;

ii. personal data must always be processed after consent has been obtained;

iii. personal data must only be collected for specific, explicitly stated and legitimate purposes;

iv. personal data must not be processed for any purpose that is incompatible with that for which the information is collected;

v. personal data that is processed must be adequate and relevant in relation to the purpose of the processing;

vi. no more personal data must be processed than is necessary having regard to the purposes of the processing;

vii. personal data that is processed must be correct and, if necessary, up to date;

viii. all reasonable measures must be taken to complete, correct, block, or erase data to the extent that such data is incomplete or incorrect, having regard to the purposes for which they are processed;

ix. personal data must not be kept for a period longer than is necessary, having regard to the purposes for which they are processed;

x. personal data must be protected against accidental destruction or loss or unlawful form of processing;

xi. personal data must not be transferred to third countries that do not offer adequate level of protection.


“You” – The user of the Website.

“Personal Data” means information that specifically identifies an individual or that is linked to information that identifies a specific individual.

“Visitor” means an individual other than a User, who uses the public area, but has no access to the restricted areas of the Site or Service.

How is information collected, used, and disclosed?

Personally Identifiable Information

We may collect Personally Identifiable Information (PII) from Users in a variety of ways, including, but not limited to, when Users visit our site, register on the site, place an order, subscribe to the newsletter, respond to a survey, fill out a form, and in connection with other activities, services, features or resources we make available on our Site. Users may be asked for, as appropriate, name, email address, mailing address, phone number, credit card information. Users may, however, visit our Site anonymously. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Site related activities.

We do not collect personal information — including your e-mail address — unless we first ask you for it. On our Web site we may request that you voluntarily supply us with information, including your e-mail address, street address, telephone number or other information so that we may enhance your site visit or follow up with you after your visit. Whether you provide any information is entirely up to you.

If you have voluntarily provided information, you consented to the collection and use of your personally identifiable information as described in this Privacy Statement. We do not sell or rent personal information collected through this site to anyone.

During the period you are logged onto our site we log IP addresses, browser and platform types, domain names, access times, referral addresses, and your activity while using or reviewing our site. St John of the Cross Parish Church may also disclose information in special cases when we have a good faith belief that such action is necessary to: (a) conform to legal requirements or comply with legal process; (b) protect and defend our rights or property; (c) enforce the Web site Terms and Conditions of Use; or (d) act to protect the interests of our users or others.

Non-Personally Identifiable Information

We may collect non-personally identifiable information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.

What are web browser cookies and how are they used?

The St. John of the Cross Parish Church site, like many other web sites, may utilize a standard technology called “cookies” (small pieces of data)  to collect information about how our site is used and to enhance the User experience. Cookies were designed to help a web site operator determine that a particular user had visited the site previously and thus save and remember any preferences that may have been set while the user was browsing the site. Cookies are small strings of text that web sites can send to your browser. Cookies cannot retrieve any other data from your hard drive or obtain your e-mail address. If you are simply browsing this site, a cookie may be used to identify your browser as one that has visited the site before. We do not collect information from the user’s computer through cookies. They will typically store information in the form of a session identification that does not personally identify the user. If you do not want ‘cookies’ to be used please adjust your browser settings to disable them.

We may also make use of memory-based cookies in support of authenticating the user of certain St. John of the Cross Parish Church web applications. Although you have the ability to modify your browser to either accept all cookies, notify you when a cookie is sent, or reject all cookies, it may not be possible to utilize St. John of the Cross Parish Church services which require registration if you reject cookies. We do not follow your browsing path outside of the St. John of the Cross Parish Church site, except for referral data discussed above.

What are your choices regarding collection, use, and distribution of your information?

If you have voluntarily provided information, you consented to the collection and use of your personally identifiable information as described in this Privacy Statement. If, in connection with your use of a particular service, we ask to use your data in a way not described in this Privacy Statement and you do not wish to permit that use, you can choose not to use the particular service.

If you have voluntarily provided personally identifiable information, we may, from time to time, send you mail or e-mail regarding information and services. If you do not want to receive such offers and mailings, you can easily indicate that by checking the appropriate box on the submission form.

We may collect and use Users personal information for the following purposes:

To improve customer service: Information you provide helps us respond to your customer service requests and support needs more efficiently.

To personalize user experience: We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site.

To improve our Site: We may use feedback you provide to improve our products and services.

To process payments: We may use the information Users provide about themselves when placing an order only to provide service to that order. We do not share this information with outside parties except to the extent necessary to provide the service.

To run a promotion, contest, survey or other Site feature: To send Users information they agreed to receive about topics we think will be of interest to them.

To send periodic emails: We may use the email address to respond to their inquiries, questions, and/or other requests. If User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, related product or service information, etc. If at any time the User would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email or User may contact us via our Site.

Any other purpose directly related to our work and for which you have provided consent (where it is reasonably required by law).

Sharing your information

We only use your personal and sensitive information for the reason we collect it as set out above and for the purpose(s) for which it was collected, or as otherwise permitted by law. We will not disclose the above information that we collect to affiliates or third parties without prior informing you, or without your consent where applicable. We may disclose information to third parties in the following circumstances:

any entities or other institutions of the Archdiocese of Malta, trusted third parties which assist us in our daily operations or administer activities on our behalf, including (but not limited to) IT support staff, designers, and web developers;

any contractors or other advisers auditing any of our processes or who have the need to access such information for the purpose of advising us;

any law enforcement body which may have any reasonable requirement to access your Personal Information; and

any regulatory body or authorised entity which may have any reasonable requirement to access your Personal Information.

Data subject rights

The Policy adopts the same data subject rights in line with the Church Internal Rules. These include the following:

i. the right to be informed;

ii. the right of access;

iii. the right to rectification;

iv. the right to erasure;

v. the right to restrict processing;

vi. the right to data portability;

vii. the right to object;

viii. the right not to be subject to automated decision-making including profiling;

ix. the right to complain to a supervisory authority; and

x. the right to withdraw consent.

Should you wish to exercise any such rights you may contact us as set forth in the “Contacting us” section. We will acknowledge your request within seventy-two (72) hours and handle it promptly. We will respond to these requests within a month, with a possibility to extend this period for particularly complex requests in accordance with Applicable Law.

In accordance with Applicable Law, we reserve the right to withhold personal data if disclosing it would adversely affect the rights and freedoms of others. If a request is refused the individual will be informed of the reason for refusal and of his right to lodge a complaint with the supervisory authority. Moreover, we reserve the right to charge a fee for complying with such requests if they are deemed manifestly unfounded or excessive.

Data Protection Officer (DPO)

The Church Internal Rules provide for the appointment of a DPO whose functions include monitoring internal compliance and co-operating with the Supervisory Authority, with regards to, amongst others, security matters, official complaints and notification/communication of data breaches. The DPO is not the controller or the processor who is required to ensure and to be able to demonstrate that the processing is performed in accordance with the Regulation. In this regard, any questions regarding this document, as well as any requests for the exercise of data subject rights, should be directed to the respective DPC.

Data Protection Coordinator
Ta’ Xbiex Parish Church
St john of the Cross Parish Church
[email protected]

How can you correct, access, and update your information?

You may ask us to edit your personally identifiable information at any time by contacting us using the contact information provided on the web site.
We use your email address and fullname when you subscribe to our website. This is shared with the mailing list software or service we use and you will
receive an email whenever the website is updated.
We use PushAssist so you can receive notifications in your web browser whenever the site is updated.

How do we protect your information?

We exercise great care to protect your personally identifiable information. We take appropriate security measures to protect your data against loss, misuse and unauthorized access, alteration, disclosure, or destruction of your information. This includes, among other things, using industry standard techniques such as firewalls, encryption, intrusion detection and site monitoring. We attempt to comply with security standards including related Internet RFC’s. Only authorised personnel are permitted to access your details. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personally identifiable information, we cannot ensure or warrant the security of any information you transmit to us or receive from us. This is especially true for information you transmit to us via e-mail. We have no way of protecting that information until it reaches us. Once we receive your transmission, we make our best effort to ensure its security.

It is our policy to:

destroy personal information once there is no longer a legal or business need for us to retain it;

use data networks protected, inter alia, by industry standard firewall and password protection; and

deploy, operate and maintain up-to-date effective anti-virus software on all computer systems that are liable to attack from malicious software.

Internally, we will restrict access to your personally identifiable information to individuals who need access to the information in order to do their jobs. These individuals are limited in number and are committed to our privacy policies. We will review our security arrangements from time to time as we deem appropriate. If we make changes to this privacy policy, we will post the changes on this page so that you always will know what information we collect, how we use it, and when and how we will disclose it.

Confidentiality of Data

When the parish intends to transfer personal data to a third country, it will do so only subject to the provisions of the Church Internal Rules. We will take all necessary steps to ensure that your privacy rights continue to be protected, as outlined in this privacy policy and in accordance with data protection laws.

How can you help protect your information?

If you are using the St. John of the Cross Parish Church Web site for which you registered and chose a password, we recommend that you do not divulge your password to anyone. We will never ask you for your password in an unsolicited phone call or in an unsolicited e-mail. Also remember to sign out of the registered site by closing your browser window when you have finished your work. This is to ensure that others cannot access your personal information and correspondence if others have access to your computer.

What about links to other sites?

The St. John of the Cross Parish Church site may contain links to other sites and third-party websites may have links to our website. While we seek to link only to sites that share our high standards and respect for privacy, we are not responsible for the privacy practices employed by other sites. Our privacy policy does not apply to external links or other websites and we are not responsible for the practices employed by websites linked to or from our Site. The operators of other websites may collect your personal information. We encourage you to read the privacy policies of any website you link to from our website.

Data Retention

The parish shall not keep personal data for a period of time longer than is necessary, having regard to the purposes for which it is processed. We will retain and use information as necessary to comply with our legal obligations, resolve disputes, protect your vital interests or the vital interests of another natural person and enforce our agreements as follows:

Correspondence – We will keep your information for as long as it takes to settle your enquiry, and for a further period of time in line with statutory obligations, after which point your data will be erased.

Mailing list – We will keep your information which you used to sign up for the parish’s newsletter for as long as you remain subscribed or once the service is no longer operating, whichever occurs first.

Order information – We will keep your information used to place an order for our goods (photos) and/or services, for a minimum period of six years following the end of the financial year in which you placed your order, in line with our statutory obligation to retain records for tax purposes under the VAT Act, Chapter 406 of the Laws of Malta.

In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria:

    • what the purpose(s) was for which your information was collected in the first place;
    • whether there are any statutory obligations, obliging us to continue to process your information;
    • whether we have a legal basis in place to continue to process your information, including but not limited to consent;
    • what the value attached to your information is;
    • whether there are any industry practices stipulating how long information should be retained;
    • the risk, cost and liability attached to such retention; and
  • any other relevant circumstances.

Our website saves the cookie heateorSsBrowserMsg in your browser to track which visitors have seen the popup notification and which haven’t. This cookie isn’t related to your personal data or your IP address.

Changes to this Policy

Please note that the Parish has the discretion to update this privacy policy at any time. When we do, we will revise the updated date at the bottom of this page. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.

When data processing requires consent, if the changes to data processing are likely to impact the validity of previous consent attained, or the changes are not in line with existing expectations, we will advise you of the choices you may have as a result of those changes.

Minors and Children’s Privacy

Protecting the privacy of minors is especially important. We will not knowingly collect, use or disclose Personal Data from a minor under the age of 16, without obtaining prior consent from a person with parental responsibility (e.g., a parent or guardian) through direct off-line contact. We will provide the parent with (i) notice of the specific types of personal data being collected from the minor, and (ii) the opportunity to object to any further collection, use, or storage of such information. If you have any question regarding this topic, please contact us as indicated in the “Contacting us” section below.


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Cookies may be used by advertisers (e.g banners) and are also used by the site in gallery pages to detect non-friendly webrobots. So the use of cookies is primarily to avoid wasting bandwidth. A mailing list is kept (opt-in) to announce updates. That information (email addresses) is not given to anyone else.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Usage of this site – Your Acceptance of these terms

By using this Site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.

Contacting Us

If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us at:

St John of the Cross Parish Church
Sir Temi Zammit Ave, Ta’ Xbiex, Malta
[email protected]

This document was last updated on 4th April  2019.