It is important that you read this Policy together with any other notice which we may provide you on specific occasions when we are collecting or processing your personal information, so that you are fully aware of what information we gather about you, how and why we use that information, who we give that information to, and how we ensure the safeguarding of your lawful rights as a data subject.
Any processing of your personal data shall be performed in full conformity with the terms and provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), as well as the Data Protection Act (Chapter 440 of the laws of Malta) and all other applicable rules and legislation (the “Data Protection Laws”).
This Website is not intended for, or intentionally targeted at, users under eighteen (18) years of age, and in no circumstances shall we knowingly process personal data attributable to minors, except where such personal data is expressly provided by the lawful guardian thereof for the purpose of registering a minor to one of our courses and/or services.
“Data controller” shall mean the person who, jointly or alone, determines the means and purpose of processing personal data.
“Data processor” shall mean a person who processes personal data on behalf of a data controller.
“Data subject” shall mean an identified or identifiable natural person whose personal data is held, and who can be identified, directly or indirectly by reference to personal data.
“Personal data” shall mean any information related to a data subject, or which can be used to identify a data subject.
“Processing” shall mean the collection, recording, organisation, storing, alteration, retrieval, use, disclosure, dissemination, alignment or combination, restriction, erasure or destruction of data.
“Sensitive personal data” shall mean personal data revealing a data subject’s racial or ethnic origin, political opinions, religious or philosophical beliefs, health, sexual orientation, or biometric and genetic data.
The data controller of the Website is the MITC, the details of which are as follows:
- Malta International Training Centre Limited
- Registration number
- C 5663
- Triq L-Intornjatur, Zone 3, Central Business District
Birkirkara CBD 3050
- Telephone number
- +356 2123 0831
- Email address
Data we collect
You are not required to submit any personal data in order to use the Website, however, we may collect personal data from you when you voluntarily interact with the Website.
The personal data that we collect or process may include your:
- Identity information – first name and last name
- Contact information – e-mail address, home address, country of residence, contact number;
- Employment industry
- Technical information – IP address, browser type and language, access times;
- Communications information – Details of how you use our products and services, complaint details, and other similar information, correspondence with us and any feedback that you provide us with.
We do not usually seek to collect or process sensitive personal data from users. Should the processing of sensitive personal data be necessary for the performance of any of our lawful obligations, we will, as may be necessary, obtain your explicit consent to collect and process such sensitive personal data.
We do not engage in the collection or processing of personal data relating to your online activities across third-party websites or online services, and we do not allow third parties to collect such personal data when you use the Website.
The Website also uses Paypal in order to process your payments. In order to learn more about how Paypal processes your personal information, kindly refer to: https://www.paypal.com/mt/webapps/mpp/ua/privacy-full.
A cookie is a small piece of data which is sent from a website to your web browser when you visit that website. These cookies may be stored by your browser and sent back to the website as you browse the internet.
How we use your personal data
The personal data you submit to us may be used:
- To provide you with services obtained by virtue of this Website;
- To manage our relationship with you;
- To customise or improve our Website and/or services;
- To communicate with you;
- To protect our rights and those or our users;
- To further our legitimate interests; and
- To comply with our legal obligations.
We will generally use your personal data for the purposes outlined above where such processing is:
- Necessary for the performance of a contractual obligation to you;
- Necessary for the purpose of a legitimate interest pursued by the MITC, except where such interests are overridden by your own interests or fundamental rights; or
- Necessary for compliance with a legal obligation to which the MITC is subject.
Sometimes we may ask for your consent to use your information for particular purposes (e.g. to send you marketing communications). Where we do so, this consent will be our legal basis for our use of the information. You can withdraw your consent at any time and we will then stop processing your information for that purpose. If you wish to withdraw your consent, then please contact us using the details in this Policy.
How we share your personal data
We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.
In connection with one or more of the purposes outlined above, we may disclose details about you to:
- Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation;
- Data processors who are engaged to assist us in the processing of your personal data, in conformity with Data Protection Laws; or
- Other third parties in relation to legitimate interests of the MITC.
Please note that some of the recipients of your personal data referenced above may be based in countries outside of the European Union or European Economic Area, the laws of which may not provide the same level of data protection provided for by this Policy. In such cases, we will ensure that there are adequate safeguards in place to protect your personal data.
Our Website also hosts social media applications or services that allow you to share content with other users (collectively “Social Media Applications”).
Any personal data that you contribute to these Social Media Applications can be read, collected and used by other third parties without our control. We do not exercise any control over personal data contributed towards Social Media Applications, and do not make any warranty or guarantee whatsoever in respect of any personal data contributed towards Social Media Applications.
How we protect your personal data
We use a range of physical, electronic and managerial measures to ensure that we keep your personal data secure, accurate and up to date. These measures include:
- Education and training to relevant staff to ensure they are aware of our privacy obligations when handling personal data;
- Administrative and technical controls to restrict access to personal data on a ‘need to know’ basis;
- Technological security measures, including fire walls, encryption and anti-virus software; and
- Physical security measures, such as staff security passes to access our premises.
We endeavour to protect your personal data, but we cannot guarantee the security of data transmitted to us or by us.
Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure.
Retention of your personal data
We will only keep your personal data on our systems for the longest of the following periods:
- As long as is necessary for the relevant purpose of collection;
- As long as any retention period that is required by law;
- As long as any period in which litigation or investigations might arise in respect of services provided to you.
Any personal data which we hold concerning you, will be automatically deleted following the expiration of the aforementioned retention periods, unless you expressly ask us to do otherwise.
Your data subject rights
You are lawfully entitled, in terms of Data Protection Laws, to various data subject rights in relation to your personal data.
In particular, you have a right to:
- The right to request access to your personal information (commonly known as a “data subject access request”). This enables you to request a copy of the personal information we hold about you and to check we are processing it lawfully.
- The right to request correction of the personal information we hold about you. This enables you to request that we correct any incomplete or inaccurate information that we hold about you.
- The right to request erasure of your personal information in some circumstances. This enables you to request that we erase your personal information where there is no good reason for us continuing to process it.
- The right to object to us processing your personal information. This enables you to object to us processing your personal information where we are relying on a legitimate interest and it impacts on your fundamental rights and freedoms.
- The right to restrict our processing of your personal information. This enables you to ask us to suspend the processing of your personal information in certain circumstances.
- The right to data portability. In certain circumstance this enables you to request that we provide you, or a third party, with a copy of the personal information that you provided to us in a structured, commonly used, machine-readable format.
To exercise any of your rights or make a complaint to us relating to your privacy or if you have any other questions about our use of your personal data, you may call the data controller using the details provided above.
Any such revisions shall be effective and binding upon posting, unless explicitly provided otherwise by us.