This policy describes and sets out the essential details relating to your personal data relationship with Din l-Art Helwa, VO/0008, with official address at 133, Melita Street, Valletta, VLT 1123 (“the Organisation/We”). This policy highlights the types of personal data collected when you use our site and how your personal data is used, shared and protected. It also explains the choices you have relating to your personally identifiable information and how you can contact us regarding your personal data.
From time to time we may offer new services, which we will update in this policy accordingly and we will notify you prior to these changes.
Who Is Responsible For The Processing Of Your Personal Data?
The data is processed by Din l-Art Helwa, VO/0008, with official address at 133, Melita Street, Valletta, VLT 1123.
The Data Protection Officer (“DPO”) of the Organisation is Rosanne Zerafa. You can contact us by email on email@example.com or by telephone on +356 2122 5952. Our correspondence address is 133, Melita Street, Valletta, VLT 1123.
What Personal Data Do We Collect And When?
We ask you for certain personal data to provide you with the services you request. For example, when you request to receive communications, become a member, or interact with our sites. We will never share your information with a third party without your explicit permission to provide you with access to that service.
We may also collect sensitive personal data but we’ll never do this without your explicit consent. We may receive or ask you for multiple categories of data for which, in some cases, we require your consent. Should you be under the age of 16 years, a parent or a guardian must give consent on your behalf.
The processing of your Personal Data is not a statutory requirement. It is a requirement in order for us to enter into a contractual relationship with You. The consequence of not providing us with Your personal details is that we will be unable to onboard you as a member of the Organisation.
- Contact Details: including email, telephone number and physical address
- Personal Details: including name, surname, gender, date of birth and ID number
|Categories of personal data used by the Organisation for the processing purpose||Actual Personal Data collected||Legal basis for processing?||Intended Purpose||Retention Period|
|Contact Details||name and surname, email, telephone number and physical address||Processing is necessary for the purposes of our legitimate interests in sound administration of the Organisation. (Article 6(1)(f))||To be able to contact you regarding your current affairs at the Organisation||Ninety (90) days from the termination of membership.|
|Contact Details||name and surname, email, telephone number and physical address||Your explicit consent to the processing of Your Contact Details for the specified Intended Purpose (Article 6(1)(a))||To be able to contact you with information about updates, events and other promotional matters||Ninety (90) days from the termination of membership or whenever you choose to withdraw your consent – whichever comes first.|
|Personal Details||gender, date of birth and ID number||By signing up as a member you have entered into a contractual relationship with Us as set out in our membership terms and conditions.
; Article 6(1)(b))
|For the administrative records of the Organisation||Ninety (90) days from the termination of membership.|
We may also ask you to complete surveys for quality purposes.
Identification and Contact Information
When you request services or make enquiries from us through this website’s online messaging function or other forms of communication, we ask you for identification and contact details such as your name, contact telephone number, email address, depending on the nature of your enquiry and the type of response required.
Why And How We Use Your Personally Identifiable Information?
We process the personal data we collect from you in the following ways:
- To provide the services of the Organisation
When you are our data subject, we will use your data to provide the service you have selected. For example, if you request more information, we will use the contact details you give us to communicate with you.
- To protect our or others’ rights, property or safety
We may also use data about how you use our sites to prevent or detect fraud, abuse, illegal uses and violations of our regulations and to comply with court orders, governmental requests or applicable law.
- For general research and analysis purposes
We use data about how our members use services to understand member behaviour or preferences.
- Other purposes
We may also use your personal data in other ways and will provide specific notice prior to the time of collection and obtain your consent where necessary.
We will take reasonable steps to destroy personal information we hold if it is no longer needed for the purposes set out above or required for us to maintain a high level of care, in accordance with EU General Data Protection Regulation (GDPR).
Sharing Of Personally Identifiable Information
We will only pass your data to third parties in the following circumstances:
- you have provided your explicit consent for us to pass data to a named third party – should the need arise you will be informed of such accordingly;
- we are using a third party purely for the purposes of processing data on our behalf and we have in place a data processing agreement with that third party that fulfils our legal obligations in relation to the use of third party data processors; or
- We are required by law to share your data.
Technical & Organisational Measures to Safeguard your Personal Data
The confidentiality of your personal information is of paramount concern to us and we comply with EU data protection law.
We invest appropriate resources to protect your personal information from loss, misuse, unauthorised access, modification or disclosure.
The Organisation shall keep your personal data secure and shall commit to take appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, including against accidental loss, destruction, storage or access. Your personal data may be stored in paper files or electronically on the Organisation’s technology systems or on technology systems of the Organisation’s IT service providers.
Appropriate, industry-standard, security measures are in place to protect your data (details are available upon request). This includes the encryption of all data held within our electronic records and a secure physical firewall for the server.
Where is the data stored?
The personal data we collect or generate (process) is stored in Malta. Your data is stored on site with a select amount being backed up in a secure data centre within the EU/EEA. We will never sell your data, but we may share your data with data recipients for the intended purposes as specified above only. Such recipients are as follows:
- Google Cloud EMEA Limited
Some of the data recipients with whom the Organisation shares your personal data may be located in countries other than the country in which your personal data originally was collected. Nevertheless, when we transfer your personal data to recipients in other countries, we will ensure your data is protected as described in this Policy and in compliance with the EU General Data Protection Regulation (GDPR).
Retention of your data
The Organisation retains your personal data for as long as it holds legitimate interests to fulfil the purposes for which it collects it, unless otherwise required by law. The Organisation will retain personal data related to general communications or enquiries received for up to ninety (90) days after the communication’s intended purpose is exhausted to safeguard our legitimate interests for tracking enquiries. Where data is collected on the basis of consent, we will seek renewal of consent at least every one (1) year.
Any personal data which the Organisation may hold on the basis of your consent shall be retained exclusively until such consent is withdrawn.
Your rights related to your personal data
The General Data Protection Regulation (GDPR) gives certain rights to data subjects regarding their personal data. Data subjects of the Organisation can take advantage their rights via:
- Right of access – the right to be informed of, and to request access to the data we process about you. The Organisation will at latest provide all documentation within 1 month and will not charge a fee unless deemed manifestly unfounded or excessive.
- Right to rectification – the right to request that we update / rectify your personal data if inaccurate.
- Right to restriction – the right to request that we temporarily / permanently stop processing your personal data.
- Right to erasure – the right to request that we delete your personal data.
- Right to object – The right, at any time, to object to us processing your personal data given your situation
- Right to data portability – the right to request a copy of all personal data, in electronic format, we hold about you and the right to transmit this data to another party’s service.
- Right to not be subjected to automated processing – the right to not be profiled where the decision would have a legal effect upon you.
- Right to withdraw consent – you have the right to withdraw your consent at anytime by contacting our DPO either
The Organisation may also contact you about updates and events from third-parties. In such a case your data will not be shared, and the Organisation handles all communications with you.
Note that if the Organisation contacts you about newsletters, updates and events on the basis of your consent, you have a right to withdraw your consent and no longer be contacted for such purposes at any time. You may do so by contacting our DPO on firstname.lastname@example.org or on +356 2122 5952. Our correspondence address is 133, Melita Street, Valletta, VLT 1123.
If you are a Maltese resident and you have a concern about our use of your information, you can contact the Information and Data Protection Commissioner (IDPC) here. You can contact us to exercise your rights by calling the DPO of the Organisation on +356 2122 5952 or by sending an email to email@example.com.
If you are a European resident and you have a concern about our use of your information, you can contact your local data protection regulator. A list of European data protection regulators can be found here. You can contact us to exercise your rights by calling the DPO of the Organisation on +356 2122 5952 or by sending an email to firstname.lastname@example.org.
Compliance With Regulators
We will obey a valid court order or subpoena if these require us to provide the information that we store to law enforcement authorities or a court of law. We will only do so upon legal scrutiny and confirmation of the validity of such requirements in Malta.
Applicable law and our practices change over time. If we decide to update our Policy, we will post the changes on our site. We strongly encourage you to read our Policy and regularly check for any changes.
This policy is effective from 3rd October 2021.