Skip to content

Privacy Policy

Privacy Policy

Last updated: February 3, 2026

§ 1. Data Controller

The controller of personal data processed in connection with the use of this website is Bernardine Monastery in Wetlina (Parish of Divine Mercy), Wetlina 40a, 38-608 Wetlina, Podkarpackie Voivodeship, Poland (hereinafter: "Controller" or "Parish").

Contact:

  • Email: wetlina@bernardyni.pl
  • Phone: +48 452 415 506
  • Address: Wetlina 40a, 38-608 Wetlina, Poland

§ 2. Legal basis for processing

Personal data is processed on the basis of:

  1. Regulation (EU) 2016/679 (GDPR) — with respect to operating the website, handling the contact form, and the use of cookies;
  2. General Decree of the Polish Bishops' Conference of March 13, 2018 on the protection of individuals in connection with the processing of personal data in the Catholic Church — with respect to pastoral and sacramental activities of the Parish (Article 91 GDPR);
  3. 1983 Code of Canon Law — with respect to parish registers and sacramental records.

The Parish website, as a public communication tool extending beyond strictly pastoral activity, is directly subject to GDPR. Data processed within sacramental ministry (baptism, marriage, funeral registers) is subject to the Decree of the Polish Bishops' Conference and the supervision of the Church Data Protection Inspector (KIOD).

§ 3. Scope and purpose of data processing

a) Contact form

Scope: name, email address, subject, and message content.
Purpose: responding to inquiries directed to the Parish.
Legal basis: Article 6(1)(a) GDPR (consent) and Article 6(1)(f) GDPR (legitimate interest — correspondence handling).
Retention period: data is stored for the time necessary to respond and resolve the matter, no longer than 12 months from the last contact.

b) Technical data (server logs)

Scope: IP address, browser type and version, operating system, date and time of visit, requested resources.
Purpose: ensuring security and proper functioning of the website.
Legal basis: Article 6(1)(f) GDPR (legitimate interest — IT system security).
Retention period: server logs are stored for up to 30 days.

c) Cookies

Detailed information on cookies is provided in the Cookie Policy.

d) Pastoral and sacramental activity

Personal data processed in connection with the administration of sacraments, parish registers, Mass intentions, and pre-marriage announcements is subject to the General Decree of the Polish Bishops' Conference of March 13, 2018. Such data is processed under Canon Law and cannot be deleted insofar as it relates to administered sacraments (Article 14 of the Decree).

§ 4. Data recipients

Personal data may be disclosed only to:

  • hosting and website maintenance service providers;
  • email service providers — for correspondence handling;
  • Church authorities (Diocesan Curia, KIOD) — as required by Canon Law;
  • public authorities — only in cases provided for by law.

The Controller does not transfer personal data to third countries or international organizations. The Controller does not carry out automated decision-making, including profiling.

§ 5. Rights of data subjects

In relation to data processed under GDPR (website, contact form), you have the right to:

  1. Access your personal data (Article 15 GDPR);
  2. Rectification of inaccurate or incomplete data (Article 16 GDPR);
  3. Erasure ("right to be forgotten") — under the conditions of Article 17 GDPR;
  4. Restriction of processing (Article 18 GDPR);
  5. Data portability (Article 20 GDPR);
  6. Object to processing based on legitimate interest (Article 21 GDPR);
  7. Withdraw consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal;
  8. Lodge a complaint with the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland.

In relation to data processed under the Decree of the Polish Bishops' Conference (pastoral activity), you have the right to:

  1. request rectification of data (Article 12 of the Decree);
  2. request supplementation or annotation in the dataset (Article 13 of the Decree);
  3. request deletion of data — excluding data relating to administered sacraments or canonical status (Article 14 of the Decree);
  4. lodge a complaint with the Church Data Protection Inspector (KIOD), Skwer kard. Stefana Wyszyńskiego 6, 01-015 Warsaw, email: kiod@episkopat.pl (Article 41 of the Decree).

§ 6. Voluntary provision of data

Providing personal data in the contact form is voluntary but necessary to receive a response. Failure to provide the required data will prevent processing of the inquiry.

§ 7. Data security

The Controller applies appropriate technical and organizational measures to ensure the protection of processed personal data, including HTTPS/SSL encryption, CSRF token protection, regular software updates, and restricted access to authorized persons only.

§ 8. Changes to the privacy policy

The Controller reserves the right to amend this Privacy Policy. Users will be informed of significant changes via a notice on the website. The current version is always available at: /privacy.

© 2026 Bernardine Monastery in Wetlina. All rights reserved.

Terms of Use Privacy Policy Cookie Policy
News Masses Contact Donate