Privacy Policy

Last updated: 13 May 2026

This Policy describes how personal data is processed through the website of the General Postulation for the Causes of Saints of the Order of Discalced Carmelites (OCD), available at www.postocd.org.

1. Data Controller

The Data Controller is the General Postulation for the Causes of Saints (OCD), Corso d’Italia 38, 00198 Rome, Italy. For privacy-related requests, you may write to privacy@carmelitaniscalzi.com.

2. Categories of personal data processed

The website may process technical and browsing data, data voluntarily provided through contact or request forms, communications sent by email, data connected with requests concerning relics or information, and data connected with donations or payment services when the user chooses to use those services.

3. Purposes of processing

Personal data is processed to ensure the operation and security of the website, respond to user requests, manage communications and forms, comply with legal obligations, manage donations and related administrative activities and, where applicable, measure use of the website and improve its services through cookies or similar technologies.

4. Legal bases

Processing is based, depending on the case, on the user’s consent, the need to respond to a request or carry out pre-contractual measures, compliance with legal obligations and the legitimate interest of the Data Controller in ensuring the security, maintenance and correct operation of the website.

5. Communication to third parties

Personal data may be processed by hosting providers, technical service providers, email and form-management services, payment or donation services, analytics or cookie-consent management tools and other providers that support the operation of the website.

6. Transfers outside the European Economic Area

Some technical or third-party services may involve transfers of data outside the European Economic Area. In such cases, appropriate safeguards are adopted in accordance with the applicable data-protection rules.

7. Retention period

Personal data is retained for the time necessary to achieve the purposes for which it was collected, to respond to requests, comply with legal and administrative obligations and protect the rights of the Data Controller. Technical logs are retained for limited periods compatible with security and operational needs.

8. User rights

Users may request access to their personal data, rectification, erasure, restriction of processing, objection to processing and, where applicable, data portability. Consent may also be withdrawn at any time where processing is based on consent.

9. How to exercise rights

Requests may be sent to privacy@carmelitaniscalzi.com. Users also have the right to lodge a complaint with the competent supervisory authority.

10. Updates

This Privacy Policy may be updated to reflect changes to the website, services, legal obligations or cookie-consent management tools.