We are committed to protecting your personal data and respecting your privacy. This policy explains what information we collect, how we use it, and the rights you have in relation to your data when using the Benedictine Jubilee website.

1. Introduction

This Privacy Policy explains how personal data is collected, used, and protected in connection with the Benedictine Jubilee website (the “Website”).

The Website is operated under the authority of the Benedictine Confederation, with its central administration located at Sant’Anselmo, Rome.

We are committed to safeguarding personal data in accordance with:

  • The UK General Data Protection Regulation (UK GDPR)
  • The Data Protection Act 2018 (DPA 2018)
  • Applicable international data protection laws

2. Data Controller

The Data Controller for the purposes of this Website is:

The Benedictine Confederation

Sant’Anselmo

Piazza dei Cavalieri di Malta 5

00153 Rome, Italy

Contact email: osborg@anselmianum.com

3. What Personal Data We Collect

We may collect and process the following categories of personal data:

a. Information you provide directly

  • Name
  • Email address
  • Organisation / monastery affiliation
  • Contact details
  • Any information submitted via forms (e.g. updates, registrations, enquiries)

b. Technical data

  • IP address
  • Browser type and version
  • Time zone setting
  • Device information
  • Website usage data (via cookies and analytics tools)

c. Communications data

  • Records of correspondence with us
  • Feedback or enquiries submitted via the Website

4. How We Use Your Data

We process personal data for the following purposes:

  • To operate and maintain the Website
  • To respond to enquiries and communications
  • To manage participation in Jubilee-related initiatives
  • To allow Benedictine communities to update their profiles
  • To send relevant communications (where consent is provided)
  • To improve Website performance and user experience
  • To ensure security and prevent misuse

5. Lawful Basis for Processing

We rely on the following lawful bases under GDPR:

  • Legitimate Interests
  • (e.g. operating the Website, promoting Jubilee activities, ensuring functionality)
  • Consent
  • (e.g. newsletters, optional submissions, cookies where required)
  • Legal Obligation
  • (where required by law)
  • Public Interest / Religious Mission
  • (where applicable to the ecclesial mission of the Benedictine Confederation)

6. Cookies and Tracking

The Website may use cookies and similar technologies to:

  • Ensure proper functionality
  • Analyse usage and performance
  • Improve user experience

Where required, users will be asked to consent to non-essential cookies.

Users can manage or disable cookies through their browser settings.

7. Data Sharing

We do not sell personal data.

We may share data with:

  • Service providers (e.g. hosting, analytics, email services)
  • Benedictine institutions participating in the Jubilee (where relevant)
  • Legal or regulatory authorities (if required)

All third parties are required to respect the security of personal data and process it lawfully.

8. International Transfers

As the Benedictine Confederation operates internationally, personal data may be transferred outside the UK and EEA.

Where this occurs, we ensure appropriate safeguards are in place, including:

  • Adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Equivalent protections under ecclesial or organisational frameworks

9. Data Retention

We retain personal data only for as long as necessary:

  • To fulfil the purposes outlined in this policy
  • To comply with legal obligations
  • To support the ongoing mission of the Jubilee

Data is periodically reviewed and securely deleted when no longer required.

10. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Secure servers and encryption where appropriate
  • Access controls
  • Regular security monitoring

However, no system is completely secure, and users submit data at their own risk.

11. Your Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion (“right to be forgotten”)
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent at any time

To exercise your rights, contact: osborg@anselmianum.com

You also have the right to lodge a complaint with a supervisory authority (e.g. the UK Information Commissioner’s Office).

12. Third-Party Links

The Website may contain links to external websites.

We are not responsible for their privacy practices.

13. Children’s Data

This Website is not intended for children under 13.

We do not knowingly collect personal data from children.

14. Changes to This Policy

We may update this Privacy Policy from time to time.

Changes will be posted on this page with an updated effective date.

15. Contact

For any questions about this policy or your data:

Email: osborg@anselmianum.com

Optional (but strongly recommended)

Naz, to make this actually compliant in practice, you also need:

  1. Cookie banner (proper CMP)
    • Accept / Reject / Preferences
  2. Form consent checkboxes
    • Explicit opt-in for communications
  3. Data Processing Agreements (DPAs)
    • With tools like Webflow, Google Analytics, Mailchimp, etc.
  4. Privacy-first analytics setup
    • e.g. GA4 with IP anonymisation