Privacy Policy
By making use of this CSCA Website to view the documents and services offered by the National Certification Authority of Malta, you (“You”, the “User” or the “Data Subject”) provide Identità (“the Agency”, “we” or “us”) with Personal Data.
This policy defines the way information is collected by us and clarifies how we use it. We commit to process any Personal Data (the “Personal Data”) you submit through the website in a highly responsible manner and in observance of applicable legislation. The aim of this Policy (“Policy”) is to comply with our transparency and fairness obligations under the General Data Protection Regulation (“GDPR”) and to inform you about who will be processing your Data, for what purpose, for how long it will be kept, with whom it will be shared and about your rights as a data subject under GDPR.
If you do not agree to any part or all of this Policy, do not continue your activity on the website.
1.0 Data Controller
The Agency is the data controller, meaning the entity that defines the purposes and means for collecting and processing your Personal Data. We are an Agency of the Government of Malta and we deliver public services related to Identity Cards, Passports, Visas, Expatriate Affairs and Public Registry in Malta. The Agency acts as the data controller and collects data for the processing of identity card documents issued to Maltese Nationals by the Identity Cards Unit and of residence documents issued to non-Maltese residents by the Expatriates Unit. Whereas the Agency handles the day-to-day operations, Malta Electronic Certification Services Limited (“MECS”) serves as the Qualified Trust Service Provider (“QTSP”) on behalf of the Government of Malta and is responsible for the issuance and management of certificates including the authentication and digital electronic signing certificates embedded in the documents issued by the Agency.
We are responsible for the collection and use of your Personal Data in the manner explained in this privacy policy. Our contact information is:
2.0 Which personal data do we process and why
We will only process your Personal Data for a specific purpose and to the extent permitted by law. When you use our website or contact us via email or telephone, we collect and use the following Personal Data (depending on your chosen interaction):
|
Types of personal data |
Purpose |
Legal basis |
|
Technical information (e.g., server log files) about your visit and the device you use. |
To ensure fault-free operation of our website, to detect and prevent malware, illegal content and conduct and other forms of potential abuse. |
Our legitimate interest is in keeping our online presence safe. |
|
Information about your browsing behaviour, how you use our website and the device that you use. We collect this information through cookies. For more information, please refer to our Cookie Policy. |
To improve the content of and general experience on our website. |
Our legitimate interest is in providing our visitors with a good online experience. |
|
Names, contact details, the content of your message and the technical details of the message itself (e.g., date and time). |
To enable communication between you and us (e.g., when you contact us via telephone or email). |
Our legitimate interest is being able to respond to requests for information, questions or any other comments. |
IN ALL OF THE ABOVE CASES
For all Personal Data that we collect in the above circumstances, we would like to make it clear that we will also process your Personal Data in the following cases.
|
Types of personal data |
Purpose |
Legal basis |
|
The above-mentioned Personal Data. |
To comply with our legal obligations or to comply with any reasonable request from competent police authorities, judicial authorities, government institutions or bodies, including competent data protection authorities. |
Our legal obligation. |
|
The above-mentioned Personal Data. |
To prevent, detect and combat fraud or other illegal or unauthorized activities. |
Our legal obligation. |
3.0 Recipients of personal data
In principle, we do not share your Personal Data with anyone other than the persons who work for us, as well as with the suppliers who help us process your Data, and other Maltese government agencies and departments if this is permissible or required under Maltese law. Anyone who has access to your Personal Data will always be bound by strict legal or contractual obligations to keep your Personal Data safe and confidential. Under certain conditions outlined in law, we may disclose your Personal Data to third parties, (such as other Government entities or law enforcement authorities) if it is necessary and proportionate for lawful and specific purposes.
Personal Data is not transferred to third countries or international organisations.
4.0 Storage Periods
Personal data is retained as follows:
Personal Data collected from cookies whilst accessing the website is retained as established in the Cookie Policy. Personal Data and messages that you send us via the contact form, or through our interactions via telephone or email, will be retained as long as necessary to handle and follow up on your question, request, comment, or other input.
5.0 Protection of Information
We undertake all prescribed technical and organisational measures for the protection of Personal Data and, the prevention of unauthorised access and its abuse. Such measures are subject to regular controls carried out in accordance with the European standards and requirements imposed by national legislation.
6.0 Your rights
You have several rights under data protection legislation, which are listed below and may be invoked by contacting our Data Protection Officer.
6.1 Access
You have the right to obtain confirmation from us as to whether we are processing your Personal Data or not. Moreover, you also have the right of access to your Personal Data, obtain information about the processing and request a copy of it.
6.2 Rectification
You have the right to obtain from us without undue delay the rectification of inaccurate Personal Data concerning yourself. Taking into account the purposes of the processing, you shall have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
6.3 Erasure
In certain cases, you may have the right to have your Personal Data deleted.
6.4 Restriction
In case any of the conditions of law apply, you have the right to restrict processing of your Personal Data.
6.5 Data Portability
You do not have the right to port your Personal Data because we are processing it for the performance of a task carried out in the public interest or the exercise of official authority vested in the controller. However, you can always request to access your Personal Data.
6.6 Object
You have the right to object processing of Personal Data at any time, on grounds relating to your particular situation. In such cases, we will no longer process your Personal Data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
6.7 Complaint
You can also lodge a complaint with the supervisory authority of the Member State of your habitual residence or place of work, or of alleged infringement of data protection legislation.
6.8 Automated decision-making/profiling
Personal Data is not subject to any automated decision-making or profiling systems.
7.0 Data Protection Officer
Our Data Protection Officer is the individual responsible to attend any query related to this Policy and in general to data protection, and may be contacted at:
8.0 Changes to this Privacy Policy
This Policy is subject to change.
Please visit this page regularly to be aware of any change which may occur from time to time.
Last updated date: 12/09/2023