Introduction

Effective date: June 13, 2019.

This privacy policy governs data collected from visitors to the website apps.liturgiaetmusica.com and users of the apps Breviarium Meum and Breviarium Meum HD. The Data Controller is

P. Giovanni Manelli
Largo della chiesa 1
64100 - TERAMO
ITALY

Data is handled in accordance with the guiding principles of the General Data Protection Regulation (GDPR):

  1. Lawfulness, fairness, and transparency;
  2. Purpose limitation;
  3. Data minimization;
  4. Accuracy;
  5. Storage limitation; and
  6. Integrity and confidentiality.

How and why we collect and process data

First of all, we want you to know that when you purchase an app, we do not receive any information that personally identifies you, such as your email address or name. All data associated with the purchase are processed by Apple, and not communicated to us. All we receive is a monthly total number of sales by country.

Server access is logged

Like most web servers, those which host our services log accesses. When you access this website with a browser or use our apps to download data, this information is logged:

  • your IP address,
  • the date and time of the request,
  • the URL requested,
  • the identifying string sent by the browser or app.

The identifying string sent by a browser typically indicates the name of the browser (e.g., Safari), its version number, and the operating system. Similarly, our apps transmit an identifying string that indicates the name of the app, its version number, and information which can be used to identify the operating system and its version.

When our apps download data, the URL includes the version of the Divine Office requested, the language of the translation (if any), and other parameters that identify the specific text needed.

The information in the access log is recorded for purposes of security, preventing unauthorized use, determining which operating system versions to support, and improving the utility of this website and our apps.

The access logs are stored on our servers in the EU. They may be stored for up to two years. The servers are in a data center protected by 24x7 human security, biometrics, access control man traps, bullet proof lobbies, and video surveillance.

Cookies and website analytics

We use cookies on our website to record your preferences, including language and font size. We also use Google’s Universal Analytics to better understand how our website is used. IP addresses are anonymized before they are transmitted to Google, so they identify visitors to our website only by a cookie they assign to each one.

Our page on cookies explains more about how this website uses them, and how you can control their use. We do not currently use cookies or analytics in our apps.

If you contact us

Using our contact form is equivalent to sending us email. If you contact us in either of these ways, we will use the name and email address you provide to respond to your request as appropriate. If you report a bug or request a feature, we may store the name and email address you provide in an issue tracking database in order to gauge the impact of the issue and to be able to inform you when the issue has been resolved. When it is resolved, any names and addresses included in the record of the issue will be redacted.

The issue tracking database is hosted by Atlassian, which is Privacy Shield certified.

Retention of data

As stated above, access logs may be kept for up to two years. Any personal data that may be included in an issue will be redacted when the issue is resolved.

Data we share with others

We only share your data with service providers to the extent necessary for them to provide us services, such as hosting and issue tracking. Google Analytics data is shared with Google, but as noted above, this does not include your full IP address.

Your rights

The GDPR gives EU residents certain rights. We extend these same rights to everyone about whom we have data. These include the rights, under certain circumstances, to:

  • Request access to your personal data (officially known as a “subject access request”). You can ask for a copy of your data.
  • Request correction of your data. You can ask us to correct any incomplete or inaccurate information we hold about you.
  • Request erasure of your data. You can ask us to delete or remove your data where there is no good reason for us to continue to process it.
  • Object to processing of your data. Since we do not engage in direct marketing, you must state your grounds for objecting.
  • Request the restriction of processing of your data. You can ask us to suspend the processing of your data, for example, if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your data to another party.

Depending on the circumstances and the nature of your request it may not be possible for us to do what you have asked, for example, where it would not be possible otherwise to fulfill our legal obligations. Some rights may not apply to the data we hold: for example, it does not seem that we have data that one would wish to transfer to a third party.

If you want to exercise any of the rights described above, please use our contact form. Please include sufficient information for us to identify your data and be certain that it is yours. We will try to deal with your request without undue delay, and in any event in accordance with the requirements of the GDPR. We may keep a record of your communications to help us resolve any issues which you raise.

Changes to this privacy notice

This policy may change from time to time. The latest effective date will be given at the top of the policy so that you can immediately see when it last changed. Any changes to this privacy notice will be posted to this page. If there are material changes to the privacy policy they will also be described in an article in the news section of this website.