Contacts

Processing of data through the OFM application for Facebook and Instagram

This section supplements the general privacy policy of the Order of Friars Minor and describes the processing of data through the internal application used to manage its institutional Facebook and Instagram accounts.

The data controller is the Order of Friars Minor, with offices at the General Curia of the Friars Minor, Via di Santa Maria Mediatrice, 25 – 00165 Rome, Italy. Questions or requests concerning the protection of personal data may be sent to comgen@ofm.org.

The Order of Friars Minor uses an internal social media management application, based on the Postiz platform, to administer, prepare, schedule and publish content on its institutional Facebook and Instagram accounts.

The application is intended exclusively for authorized staff members and collaborators of the Order of Friars Minor and is not offered as a service to the public.

Categories of data processed

When an authorized user connects a Facebook or Instagram account to the application, the following categories of data may be processed, within the limits of the permissions granted through Meta:

The application does not collect or store Facebook or Instagram account passwords. Authentication and authorization are performed through systems provided by Meta.

Purposes of processing

Data is processed exclusively for the following purposes:

The Order of Friars Minor does not sell data processed through the application, disclose it for commercial purposes, use it for behavioral advertising or use it to create commercial profiles of users.

Legal basis for processing

The principal legal basis for processing is the legitimate interest of the Order of Friars Minor in effectively organizing, protecting and managing its institutional communications and social media accounts.

Processing may also be necessary to:

Providing the data and permissions necessary for authentication and account connection is required to use the relevant application functions. Without such data or permissions, the relevant account cannot be connected to or administered through Postiz.

Access to data and recipients

Data is accessible only to:

In particular, some data may be processed by:

When artificial intelligence features are used, instructions, text, images or other content entered by the user may be transmitted to OpenAI to the extent necessary to generate the requested content.

Authorized users must not enter unnecessary personal data, particularly sensitive data, passwords, access tokens, credentials or confidential information into artificial intelligence features unless such information is strictly necessary for the requested purpose.

Providers may process data as data processors or, for certain activities, as independent data controllers, according to the nature of the service and their respective contractual terms and privacy notices.

International data transfers

Use of the application and its related technical services may involve the processing or transfer of personal data to countries located outside Italy or the European Economic Area, including the United States.

In particular, some data may be processed by Meta, as the provider of the Facebook and Instagram platforms; by OpenAI, when the application’s artificial intelligence features are voluntarily used; and by technical subprocessors necessary for the operation, security and maintenance of their respective services.

When personal data is transferred to a country outside the European Economic Area, the transfer is carried out, as applicable, on the basis of one or more of the following mechanisms:

Where necessary, supplementary technical, organizational and contractual measures are implemented, taking into account the nature of the data, the purposes of processing, the provider used and the destination country.

Data subjects may request further information about international transfers and the safeguards applied by contacting comgen@ofm.org.

Data retention

Data is retained only for as long as necessary to fulfil the purposes for which it was collected.

In particular:

Data is deleted or anonymized when it is no longer necessary, when the account is disconnected or when a deletion request is accepted, unless continued retention is required by law or is necessary for documented security purposes, the protection of legal rights or the management of disputes.

Deletion of data connected to the Meta application

Users may terminate the connection between the application and their Facebook or Instagram account at any time by:

  1. removing the Facebook or Instagram channel from the Postiz application settings;
  2. revoking the application’s permissions through their Meta account settings, in the section concerning applications, websites or business integrations;
  3. sending a deletion request to comgen@ofm.org with the subject “Meta/Postiz application data deletion”.

The request must include:

Passwords, access tokens, authentication codes or other credentials must not be sent.

Before proceeding with deletion, the Order of Friars Minor may request information reasonably necessary to verify the requester’s identity and authorization.

Following verification, the Order of Friars Minor will, within the time limits established by applicable law:

Deleting data from the Postiz application does not automatically delete content already published on Facebook or Instagram. Such content remains on Meta’s platforms and must be deleted directly from the relevant Page or account.

Revoking the application’s access does not necessarily result in the deletion of data processed independently by Meta. Such data is governed by Meta’s settings, procedures and privacy policy.

For further information or to exercise data protection rights, users may contact comgen@ofm.org.

Last updated: 28 June 2026.