This privacy notice describes how personal data is processed in the context of the “World Meeting on Human Fraternity”, including thematic table activities and participation in the events on September 12 and 13, 2025. Data processing occurs through all collection channels, including the website platform, online or paper registration forms, and any other digital or physical tool used for the organization of the event. We are committed to protecting your privacy and handling your personal data in full compliance with applicable laws, particularly EU Regulation 2016/679 (GDPR) and the General Data Protection Regulation of the Vatican City State (DCLVII/2024), given the nature of the co-organizing entities.

1. Joint Controllers

As the purposes and means of data processing are jointly determined, the following entities act as Joint Controllers pursuant to Article 26 of the GDPR and the relevant Vatican regulation:

• BE HUMAN ETS: A third sector entity under Italian law. Registered Office: Via Della Conciliazione 3 A, Rome, Italy. Contact: info@behumanets.org.
• FONDAZIONE FRATELLI TUTTI: An entity with legal personality under Italian and Vatican law.
• FABBRICA DI SAN PIETRO: An entity of the Vatican City State.

A joint controllership agreement regulates their respective obligations and responsibilities. Data subjects may request the essential content of this agreement by contacting the Joint Controllers.

2. Data Protection Officer (DPO)

In line with accountability principles and to ensure maximum protection, the Joint Controllers have voluntarily appointed a Data Protection Officer (DPO). The appointed DPO is Dr. Massimiliano Muggiano. For any issues related to the processing of personal data and to maintain a confidential communication channel, you may contact him at: dpo@behumanets.org.

3. Types of Data Collected

• Identification and contact data: name, surname, email address, phone number, date and place of birth, tax code.
• Event-related data: participation, thematic table preferences, management of audiences and institutional activities.
• Special categories of data (sensitive data): dietary needs, health conditions, or disabilities to provide appropriate assistance and accessibility. These will be processed only with your explicit consent, collected via a checkbox in the registration form, and may be withdrawn at any time.
• Browsing data: information collected automatically when using the website (e.g., IP address, browser type), used in aggregated and anonymous form for statistical analysis.

4. Purposes and Legal Bases of Processing

• a) Organization and management of the event: registration, attendance, logistics, service communications, and specific requests. Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).
• b) Processing of special categories of data: managing health or other specific needs for assistance. Legal basis: Your explicit consent (Art. 9(2)(a) GDPR and Art. 6 of the Vatican Regulation).
• c) Post-event communication and legitimate interest: sending materials, reports, future event invitations, anonymous statistical analysis, and fraud prevention. Legal basis: Legitimate interest of the Controllers (Art. 6(1)(f) GDPR).
• d) Compliance with legal obligations: compliance with applicable laws or authority orders. Legal basis: Legal obligation (Art. 6(1)(c) GDPR).
• e) Audio-video and photographic recordings of the event: documentation and dissemination through TV, websites, social media, press, and other informational materials. No facial recognition or automated tagging technologies will be used. Media will be stored securely for up to 10 years for historical archiving and institutional promotion. Legal basis (adults): Legitimate interest (Art. 6(1)(f) GDPR). Legal basis (minors): Explicit consent from parents or legal guardians (Art. 6(1)(a) GDPR), subject to signed release form and protection of dignity and decorum.

5. Processing Methods and Security Measures

Data will be processed manually and via IT and telematic tools, adopting appropriate security measures to prevent data loss, illegal or improper use, and unauthorized access.

6. Data Sharing and Transfer

• Authorized employees and collaborators of the Joint Controllers.
• External service providers (e.g., IT, event management) acting as Data Processors.
• Judicial or administrative authorities, where required by law.
• Data transfers to third countries: Due to joint controllership with Vatican entities, your data will be transferred to the Vatican City State, a third country under EU law. The transfer is necessary for centralized event management and occurs in full compliance with GDPR (Articles 44 ff.) and Vatican data protection laws.

7. Data Retention Period

Your data will be retained only as long as necessary for the stated purposes. Specifically, data related to event organization and post-event communication will be stored for 24 months after the event ends. Photos and videos will be kept for 10 years as specified in section 4.e. Longer retention may apply in compliance with legal obligations.

8. Protection of Minors

The protection of minors and vulnerable individuals is of utmost importance. Specific internal guidelines have been adopted for staff and volunteers. All participants must help prevent abuse and report incidents to authorities. The accompanying adult is solely responsible for the minor’s protection, both civilly and criminally. By attending the event, the adult acknowledges these responsibilities, as organizers do not provide direct supervision, which remains with authorities and the guardian.

9. Data Subject Rights

You may exercise your rights under Articles 15–22 of the GDPR at any time, including:

• Right of access, rectification, erasure, restriction, portability, and objection.
• Right to withdraw consent.
• Right to lodge a complaint with the Data Protection Authority.

To exercise your rights or request information, contact the DPO: dpo@behumanets.org

10. Nature of Data Provision

Providing personal data for event participation is mandatory. Failure to do so will prevent registration and participation.

11. Changes to This Notice

This privacy notice may be updated. Please check this page regularly for any changes.