Sovereign Military Hospitaller
Order of St John of Jerusalem of
Rhodes and of Malta

Privacy policy


The user is invited to read attentively the following privacy policy in accordance with articles 12, 13 and 14 (should the personal data not have been obtained from the data subject but from other sources) of the General Data Protection Regulation and subsequent amendments and integrations. The purpose is to gain a complete understanding of how this personal data is collected, used and stored and to whom it is disclosed, and in particular regarding :

– Browsing data

– Cookies

– Data the user has supplied voluntarily by using the website

– Data for sending newsletters Data necessary for managing contacts with members of the Sovereign Order of Malta and its local entities worldwide.


This communication is issued in its capacity as Data Controller by the Sovereign Military Hospitaller Order of St. John of Jerusalem of Rhodes and of Malta – Grand Magistry (hereinafter Sovereign Order of Malta).


The Sovereign Order of Malta has a legitimate interest in sharing the personal data of employees, collaborators, volunteers and members of the Order with other entities of the same Order [Grand Priories, Sub-Priories, National Associations, Diplomatic Missions, Foundations], as well as entering it in a centralized database. This personal data may be accessed by the Order’s organizations and by the subjects it has authorised to process the data in compliance with mutual data processing agreements.

The Sovereign Order of Malta may also transfer personal data to suppliers and third parties who perform services on its account, always in compliance with data processing agreements and, if necessary, with the user’s consent. This data may be shared and made available to external service providers to the extent necessary to meet the aims of this present policy. The categories of external subjects the Sovereign Order of Malta could make use of to perform part of its activities are the following:

– Companies providing banking services

– Real-estate companies

– Companies and/or external consultants performing ancillary activities (collection of economic and financial information, management of information systems, management of insurance practices, management and protection of credit)

– Companies and/or external consultants for complying with legal obligations (accountants, notaries, lawyers, labour consultants)

The user may request the list of suppliers and data controllers to whom the personal data the Order currently uses could be transferred.


The law guarantees a series of rights concerning personal data. The Sovereign Order of Malta undertakes to protect personal data and respect the laws in force regarding data privacy. More information and suggestions about rights are given in the English section of the Italian Data Protection Authority  (

The data subject may at any time exercise the right to:

– request confirmation of the existence of his or her personal data

– obtain indications on the purpose of the processing, the personal data categories, the recipients or categories of recipients to whom the personal data has been or will be communicated and, when possible, the storage period

– obtain the rectification and erasure of data

– obtain the limitations of the processing

– obtain the portability of data, that is receive it from a controller in a structured, commonly used and machine readable format, and transmit it to another controller without hindrance

– object to the processing of personal data at any time

– object to automated decision-making with regards to natural persons, including profiling

– lodge a complaint with the Italian Data Protection Authority

For more information on how to exercise your rights, contact:

Sovrano Militare Ordine Ospedaliero di San Giovanni di Gerusalemme di Rodi e di Malta – Gran Magistero, Palazzo Magistrale, Via Condotti, 68, 00187 Roma – Italia.

The Sovereign Order of Malta has nominated a Data Protection Officer who can be contacted by e-mail:


4.1 What is personal data?

Personal data is that information which directly or indirectly allows the user to be identified as a natural person. An example of “direct” information is your name, surname and address; “indirect” information occurs when the data is processed together with other information. 4.2. Browsing data During their normal functioning the computer systems and software procedures used to operate this website acquire some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identifiable data subjects, but because of its nature it could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or computer domain names with which users connect to the site, the URIs (Uniform Resource Identifier) of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the reply from the server (successful, error, etc.) and other parameters related to the user’s operating system and IT environment.

Purpose and lawful basis for processing

This data is used only to obtain anonymous statistical information on the use of the site and to ensure that it functions correctly. The data could also be used to establish responsibility in the event of cybercrimes involving the website (owner’s legitimate interest).

Storage period

The data is normally stored for short periods of time, with the exception of any extensions connected to investigations.


The data is not transferred by the data subject but is automatically acquired from the technology systems of the website.

4.2 Cookies

The Order collects cookies from the mobile device when the data subject uses the application or visits the associated website. The Order’s policy on cookies can be consulted in a specific article on its website: .

4.3 Data voluntarily provided when using the website

The optional, explicit and voluntary sending of an e-mail with regards to

– electronic and/or ordinary mail sent to contact data of addresses specified on this website
– spontaneous applications sent using addresses indicated on this site

can result in the subsequent acquisition and use of personal data to pursue the necessary objectives. This personal data will anyway be stored for a time compatible with the purpose of its collection.

4.4 Data for mailing the newsletter

This website uses a third-party platform for participating in the mailing list and sending the newsletter by e-mail. Personal data is all stored directly on the third-party’s servers, who fulfil the GDPR obligations as follows: accounts/management/about-the-general-data-protection-regulation

Purpose and lawful basis for processing

To send information on the Order’s initiatives and communications. The lawful basis is that of legitimate interest and in some cases consent.

Storage period

The data is usually stored for periods compatible with the purpose of the collection and/or until the consent is revoked. Once the consent has been revoked, the owner can no longer use the data for these purposes, but may store it for protecting itself from possible responsibilities based on such processing.


By express and optional consent (e.g. by entering one’s name and e-mail address on the website in the specific field or acquiring it after a printed form has been filled in).

4.6 Data necessary for managing relations with the Order’s members

Purpose and lawful basis for processing

Administrative and organizational purposes involving the necessary processing of accountancy data for formalities regarding the Order’s members. The lawful basis is that of membership of the Order and the owner’s legitimate interest.

Storage period

Period of time compatible with legal requirements and with the purpose of the processing .


Compulsory for membership of the Order.


For the aforesaid purposes, some data could be communicated to recipient sites outside the EU Economic Space. The Order assures that personal data is processed by these recipients in compliance with the applicable regulations. These transfers are performed with suitable guarantees, such as adequacy decisions, Standard Contractual Clauses approved by the European Commission, participation in the Privacy Shield. Those subjects to whom the data is communicated can be appointed Controllers.


Under certain circumstances, personal data can be processed after having obtained the user’s consent for communications on the Order’s activities to be sent to him or her. In the majority of cases, it is in the Order’s legitimate interest to collect and use personal data, as described above in “What personal data is collected and how it is used”, to better understand the user’s needs. The Order’s legitimate interest consists of keeping active the relationship voluntarily established by the user. The personal data is processed by automatic as well as manual means, adopting logics strictly connected to its purpose, also with the aim of guaranteeing its security and privacy.


The Sovereign Order of Malta is obliged by law to answer requests and provide information free of charge, unless these requests are clearly unfounded or excessive (especially because of their repetitive nature). In this case the Order could charge a reasonable fee (taking into account the administrative costs for providing the information or the communication, or for undertaking the action requested), or it could refuse to follow up on the request. The user is asked to give careful thought to the request before sending it, to which the Order will reply as soon as possible. This generally occurs within a month of the receipt of the request; should this require more time, the Order shall inform the user.


This information on privacy has been in force since 19 June 2018. The Sovereign Order of Malta reserves the right to amend it or simply update the content, partly or fully, also because of variations in the applicable regulations. The Order invites the data subject to visit this section regularly for the most recent versions to keep updated on the personal data collected and the use the Order makes of it.