Ministry for Social Policy and Children’s Rights (MSPC)
MSPC Data Protection Officer Contact Details: firstname.lastname@example.org
This Privacy notice reflects the agreement between the user and the Ministry for Social Policy and Children’s Rights (MSPC) with respect to the processing and security of Data in relation to the General Data Protection Regulations (GDPR).
2. Scope of Data Protection Legislation
Pursuant to the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act (Cap 586), we have a legal duty to respect and protect any personal information we collect from you and we will abide by such duty. MSPC will take all the steps reasonably necessary to ensure that the personal data is treated securely and in accordance to this policy, and in accordance to the GDPR.
3. Scope of Processing
- E-Forms;We may collect personal information in the process of submission of forms through the website, addressed to a Government of Malta Ministry, Department or other Entity as the case may be. In such cases, the website is used as a User Interface and the information contained through forms is submitted for processing to the relevant Government of Malta Ministry, Department or other Entity. In this case, the retention period of the service in question would apply.
- IP address and location;
The web server keeps limited logs about IP addresses or the location of your computer on the Internet, for systems administration and troubleshooting purposes. We do not use IP address logs to track your session or your behaviour on our site.
You may also authenticate through facilities provided by Central Authorities, such as using your eID account, in such instances, the authentication credentials will be limited to the current session through your web browser.
- Contact Us/Feedback;
When using this website’s online facilities, data subjects may be required to provide their contact details for contact purposes. All information and any personal data that you may decide to provide us in the Contact Us/Feedback form shall be processed only for the strict purpose of responding to your enquiry.
- Marketing and Information Campaigns;
Interested subscribers are required to provide their personal email address to receive marketing campaigns from the Department of Social Security upon providing their consent through a verification email. Data subjects have the right to unsubscribe without any notice.
When the user provides information to MSPC in one of the processing types or any other manner, which constitutes personal data within the meaning of GDPR, MSPC will process data for the following purposes only, namely:
- To be able to provide the service.
- To perform quality control on recorded calls.
- For internal assessment and analysis.
- To develop and improve MSPC’s services.
- Marketing and Information Campaigns.
4. The information we collect
This Privacy Notice provides specific details of how MSPC treats any personal data the user provides to MSPC. MSPC collects and processes your personal information mainly to provide the user with access to MSPC services.
MSPC collects three types of information on the user:
- Contact or feedback information.
- Web page download information.
- Site usage information.
What is a cookie?
A cookie is a small piece of data that a website asks your browser to store as text strings on your computer’s hard-disk. All cookies are set with expiry dates which determine how long they reside on your browser. Generally, cookies can be removed automatically after the lapse of the expiry date or else can be deleted manually by the user.
Which types of cookies does this website utilise?
This website makes use of the following two different types of cookies:
- Session cookies: these are temporary cookies which are used to give you access to the content of this website. These types of cookies expire and are deleted as soon as you close the browser.
- Limited third-party cookies: these cookies are set by entities other than this Office and may be temporary or persistent. The use of third-party cookies on this website are restricted and only allowed for the purpose of social sharing (allows you to share our articles through the various social media networks) and when we embed content on the pages of this website from other third-party websites.
How can I delete or disable cookies?
If your browser is NOT configured, by default, to block all or certain cookies, you may manually configure your browser to either reject all cookies or control which cookies are set on your device through this website. You may find all the necessary information on how to make the necessary configuration settings by visiting the following site: http://www.allaboutcookies.org/manage-cookies
Disabling the cookies of this website will not affect your browsing experience.
6. Information we share
The recipients of your personal data are:
- our employees or selected individuals within MSPC, on a need to know basis or as a result of their duties within MSPC or any associated or related entities.
- any service providers that may have access to your personal data in rendering us with their support services.
- third parties to whom disclosure may be required as a result of our relationship with you as our client.
- third parties to whom disclosure may be required as a result of legal obligations imposed on us.
- authorised affiliates/third parties (Data Processors) who process your data on our behalf and in accordance with our specific instructions and policies. MSPC ensures that Data Processors provide a level of security and privacy appropriate to nature of data and the scope of the services they are engaged to provide.
We do not pass on your details collected from you as a visitor and/or user, to any other third party unless you are notified, or you give us your consent, if required.
We do not share your personal data with any entity located outside of the EU or EEA without adequate security measures.
7. Data Retention
MSPC will not retain your personal information for longer than it is required for the purposes mentioned above.
In certain cases we may have a legitimate interest to hold your data for longer periods such as when your data is required for exercising or defending legal claims.
8. Data Security
MSPC takes all safeguards necessary to protect any personal data from loss, misuse and unauthorised access, alteration, disclosure or destruction.
- Physical security:
- MSPC’s headquarters is monitored through CCTV cameras, alarm systems, physical security and access control 24 hours a day, 7 days a week. Physical access to and from MSPC requires key card access or supervision by MSPC’s employees. Secure areas of MSPC are restricted to requiring employees only.
- Area Offices around Malta – are secured with physical security.
- Business continuity. Data backups, switches and networks help provide this redundancy.
- A second source of power supply is available in case the primary power source fails. These two power supply sources will keep the core infrastructure running.
Networks and Transmission
- Data Transmission. All data transmitted outside MSPC is encrypted.
9. User Rights
Right to be informed;
Right to be informed of MSPC’s obligations to provide “fair processing of personal information” through this privacy notice, which is concise and transparent.
Right to be forgotten;
Users have the right to have their personal information deleted and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- The collected personal information is no longer necessary in relation to the purpose for which it was originally collected.
- The user withdraws consent on which the processing is based according to General Data Protection Regulations 2016/679 point (a) of Article 6 (1), and there is no other ground for the processing.
- There is no legitimate interest for continuing the processing of personal information.
- The collected personal information was unlawfully processed or in breach of the GDPR.
- The collected personal information does not comply with legal obligations.
- The collected personal information is processed in relation to the offer of information society services of a child.
Right to access;
Users have the right to obtain their personal information for the following reasons:
- To confirm that their personal information is being lawfully processed.
- To access their personal information and supplementary information described within the Privacy Notice.
MSPC must verify the identity of the user and provide free of charge a copy of the information MSPC has about the data subject within 30 days of the request.
Right to rectification;
- Users are entitled to have their personal information rectified if it’s found to be incorrect or inaccurate.
- MSPC will rectify the stored personal information within 30 days of the request (or extend by a further 60 days if the request is complex).
Right to restrict processing;
Users have the right to restrict the processing of their personal information when:
- The accuracy of the data is inconsistent.
- The data is being processed unlawfully.
- The data is no longer required by MSPC.
Right to data portability;
Users have the right to request data portability when:
- The personal information is provided to MSPC by the requesting user.
- The processing of personal information is based on your consent.
- The processing of personal information is carried out through automated processes.
MSPC is required to:
- To copy, move and transfer the requested personal information through safe and secure measures.
- To provide the requested information in a structured, commonly used and machine-readable form.
- To consider whether the requested personal information prejudices the rights of other users.
- To inform third parties of the user’s request to restrict processing of personal information.
The user shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
Right to object;
User may exercise their right to object, based on legitimate grounds related to the particular situation, to:
- Processing of personal information based on legitimate interest.
- Processing of personal information based on the performance of a task in the public interest/exercise of an official authority (including profiling).
- Processing of personal information for purposes of scientific/historical research and statistics.
Right to consent;
- Users have the right to give their consent prior to the processing of their personal information.
- Data Controllers must not process personal information unless the user has agreed through a clear, affirmative and written consent.
- Data Controllers should not process sensitive information unless explicit consent has been obtained by the user.
- The user has the right to withdraw consent at any time.
Rights related to automated-decision making including profiling;
Users must be informed of any automated decision-making processes including profiling and their anticipated consequences.
User cannot exercise this right when the automated decision process:
- Is necessary for entering into or performance of a contract with the Data controller.
- Is authorised by law.
- Is based on explicit consent.
Right to complain;
Users can lodge a complaint against the Data Controller with the Supervisory Authority.
Right to free of charge service;
Any request to MSPC in relation to the Users rights will be free of charge.
Right to be notified of data breaches;
- Users have the right to be informed of data breaches which may pose high risk to their safety within 72 hours.
- Data Controllers are required to provide an explanation if the 72-hour deadline is not met.
If a user wishes to exercise these rights, he or she may, at any time, contact our Data Protection Officer.
Updated: 21st October 2022