Privacy Policy

By making use of this QCA Website in order to view the documents and services offered by the National Certification Authority of Malta, you (the “User” or the “Data Subject”) provide Identità (”the agency”, “we” or “us”) with personal data.

This policy defines the way information is collected by us and clarifies how we use it. We commit to processing any personal data you submit through the website in a highly responsible manner and in observance with applicable legislation. This Policy aims to comply with our transparency and fairness obligations under the General Data Protection Regulation (“GDPR”) and to inform you about who will be processing your data, for what purpose, for how long it will be kept, with whom it will be shared and about your rights as a data subject under GDPR.

If you do not agree to any part or all of this Policy, do not continue your activity on the website.

1.0 Data Controller

Identità acts as the data controller and is the entity that defines the scope and means of the data collection and processing. We are an Agency of the Government of Malta that provides public services relating to the issuance of identity cards, passports, visas, expatriate affairs and the Public Registry in Malta. The Agency acts as the data controller and collects information for the purpose of processing of the identity documents pertaining to Maltese citizens issued by the Identity Cards Management Office and residence documents issued to non-Maltese nationals by the Expatriates Unit. Whilst Identità is responsible for the day-to-day operations, Malta Electronic Certification Services Limited (MECS Limited) has been commissioned by the Government of Malta to act as a Qualified Trust Service Provider responsible for the issuance and management of qualified certificates used for electronic signatures. 

We are responsible for the collection and use of your personal data in the manner explained in this privacy policy. Our contact information is:

A
Identità Head Office, Valley Road, L-Imsida, MSD 9020, Malta
T
+356 2590 4000

2.0 Which personal data do we process and why

We will only process your data for a specific purpose and to the extent permitted by law. When you use our website or contact us via email or telephone, we collect and use the following personal data (depending on your chosen interaction):

Types of personal data

Purpose

Legal basis

Technical information (e.g., server log files) about your visit and the device you use.

To ensure fault-free operation of our website, to detect and prevent malware, illegal content and conduct and other forms of potential abuse.

Our legitimate interest is in keeping our online presence safe.

Information about your browsing behaviour, how you use our website and the device that you use. We collect this information through cookies. For more information, please refer to our Cookie Policy.

To improve the content of and general experience on our website. 

Our legitimate interest is in providing our visitors with a good online experience.

Names, contact details, the content of your message and the technical details of the message itself (e.g., date and time).

To enable communication between you and us (e.g., when you contact us via telephone or email).

Our legitimate interest is being able to respond to requests for information, questions or any other comments.

IN ALL OF THE ABOVE CASES 

For all personal data that we collect in the above circumstances, we would like to make it clear that we will also process your data in the following cases. 

Types of personal data

Purpose

Legal basis

Above-mentioned Personal Data.

To comply with our legal obligations or to comply with any reasonable request from competent police authorities, judicial authorities, government institutions or bodies, including competent data protection authorities.

Our legal obligation. 

Above-mentioned Personal Data.

To prevent, detect and combat fraud or other illegal or unauthorized activities. 

Our legal obligation. 

3.0 Recipients of personal data

In principle, we do not share your data with anyone other than the persons who work for us, as well as with the suppliers who help us process your data, and other Maltese government agencies and departments if this is permissible or required under Maltese law. Anyone who has access to your data will always be bound by strict legal or contractual obligations to keep your data safe and confidential. Under certain conditions outlined in law, we may disclose your Data to third parties, (such as other Government entities or law enforcement authorities) if it is necessary and proportionate for lawful and specific purposes.

Personal Data is not transferred to third countries or international organisations.

4.0 Storage Periods

Personal data is retained as follows:

Personal data collected from cookies whilst accessing the website is retained as established in the Cookie Policy . Personal data and messages that you send us via the contact form, or through our interactions via telephone or email, will be retained as long as necessary to handle and follow up on your question, request, comment, or other input.

5.0 Protection of Information

We undertake all prescribed technical and organisational measures for the protection of Personal Data, prevention of unauthorised access and its abuse. Such measures are subject to regular controls carried out in accordance with the European standards and requirements imposed by national legislation.

6.0 Your rights

You have several rights under data protection legislation, which are listed below and may be invoked by contacting our Data Protection Officer.

6.1 Access

You have the right to obtain confirmation from us as to whether we are processing your Personal Data or not. Moreover, you also have the right to access your data, obtain information about the processing and request a copy of it.

6.2 Rectification

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning yourself. Considering the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

6.3 Erasure

In certain cases, you may have the right to have your personal data deleted.

6.4 Restriction

In case any of the conditions of the law apply, you have the right to restrict the processing of your personal data.

6.5 Data Portability

You do not have the right to port your personal data because we are processing it for the performance of a task carried out in the public interest or the exercise of official authority vested in the controller. However, you can always request to access your data.

6.6 Object

You have the right to object processing of data at any time, on grounds relating to your particular situation. In such cases, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

6.7 Complaint

You can also lodge a complaint with the supervisory authority of the Member State of your habitual residence or place of work, or of alleged infringement of data protection legislation.

6.8 Automated decision-making/profiling

Personal data is not subject to any automated decision-making or profiling systems.

7.0 Data Protection Officer

Our Data Protection Officer is the individual responsible to attend any query related to this Policy and in general to data protection, and may be contacted at:

A
Identità Head Office, Valley Road, L-Imsida, MSD 9020, Malta
T
+356 2590 4000

8.0 Changes to this Privacy Policy

This Policy is subject to change.

Please visit this page regularly to be aware of any change which may occur from time to time.

Last updated date: 01/09/2023