1. GENERAL PROVISIONS
The heart and nature of the association “Latvijas de Cristo” (hereinafter referred to as “Via de Cristo” and/or “VdC” and/or “We”) is the Gospel of Christ, in order to bring Christians to a fuller understanding of what is meant to be a life of grace, which gives a new strength and liveliness in the lives of their faiths. The purpose of the Via de Cristo is to give Christians a new sense of their mission to the world to become leaders for Christian renewal, as well as the desire to live a life of grace (using all means of mercy) with their brothers and sisters in Christ. The Via de Cristo offers nothing new – just a simple method through which people can survive their lives filled with grace. In order to promote this, the Via de Cristo is held by three-day camps (hereinafter referred to as “the camp”) and after-the-camps' activities, called Fourth Day (hereinafter referred to as “the Fourth Day”). All Fourth Day activities are highly recommended, but as all Via de Cristo activities are not obligatas.
It is important to us that these objectives are achieved, at the same time we are aware of the importance of protecting the privacy of all those involved, particularly given that we have data on the religious affiliation of those involved. (General Data Protection Regulation, in force on 25 May 2018 (hereinafter referred to as the General Data Protection Regulation), Article 9(2)(d). (Full text of the Regulation)
We invest in resources and take care to protect personal data in our daily activities.
When processing personal data, we shall respect the regulatory enactments in force in the Republic of Latvia, the binding instructions and regulations issued by the responsible authorities, as well as the regulatory enactments of the European Union.
- Anonymized data — Information that is no longer relevant to a natural person because all personal identification elements are excluded from the personal data set.
- Personal data: any information directly or indirectly attributable to a natural person.
- Events – any kind of activity that we organise in line with Our operational objectives: camps, Fourth Day (after the life of the camp), Ultreyas (meeting of the members of the VdC), Small Groups, etc.
2. HOW DO WE OBTAIN PERSONAL DATA?
The information we get about the person depends on the type of cooperation.
We can receive personal data in several ways, including:
- The data subject has provided us with his or her Personal Data by submitting an application questionnaire for membership in Our Organised Camps (by logging on to Our Internet site), by participating in our Organised Events, requesting information or submitting an application for a specific question or request, by contacting us on the information channels on our Internet site;
- Receiving data from other sources, participating in one of the events we have organised, during which photos of the participants in the event have been taken. In the event of taking photographs, the participants of the event shall be informed. Images captured in the event are issued only and exclusively to participants in the event and are placed on Our Internet site, in a section accessible to identified users.
3. WHAT PERSONAL DATA DO WE OBTAIN?
Depending on the type of cooperation or communication, the types of personal data may vary. In general, personal data types are classified into the following categories:
- Basic personal data. Personally identifiable data — given name, surname, contact and communication data — telephone, e-mail address, family position, information required for the conduct of events, consent data, personal visual data (photo, video, etc.), etc.
- Data on a person's religious affiliation pursuant to Article 2(d) of the General Data Protection Regulation.
4. HOW DO WE USE PERSONAL DATA?
We are processing Personal Data to ensure that the camp is organised and to invite Christians visiting the camp to serve and attend other events we have organised.
We shall, on the basis of the consent given by the data subject, process the Personal Data for specific and necessary purposes only:
- Provision of measures: The aim is to carry out and provide the functions entrusted to Via de Cristo and to the responsibilities assumed by Via de Cristo.
- Clarification of the opinion: The aim of the survey relates to actions that, for example, need to be carried out in order to ensure a clarification of the opinion on the work of Via de Cristo or the activities organised.
- Addressing the requested issues: The aim is to deal with the data subject and Our interaction, including requests, submissions or any contact submitted by the person (including via mail, e-mail, etc.). We do the processing on the basis of the law and the proposed question, for example by passing the necessary lists for Measures, etc.
- Conclusion/amendment of the contract - We shall carry out the processing on a legal and contractual basis.
- Communication with Via de Cristo pilgrims (a person participating in one of the VdC camps, hereinafter referred to as “the pilgrim”) or Via de Cristo candidates (those who are expected to participate in the camp, hereinafter referred to as “the applicant”). We respect the right of any pilgrim or candidate to give, withdraw or change the possibilities for receiving information. You can view and change your Personal Data on our home page. In cases where a pilgrim or a candidate has expressed a desire for information, personal data may be processed to enable the necessary information to be provided. In such cases, the consent of the candidate for the pilgrim or Via de Cristo is always important. The processing shall be carried out on a legitimate basis and on the basis of the consent given by the pilgrim or Via de Cristo Kandidats.
- Enforcement of binding regulatory enactments - The aim is to refer to the basis for the processing of personal data provided for in regulatory enactments, such as accounting, taxation and levies, etc.
- The data of the prayer room. The data subject, which is registered on Our home page, shall voluntarily send its name, surname, e-mail and begging content to all users registered on the home page who have not signed out of this service. The data subject may sign out at any time.
- The security of the Via de Cristo infrastructure and services, information, personnel, pilgrim and candidate, prevention of illegal or other hazards, promotion of criminal offences in and adjacent areas, including information systems. The objective shall apply to measures taken by physical and logical means of protection, including video surveillance, technical and organisational measures, to ensure protection against risks and protection caused by physical exposure. The processing shall be carried out on the basis of law and a legitimate interest.
- Accounting/financial and tax management — The purpose is accounting records, taxation, accounting, etc. The processing shall be carried out on the basis of the law and contract (transaction).
- Processing of personal data on Via de Cristo for internal administrative purposes — the purpose is to process personal data for internal administrative purposes, such as preventing conflict of interest and preventing illegal transactions. We do the processing on the basis of a legitimate interest.
In any of the above cases, personal data shall only be processed to the extent permitted by the specific purpose of processing.
5. HOW DO WE PROTECT PERSONAL DATA?
For the protection of the interests of individuals, we are continuously developing our security processes and measures. Such security measures shall include the protection of personnel, information and technical resources, IT infrastructure, internal and public networks and buildings used in Via de Cristo activities. In the framework of these measures, we shall ensure an appropriate level of information protection to prevent unauthorized access to personal data.
6. TO WHOM CAN WE PROVIDE PERSONAL DATA?
The exchange of personal data may be necessary on a case-by-case basis where it has a specific objective, for example, we may need to provide Personal Data to the following categories of data recipients:
- State institutions, such as the State Revenue Service, information regarding donations made by the pilgrims or the Enterprise Register of the Republic of Latvia regarding members of the Via de Cristo Board and the Sectariata (Via de Cristo Council, hereinafter referred to as “the Secretariat”);
- For each individual, at his or her personal request, for himself or for another person on the basis of a mandate;
- Supervisory authorities, such as law enforcement authorities and rescue services in conformity with regulatory enactments;
- Partners with whom an agreement has been concluded and an agreement on the processing of personal data, such as delivery (couriers, posts, etc.).
- Camps, organisers of measures to enable members of the Via de Cristo Team (hereinafter referred to as “the team”) to carry out the tasks entrusted. (See. Point 11)
We shall ensure the confidentiality of personal data by taking security measures in accordance with regulatory enactments.
7. HOW LONG DO WE KEEP THE DATA?
For the storage of anonymized data in direct form, the restrictions are not applicable, but they are also stored only for the required amount and duration.
Like other home pages, our home page can use cookie technology.
Cookies allow us to identify the most demanding parts of the home page (which parts of the home page and how long visitors visit them).
Unless otherwise provided by law, the person has the right to refuse further processing of his or her data at any time, but in such a case, particularly if those data are technically relevant, there is a possibility that we will not be able to provide the service to the same extent as before.
See Cookies Policy article.
9. WHAT ARE THE RIGHTS AND OBLIGATIONS OF THE DATA SUBJECT?
The data subject shall have the right to:
- To familiarise themselves with the information that we keep about him, to the extent that it is not in contradiction with the laws and regulations and does not unduly prejudice the rights of others; information on himself may be obtained in any channel provided by us which enables the identification of the person.
- Request access to their data, rectification or, if necessary, replenishment, erasure, processing limitation or objecting to the processing thereof in the cases specified in regulatory enactments, as well as the right to data portability. When choosing to receive information about yourself remotely, such as by mail, e-mail, other addressee or similar, the applicant shall be responsible for the safety of the type of receipt chosen and the behaviour of the persons acting in the representative of the applicant.
- To require a copy of the personal data in the processing, provided that it does not adversely affect the rights and freedoms of others.
- At any time, withdraw the agreements they have given. Giving or withdrawing consent is a free choice of person and does not impose any additional mandatory obligations. However, if a person decides to withdraw one of the consent given, it should be noted that the processing of the data related to the consent in question will no longer be ensured and that there may no longer be a possibility at the previous level. For example, a recall to receive the current messages will mean that news or other spotlights will no longer be delivered. It is important to remember that such a recall does not affect the legality of the data processing carried out prior to the recall.
The data subjects' applications shall be examined free of charge. The application may be submitted to the Laju Head of the Via de Cristo Secretariat, providing an opportunity to identify itself as a specific personal data subject and to ascertain the nature and justification of the request submitted.
The data subject shall be obliged to:
- Provide us with information on changes in the data provided within a reasonable period of time. It is important to us that we have real and up-to-date information.
- Provide additional information where necessary. In the framework of communication and cooperation, we may ask for additional information to make sure that communication or cooperation takes place with a particular individual. This is necessary for the protection of the data of the person concerned and other persons in order to make it clear that it is the personal data subject and that information disclosed in the context of communication and/or cooperation is only disclosed to that person without infringing the rights of others. For example, when a person wants to find out about himself by sending us a request. In this case, it is important for us to make sure that it is this person who has signed and submitted this request. Accordingly, we may ask for additional identifiable information. However, if the person has not provided any additional information and/or we will have doubts about the identity of the applicant, we may, for the purposes of personal data protection (so that they are not disclosed to third parties), suspend the examination of the request until we are sure that it is the person who requested the information.
11. ANSWERS TO FREQUENTLY ASKED QUESTIONS
- The Via de Cristo database may only be consulted by the database administrator or by the persons referred to in the Secretariat's provisions on the security of personal data in the VdC.
- At the entrance to the church and in other indoor areas where the VdC events are taking place, an informative statement should be provided that during the events, photographs, filming or other recordings are carried out on data carriers agreed in advance with the person responsible for the VdC.
- If video surveillance is carried out on the site or premises of the Via de Cristo event for safety purposes, an informative statement shall be provided.
- When sending e-mails to many recipients at the same time (for example, all pilgrims, Candidates, Team, etc.), recipients should not see each other's e-mail addresses. This is prevented by placing addresses in the “Bcc” section (not “To” or “Cc”).
- The General Data Protection Regulation protects personal data from attempted trading of those data. The big value of Via de Cristo is the List of Pilgrims and Via de Cristo Kandidats with e-mail addresses or telephone numbers. Protect them.
12. TECHNICAL INFORMATION
- Basic features of Joomla:
All requests on the Via de Cristo website, which is based on Joomla, store the IP address in session data at the beginning of the session and create session details in the user's browser. The IP address is used as a security tool to help protect against potential session abduction attacks, and this information is deleted when the session has expired and its data have been cleaned. The session cookie name is based on randomly generated hash, so it does not have a constant identifier. Session cookies are destroyed when the session is expired or the user has exited the browser.
The Joomla registration system registers the visitor's IP address, resulting in a message being written on its log files. These log files are used to record various activities on the Joomla website, including information related to basic updates, invalid login attempts, raw errors, and development information such as deformed API use. This log file format can be customized by any extension that configures the registrant, so you are advised to download and review the log files on your website.
- Authentication - cookies
With a plug-in that supports the “Remember Me” function, such as the “System - Remember Me” plug-in, this plug-in creates a cookie in the user's client if the “Remember Me” check box is selected when you log on to the site. This small data can be identified with the prefix 'joomla_remember_me' and is used to automatically register to users on the site when they visit the site and they have not yet logged in.
- CAPTCHA - RECAPTCHA
The reCAPTCHA plug-in integrates to Google's reCAPTCHA system as a spam protection service. As part of this service, Google broadcasts the IP address of the user in charge of the kaptcha challenge.
To process information requests, you must collect and register information about the user in order to save the audit journal. The request system is based on the person's email address that will be used to link the request to an existing site user, if possible.
- System - Language Filter
On a site that supports multiple languages, you can configure this plug-in to set up a cookie in a user's browser that remembers their choice of language. This cookie is used to direct users to their preferred language when they visit the site and create a new session. The cookie name is based on random mixing and therefore does not have a constant identifier.
- Google Analytics
We also used Google analytics, which measures the data flow of this site.
13. HOW TO CONTACT US?