Privacy Policy

Privacy Notice on the Processing of Personal Data Collected Through This Website

Last revision: 4 November 2025

1. Introduction and legal references

This notice explains how personal data are processed when collected through this website, including those obtained via cookies, tracking technologies and—where present—contact forms, restricted areas, digital services, and electronic transactions.

This notice is addressed to anyone who accesses or uses this website and explains how personal data may be collected, used, stored and protected, as well as the rights granted to users under applicable law.

These provisions do not apply to other websites, pages or online services accessible through external links that may be present on this website. Users are invited to consult the respective privacy notices of those third parties.

This notice is provided in compliance with the main applicable data protection regulations, including:

General Data Protection Regulation
UK General Data Protection Regulation
Data Protection Act 2018
Privacy and Electronic Communications Regulations 2003
Any other applicable national or international data protection regulations.

2. Data Controller and contact details

The Data Controller responsible for the processing of personal data collected through this website is:

Sacred Military Constantinian Order of Saint George
Delegation for Great Britain and Ireland

London
United Kingdom

Website: https://constantinian.org.uk
Email: delegategbi@constantinian.org.uk

For any information regarding the processing of personal data or to exercise the rights provided by applicable data protection law, data subjects may contact the Controller using the contact details above.

3. Legal bases for processing

Personal data collected through this website (including via cookies, similar technologies, contact forms, restricted areas, digital services and transactions, where applicable) are processed on one or more of the following legal bases:

Performance of a service or pre-contractual measures requested by the user (for example through contact forms or service requests);
Compliance with legal, regulatory or statutory obligations;
Consent provided by the user where required (for example for non-essential cookies or marketing communications);
Legitimate interests pursued by the Controller, provided that such interests do not override the fundamental rights and freedoms of the data subject (for example IT security, prevention of fraud, protection of the Controller’s rights).

Failure to provide consent or withdrawal of consent may limit the availability of certain functionalities or services offered through the website.

4. Categories of data collected

While browsing this website, the following categories of personal data may be collected, including through cookies and similar technologies such as pixel tags, web beacons, local storage or equivalent tools.

Browsing and technical data

Information such as:

IP address
device identifiers
browser and operating system information
requested URLs
connection time
system logs
technical preferences
usage data generated through cookies and tracking technologies

These data are generally used to ensure the proper functioning, security and performance of the website.

Data provided voluntarily by users

Personal data provided by users through:

contact forms
email communications
registration forms
requests for services
restricted areas where available

Data transmitted through third-party services or social integrations

Where the website includes social media plugins, embedded content or authentication tools (for example social logins or sharing functions), certain data may be processed by the respective platforms according to their own privacy policies.

5. Processing methods, security measures and data retention

Personal data collected through this website are processed mainly through electronic and digital means in accordance with the principles of lawfulness, fairness, transparency, data minimisation, integrity and confidentiality.

Appropriate technical and organisational security measures are implemented to protect personal data against unauthorised access, accidental loss, alteration or unlawful disclosure.

These measures include, for example:

encryption of communications via HTTPS to ensure secure data transmission;
periodic system backups to prevent loss of information due to technical incidents;
access control systems and internal security procedures.

Data retention periods

Personal data are retained only for the time necessary to fulfil the purposes for which they were collected.

In particular:

Cookie preferences and related consents are retained for 180 days, as specified in the Cookie Policy of this website;
Browsing and technical data are retained for the time necessary to ensure the security and proper functioning of the website and are subsequently anonymised or aggregated where possible;
Data processed for contractual or administrative purposes are retained for the period required by applicable legal obligations (for example accounting or tax requirements);
Data processed for marketing purposes are retained until consent is withdrawn or deletion is requested;
Data submitted through forms or specific requests are retained for the time necessary to respond to the request or complete the related service.

6. Recipients of personal data

Personal data collected through this website may be accessed or processed, within the limits of their respective responsibilities, by:

authorised personnel of the Controller who have received appropriate training in data protection;
external service providers acting as Data Processors, such as IT service providers, hosting companies, consultants, support services or technical maintenance providers;
service providers related to website functionality such as payment systems, logistics providers or customer support services where applicable;
providers of plugins, social networks and external platforms that may act as independent data controllers according to their own policies;
competent public authorities or supervisory bodies where required by law or by a lawful request from judicial authorities.

An updated list of external processors may be requested by contacting the Controller.

7. International data transfers

Personal data may be processed or transferred to countries outside the user’s country of residence when necessary for the purposes described in this notice.

Transfers may occur to:

countries belonging to the European Economic Area (EEA);
the United Kingdom;
Switzerland;
other countries recognised by the competent authorities as providing an adequate level of data protection under applicable data protection law.

Where required, appropriate safeguards will be implemented to ensure an adequate level of protection for personal data.

8. Rights of data subjects

Under applicable data protection law, including the GDPR and UK GDPR, users have the right to:

obtain confirmation as to whether personal data concerning them are being processed and access such data;
request the rectification or updating of inaccurate or incomplete data;
request the deletion of personal data where permitted by law;
request restriction of processing in certain circumstances;
object to processing based on legitimate interests or for direct marketing purposes;
receive personal data in a structured, commonly used and machine-readable format where technically feasible (data portability);
withdraw consent previously given for cookies or other processing activities based on consent;
lodge a complaint with a competent supervisory authority.

Requests to exercise these rights may be submitted using the contact details of the Controller.

9. Processing of minors’ data

The protection of minors is a priority.

The services and content of this website are not intended for individuals under the age of 18.

The Controller does not knowingly collect personal data from minors without the verifiable consent of a parent or legal guardian.

If a parent or guardian believes that a minor has provided personal data through the website without authorisation, they may contact the Controller to request the deletion or restriction of the data.

10. Complaints to supervisory authorities

If a user believes that the processing of their personal data does not comply with applicable data protection law, they have the right to lodge a complaint with a competent supervisory authority, including:

Information Commissioner’s Office
the data protection authority of the user’s country of residence within the European Economic Area;
European Data Protection Supervisor where applicable.

11. Updates to this notice

This privacy notice may be updated periodically to reflect regulatory developments, technological changes or updates to the services offered through the website.

Any significant changes will be published on this page.