LUX MUNDI

Privacy Policy

 

Last updated: [November 26th, 2025]

Lux Mundi (“we”, “us”, “our”) is a meeting place open to all, with centres in Fuengirola and Torre del Mar, offering prayer and ecumenical gatherings, social action, social‑cultural and fundraising activities, and other community services.

We are committed to protecting your privacy and handling your personal data responsibly and transparently, in line with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

This Privacy Policy explains how we collect, use and protect your personal data when you:

  • visit our website Lux Mundi,
  • contact us by phone, email or via online forms,
  • participate in our prayer and ecumenical gatherings,
  • join our social action initiatives (e.g. food drives, charity in network, CareTeam),
  • take part in social, cultural or fundraising activities and events,
  • support us through donations or volunteering,
  • or otherwise interact with Lux Mundi.

If you have any questions, you can contact us using the details in section 11.

1. Who is responsible for your data?

The data controller for your personal data is:

Lux Mundi
Avenida Moscatel, 1 «I», C. Casa de la Viña
29740 Torre del Mar, Málaga
Spain

Telephone: +34 952 543 334
Website: https://lux-mundi.org
Email: luxmundi@lux-mundi.org

If we appoint a Data Protection Officer (DPO) or specific data contact person, we will publish their details here.

2. What data do we collect?

The personal data we collect depends on how you interact with us. We may collect:

2.1. Data you provide directly

  • Contact details: name, email address, telephone number, postal address.
  • Messages and enquiries: content of your message when you contact us through the website contact form, email, telephone, or in person.
  • Participation data: information about your attendance at our:
    • prayer and ecumenical gatherings,
    • social action projects (e.g. food drives, charity networks, CareTeam),
    • social, cultural and fundraising activities,
    • other events (e.g. coffee mornings, workshops, talks).
  • Volunteer and supporter data:
    • your availability, areas of interest, and any information you choose to share about your skills or experience,
    • information related to your support (e.g. fundraising involvement).
  • Donation data:
    • information related to donations you make (amounts, dates, method),
    • limited payment details as needed for processing via banks or payment providers (we do not store full card details ourselves).
  • Feedback and reviews:
    • your opinions, satisfaction ratings and reviews when you fill in surveys or leave comments through links such as “Give us your review”.
  • Other data you choose to share:
    • for example, when you speak with us in person or via email about your situation, interests or needs.

2.2. Data we collect automatically when you use our website

When you visit lux-mundi.org, we may automatically collect:

  • technical data (IP address, browser type and version, device type, operating system),
  • usage data (pages viewed, time and date of visit, referring pages, approximate location based on IP),
  • cookie data (see section 7).

We do not use this data to identify you personally unless it is combined with other information you provide.

2.3. Special categories of data (sensitive data)

Our mission is rooted in faith and community. In the course of our activities, we may infer or become aware of information relating to:

  • your religious or philosophical beliefs (for example, if you participate in ecumenical gatherings or prayer activities),
  • your health or personal circumstances (for example, if you share this with us in the context of pastoral care, CareTeam support, or social action).

We only process such sensitive data where strictly necessary, on a lawful basis (see section 3), and with appropriate safeguards.

3. For what purposes and on what legal bases do we use your data?

We process your personal data only when we have a valid legal basis under GDPR. Depending on the context, that basis may be:

  • Your consent (Article 6(1)(a) GDPR; for special data, Article 9(2)(a)),
  • Performance of a contract or steps taken at your request (Article 6(1)(b)),
  • Compliance with a legal obligation (Article 6(1)(c)),
  • Legitimate interests pursued by Lux Mundi, balanced with your rights (Article 6(1)(f)),
  • For religious/charitable purposes as allowed by law, with appropriate safeguards (e.g. Article 9(2)(d) GDPR for not‑for‑profit bodies).

We use your data for the following purposes:

3.1. Responding to your enquiries and communication

  • To answer messages sent via the contact form, email, telephone, or in person.
  • To provide information you request about our centres, schedules, activities, or events.

Legal basis:

  • Performance of a contract or pre‑contractual steps, and/or
  • Our legitimate interest in responding to people who contact us.

3.2. Organising and managing gatherings, activities and events

  • To register and manage participation in:
    • prayer and ecumenical gatherings,
    • social action programmes (e.g. food drives, CareTeam),
    • social, cultural and fundraising activities and events (e.g. coffee mornings),
    • other community initiatives.
  • To communicate any changes, reminders or follow‑up information related to these events.

Legal basis:

  • Performance of a contract or your participation request, and/or
  • Our legitimate interest in organising and improving our services, and
  • For any sensitive data, your explicit consent or the not‑for‑profit exemption where applicable.

3.3. Social action and support

  • To identify needs and coordinate help (for example, food support, visits, accompaniment, CareTeam activities).
  • To connect people who offer help with those who request or need help, when appropriate and with discretion.

Legal basis:

  • Legitimate interests in providing social action and support as part of our mission, and/or
  • Your explicit consent, especially where sensitive data is involved.

3.4. Managing volunteers, supporters and donations

  • To communicate with volunteers, allocate tasks and manage schedules.
  • To process and record donations, comply with accounting and legal obligations, and, where applicable, prepare acknowledgements or receipts.
  • To inform volunteers and donors about the impact of their contribution and opportunities to stay involved, if they wish.

Legal basis:

  • Performance of a contract (volunteer arrangement, if applicable),
  • Compliance with legal obligations (e.g. accounting, tax), and
  • Our legitimate interest in sustaining and developing Lux Mundi’s activities;
  • For any optional communications, your consent.

3.5. Information and updates about Lux Mundi

  • To send you occasional information about:
    • upcoming events and activities,
    • opportunities to participate or support,
    • news related to Lux Mundi’s mission and community.

We will only send you such communications where this is permitted by law and you have not objected. Where required, we will ask for your consent.

Legal basis:

  • Our legitimate interest in keeping in touch with those who have a relationship with us, and/or
  • Your consent, particularly for email communications of a promotional or non‑essential nature.

You can opt out at any time (see section 10).

3.6. Website operation, security and improvement

  • To operate and maintain our website and digital communications tools.
  • To monitor usage and performance, detect technical issues, errors or security threats.
  • To produce aggregated statistics to better understand how people interact with our site and improve content and user experience.

Legal basis:

  • Our legitimate interest in running a secure, effective website and improving our services, and
  • For non‑essential cookies or similar technologies, your consent (see section 7).

3.7. Compliance and protection

  • To comply with legal obligations (e.g. accounting, data protection, security).
  • To protect our rights, property, activities, volunteers, staff and visitors.
  • To prevent, detect or address misuse, suspected wrongdoing or legal claims.

Legal basis:

  • Compliance with legal obligations, and/or
  • Our legitimate interests in protection and security.

4. Do we share your data with others?

We do not sell your data and we disclose it only when necessary and appropriate.

We may share your personal data with:

4.1. Service providers (processors)
Carefully selected third‑party service providers that help us operate, such as:

  • website hosting and maintenance providers,
  • email and communication tools,
  • online form providers,
  • IT support and security services,
  • payment processors or banks (for donations and payments).

These providers only process your data on our instructions, under strict confidentiality and security obligations.

4.2. Partners in social action or ecumenical collaboration
In some cases, we collaborate with other churches, Christian communities, charities or social organisations. With your knowledge and, where required, your consent, we may share limited data necessary to:

  • coordinate joint activities or initiatives,
  • ensure continuity of support or care.

4.3. Legal and regulatory authorities
When required by law or in response to a valid legal request, we may need to disclose data to public authorities, courts or law enforcement.

4.4. Other persons with your consent
In all other cases, we will share your data only if you explicitly request or consent to it.

5. International transfers

Our primary operations are in Spain. However, some of our service providers (for example, email or website tools) may store or process data in other countries, including outside the European Economic Area (EEA).

When we transfer data outside the EEA, we do so only where:

  • there is an adequacy decision by the European Commission, or
  • we have implemented appropriate safeguards (such as Standard Contractual Clauses), and
  • additional measures where necessary to protect your data.

You can contact us for more information about international transfers and safeguards.

6. How long do we keep your data?

We keep your personal data only as long as necessary for the purposes described in this Policy, and to satisfy legal, accounting or reporting requirements.

Retention periods vary depending on the type of data:

  • Contact and enquiry data: kept for the time needed to handle your request and for a reasonable period afterwards (e.g. up to 2 years), unless you enter into a longer‑term relationship with us.
  • Participation in events and activities: kept for as long as necessary to manage the activity and, where appropriate, to maintain a record of community involvement (subject to periodic review).
  • Volunteer and donor records: kept for the duration of the relationship and for the statutory retention period required for financial and legal purposes (often 5–10 years, depending on applicable law).
  • Website logs and technical data: kept for a short, limited time needed for security, diagnostics and analytics (typically up to 12–24 months in anonymised or aggregated form).

When data is no longer needed, we will delete or anonymise it securely.

7. Cookies and similar technologies

Our website lux-mundi.org may use cookies and similar technologies to:

  • ensure the site functions properly (e.g. basic navigation, forms),
  • remember your preferences (e.g. language),
  • gather anonymous statistics about how visitors use our site,
  • improve the design and content of the website.

7.1. Types of cookies

  • Strictly necessary cookies: required for the basic operation of the site. They are always active and do not require consent.
  • Functional and preference cookies: help remember your settings and improve your experience.
  • Analytics cookies: help us understand how many visitors we have and how they use the site (for example, which pages are most visited). This usually involves aggregated, anonymised data.
  • Third‑party cookies: if we embed content or tools from third parties (for example, maps or video platforms), these providers may set their own cookies.

7.2. Managing cookies

When you first visit our website, you may be presented with a cookie notice and, where required, given the option to accept or reject non‑essential cookies.

You can also control cookies through your browser settings. Disabling some cookies may impact your experience on the site.

For more detailed information, please refer to our Cookie Policy (if published separately), or contact us.

8. How do we protect your data?

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration or disclosure. These measures include:

  • limiting access to personal data to people who need it for their role,
  • using secure systems and, where possible, encryption or pseudonymisation,
  • maintaining up‑to‑date software and security practices,
  • training people involved in our activities about confidentiality and data protection,
  • entering into data processing agreements with service providers.

Despite our efforts, no system can be completely secure. If we become aware of a data breach that poses a high risk to your rights and freedoms, we will inform you and the relevant authorities as required by law.

9. Children and vulnerable persons

Our activities are open to people of all ages. When we work with children or vulnerable persons:

  • we take particular care to process their data lawfully, fairly and with appropriate safeguards,
  • we obtain consent from parents or legal guardians where required,
  • we limit data collection to what is strictly necessary,
  • we apply additional protection measures and confidentiality.

If you are a parent or guardian and have concerns about your child’s data, please contact us (see section 11).

10. Your rights

You have certain rights regarding your personal data under GDPR and applicable law. These include the right to:

  • Access: obtain confirmation of whether we process your data and receive a copy of it.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure (“right to be forgotten”): request deletion of your data where there is no longer a legal basis for us to keep it.
  • Restriction of processing: ask us to limit processing under certain circumstances.
  • Data portability: receive your data in a structured, commonly used, machine‑readable format and transmit it to another controller, where applicable.
  • Object:
    • to processing based on our legitimate interests, for reasons relating to your particular situation;
    • at any time, to processing for direct marketing purposes (including related profiling).
  • Withdraw consent: where processing is based on your consent, you may withdraw it at any time. This will not affect the lawfulness of any processing carried out before withdrawal.

To exercise these rights, please contact us using the details in section 11. We may need to verify your identity before responding. We will respond within the time limits set by law.

You also have the right to lodge a complaint with your local data protection authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD): https://www.aepd.es.

11. How to contact us

For questions about this Privacy Policy or to exercise your data protection rights, please contact us at:

Lux Mundi
Avenida Moscatel, 1 «I», C. Casa de la Viña
29740 Torre del Mar, Málaga
Spain

Telephone: +34 952 543 334
Email: luxmundi@lux-mundi.org

You can also contact us through the form on our website: Contact Us.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our activities or in the law.

When we make significant changes, we will indicate this by updating the “Last updated” date at the top of the Policy and, where appropriate, by providing a more prominent notice on our website or by other means.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

X