The Planning Authority (PA), as a data controller understands the importance of your personal data and of your right to privacy. The purpose of this statement is to reassure you that as a legal person or Entity, we are committed to keep your personal data as safe as possible. We invite you to read on and be informed about the types of personal data we collect, when we collect it, why we do so, what we do with it – including who we may have to share it with and why – and how long we keep it for and why. Throughout this statement, when we make use of the word ‘services’, we take this to also include and not limited to complimentary services such as our customer care unit, our website and any other means that assist or improve your experience and ease of access to information.
Duties of disclosure upon collection of personal data from the data subject is processed in accordance with the general provisions of the EU General Data Protection Regulation (GDPR).
With the following information, we would like to give you an overview of how we will process your data and of your rights according to data privacy laws. The details on what data will be processed and which method will be used depend significantly on the services applied for or agreed upon.
- Who Is the Data Protection Officer and How Can You Contact Them?
The Planning Authority’s Data Protection Officer is:
Mr Ivor Robinich FIEMA
Office: The Office of the Internal Auditor & Data Protection
St Francis Ravelin,
Floriana, FRN 1230
- What Sources and Data Do We Use?
We process personal data that we obtain from our service recipients in the context of our service provider- service recipient relationship. We also process insofar as necessary to provide our service – personal data that we obtain from publicly accessible sources, (e.g., press, internet).
Relevant data is personal information (e.g., name, address and other contact details, date and place of birth, and nationality), identification data (e.g., ID card details), photos/images and authentication data (e.g., sample signature). Furthermore, this can also be registration data such as username, password; tracking data such as an IP address or financial information including billing, such as credit card information, and audit trail of accessibility or extraction of data from our services where applicable.
- What Do We Process Your Data for (Purpose of Processing) and On What Legal Basis?
Your data is processed in order to provide our services in the context of carrying out our contractual obligations with our service recipients or in that of carrying out pre-contractual measures that occur as part of a request. The purposes of data processing are primarily in compliance with statutory, administrative and procedural needs.
In addition, we also obtain personal data from publicly available sources.
A) As a result of your consent, you have granted us to process your personal data for certain purposes, this processing is based on your consent. Consent given can be withdrawn at any time. This also applies to withdrawing declarations of consent that were given to us before the GDPR came into force, i.e., before May 25, 2018. Withdrawal of consent does not affect the legality of data processed prior to withdrawal.
B) As a public authority, we are subject to various legal obligations and must abide with statutory provisions. Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.
- Who Receives Your Data?
Regarding transferring data to recipients outside our authority, to begin with it is to be noted that, as a public authority, we are obliged to be discrete regarding all service recipient-related matters of which we acquire knowledge (confidentiality pursuant to our general terms and conditions). We may pass on information about you only if legal provisions demand it, if it is necessary to protect the vital interests of service recipients or other individuals, in the fulfilment of a task carried out in the public interest or in the exercise of public authority or if you have given your consent or following a court order or investigation by entities who have the power of investigation under Maltese law.
Within the authority, every unit that requires your data to fulfil our contractual and legal obligations will have access to it. Service providers and vicarious agents appointed by the PA can also receive access to data for the purposes given only, and in accordance with our specific instructions. They are required to take appropriate and security measures to protect your personal information in line with our policies and statutory regulations. These are companies in the categories of IT services, logistics, telecommunications, collection, advice, consulting and similar services.
- For How Long Will Your Data Be Stored?
We will process and store your personal data for as long as it is necessary in order to fulfil our contractual and statutory obligations. If the data is no longer required, it will be deleted.