Avviż dwar il-Privatezza
- Aġġornat l-aħħar
MFSA Avviż dwar il-Privatezza
Data Controller
Unless otherwise specified, the MFSA processes personal data on the following legal bases under Article 6 GDPR:
- Article 6(1)(c) – processing is necessary for compliance with a legal obligation to which the MFSA is subject;
- Article 6(1)(e) – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the MFSA;
- Article 6(1)(b) – processing is necessary for the performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract (e.g. recruitment, procurement);
- Article 6(1)(f) – processing is necessary for legitimate interests pursued by the MFSA (where applicable and provided such interests are not overridden by the interests or fundamental rights and freedoms of the data subject);
- Article 6(1)(a) – consent, in accordance with Article 7 GDPR.
Where special categories of personal data are processed, the MFSA relies on Article 9(2)(g) GDPR (substantial public interest), Article 9(2)(b) (employment law obligations) or Article 9(2)(f) (processing is necessary for the establishment, exercise or defence of legal claims), or other applicable provisions under EU or national law.
Legal Basis for Processing
The MFSA is the controller of personal data in terms of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data(General Data Protection Regulation – “the GDPR”), and the Data Protection Act (Chapter 586 of the Laws of Malta – “DPA”).
The MFSA processes personal data in accordance with the GDPR, the DPA and any other relevant European Union (“EU”) and national legislation. The MFSA ensures inter alia the confidentiality, integrity and security of this personal data.
The MFSA is located at Triq l-Imdina, Zone 1, Central Business District, Birkirkara, CBD 1010, Malta.
Legal Basis for Processing
Unless otherwise specified, the MFSA processes personal data on the following legal bases under Article 6 GDPR:
- Article 6(1)(c) – processing is necessary for compliance with a legal obligation to which the MFSA is subject;
- Article 6(1)(e) – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the MFSA;
- Article 6(1)(b) – processing is necessary for the performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract (e.g. recruitment, procurement);
- Article 6(1)(f) – processing is necessary for legitimate interests pursued by the MFSA (where applicable and provided such interests are not overridden by the interests or fundamental rights and freedoms of the data subject);
- Article 6(1)(a) – consent, in accordance with Article 7 GDPR.
Where special categories of personal data are processed, the MFSA relies on Article 9(2)(g) GDPR (substantial public interest), Article 9(2)(b) (employment law obligations) or Article 9(2)(f) (processing is necessary for the establishment, exercise or defence of legal claims), or other applicable provisions under EU or national law.
The MFSA processes personal data in accordance with the GDPR, the DPA and any other relevant European Union (“EU”) and national legislation. The MFSA ensures inter alia the confidentiality, integrity and security of this personal data.
The MFSA is located at Triq l-Imdina, Zone 1, Central Business District, Birkirkara, CBD 1010, Malta.
Purpose for Collecting Personal Data
Processing of Personal Data in the Exercise of Statutory Functions
The MFSA processes personal data as necessary for the performance of its statutory functions and the exercise of its official authority as established under applicable financial services legislation. These functions include, inter alia:
- Authorisation and licensing of regulated entities and individuals;
- Ongoing supervision and regulatory oversight;
- Enforcement and compliance investigations;
- Resolution, recovery and crisis management functions;
- Market monitoring and maintenance of statutory registers;
- Promote consumer protection by safeguarding their rights and interests in the financial sector, and
- Cooperation and information exchange with national, European and international competent authorities and/or organisations.
Categories of Data Subjects
The MFSA may process personal data relating to the following categories of individuals, in the exercise of its statutory functions:
- Applicants for authorisation, licensing, or approval, including individuals subject to fitness and properness assessments;
- Shareholders, beneficial owners, directors, key function holders, and employees of regulated entities;
- Individuals subject to supervisory reviews, inspections, or enforcement investigations;
- Individuals whose personal data is processed in connection with the supervision of licensed entities;
- Persons discharging managerial responsibilities (PDMRs) and persons closely associated with them;
- Individuals connected to resolution, recovery, and crisis management processes;
- Beneficial owners of trusts and other legal arrangements required to be registered under applicable law;
- Individuals applying under specific statutory schemes administered by the MFSA (including tax-related eligibility determinations);
- Members of committees, working groups, and regulatory cooperation structures;
- Complainants, whistleblowers, and other individuals engaging with the MFSA; and
- Other individuals whose personal data is provided to the MFSA pursuant to applicable financial services legislation.
Categories of Personal Data Processed
The MFSA may process the following categories of personal data depending on the statutory function exercised:
- Identification data including name, ID/passport details, date of birth;
- Contact details including business and/or residential address, email address, telephone number;
- Professional and employment information;
- Financial information;
- Shareholding and/or ownership information;
- Regulatory and compliance-related information;
- Information relating to suitability, reputation, and fitness and properness assessments;
- Information collected during on-site or off-site supervisory inspections, audits, or monitoring visits, including observations, records, and documents reviewed as part of regulatory oversight;
- Information relevant to investigations and enforcement proceedings;
- Information submitted through statutory registers and reporting obligations; and
- Where strictly necessary and authorised by law, special categories of personal data.
The processing of personal data by the MFSA arises from statutory requirements under applicable Maltese and European Union financial services legislation. Where the provision of personal data is mandatory, failure to provide such data may prevent the MFSA from processing an application, granting approval, or otherwise performing its statutory functions.
Whilst most personal data is obtained directly from the data subject, certain data may be collected from regulated entities, competent authorities, public registers, or other lawful sources. Where personal data are not obtained directly from the individual concerned, the MFSA will provide the information required under Article 14 GDPR, unless an exemption under Article 14(5) or Article 23 GDPR applies.
Processing of Personal Data through the Licence Holder (LH) Portal
The MFSA operates the LH Portal, an online platform used to facilitate communication and regulatory interactions between the MFSA and applicants, licence holders, authorised persons, service providers, and other stakeholders.
The LH Portal enables users to submit and manage regulatory applications and reporting, complete due diligence requirements, communicate and exchange documents with the MFSA, maintain corporate and user profile information, track regulatory submissions, and meet applicable legal and regulatory obligations. Users of the LH Portal are responsible for ensuring that any personal data submitted through the portal is accurate, updated and relevant.
Personal data submitted through the LH Portal may be shared with competent authorities, regulatory bodies, law enforcement authorities, external advisors, service providers, or other third parties where permitted or required by law and in accordance with the MFSA’s statutory functions.
Processing of Personal Data when Calling the MFSA
The MFSA may record calls made to its Reception and Communications functions. Call recordings are processed for quality, training, and security purposes. Any personal data included in recordings will be anonymised before use for statistical or training purposes.
Processing of Personal Data when interacting with the MFSA Website
When you visit the MFSA website (www.mfsa.mt) (“MFSA’s website, the MFSA’s servers automatically record information transmitted by your browser. This information may include:
- The requested web page or downloaded content;
- Whether the request was successful;
- The date and time of your visit;
- The Internet Protocol (“IP”) address or domain name of the device used to access the website;
- The operating system of the device, browser type and version, browser language and browser screen size;
- One or more cookies that identify the browser.
The MFSA collects and processes this information solely for statistical and analytical purposes on an aggregated basis to assess website usage and improve its functionality.
Use of Cookies
Cookies are small text files stored on a user’s device when visiting a website. The MFSA’s website uses cookies to enhance user experience, store preferences, and analyse website traffic on an aggregated basis.
The MFSA’s website also utilises third-party tools to generate aggregated statistical reports on website usage.
Where required, consent for non-essential cookies shall be obtained through the website’s cookie management tool and may be withdrawn at any time.
Processing of Personal Data via Contact Forms and Tools
Any personal data collected through the ‘Get in Touch’ section of our website shall be processed to provide you with the necessary information relating to your request and to respond to your inquiries.
Any personal data collected through the ‘Payment Accounts Fees Comparison Tool’ page of our website shall be processed, to provide consumers with information regarding the fees being charged by payment account providers, in relation to the products and services featured on the ‘Payment Accounts Fees Comparison Tool’, in accordance with the Credit Institutions and Financial Institutions (Payment Accounts) Regulations (S.L. 371.18).
Processing of Personal Data in Email Correspondence and Letters
The MFSA processes personal data contained in email communications, letters, and other written correspondence sent to the MFSA through official email addresses or postal mail. This processing is carried out to respond to enquiries, fulfil requests, provide services, manage complaints, and comply with statutory and administrative obligations.
Personal data in such communications may include name, contact details, account references, case references, attachments, and any other information contained in the message.
Processing of Personal Data via Social Media and Online Platforms
The MFSA may process personal data provided through its official social media channels or other online platforms including LinkedIn, Facebook, X, Instagram and YouTube. This may include personal data contained in direct messages, public comments, submissions, or profile information provided by individuals when interacting with the MFSA’s official accounts or pages.
Such personal data is processed for the purpose of responding to enquiries, engaging with stakeholders, sharing information, or complying with regulatory and statutory obligations. The MFSA does not routinely use personal data obtained via social media for purposes beyond those expressly communicated unless there is a legal basis under the GDPR.
Processing of Personal Data in connection with Whistleblower Reports
Processing of Personal Data for Recruitment Purposes
Processing of Personal Data in Connection with Events
Processing of Personal Data by the MFSA Financial Supervisors Academy (FSA)
Processing Personal Data by the Journal of Financial Supervisors Academy (JFSA)
The MFSA processes personal data for the purposes of collection of academic material, including manuscripts and proposals, that are submitted by interested parties for their publication onto the JFSA.
Processing of Personal Data for the Tendering and Supply of Goods or Services
The MFSA processes personal data submitted by tenderers to manage procurement processes and contracts. This includes data of tenderers, their staff, or sub-contractors. In assessing the suitability of the tenderers, their staff and any sub-contractors for the role, the MFSA undertakes a due diligence assessment to ascertain that the entities and/or individuals chosen are of good conduct and character. This process may also involve contacting third parties in order determine suitability. Once a contract is awarded, the MFSA processes the data to fulfil its contractual obligations.
Processing of Personal Data in Connection with MFSA Premises and Security
For security, safety, and operational purposes, the MFSA may collect and process personal data when individuals visit or access its physical premises. This may include:
- CCTV and video surveillance recordings
- Visitor registration details
- Access control data including visitor tags, visitor sign-in logs
Such processing is carried out on the basis of legitimate interests of the MFSA in ensuring the safety and security of its facilities, personnel, visitors, and property, and in compliance with applicable laws. CCTV recordings and access records are retained only for as long as necessary for security purposes.
Disclosure of Personal Data
Disclosure of Data Relating to Beneficial Ownership Information Reported in the Beneficial Ownership Register of Trusts
The MFSA processes and discloses personal data of beneficial owners of trusts as required by law under the Trusts and Trustees Act (Chapter 331 of the Laws of Malta), the Trusts and Trustees Act (Register of Beneficial Owners) Regulations (S.L. 331.10) and the applicable EU legislation for the purpose of establishing and maintaining the Register of Beneficial Owners of Trusts, ensuring transparency of ownership structures, and fulfilling its supervisory and regulatory functions.
In this context, and insofar as the processing activities relating to Trusts Ultimate Beneficial Ownership Register (“TUBOR”) are concerned, the MFSA acts as the data controller. For the specific purpose of determining access privileges and allocation of rights to the Beneficial Ownership Registers Interconnection System (“BORIS”), the MFSA acts as joint controller together with the Malta Business Registry, insofar as both entities jointly determine the purposes and means of such access-related processing.
Disclosure of Information for the Purposes of Protecting Consumers of Financial Services
Retention Periods of Personal Data
Automated Decision-Making
The MFSA does not take decisions concerning individuals based solely on automated processing, including profiling, which produce legal effects concerning them or similarly significantly affect them, without human involvement.
Where elements of automated processing are used to support supervisory, analytical or risk-based assessments, such processing forms part of a broader decision-making process subject to appropriate human review and oversight.
Individuals’ Rights
- The right to be informed;
- The right of access to their personal data;
- The right of rectification of inaccurate or incomplete personal data;
- The right for erasure of personal data;
- The right for restriction of the processing;
- The right to object to the processing of the personal data;
- The right to data portability;
- The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
Contact Details of the Data Protection Officer
Any queries in relation to your rights under Data Protection Legislation, this Privacy Notice, or the processing of your personal data by the MFSA may be forwarded to the MFSA’s Data Protection Officer.
The Data Protection Officer may be contacted by:
- E-mail at dpo@mfsa.mt;
- Postal mail at Malta Financial Services Authority, Triq l-Imdina, Zone 1, Central Business District, Birkirkara, CBD 1010, Malta.
Links
The MFSA’s website may contain links to external sites or third-party services that are not owned or operated by the MFSA. Such websites and/or services are not governed by this Privacy Notice.
The MFSA does not exercise control and is not responsible for, the privacy practices, content or data processing activities of such third party websites. Users are encouraged to review the applicable privacy notices of any external websites they visit before providing personal data.
Changes to this Privacy Notice
The MFSA may update this Privacy Notice to reflect changes in its practices or to comply with new legal requirements. It is therefore advisable to periodically review the ‘Privacy Notice’ page to remain informed of any modifications.
Pulizija Protezzjoni tad-Data
Aħna impenjati bis-sħiħ li nżommu l-ogħla standards tal-protezzjoni tad-data u l-privatezza. Nirrikonoxxu l-importanza kritika tas-salvagwardja tal-informazzjoni personali tal-individwi li ninteraġixxu magħhom, kif ukoll id-data sensittiva li hija essenzjali għall-operazzjonijiet tagħna. Il-policies tagħna dwar il-protezzjoni tad-data, kif dettaljati f’din il-paġna, jipprovdu trasparenza dwar is-salvagwardji fis-seħħ u jiddeskrivu d-drittijiet tiegħek. Hawnhekk, tista’ wkoll issir taf dwar is-sistemi li nħaddmu biex nipproteġu l-informazzjoni tiegħek.
Il-Policy dwar il-Protezzjoni tad-Data
L-Iskeda taż-Żamma tad-Data
Kun Af id-Drittijiet tal-Protezzjoni tad-Data Tiegħek
X’inhuma d-Drittijiet tiegħek fir-rigward tad-Data Personali tiegħek ipproċessata mill-Korp tal-Pulizija ta’ Malta?
Data personali pproċessata mill-Korp tal-Pulizija ta’ Malta hija regolata mir-Regolamenti dwar il-Protezzjoni tad-data (ipproċessar ta’ data personali minn awtoritajiet kompetenti għall-finijiet tal-prevenzjoni, investigazzjoni, sejbien jew Prosekuzzjoni ta ’reati Kriminali jew l-eżekuzzjoni ta’ pieni Kriminali) (Leġislazzjoni Sussidjarja 586.08) u l-GDPR1 meta l-ipproċessar isir għal finijiet oħra.
Madankollu, hemm każijiet fejn tali pproċessar huwa rregolat minn strumenti leġiżlattivi speċifiċi tal-Unjoni Ewropea.
Fi kwalunkwe każ, kwalunkwe persuna għandha d-dritt li:
titlob aċċess għal data personali dwarha li tkun qed tiġi pproċessata mill-Korp tal-Pulizija ta’ Malta;
jitolbu l-korrezzjoni ta’ data personali fattwalment mhux preċiża relatata magħhom jew it-tħassir tad-data personali tagħhom fil-każ ta’ informazzjoni maħżuna illegalment;
id-dritt li jitressaq ilment quddiem il-Kummissarju għall-Informazzjoni u l-Protezzjoni tad-Data (IDPC) jew li tintalab verifika tal-legalità tal-ipproċessar.
Kif Teżerċita d-Drittijiet Tiegħek?
F’Malta, kwalunkwe individwu għandu d-dritt li jitlob aċċess, korrezzjoni jew tħassir tad-data personali tiegħu billi jikkuntattja direttament lill-Kontrollur tad-Data li f’ dan il-każ huwa l-Kummissarju tal-Pulizija, permezz tal-Uffiċjal tal-Protezzjoni tad-Data, jew indirettament permezz tal-Uffiċċju tal-IDPC kif spjegat hawn taħt.
Dawn id-drittijiet jistgħu jiġu eżerċitati direttament billi tiġi ppreżentata talba formali lill-Uffiċjal tal-Protezzjoni tad-Data, dwar kwalunkwe waħda minn dawn li ġejjin:
Indirizz: L-Uffiċjal tal-Protezzjoni tad-Data, Taqsima tal-Protezzjoni Legali u tad-Data, Kwartieri Ġenerali tal-Pulizija, Pjazza San Kalċedonju, Floriana, FRN 1530, Malta
Email: dpu.police@gov.mt
Talbiet sottomessi b’mezzi elettroniċi se jiġu mwieġba bl-istess mezzi. Minħabba r-riskji potenzjali tas-sottomissjoni ta’ kopji ta’ dokumenti personali u informazzjoni sensittiva oħra permezz tal-internet miftuħ, huwa rakkomandabbli li s-sikurezza ta’ tali mezzi elettroniċi tiġi żgurata qabel is-sottomissjoni tat-talba.
L-applikanti għandhom jipprovdu d-dettalji ta’ identifikazzjoni li ġejjin sabiex jiffaċilitaw l-awtoritajiet responsabbli fit-trattament tat-talba:
Isem u kunjom l-applikant;
Numru tal-Karta tal-Identità jew tal-Passaport;
Liema informazzjoni partikolari jixtiequ jaraw;
Għandha tiġi sottomessa wkoll kopja tal-Karta tal-Identità jew tal-Passaport għall-finijiet ta’ verifika tal-identifikazzjoni.
Skont il-liġi Maltija, it-talba għandha tiġi ppreżentata bil-miktub u ffirmata mis-suġġett tad-data. It-talba għandha ssir bil-Malti jew bl-Ingliż.
Sabiex jiġi ffaċilitat l-eżerċizzju tad-drittijiet tiegħek, il-Korp tal-Pulizija ta’ Malta ħejja ittra ġenerika ta’ talba għal aċċess. Huwa imperattiv li meta tuża din l-ittra, wieħed jindika b’mod ċar it-tip ta’ data personali li qed jitlob biex jaċċessa, jirrettifika jew iħassar.
Hemm xi limitazzjonijiet għad-dritt tiegħek?
Id-dritt tas-suġġett tad-data jista’ jiġi ttardjat, ristrett jew imħolli barra, sakemm dan jikkostitwixxi miżura neċessarja u proporzjonata f’soċjeta demokratika b’kunsiderazzjoni xierqa għad-drittijiet fundamentali u l-interessi leġittimi tal-persuna fiżika kkonċernata f’termini tal-liġi.
Dawn il-miżuri jistgħu jiġu imposti sabiex:
Jevitaw li jostakolaw inkjesti, investigazzjonijiet jew proċeduri uffiċjali jew legali.
Jevitaw li jippreġudikaw il-prevenzjoni, is-sejbien, l-investigazzjoni jew il-prosekuzzjoni ta’ reati kriminali jew l-eżekuzzjoni ta’ pieni kriminali.
Jipproteġu s-sigurtà pubblika.
Jipproteġu s-siġurtà nazzjonali.
Jipproteġu d-drittijiet u l-libertajiet ta’ oħrajn.
Fil-każ ta’ restrizzjoni jew rifjut, l-individwu jiġi infurmat bil-miktub bid-deċiżjoni, inklużi r-raġunijiet għad-deċiżjoni, sakemm tali komunikazzjoni ma jkollhiex effett fuq ix-xogħol tal-awtoritajiet kompetenti jew fuq id-drittijiet u l-libertajiet ta’ individwi oħra.
Dritt Li Jitressaq Ilment
Kwalunkwe persuna li ma tkunx sodisfatta bi tweġiba għat-talba tagħha kif spjegat hawn fuq tista’ tressaq ilment quddiem l-uffiċċju tal-IDPC jew titlob li l-IDPC jivverifika li d-drittijiet tiegħu/tagħha għall-protezzjoni tad-data qed jiġu rispettati u li d-data personali tiegħu/tagħha tiġi pproċessata skont il-liġi.
Il-Kummissarju għall-Informazzjoni u l-Protezzjoni tad-Data
Il-Kummissarju għall-Informazzjoni u l-Protezzjoni tad-Data (IDPC) huwa l-awtorità superviżorji nazzjonali f’Malta responsabbli biex iwettaq superviżjoni indipendenti, monitoraġġ u infurzar tal-leġiżlazzjoni dwar il-protezzjoni tad-data.
Għal dak il-għan, l-IDPC għandu s-setgħa li jkollu aċċess u jispezzjona d-data personali u s-sistemi ta’ arkivjar kollha f’Malta.
L-Uffiċċju tal-IDPC jista’ jintlaħaq fuq id-dettalji ta’ kuntatt li ġejjin:
Indirizz: Kummissarju għall-Informazzjoni u l-Protezzjoni tad-Data, Floor 2, Airways House, High Street, tas-Sliema, SLM 1549, Malta
Email: idpc.info@idpc.org.mt
Sit: https://idpc.org.mt/
Telefon: +35623287100
1 Regolament (UE) 2016/679 tal-Parlament Ewropew u tal-Kunsill tas-27 ta’ April 2016 dwar il-protezzjoni tal-persuni fiżiċi fir-rigward tal-ipproċessar ta’ data personali u dwar il-moviment liberu ta’ tali data, u li jħassar id-Direttiva 95/46/EC (Regolament Ġenerali dwar il-Protezzjoni tad-data)
Sistemi: Body Worn Cameras (BWCs)
L-użu tal-Body Worn Cameras (BWCs) huwa għodda effettiva fil-ġlieda kontra r-reati. Juri wkoll l-impenn tal-awtoritajiet tal-infurzar tal-Liġi għat-trasparenza, jiżgura l-obbligu ta’ rendikont tal-membri tiegħu, iżid il-fiduċja tal-pubbliku, u jipproteġi lill-membri tiegħu minn ilmenti mhux ġustifikati ta’ kondotta ħażina.
Il-Korp tal-Pulizija ta’ Malta, fuq il-passi ta’ awtoritajiet oħra tal-infurzar tal-Liġi f’pajjiżi oħra, inkluż Stati membri tal-UE, introduċa l-użu tal-BWCs mill-Uffiċjali tal-Pulizija operattivi kollha. Skont il-proċeduri operattivi standard, kull meta l-uffiċjali jkunu jafu jew ikollhom aspettattiva raġonevoli li se jinteraġixxu mal-pubbliku fit-twettiq tad-dmirijiet tagħhom relatati mal-infurzar tal-liġi, b’mod partikolari fir-rigward tal-prevenzjoni, l-investigazzjoni u s-sejbien ta’ reati kriminali, il-BWCs se jiġu attivati. Ladarba jiġu attivati, il-BWCs jixgħelu LED Ħadra sabiex il-pubbliku jkun konxju li l-kamera qed taħdem. Id-data kollha maqbuda mbagħad tinħażen b’mod sigur fuq server u tiġi ġestita minn uffiċċju ddedikat taħt kundizzjonijiet stretti u soġġett għal salvagwardji adegwati.
Bażi Legali
L-ipproċessar ta’ data personali maqbuda permezz tal-BWCs huwa bbażat fuq diversi dispożizzjonijiet legali:
Huwa d-dmir tal-Pulizija li tippreserva l-ordni pubblika u l-paċi pubblika, li tipprevjeni u tiskopri u tinvestiga reati, li tiġbor evidenza, kemm jekk kontra jew favur il-persuna suspettata li wettqet ir-reat, u li tressaq lill-ħatja, kemm jekk prinċipali jew kompliċi, quddiem l-awtoritajiet ġudizzjarji skont l-Artikolu 346 (1) tal-Kodiċi Kriminali (Kapitolu 9 tal-Liġijiet ta’ Malta).
Dan id-dmir huwa msaħħaħ u kkumplimentat mill-Artikolu 4 (a) tal-Att dwar il-Pulizija (Kapitolu 164 tal-Liġijiet ta’ Malta), li jelenka bħala wieħed mill-għanijiet ewlenin tal-Korp tal-Pulizija li jippreserva l-ordni pubblika u l-paċi, li jippreveni t-twettiq ta’ reati, li jippromwovi l-osservanza tal-liġijiet, bħala l-ewwel garanzija tad-drittijiet tal-persuni kollha f ’Malta, anke qabel ma tkun meħtieġa azzjoni permezz tas-sistema ġudizzjarja biex tirripressa, tissanzjona jew tirrimedja kwalunkwe ksur.
L-Artikolu 62 (1) tal-Att dwar il-Pulizija speċifikament jagħti s-setgħa lill-Pulizija li żżomm, tipproċessa u tikklassifika kull informazzjoni rilevanti għat-twettiq ta’ xi reat f’Malta jew barra minn Malta liema informazzjoni tista’ tiġi preservata b’kull sistema tkun xi tkun, inkluż format elettroniku.
Barra minn hekk, il-Korp tal-Pulizija ta’ Malta, jista’ jiġbor data personali permezz ta’ sorveljanza teknika jew mezzi awtomatizzati oħra għall-prevenzjoni, investigazzjoni, sejbien u prosekuzzjoni ta’ uffiċċji kriminali skont ir-Regolament 8 (3) tal-L.S. 586.08.
Data Personali Maqbuda mill-BWCs
Il-kategoriji ta’ data personali maqbuda mill-BWCs huma limitati għal sekwenzi awdjoviżivi u koordinati GPS. F’ċerti każijiet, tali data tista’ tinkludi wkoll data ta’ kategoriji speċjali (b’mod partikolari data dwar is-saħħa), bħal pereżempju meta l-individwi kkonċernati, fuq il-post ta’ inċident, ikunu qed isofru minn korrimenti fiżiċi.
Żvelar tad-data maqbuda mill-BWCs
Data miġbura mill-BWCs tintuża biss għal finijiet ta’ investigazzjoni kriminali mill-Korp tal-Pulizija ta’ Malta u tista’ tkun disponibbli għal awtoritajiet kompetenti oħra bħall-Avukat Ġenerali u l-awtoritajiet ġudizzjarji skont il-liġi. F’xi każijiet, tali data tista’ tintuża wkoll għal skopijiet ta’ monitoraġġ u investigazzjoni interni.
Jista’ jkun hemm każijiet fejn tali data tkun disponibbli għall-awtoritajiet tal-infurzar tal-Liġi barranin, b’mod partikolari l-awtoritajiet tal-infurzar tal-Liġi fi Stati Membri oħra, fit-twettiq ta’ obbligu legali jew ftehim bilaterali fil-kuntest tal-Kooperazzjoni tal-Pulizija.
Perjodu ta’ Żamma
Id-data kollha miġbura mill-BWCs tinżamm għal perjodu ta’ disgħin (90) jum skont l-Iskeda dwar iż-żamma tad-data, kif approvata mill-Kummissarju għall-Informazzjoni u l-Protezzjoni tad-Data. Id-data kollha titħassar awtomatikament malli jiskadi dan il-perjodu b’mod sigur.
X’ inhuma d-Drittijiet tiegħek fir-rigward tad-data personali tiegħek maqbuda mill-BWCs?
L-ipproċessar ta’ data personali miġbura permezz tal-BWCs huwa rregolat mir-Regolamenti dwar il-Protezzjoni tad-Data (Ipproċessar ta’ Data Personali mill-Awtoritajiet Kompetenti għall-Finijiet tal-Prevenzjoni, l-Investigazzjoni, is-Sejbien jew il-Prosekuzzjoni ta’ Reati Kriminali jew l-Eżekuzzjoni ta’ Pieni Kriminali) (Leġiżlazzjoni Sussidjarja 586.08).
Kull persuna għandha d-dritt li:
titlob aċċess għal data personali relatata magħha pproċessata;
titlob il-korrezzjoni ta’ data personali fattwalment mhux preċiża relatata magħha jew;
it-tħassir tad-data personali tagħha fil-każ ta’ informazzjoni pproċessata illegalment;
titlob restrizzjoni tal-ipproċessar tad-data personali tagħha skont il-liġi;
id-dritt li tressaq ilment quddiem il-Kummissarju għall-Informazzjoni u l-Protezzjoni tad-Data.
Kif Teżerċita d-Drittijiet Tiegħek?
F’Malta, kwalunkwe individwu għandu d-dritt li jitlob aċċess, korrezzjoni jew tħassir tad-data personali tiegħu billi jikkuntattja direttament lill-Kontrollur tad-Data li f’ dan il-każ huwa l-Korp tal-Pulizija ta’ Malta, permezz tal-Uffiċjal tal-Protezzjoni tad-Data.
Dawn id-drittijiet jiġu eżerċitati billi tiġi sottomessa talba formali, preferibbilment billi tintuża l-formola li ġejja, lill-In-Field Tech Unit, fuq kwalunkwe waħda minn dawn li ġejjin:
Indirizz: Att. Uffiċċju In-Field Tech, L-Uffiċjal tal-Protezzjoni tad-Data, Taqsima tal-Protezzjoni Legali u tad-Data, Kwartieri Ġenerali tal-Pulizija, Pjazza San Kalċedonju, Floriana, FRN 1530, Malta
Email: infield.police@gov.mt
Telefon: +35621224001
Id-dritt tas-suġġett tad-data jista’ jiġi ttardjat, ristrett jew imħolli barra, sakemm dan jikkostitwixxi miżura neċessarja u proporzjonata f’soċjeta demokratika b’kunsiderazzjoni xierqa għad-drittijiet fundamentali u l-interessi leġittimi tal-persuna fiżika kkonċernata f’termini tal-liġi applikabbli. Fil-każ ta’ restrizzjoni jew rifjut, l-individwu għandu jiġi infurmat bil-miktub bid-deċiżjoni, inklużi r-raġunijiet għad-deċiżjoni, sakemm tali komunikazzjoni ma jistax ikollha effett fuq ix-xogħol tal-awtoritajiet kompetenti nazzjonali jew fuq id-drittijiet u l-libertajiet ta’ individwi oħra.
Barra minn hekk, dawn id-drittijiet ma jistgħux jiġu eżerċitati skont il-proċedura stabbilita hawn fuq, fejn id-data personali miġbura permezz tal-BWCs tintalab minn uffiċjali investigattivi għal finijiet ta’ investigazzjoni. F’każijiet bħal dawn, għandhom japplikaw ir-regoli applikabbli għall-proċedura kriminali.
Systemi: Entry / Exit System (EES)
Is-Sistema Entry/Exit (EES) hija sistema ta’ informazzjoni fuq skala kbira stabbilita mill-Unjoni Ewropea biex ittejjeb il-ġestjoni tal-fruntieri esterni tax-Schengen. Hi tirreġistra data dwar id-dħul, data dwar il-ħruġ u data dwar iċ-ċaħda tad-dħul ta’ ċittadini ta’ pajjiżi terzi li jaqsmu l-fruntieri esterni taż-żona Schengen u tissostitwixxi l-ittimbrar manwali tal-passaporti.
L-EES tappoġġa l-ġestjoni tal-fruntieri, tiffaċilita l-qsim tal-fruntieri, tikkontribwixxi għas-sikurezza interna, u tippermetti l-identifikazzjoni ta’ persuni li jibqgħu fit-territorju tal-Istati Membri għal aktar żmien milli awtorizzat.
L-EES tintuża għal finijiet ta’ ġestjoni u faċilitazzjoni tal-fruntieri, kif ukoll għal finijiet ta’ infurzar tal-liġi, skont ir-Regolament (UE) 2017/2226.
Bażi Legali
L-EES hija stabbilita u rregolata:
Mir-Regolament (UE) 2017/2226 tal-Parlament Ewropew u tal-Kunsill tat-30 ta’ Novembru 2017 li jistabbilixxi Sistema ta’ Entry/Exit (EES), li jiddetermina l-finijiet tas-sistema, il-kategoriji ta’ data pproċessata, il-perijodi ta’ żamma, u l-kundizzjonijiet għall-aċċess, inkluż għal finijiet ta’ infurzar tal-liġi;
Ir-Regolament (UE) 2019/1896 dwar il-Gwardja Ewropea tal-Fruntiera u tal-Kosta, sa fejn jemenda u jissupplimenta ċerti dispożizzjonijiet relatati mal-EES;
Atti delegati u ta’ Implimentazzjoni adottati mill-Kummissjoni Ewropea skont l-Artikoli 36 u 68 tar-Regolament (UE) 2017/2226, li jistabbilixxu speċifikazzjonijiet tekniċi, proċeduri operazzjonali u salvagwardji għall-protezzjoni tad-data;
Il-Leġiżlazzjoni Nazzjonali, tinkludi:
L-Att dwar l-Immigrazzjoni (Kap. 217 tal-Liġijiet ta’ Malta) u leġiżlazzjoni sussidjarja;
Ir-Regolamenti dwar is-Sistema Entry/Exit (EES) li jimplimentaw l-EES f’Malta;
Liġijiet applikabbli oħra li jirregolaw l-awtoritajiet kompetenti u l-ipproċessar ta’ data personali, inkluża l-leġiżlazzjoni dwar il-protezzjoni tad-data.
Struttura tal-EES
L-EES tikkonsisti minn:
Sistema ċentrali mħaddma mill-eu-LISA;
Sistema nazzjonali (N.EES) f’kull Stat Membru (f’Malta, ospitata mill-Korp tal-Pulizija ta’ Malta);
Infrastruttura sigura ta’ komunikazzjoni li tgħaqqad is-sistemi ċentrali u nazzjonali.
Id-data mdaħħla minn Stat Membru wieħed tinħażen ċentralment u tista’ tiġi aċċessata u pproċessata mill-awtoritajiet kompetenti ta’ Stati Membri oħra, mill-Europol għal finijiet ta’ infurzar tal-liġi, u minn entitajiet awtorizzati oħra, strettament skont ir-Regolament (UE) 2017/2226.
Kontrolluri &-awtoritajiet kompetenti f’Malta
Il-Korp tal-Pulizija ta’ Malta ġie nnominat bħala l-kontrollur b’responsabbiltà ċentrali għat-tħaddim tan-national entry/exit System (N.EES).
Mingħajr preġudizzju għal din ir-responsabbilta ċentrali, awtoritajiet kompetenti nazzjonali oħra jaġixxu bħala kontrolluri fihom infushom, u unikament fir-rigward tal-operazzjonijiet ta’ pproċessar imwettqa fil-kamp ta’ applikazzjoni tal-mandati u l-funzjonijiet legali rispettivi tagħhom, kif previst skont ir-Regolament (UE) 2017/2226 u l-leġiżlazzjoni nazzjonali applikabbli.
Skont ir-Regolament tal-EES, l-istaff awtorizzat tal-awtoritajiet li ġejjin jista’ jdaħħal, jemenda, iħassar, jivverifika u jikkonsulta d-data tal-EES fil-limiti tal-kompetenzi legali tagħhom:
Korp tal-Pulizija ta’ Malta
Uffiċjal Prinċipali tal-Immigrazzjoni
Aġenzija Identity Malta (Identity Management u Servizzi Anċillari)
Aġenzija Komunitarja Malta
Ministeru responsabbli għall-Affarijiet Barranin (għal missjonijiet diplomatiċi awtorizzati)
Data personali pproċessata fl-EES
L-EES tipproċessa l-kategoriji ta’ data personali li ġejjin relatati ma’ ċittadini ta’ pajjiżi terzi suġġetti għar-reġistrazzjoni:
Data Alfanumerika:
Isem/ismijiet, kunjom, data tat-twelid, ċittadinanza u sess
Dettalji tad-dokument tal-ivvjaġġar (it-tip, in-numru, l-awtorità tal-ħruġ u l-validità)
Kodiċi ISO bi tliet ittri tal-pajjiż li ħareġ id-dokument
Data, ħin u post tad-dħul, ħruġ jew rifjut tad-dħul
Visa number or residence permit data, where applicable
Data bijometrika:
Immaġni tal-wiċċ, li hija obbligatorja għaċ-ċittadini kollha ta’ pajjiżi terzi suġġetti għar-reġistrazzjoni fl-EES
Marki tas-swaba’, li huma obbligatorji għaċ-ċittadini ta’ pajjiżi terzi eżentati mill-viża u għad-detenturi ta’ Dokument ta’ Tranżitu ta’ Faċilitazzjoni
Data relatata ma’ Rifjut ta’ Dħul:
Awtorità li ħarġet ir-rifjut
Raġunijiet għar-rifjut
Data Amministrattiva:
Rekords tal-awtoritajiet li daħħlu, ikkonsultaw, immodifikaw jew ħassru data
Links għal dħul u ħruġ preċedenti bl-iskop li tiġi stabbilita l-istorja tal-ivvjaġġar
Natura Obbligatorja tal-Ġbir tad-Data
Il-ġbir ta’ data personali għar-reġistrazzjoni fl-EES huwa obbligatorju għall-eżami tal-kundizzjonijiet tad-dħul fil-fruntieri esterni taż-żona Schengen.
Id-dħul jiġi rrifjutat jekk ċittadin ta’ pajjiż terz jirrifjuta li jipprovdi d-data bijometrika meħtieġa (immaġni tal-wiċċ u, fejn applikabbli, marki tas-swaba’) għar-reġistrazzjoni, il-verifika jew l-identifikazzjoni fl-EES.
Użu ta’ Data għad-Detezzjoni ta’ Soġġorn Eċċessiv u l-Kalkolu ta’ Soġġorn Awtorizzat
Id-data tal-EES tintuża biex jiġi kkalkulat it-tul ta’ soġġorn awtorizzat ta’ ċittadini ta’ pajjiżi terzi.
Soġġorni skaduti jiġu identifikati awtomatikament, u fejn applikabbli, id-data tal-individwu tiżdied mal-lista ta’ persuni b’permanenza skaduta identifikati msemmija fl-Artikolu 12 (3) tar-Regolament (UE) 2017/2226.
Soġġorn eċċessiv jista’ jirriżulta f’konsegwenzi legali u amministrattivi, inkluż ir-rifjut tad-dħul u l-bidu ta’ proċeduri ta’ ritorn.
Individwi għandhom id-dritt li jirċievu informazzjoni dwar it-tul massimu li jifdal tas-soġġorn awtorizzat tagħhom, skont l-Artikolu 11 (3) tar-Regolament (UE) 2017/2226.
Trasferimenti ta’ data personali
Data personali maħżuna fl-EES tista’ tiġi ttrasferita:
Lil pajjiżi terzi jew organizzazzjonijiet internazzjonali elenkati fl-Anness I tar-Regolament (UE) 2017/2226 għall-finijiet ta’ ritorn;
Lil pajjiżi terzi skont l-Artikolu 41 (6) tar-Regolament (UE) 2017/2226;
Lil Stati Membri oħra skont l-Artikolu 42 tar-Regolament (UE) 2017/2226.
Tali trasferimenti jsiru biss taħt il-kundizzjonijiet u s-salvagwardji stabbiliti fil-liġi tal-UE.
Perjodi ta’ Żamma
Skont ir-Regolament (UE) 2017/2226:
Id-data dwar id-dħul u l-ħruġ u d-data dwar iċ-ċaħda tad-dħul jinħażnu għal tliet snin mid-data tal-ħruġ jew taċ-ċaħda tad-dħul;
Fejn ma jeżisti l-ebda rekord tal-ħruġ, id-data tinħażen għal ħames snin mid-data tad-dħul;
Rekords relatati ma’ membri tal-familja mhux tal-UE ta’ ċittadini tal-UE, taż-ŻEE jew tal-Iżvizzera intitolati għall-moviment liberu, li ma jkollhomx kard ta’ residenza jew permess ta’ residenza, jinħażnu għal sena mid-data tal-ħruġ.
Wara l-iskadenza tal-perjodu ta’ żamma applikabbli, id-data titħassar awtomatikament.
Id-Drittijiet Tiegħek fir-Rigward tad-Data Personali tiegħek fl-EES
L-individwi li d-data personali tagħhom tiġi pproċessata fl-EES għandhom id-dritt li:
Jiksbu aċċess għal data personali relatata magħhom maħżuna fl-EES;
Jitlobu r-rettifika ta’ data personali mhux korretta;
Jitlobu t-tlestija ta’ data personali mhux kompluta;
Jitlobu t-tħassir ta’ data personali pproċessata illegalment;
Jitolbu r-restrizzjoni tal-ipproċessar, fejn applikabbli;=
Jirċievu informazzjoni dwar il-proċeduri għall-eżerċitar ta’ dawn id-drittijiet.
Persuni b’permanenza skaduta għandhom id-dritt li jitolbu t-tħassir tad-data personali tagħhom mil-lista ta’ persuni identifikati msemmija fl-Artikolu 12 (3) u r-rettifika tad-data tal-EES, fejn jipprovdu evidenza li d-durata awtorizzata tas-soġġorn inqabżet minħabba avvenimenti mhux prevedibbli u serji.
Talbiet minn suġġetti tad-data jistgħu jiġu sottomessi jew lill-Korp tal-Pulizija ta’ Malta jew lil kwalunkwe awtorità nazzjonali li jkollha aċċess legali għall-EES, skont ir-Regolament (UE) 2017/2226.
Individwi li jixtiequ jeżerċitaw id-drittijiet tagħhom permezz tal-Korp tal-Pulizija ta’ Malta huma mħeġġa jużaw il-Mudell ta’ Ittri disponibbli biex jiffaċilitaw is-sottomissjoni u t-trattament ta’ talbiet bħal dawn.
Ilmenti
Individwi għandhom id-dritt li jressqu lment mal-Kummissarju għall-informazzjoni u l-Protezzjoni tad-Data (IDPC).
Fejn applikabbli, l-ilmenti relatati mal-ipproċessar imwettaq fil-livell tal-UE jistgħu jiġu indirizzati wkoll lill-Kontrollur Ewropew għall-Protezzjoni tad-data (KEPD).
Systemi: European Travel Information And Authorisation System (ETIAS)
Il-Korp tal-Pulizija ta’ Malta huwa l-awtoritajiet nazzjonali responsabbli għas-Sistema Ewropea ta’ Informazzjoni u Awtorizzazzjoni għall-Ivvjaġġar (ETIAS) f’Malta.
It-Taqsima nazzjonali tal-ETIAS, stabbilita skont il-qafas legali applikabbli tal-Unjoni Ewropea, se tkun ospitata għand il-Korp tal-Pulizija ta’ Malta u għandha twettaq il-funzjonijiet stabbiliti mil-liġi fir-rigward tal-ETIAS f’ Malta.
Mill-aħħar kwart tal-2026, iċ-ċittadini ta’ 59 pajjiż mingħajr viża li jivvjaġġaw lejn l-Ewropa għal soġġorn qasir se jkunu meħtieġa jiksbu awtorizzazzjoni għall-ivvjaġġar qabel ma jivvjaġġaw lejn pajjiżi Ewropej parteċipanti.
L-ETIAS tifforma parti mill-isforzi tal-Unjoni Ewropea biex issaħħaħ is-sikurezza interna u l-ġestjoni tal-fruntieri billi twettaq skrinjar qabel l-ivvjaġġar ta’ vjaġġaturi mingħajr viża biex tivvaluta jekk dawn jistgħux jippreżentaw:
riskju ta’ sigurtà;
riskju ta’ migrazzjoni irregolari; jew
riskju għoli ta’ epidemija jew ta’ saħħa pubblika.
L-ETIAS tapplika għal soġġorni qosra f’pajjiżi Ewropej parteċipanti u ma tikkostitwixxix viża.
Qabel Tivvjaġġa
Vjaġġaturi minn pajjiżi mingħajr viża li jaqgħu fil-kamp ta’ applikazzjoni tal-ETIAS se jkunu meħtieġa jiksbu awtorizzazzjoni għall-ivvjaġġar valida qabel ma jibdew jivvjaġġaw.
L-applikazzjonijiet tal-ETIAS jiġu ppreżentati elettronikament u vvalutati skont is-sistemi ta’ informazzjoni Ewropej rilevanti skont il-qafas legali tal-ETIAS. Il-biċċa l-kbira tal-applikazzjonijiet huma mistennija li jiġu pproċessati awtomatikament fi żmien minuti, filwaqt li għadd limitat jista’ jeħtieġ valutazzjoni manwali mill-awtoritajiet kompetenti.
Il-vjaġġaturi li huma meħtieġa jkollhom awtorizzazzjoni għall-ivvjaġġar valida tal-ETIAS u jekk jonqsu milli jagħmlu dan jistgħu jiġu rrifjutati l-imbark mit-trasportatur, inklużi l-linji tal-ajru, l-operaturi tal-laneċ, jew il-kumpaniji tal-karozzi tal-linja.
Aktar informazzjoni dwar min jeħtieġ l-ETIAS, kif tapplika, u kif topera s-sistema tista’ tiġi aċċessata permezz tal-paġni web uffiċjali tal-ETIAS tal-Unjoni Ewropea.
Mal-Fruntiera
Mal-wasla fil-fruntiera esterna ta’ pajjiż Ewropew parteċipanti, il-vjaġġaturi jistgħu jkunu soġġetti għal verifiki fuq il-fruntiera skont il-leġiżlazzjoni applikabbli tal-Unjoni Ewropea u dik nazzjonali.
Fejn applikabbli, l-awtoritajiet tal-fruntieri jistgħu jivverifikaw b’mod elettroniku jekk vjaġġatur għandux awtorizzazzjoni għall-ivvjaġġar valida tal-ETIAS u jekk il-kundizzjonijiet l-oħra kollha tad-dħul humiex issodisfati.
F’Malta, il-funzjonijiet ta’ kontroll fuq il-fruntiera jitwettqu taħt ir-responsabbiltà tal-Uffiċjal Prinċipali tal-Immigrazzjoni, skont il-qafas legali applikabbli.
Il-pussess ta’ awtorizzazzjoni għall-ivvjaġġar valida tal-ETIAS ma jiggarantixxix awtomatikament id-dħul, peress li d-deċiżjoni finali dwar l-ammissjoni fit-territorju tibqa’ suġġetta għall-osservanza tal-kundizzjonijiet tad-dħul applikabbli kollha skont il-liġi.
Il-Qafas Nazzjonali tal-ETIAS f’Malta
Fuq livell nazzjonali, ir-responsabbiltajiet tal-ETIAS f’Malta se jiġu eżerċitati skont il-qafas legali applikabbli tal-Unjoni Ewropea u nazzjonali.
It-Taqsima nazzjonali tal-ETIAS, li tipproċessa l-applikazzjonijiet f’Malta, se tkun ospitata fil-Korp tal-Pulizija ta’ Malta. Dan tal-aħħar huwa maħtur bħala l-awtoritajiet nazzjonali responsabbli b’mod ċentrali għall-ETIAS f’Malta.
Barra minn hekk, il-Korp tal-Pulizija ta’ Malta għandu jaġixxi bħala l-Punt Ċentrali ta’ Aċċess għall-aċċess għal data personali maħżuna fl-ETIAS għal finijiet ta’ infurzar tal-liġi, skont il-kondizzjonijiet u s-salvagwardji stabbiliti mil-liġi.
Awtoritajiet kompetenti Maltin oħra jistgħu wkoll jingħataw aċċess għall-ETIAS fejn awtorizzat mil-liġi u maħtur formalment għal finijiet speċifiċi stabbiliti skont il-qafas legali applikabbli.
Dawn jistgħu jinkludu, pereżempju:
awtoritajiet ta’ kontroll mal-fruntiera;
l-awtoritajiet tal-immigrazzjoni;
awtoritajiet tal-infurzar tal-liġi; u
awtoritajiet kompetenti oħra maħtura.
Fil-preżent, in-nomina jew ir-rikonoxximent formali tal-awtoritajiet kompetenti Maltin kollha li għandhom aċċess għall-ETIAS għadha suġġetta għall-qafas legali u istituzzjonali applikabbli u tista’ tiġi aġġornata fi stadju aktar tard.
Rifjut, Revoka jew Annullament ta’ Awtorizzazzjoni għall-ivvjaġġar tal-ETIAS
Meta applikazzjoni tal-ETIAS tiġi rrifjutata, jew awtorizzazzjoni għall-ivvjaġġar tiġi revokata jew annullata, l-applikant se jirċievi notifika li tindika:
ir-raġunijiet għad-deċiżjoni;
l-awtorita responsabbli għat-teħid tad-deċiżjoni; u
informazzjoni dwar il-proċedura ta’ appell disponibbli.
L-applikanti għandhom id-dritt li jappellaw deċiżjonijiet li jirrifjutaw, jirrevokaw, jew jannullaw awtorizzazzjoni għall-ivvjaġġar tal-ETIAS.
L-appelli jiġu ttrattati skont il-liġi nazzjonali tal-pajjiż Ewropew li jkun ħa d-deċiżjoni.
Meta awtorizzazzjoni għall-ivvjaġġar tiġi revokata fuq talba tal-vjaġġatur, ma għandu japplika l-ebda dritt ta’ appell.
Aktar informazzjoni dwar appelli u proċeduri tal-ETIAS hija disponibbli permezz tal-paġni web uffiċjali tal-ETIAS tal-Unjoni Ewropea.
Il-Protezzjoni tad-Data u d-Drittijiet Tiegħek
Id-data personali pproċessata fl-ETIAS hija protetta skont il-leġiżlazzjoni applikabbli tal-Unjoni Ewropea u nazzjonali dwar il-protezzjoni tad-data.
L-ipproċessar ta’ data personali fl-ETIAS huwa soġġett għal salvagwardji stretti, kontrolli tal-aċċess, u limitazzjonijiet legali.
Kontrolluri tad-Data Personali
Id-data personali li tinsab fl-ETIAS tista’ tiġi pproċessata mill-Korp tal-Pulizija ta’ Malta, inkluża t-Taqsima nazzjonali tal-ETIAS, u minn awtoritajiet kompetenti Maltin oħra awtorizzati bil-liġi biex jaċċessaw l-ETIAS, strettament fil-limiti stabbiliti bil-liġi.
Kull awtorita kompetenti li taċċessa l-ETIAS taġixxi b’mod indipendenti u tipproċessa data personali biss għall-finijiet li għalihom ikollha aċċess legali.
Għaldaqstant, kull amministrazzjoni taġixxi bħala kontrollur biss fir-rigward ta’ data personali pproċessata minn dik l-amministrazzjoni fi ħdan l-ETIAS.
Il-Korp tal-Pulizija ta’ Malta, inkluż it-Taqsima nazzjonali tal-ETIAS ospitata fih, ma jaġixxix awtomatikament bħala kontrollur għad-data personali kollha pproċessata fl-ETIAS minn awtoritajiet kompetenti Maltin oħra.
Bl-istess mod, l-awtoritajiet kompetenti Maltin jistgħu jaġixxu biss fuq talbiet li jikkonċernaw data personali meta jkunu pproċessaw tali data u jaġixxu bħala kontrollur fir-rigward tal-attivitajiet ta’ pproċessar rilevanti.
L-awtoritajiet Maltin ma jistgħux jagħtu aċċess, jirrettifikaw, jikkompletaw, iħassru, jirrestrinġu, jew inkella jaġixxu fuq data personali pproċessata fl-ETIAS meta ma jkunux ipproċessaw tali data u ma jaġixxux bħala kontrollur fir-rigward ta’ dak l-ipproċessar.
Id-Drittijiet Tiegħek
Suġġett għall-qafas legali applikabbli u kwalunkwe restrizzjoni legali prevista mil-liġi, l-individwi li d-data personali tagħhom tiġi pproċessata fl-ETIAS jistgħu jeżerċitaw, fejn applikabbli, id-drittijiet li ġejjin:
id-dritt għal informazzjoni rigward l-ipproċessar ta’ data personali;
id-dritt ta’ aċċess għal data personali;
id-dritt li tintalab rettifika ta’ data personali mhux preċiża;
id-dritt li tintalab it-tlestija ta’ data personali mhux kompluta;
id-dritt li jintalab it-tħassir ta’ data personali proċessata illegalment, fejn applikabbli;
id-dritt li tintalab restrizzjoni tal-ipproċessar, fejn applikabbli;
id-dritt għal rimedju ġudizzjarju effettiv; u
id-dritt li jitressaq ilment mal-awtoritajiet superviżorji kompetenti.
Kif Teżerċita d-Drittijiet Tiegħek
Talbiet li jikkonċernaw data personali pproċessata fl-ETIAS jistgħu jiġu ppreżentati:
lill-Korp tal-Pulizija ta’ Malta, inkluża l-ETIAS Unit nazzjonali, fejn il-Korp tal-Pulizija ta’ Malta pproċessa d-data personali rilevanti u jaġixxi bħala kontrollur; jew
direttament lill-awtoritajiet kompetenti Maltin li pproċessaw id-data personali u li jaġixxu bħala kontrollur fir-rigward tal-attivitajiet ta’ pproċessar rilevanti.
Meta awtorità Maltija ma tkunx ipproċessat id-data personali rilevanti u ma taġixxix bħala kontrollur, dik l-awtorità ma tistax taġixxi fuq it-talba.
Fejn xieraq, l-applikanti jistgħu jiġu diretti lejn l-awtoritajiet kompetenti responsabbli għall-ipproċessar rilevanti.
Skeda ta’ Żmien għat-Tweġib tat-Talbiet
L-awtoritajiet kompetenti għandhom jirrispondu għat-talbiet relatati mal-ETIAS mingħajr dewmien żejjed u, fi kwalunkwe każ, fi żmien xahar minn meta jirċievu t-talba, skont il-qafas legali tal-ETIAS.
Ċerti drittijiet jistgħu jiġu ristretti skont il-liġi applikabbli fejn meħtieġ u proporzjonat għas-salvagwardja tas-sikurezza pubblika, il-ġestjoni tal-fruntieri, jew il-prevenzjoni, is-sejbien, l-investigazzjoni, jew il-prosekuzzjoni ta’ reati kriminali.
Ilmenti u Rimedji
Jekk ma tkunx sodisfatt/a bil-mod kif ġiet ittrattata t-talba tiegħek, tista’ tressaq ilment mal-awtoritajiet superviżorji kompetenti jew tfittex rimedju ġudizzjarju effettiv skont il-liġi applikabbli.
Qafas Legali
L-ETIAS f’Malta hija rregolata mil-leġiżlazzjoni applikabbli tal-Unjoni Ewropea u dik nazzjonali, inklużi, iżda mhux limitati għal:
Ir-Regolament (UE) 2018/1240 li jistabbilixxi Sistema Ewropea ta’ Informazzjoni u ta’ Awtorizzazzjoni għall-Ivvjaġġar (ETIAS);
l-Att dwar l-Immigrazzjoni;
leġiżlazzjoni sussidjarja applikabbli li timplimenta l-obbligi tal-Unjoni Ewropea;
leġiżlazzjoni li tirregola l-ġestjoni tal-fruntieri, l-immigrazzjoni, l-aċċess għall-infurzar tal-liġi, u l-protezzjoni tad-data; u
kwalunkwe strument legali applikabbli ieħor nazzjonali jew tal-Unjoni Ewropea.
Sistemi: EURODAC
introduzzjoni
Il-EURODAC hija bażi tad-data tal-marki tas-swaba’ tal-Unjoni Ewropea (UE) stabbilita fl-2013, għall-finijiet tal-identifikazzjoni ta’ dawk li jfittxu l-asil u ta’ dawk li jaqsmu l-fruntieri b’mod irregolari. Dan jiffaċilita l-wasla u l-ipproċessar għaql u trasparenti tal-applikazzjonijiet għall-ażil minn dawk li jista’ jkollhom bżonn il-protezzjoni mogħtija mill-Ewropa. Hija tgħin lill-Istati Membri jiddeterminaw ir-responsabbiltajiet għall-eżami ta’ applikazzjoni għall-ażil billi tqabbel is-settijiet ta’ data tal-marki tas-swaba’.
Is-sistema hija prinċipalment magħmula minn Sistema Ċentrali, li fiha l-bażi tad-data, u infrastruttura ta’ komunikazzjoni bejn is-Sistema Ċentrali u l-Istati Membri li tipprovdi netwerk virtwali kriptat apposta.
determining the Member State responsible for examining an application for international protection;
supporting the implementation of asylum and migration management procedures;
identifying illegally staying third-country nationals and stateless persons;
facilitating procedures related to resettlement, humanitarian admission and temporary protection;
supporting the protection of children and vulnerable persons; and
enabling, under strictly regulated circumstances, access by designated law enforcement authorities and the European Union Agency for Law Enforcement Cooperation (Europol) for the prevention, detection and investigation of terrorist offences and other serious criminal offences.
EURODAC operates through a Central System containing the database and a secure communication infrastructure connecting participating States through a dedicated encrypted network.
This notice explains how personal data is processed by the Malta Police Force (MPF), through its Eurodac Office, in connection with the EURODAC system and informs you of your rights under applicable data protection legislation.
This notice explains how personal data is processed by the Malta Police Force (MPF), through its Eurodac Office, in connection with the EURODAC system and informs you of your rights under applicable data protection legislation.
In Malta, the authority designated to access and process data within the EURODAC system is the Eurodac Office within the Malta Police Force.
In Malta, the authority designated to access and process data within the EURODAC system is the Eurodac Office within the Malta Police Force.
Important Clarification Regarding Asylum Applications
The Malta Police Force is not responsible for the processing of personal data carried out in the context of asylum or international protection procedures generally, except insofar as personal data is processed within the EURODAC system.
Accordingly, where a request concerns personal data processed in relation to an asylum or international protection application other than personal data processed in EURODAC, such requests should be addressed to the competent authority responsible for asylum matters in Malta, namely the International Protection Agency (IPA).
What is EURODAC?
EURODAC is a European database used by participating States to store and compare biometric data, namely fingerprints and facial image data, together with other information relating to specific categories of third-country nationals and stateless persons.
EURODAC supports the implementation of:
Regulation (EU) 2024/1351;
Regulation (EU) 2024/1350; and
Council Directive 2001/55/EC.
EURODAC may be used in relation to the following categories of persons, as provided under Regulation (EU) 2024/1358:
persons applying for international protection;
persons apprehended in connection with the irregular crossing of an external border;
persons found illegally staying in a Member State;
persons disembarked following search and rescue operations at sea;
persons arriving through resettlement or humanitarian admission procedures;
persons benefitting from temporary protection;
persons subject to return procedures, where provided by law.
Biometric data may be collected and processed in relation to persons aged six (6) years and over, in accordance with the applicable legal framework.
EURODAC is accessible by the 27 Member States of the European Union, together with Iceland, Norway, Liechtenstein and Switzerland.
Bażi Legali
The processing of personal data within the EURODAC system is carried out in accordance with:
Regulation (EU) 2024/1358 of the European Parliament and of the Council of 14 May 2024 on the establishment of EURODAC;
Regulation (EU) 2024/1351;
Regulation (EU) 2024/1350;
Council Directive 2001/55/EC;
Regulation (EU) 2016/679 (General Data Protection Regulation), where applicable; and/or
Directive (EU) 2016/680 and applicable national legislation governing processing by competent authorities for law enforcement purposes.
Where personal data is processed for law enforcement access to EURODAC, processing is subject to the specific safeguards, limitations and conditions established by Regulation (EU) 2024/1358.
Categories of Personal Data Processed
Depending on the category of person concerned and the applicable legal framework, the following categories of personal data may be processed within EURODAC.
Biometric Data
fingerprints;
facial image data.
Identification and Administrative Data
Depending on the applicable category, EURODAC may process:
Member State of origin;
place and date of registration, application, apprehension or relevant event;
sex;
nationality, where applicable;
reference number used by the Member State;
date on which biometric data was taken;
date on which data was transmitted to the Central System;
operator user identification number;
information relating to international protection, return, relocation, resettlement, humanitarian admission or temporary protection status, where applicable under law.
The exact categories of data processed depend on the legal category applicable to the person concerned and the requirements of Regulation (EU) 2024/1358.
Purpose of Processing
Personal data processed within EURODAC may be used for the following purposes:
International Protection and Migration Purposes
To:
assist in determining the Member State responsible for examining an application for international protection;
support the implementation of asylum and migration procedures;
support migration management and responsibility allocation between Member States;
identify illegally staying third-country nationals and stateless persons;
support relocation, resettlement and humanitarian admission procedures;
support temporary protection mechanisms;
protect children and vulnerable persons, including facilitating tracing where permitted by law;
support return-related procedures where authorised by law.
Law Enforcement Purposes
Under strictly regulated circumstances, designated law enforcement authorities and Europol may request comparison of EURODAC data where this is necessary for the prevention, detection or investigation of terrorist offences or other serious criminal offences.
Such access is permitted only where all legal conditions are fulfilled, including strict safeguards, necessity and proportionality requirements, and prior verification procedures established by law.
Retention of Data
The retention period applicable to personal data depends on the category under which data is recorded in EURODAC and the requirements of Regulation (EU) 2024/1358.
Applicants for International Protection
Personal data relating to applicants for international protection shall be retained in EURODAC for ten (10) years from the date on which biometric data is taken.
Data shall be erased before expiry of this period where:
the person concerned acquires citizenship of a Member State; or
erasure is otherwise required by law.
Where international protection is granted, the relevant data may be marked in accordance with Regulation (EU) 2024/1358.
Persons Apprehended in Connection with the Irregular Crossing of an External Border
Personal data relating to persons apprehended in connection with the irregular crossing of an external border shall be retained for five (5) years.
Data may be erased before expiry where legally required, including where the person concerned acquires citizenship of a Member State.
Persons Found Illegally Staying in a Member State
Personal data relating to persons found illegally staying in a Member State shall be retained for three (3) years, in accordance with Regulation (EU) 2024/1358.
Persons Disembarked Following Search and Rescue Operations at Sea
Personal data relating to persons disembarked following rescue operations at sea shall be retained for five (5) years, unless erased earlier in accordance with law.
Persons Admitted Through Resettlement or Humanitarian Admission Procedures
Personal data relating to persons admitted through resettlement or humanitarian admission procedures shall be retained for ten (10) years, unless erased earlier in accordance with law.
Persons Benefitting from Temporary Protection
Personal data relating to persons benefitting from temporary protection shall be retained for the duration provided by the applicable legal framework governing temporary protection and EURODAC.
Id-Drittijiet Tiegħek
Subject to the applicable legal framework and any lawful restrictions provided by legislation, you have the right to:
request access to personal data relating to you processed within the EURODAC system;
request correction of inaccurate or incomplete personal data;
request deletion of unlawfully processed or unlawfully stored personal data;
request restriction of processing in circumstances provided by law;
request verification of the lawfulness of processing; and
lodge a complaint with the national supervisory authority.
Where necessary to verify your identity and locate your EURODAC data, you may be requested to physically attend the Eurodac Office for biometric verification purposes. Any biometric data taken solely for verification purposes shall not be retained unless otherwise authorised by law.
How to Exercise Your Rights
Requests relating to personal data processed by the Malta Police Force within the EURODAC system may be submitted to the Eurodac Office or to the Data Protection Officer of the Malta Police Force.
To facilitate the exercise of these rights and enable the efficient handling of requests, data subjects are encouraged to make use of the model letters available on the Malta Police Force website by clicking here.
Requests concerning asylum or international protection case files, other than personal data processed in the EURODAC system, should be addressed to the competent authority responsible for asylum matters in Malta, namely the International Protection Agency (IPA).
Contact Details
Eurodac Office
Malta Police Force General Headquarters
St. Calcedonius Square
Floriana FRN 1530
Malta
Email: eurodac.police@gov.mt
Data Protection Officer
Malta Police Force General Headquarters
St. Calcedonius Square
Floriana FRN 1530
Malta
Email: dpu.police@gov.mt
Right to Lodge a Complaint
If you believe that your personal data has been processed unlawfully or in breach of applicable data protection legislation, you may lodge a complaint with the national supervisory authority:
Information and Data Protection Commissioner (IDPC)
Email: idpc.info@idpc.org.mt
Telephone: +356 23287100
Website: https://idpc.org.mt/
Further Information
This notice relates solely to the processing of personal data by the Malta Police Force in connection with the EURODAC system.
For information concerning the processing of personal data in the context of an asylum or international protection application, other than EURODAC processing, please contact the International Protection Agency (IPA).
Sistemi: Hand-Held Speed Cameras (HSCs)
- Huwa d-dmir tal-Pulizija li tippreserva l-ordni pubblika u l-paċi pubblika, li tipprevjeni u tiskopri u tinvestiga reati, li tiġbor evidenza, kemm jekk kontra jew favur il-persuna suspettata li wettqet ir-reat, u li tressaq lill-ħatja, kemm jekk prinċipali jew kompliċi, quddiem l-awtoritajiet ġudizzjarji skont l-Artikolu 346 (1) tal-Kodiċi Kriminali (Kapitolu 9 tal-Liġijiet ta’ Malta).
- L-Artikolu 62 (1) tal-Att dwar il-Pulizija speċifikament jagħti s-setgħa lill-Pulizija li żżomm, tipproċessa u tikklassifika kull informazzjoni rilevanti għat-twettiq ta’ xi reat f’Malta jew barra minn Malta liema informazzjoni tista’ tiġi preservata b’kull sistema tkun xi tkun, inkluż format elettroniku.
- Ir-Regolament 127 tar-Regolamenti dwar il-vetturi bil-mutur (L.S. 65.11 tal-Liġijiet ta’ Malta) jistabbilixxi l-limitu tal-ħeffa għall-vetturi bil-mutur u jipprovdi għall-użu tal-HSCs.
- Barra minn hekk, il-Korp tal-Pulizija ta’ Malta, jista’ jiġbor data personali permezz ta’ sorveljanza teknika jew mezzi awtomatizzati oħra għall-prevenzjoni, investigazzjoni, sejbien u prosekuzzjoni ta’ uffiċċji kriminali skont ir-Regolament 8 (3) tal-L.S. 586.08.
- titlob aċċess għad-data personali relatata magħha ipproċessata mill-HSCs;
- titlob il-korrezzjoni ta’ data personali fattwalment mhux preċiża relatata magħha jew;
- it-tħassir tad-data personali tagħha fil-każ ta’ informazzjoni pproċessata illegalment;
- titlob restrizzjoni tal-ipproċessar tad-data personali tagħha skont il-liġi;
- id-dritt li tressaq ilment quddiem il-Kummissarju għall-Informazzjoni u l-Protezzjoni tad-Data.
Sistemi: Passenger Name Record (PNR) / Advanced Passenger Information (API)
Is-Sistema PNR/API hija sistema integrata li tipproċessa:
informazzjoni pprovduta mill-passiġġieri u miġbura mil-linji tal-ajru, fil-kors normali tan-negozju tagħhom, biex ikunu jistgħu jsiru riżervazzjonijiet u l-proċess taċ-check-in, magħruf bħala l-Passenger Name Record (PNR), u
Advanced Passenger Information (API) data, li tintbagħat mit-trasportaturi tal-ajru mat-tluq, li joperaw titjiriet Extra-Schengen lejn Malta.
The Passenger Information Unit (PIU) within the Malta Police Force, under the Organized Crime wing, is responsible for operating L-Unità tal-Informazzjoni tal-Passiġġieri (PIU) fi ħdan il-Korp tal-Pulizija ta’ Malta, taħt il-fergħa tal-Kriminalità Organizzata, hija responsabbli għat-tħaddim tas-Sistema PNR/API. Hija prinċipalment responsabbli għal:
PNR/API System. It is mainly responsible to:
Tiġbor id-data tal-API u tal-PNR mit-trasportaturi tal-ajru;
Twettaq valutazzjoni tal-passiġġieri qabel il-wasla skedata tagħhom f’Malta jew it-tluq minn Malta, billi tqabbel id-data tal-API u tal-PNR ma’ databases ta’data rilevanti, bħas-Sistema ta’ informazzjoni tax-Schengen (SIS) u n-National Stop List (NSL), u tipproċessahom skont kriterji determinati minn qabel, sabiex jidentifika persuni li jistgħu jkunu involuti f ’reat terroristiku jew reat serju1, jew li huma projbiti milli jidħlu fiż-żona Schengen;
Tinforma u xxerred id-data tal-PNR u tal-API lill-awtoritajiet nazzjonali kompetenti, lill-Europol u lill-PIUs ta’ Stati Membri oħra, skont il-każ, jew b’mod spontanju jew bi tweġiba għal talbiet.
Id-data riċevuta titqabbel ma’ lista ta’ sorveljanza implimentata fi ħdan is-sistema b’dettalji ta’ persuni suspettati li huma involuti f’reat terroristiku jew delitt serju li jkun ġie pprovdut mill-awtoritajiet kompetenti.
Ġew introdotti wkoll profili bbażati fuq ir-riskju, fejn meta jitqabblu ma’diversi kriterji magħżula, il-passiġġieri jiġu mmarkati awtomatikament.
Bażi Legali
L-ipproċessar tad-dejta tal-PNR u l-API jitwettaq taħt obbligu impost minn strumenti leġiżlattivi differenti tal-Unjoni Ewropea. Iż-żewġ strumenti legali relattivi huma:
L-Att dwar id-data tar-Reġistru tal-ismijiet tal-passiġġieri (PNR) (Kapitolu 584 tal-Liġijiet ta’ Malta), li jimplimenta d-Direttiva (UE) 2016/681 tal-Parlament Ewropew u tal-Kunsill tas-27 ta’ April 2016 dwar l-użu tad-data tar-Reġistru tal-ismijiet tal-passiġġieri (PNR) għall-prevenzjoni, il-kxif, l-investigazzjoni u l-prosekuzzjoni ta’ reati terroristiċi u delitti serji;
L-Ordni dwar il-Komunikazzjoni tad-data dwar il-passiġġieri mit-trasportaturi bl-ajru jew bil-Baħar (leġiżlazzjoni sussidjarja 460.18), li timplimenta d-Direttiva tal-Kunsill 2004/82/EC tad-29 ta’ April 2004 dwar l-obbligu tat-trasportaturi li jikkomunikaw id-data dwar il-passiġġieri.
Data personali pproċessata fis-Sistema tal-API
Id-data tal-API tinġabar minn trasportaturi tal-ajru li joperaw titjira lejn Malta minn pajjiż terz u tiġi trażmessa elettronikament lis-Sistema tal-PNR/API sal-ħin tal-għeluq taċ-check-in skont ir-Regolament 3 tal-leġiżlazzjoni sussidjarja 480.18.
Din id-data tikkonsisti minn:
numru u tip ta’ dokument tal-ivvjaġġar użat;
nazzjonalità;
Ismijiet sħaħ;
data tat-twelid;
il-punt tad-dħul fit-territorju ta’ Malta;
kodiċi tat-trasport;
il-ħin tat-tluq u tal-wasla tat-trasport;
l-għadd totali ta’ passiġġieri ttrasportati fuq dak it-trasport; il-punt inizjali tal-imbark.
Data personali pproċessata fis-Sistema tal-PNR
Id-dejta tal-PNR hija aktar informattiva meta mqabbla mal-API u hija kkunsidrata bħala għodda investigattiva, filwaqt li l-istess tiġi riċevuta minn trasportaturi tal-ajru li joperaw kemm Intra kif ukoll Extra-Schengen u titjiriet ‘il ġewwa u ‘l barra. L-istess tintbagħat awtomatikament mit-trasportaturi tal-ajru permezz ta’ żewġ metodi push:
24 siegħa qabel it-tluq
Mat-tluq
Din id-data tikkonsisti minn:
Lokalizzatur tar-rekords tal-PNR
Data tar-riservazzjoni/ħruġ tal-biljett
Data/i tal-vjaġġ ippjanat
Ismijiet
Indirizz u informazzjoni ta’ kuntatt (numru tat-telefown, indirizz tal-posta elettronika)
Il-forom kollha ta’ informazzjoni dwar il-pagamenti, inkluż l-indirizz tal-kont
Itinerarju sħiħ tal-ivvjaġġar għal PNR speċifiku
Informazzjoni dwar min isiefer ta’ spiss
Aġenzija tal-ivvjaġġar/aġent tal-ivvjaġġar
L-istatus tal-ivvjaġġar tal-passiġġier, inklużi l-konfermi, l-istatus taċ-check-in, l-informazzjoni dwar in-no-show jew il-go-show
Informazzjoni tal-PNR maqsuma
Rimarki ġenerali (inkluża l-informazzjoni kollha disponibbli dwar minorenni mhux akkumpanjati taħt it-18-il sena, bħall-isem u s-sess tal-minorenni, l-età, il-lingwa/i mitkellma, l-isem u d-dettalji ta’ kuntatt tal-kustodju mat-tluq u r-relazzjoni mal-minorenni, l-isem u d-dettalji ta’ kuntatt tal-kustodju mal-wasla u r-relazzjoni mal-minorenni, l-aġent tat-tluq u tal-wasla)
Informazzjoni dwar il-biljetti, inkluż in-numru tal-biljett, id-data tal-ħruġ tal-biljett u l-biljetti f’direzzjoni waħda, l-oqsma awtomatizzati tal-kwotazzjoni tal-prezz tal-biljett
Numru tas-seat u informazzjoni oħra dwar is-seat
Informazzjoni dwar l-ixxerjar tal-kodiċi
L-informazzjoni kollha dwar il-bagalji
Numru u ismijiet oħra ta’ vjaġġaturi fuq il-PNR
Kwalunkwe API data miġbura (inklużi t-tip, in-numru, il-pajjiż tal-ħruġ u d-data ta’ skadenza ta’ kwalunkwe dokument ta’ identifikazzjoni, iċ-ċittadinanza, il-kunjom, l-isem mogħti, is-sess, id-data tat-twelid, il-linja tal-ajru, in-numru tat-titjira, id-data tat-tluq, id-data tal-wasla, il-port tat-tluq, il-port tal-wasla, il-ħin tat-tluq u l-ħin tal-wasla)
Il-bidliet kollha fil-PNR elenkati fin-numri 1 sa 18.
Żverlar tad-data tal-API u tal-PNR
Id-data tal-API u tal-PNR tista’ tintalab mill-awtoritajiet kompetenti li ġejjin għall-prevenzjoni, l-investigazzjoni u l-prosekuzzjoni ta’ reati serji:
Korp tal-Pulizija ta’ Malta
Uffiċjal Prinċipali tal-Immigrazzjoni
Servizzi tas-Sigurtà ta ’Malta
Taqsima għall-Investigazzjoni u Analiżi Finanzjarja
Dipartiment tad-Dwana
Awtoritajiet Ġudizzjarji
Europol
PIUs f’Membri Stati oħra
Awtoritajiet kompetenti f’pajjiżi terzi
Perjodu ta’ Żamma
Skont l-Artikolu 13 tal-Att dwar id-Data tar-Reġistru tal-Ismijiet tal-Passiġġieri (PNR), id-data kollha fis-Sistema PNR/API tinżamm għal perjodu ta’ ħames snin. Madankollu, wara sitt xhur mill-ġbir, id-data kollha tiġi depersonalizzata billi tiġi msakkra, u l-iżvelar ta’ din id-data lill-awtoritajiet kompetenti jseħħ biss bl-approvazzjoni ta’ awtorità ġudizzjarja jew tal-Kummissarju tal-Informazzjoni u l-Protezzjoni tad-Data.
X’inhuma d-Drittijiet tiegħek fir-rigward tad-data personali tiegħek ipproċessata fis-Sistema tal-PNR/API?
Id-data personali pproċessata fil-kuntest tal-qafas tal-PNR u tal-API hija rregolata mir-Regolamenti dwar il-Protezzjoni tad-data (ipproċessar ta’ data personali mill-awtoritajiet kompetenti għall-finijiet tal-prevenzjoni, l-investigazzjoni, is-sejbien jew il-Prosekuzzjoni ta’ reati Kriminali jew l-eżekuzzjoni ta’ pieni Kriminali) (leġiżlazzjoni sussidjarja 586.08) u l-GDPR2 meta l-ipproċessar isir għal finijiet oħra.
Kull persuna għandha d-dritt li:
jitolbu aċċess għal data personali relatata magħhom maħżuna fis-Sistema PNR/API;
jitolbu l-korrezzjoni ta’ data personali fattwalment mhux preċiża relatata magħhom jew it-tħassir tad-data personali tagħhom fil-każ ta’ informazzjoni maħżuna illegalment;
titlob restrizzjoni tal-ipproċessar tad-data personali tagħha skont il-liġi;
id-dritt li jitressaq ilment quddiem il-Kummissarju għall-Informazzjoni u l-Protezzjoni tad-Data (IDPC) jew li tintalab verifika tal-legalità tal-ipproċessar.
Sabiex jiġi ffaċilitat l-eżerċizzju tad-drittijiet tiegħek u biex tkun tista’ tittratta t-talba b’ mod aktar effiċjenti, inti mitlub tuża l-ittri mudell li ġejjin.
1 Il-kategoriji ta’ reati serji li fir-rigward tagħhom tista’ tiġi żvelata d-data tal-PNR huma elenkati fl-Iskeda C sa CAP.584, fejn tali reati huma kkastigati b ’sentenza ta’ kustodja jew ordni ta ’ detenzjoni għal perijodu massimu ta’ mill-inqas tliet snin.
2 Regolament (UE) 2016/679 tal-Parlament Ewropew u tal-Kunsill tas-27 ta’ April 2016 dwar il-protezzjoni tal-persuni fiżiċi fir-rigward tal-ipproċessar ta’ data personali u dwar il-moviment liberu ta ’tali data, u li jħassar id-Direttiva 95/46/EC (Regolament Ġenerali dwar il-Protezzjoni tad-data)
Sistemi: Schengen Information System (SIS)
- Regolament (UE) 2018/1860 tal-Parlament Ewropew u tal-Kunsill tat-28 ta’ Novembru 2018 dwar l-użu tas-Sistema ta’ informazzjoni ta’ Schengen għar-ritorn ta’ ċittadini ta’ pajjiżi terzi b’soġġorn illegali
- Regolament (UE) 2018/1861 tal-Parlament Ewropew u tal-Kunsill tat-28 ta’ Novembru 2018 dwar l-istabbiliment, it-tħaddim u l-użu tas-Sistema ta’ informazzjoni ta’ Schengen (SIS) fil-qasam tal-verifiki fuq il-fruntieri, u li jemenda l-Konvenzjoni li timplimenta l-Ftehim ta’ Schengen, u li jemenda u jħassar ir-Regolament (KE) Nru 1987/2006
- Regolament (UE) 2018/1862 tal-Parlament Ewropew u tal-Kunsill tat-28 ta’ Novembru 2018 dwar l-istabbiliment, it-tħaddim u l-użu tas-Sistema ta’ informazzjoni ta’ Schengen (SIS) fil-qasam tal-kooperazzjoni tal-pulizija u l-kooperazzjoni ġudizzjarja f’ materji kriminali, li jemenda u jħassar id-Deċiżjoni tal-Kunsill 2007/533/JHA ĠAI, u li jħassar ir-Regolament (KE) Nru 1986/2006 tal-Parlament Ewropew u tal-Kunsill u d-Deċiżjoni tal-Kummissjoni 2010/261/EU
- Dejta ta’ identifikazzjoni : Dejta meħtieġa biex tiġi identifikata l-persuna mfittxija u informazzjoni oħra rilevanti għall-utent aħħari li jwettaq tfittxija. It-twissija tista’ tinkludi wkoll dejta dwar vittmi ta’ identità użata ħażin (fejn applikabbli).
- Dokumenti ta’ identifikazzjoni: data li tiddeskrivi d-dokument ta’ identifikazzjoni tal-persuna li tkun is-suġġett tat-twissija – tista’ tiġi mehmuża kopja tad-dokument.
- Raġuni għall-Alert: “raġuni għall-alert”, li tiddeskrivi, b ’mod strutturat, għaliex il-persuna qed tintalab.
- Azzjoni meħtieġa: “azzjoni li għandha tittieħed”, li tiddeskrivi, b ’mod strutturat, x’ għandu jagħmel l-uffiċjal meta tinstab il-persuna.
- Informazzjoni dwar il-każ : Informazzjoni dwar il-każ eż., l-awtorità li tawtorizza d-dħul tat-twissija, in-numru ta’ referenza tal-każ eċċ. Il-kopja tal-Mandat ta’ Arrest Ewropew (EAW) ta’ persuna mfittxija għall-arrest hija wkoll mehmuża mat-twissijiet għal arrest għal konsenja.
- Informazzjoni dwar oġġetti relatati ma’ persuni: data dwar oġġetti mdaħħla fis-SIS biex tinstab persuna li tkun is-suġġett ta’ allert, pereżempju l-vettura wżata mill-persuna mfittxija.
- Ritratti: ritratti tal-persuna li tkun is-suġġett tal-alert.
- Marki tas-swaba’ u marki tal-pala tal-id: data dattiloskopika (marki tas-swaba’ u/jew marki tal-pala tal-id) għall-persuna li tkun is-suġġett tal-alert.
- Marki tas-swaba’ u marki tal-pala tal-id: data dattiloskopika (marki tas-swaba’ u/jew marki tal-pala tal-id) misjuba f’xeni ta’ reat.
- Profil tad-DNA: profil tad-DNA tal-persuna li hija s-suġġett tal-alert jew tal-membri tal-familja (fil-każ biss ta’ persuni neqsin li jeħtieġ li jitqiegħdu taħt protezzjoni).
Lista ta’ Alerts u l-perjodu ta’ rijeżami perjodiku rispettiv:
| Regolament (UE) 2018/1860 | ||
| Tip ta’ Alert | | |
| Allerti fir-rigward ta’ ċittadini ta’ pajjiżi terzi soġġetti għal deċiżjonijiet ta’ ritorn maħruġa mill-pajjiżi ta’ Schengen (Deċiżjonijiet ta’ Ritorn). | ||
| Regolament (UE) 2018/1861 | ||
| Tip ta’ Alert | | |
| Allerti dwar ċittadini ta’ pajjiżi terzi li ma jistgħux jidħlu jew jibqgħu fiż-żona Schengen (Rifjut ta’ dħul jew soġġorn). | ||
| Regolament (UE) 2018/1862 | ||
| Tip ta’ Alert | ||
| Twissijiet dwar persuni li huma soġġetti għal mandat ta’ arrest Ewropew jew mandat ieħor għall-konsenja (in-Norveġja u l-Iżlanda)/Talba għal Estradizzjoni (l-Iżvizzera u l-Liechtenstein) (Persuni mfittxija għall-arrest). | ||
| Allerti biex jinstabu persuni neqsin, inklużi tfal, u biex jitqiegħdu taħt protezzjoni jekk dan ikun legali u meħtieġ (persuni neqsin). | ||
| Allerti biex jinstab il-post ta’ residenza jew domiċilju ta’ persuni mfittxija biex jassistu fi proċeduri ġudizzjarji kriminali (pereżempju xhieda, persuni mħarrka biex jidhru fil-Qorti jew li għandhom jiġu nnotifikati b’sentenza kriminali jew jiskontaw piena li tinvolvi ċaħda ta’ liberta) (persuni mfittxija biex jassistu fi proċedura ġudizzjarja). | ||
| Allerti għall-identifikazzjoni ta’ persuni mhux magħrufa mfittxija fir-rigward ta’ reati terroristiċi jew reati serji oħra li qed jiġu investigati (persuni mfittxija mhux magħrufa). | ||
| Twissijiet biex jiġi evitat li tfal f’riskju jinħatfu jew jintilfu (Tfal f’ riskju li jinħatfu minn ġenituri, qraba, jew tuturi). | ||
| Allerti għall-protezzjoni ta’ persuni vulnerabbli (adulti jew tfal) milli jittieħdu illegalment barra mill-pajjiż jew biex ma jitħallewx jivvjaġġaw mingħajr l-awtorizzazzjonijiet meħtieġa (persuni vulnerabbli li l-ivvjaġġar tagħhom għandu jiġi evitat). | ||
| Allerti biex tinkiseb informazzjoni dwar persuni jew oġġetti relatati għall-finijiet ta’ prosekuzzjoni ta’ reati kriminali u għall-prevenzjoni ta’ theddid għas-sikurezza pubblika jew nazzjonali (Persuni u oġġetti għal verifiki diskreti, ta’ inkjesta jew speċifiċi). | ||
| Allerti dwar oġġetti (pereżempju vetturi, dokumenti tal-ivvjaġġar, pjanċi tan-numri u tagħmir industrijali) li qed jintalbu għall-qbid jew għall-użu bħala evidenza fi proċedimenti kriminali, u allerti dwar dokumenti tal-ivvjaġġar għall-prevenzjoni tad-detenturi ta’ dawn id-dokumenti milli jivvjaġġaw (Oġġetti għall-qbid jew għall-użu bħala evidenza fi proċeduri kriminali). | ||
| Artikoli 26, 32, 34, u 36 (Jekk marbuta ma’ allert dwar persuna) | ||
X’inhuma d-Drittijiet tiegħek fir-rigward tad-data personali tiegħek ipproċessata fis-SIS?
- jitolbu aċċess għal data personali relatata magħhom imdaħħla fis-SIS;
- jitolbu l-korrezzjoni ta’ data personali fattwalment mhux preċiża relatata magħhom jew it-tħassir tad-data personali tagħhom fil-każ ta’ informazzjoni maħżuna illegalment;
- id-dritt li jressqu ilment mal-Kummissarju tal-Informazzjoni u l-Protezzjoni tad-Data (IDPC) jew li tintalab verifika tal-legalità tal-ipproċessar.
Dan id-Dokument ta’ Politika jispjega u jipprovdi t-tagħrif meħtieġ fuq kif tinżamm id-data personali mill-Uffiċċju tal-Arbitru għas-Servizzi Finanzjarji (“OAFS”, “aħna”) u dwar id-drittijiet tiegħek skont il-Liġi. Dan id-Dokument għandu jittieħed fid-dawl tad-dispożizzjonijiet applikabbli bir-Regolament (UE) 2016/679 dwar il-protezzjoni tal-persuni fiżiċi fir-rigward tal- ipproċessar ta’ data personali u dwar il-moviment liberu ta’ tali data (“GDPR”), u b’mod speċjali l-Artikli 13, 14 u 21 tiegħu.
Għan.
Kemm jekk is-Suġġett tad-Data (“inti”) jkun ilmentatur, rappreżentant ta’ applikant, jew xi ħadd li jixtieq biss isir jaf aktar fuq il-proċedura tal-ilmenti tal- OAFS, nixtiequ ntuk idea tad-data personali li niġbru mingħandek għall- mekkaniżmu tal-kumpens tagħna marbut mas-servizzi finanzjarji, u kif nużaw din id-data. Barra minn hekk, nixtiequ ninfurmawk bid-dmirijiet u d-drittijiet tiegħek applikabbli bil-liġi tal-protezzjoni tad-data.
Definizzjoni. Għall-għanijiet ta’ dan id-Dokument, id-definizzjonijiet li hemm fir-Regolament (UE) 2016/79 dwar il-protezzjoni tal-persuni fiżiċi fir-rigward tal-ipproċessar tad-data personali u l-moviment ħieles tat-tali data (“GDPR”) japplikaw bl- istess mod, mutatis mutandis.
Definitions
Dan id-Dokument u kwalunkwe riżultat tiegħu huma rregolati bil-Liġijiet ta’ Malta u l-Qrati ta’ Malta għandhom ġuriżdizzjoni li mhix esklużiva.
3. Law
This Policy and any resulting effects are governed by the Laws of Malta and the Courts of Law in Malta have non-exclusive jurisdiction.
Who is responsible for personal data processing?
You may reach the Data Protection Officer (DPO) for the OAFS on the following addresses:
The DPO, Office of the Arbiter for Financial ServicesN/S in Regional Road,Msida MSD1920 MALTA Email: dpo.oafs@financialarbiter.org.mtWhat personal data does the OAFS process when you contact us?
We record details about your contact with us manually or on an excel worksheet which is saved on servers hosted by MITA, the Malta Government Agency which provides IT infrastructure to all government agencies.
We will use your personal information to provide you with any information or services that you ask for, or to reply to any correspondence exchanged with us. If you have asked us to intervene on a minor case with a financial services provider against whom you have a dispute, we will share such personal information, as is necessary, with such entity solely for the purpose of helping you with your query. Where so required, we will also use personal information to analyse:
- information,
- what type of questions are being directed to the OAFS, and,
- whether the service we provide is effective in delivering useful information, guidance or otherwise.
In other cases, we will endeavour to minimise the use of personal data, as may be applicable and required.
Contacting us by phone
Calls to our office lines may be recorded for quality, evaluation, security and training purposes. When you contact us, we ask for the necessary personal information, as may be applicable, depending on the nature of the call. You are under no obligation to provide this information to us, but it enables us to provide a better quality of service when you contact us again. As a minimum, we will hold your name and phone number for the purposes specified above unless you inform us that you wish to remain anonymous.
Monitoring of emails
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with security policy. Email monitoring or blocking software may also be used. The site and domain are hosted and managed by MITA, on behalf of the OAFS. MITA has its Head Office registered at:
Data Protection OfficeMalta Information & Technology AgencyGattard House, National Road, Blata l-Bajda HMR 9010. Malta. Telephone (+356) 2599 2410Email: dp.mita@gov.mt
Please be aware that you have a responsibility to ensure that any emails you send to us are within the bounds of the Law. As a public agency, we are required to produce statistical information about our work. In this regard, we publish annual anonymised aggregated data of the number of enquiries (phone calls and emails) and complaints that we receive and process, including the subject matter of such enquiries. We never publish statistical information which could in any way identify consumers. As for enquiries, once such annual statistical tables are produced, personal details, categorisation of the enquiry and any notes taken describing the enquiry will be destroyed. Regarding the statistical information relating to complaints, our retention policy outlined below applies.
CCTV (Closed Circuit Television)
The OAFS operates a video-surveillance system to deter, prevent, manage and investigate safety and security incidents as well as for the protection of persons, property and documents against damage, theft, intrusion, assault or any other threat. The video-surveillance system complements other typical security and access control purposes by monitoring specific areas and events. It forms part of the measures to support broader OAFS security policies. The system is not used for any purpose other than those mentioned above. For instance, it is not used to monitor the workstations of personnel or attendance. Neither is the system used as an investigative tool for purposes other than those instances described above, or in disciplinary procedures unless a physical security incident or criminal behaviour is involved. CCTV footage is recorded on a hard-drive and kept on a rolling 30 days. Footage beyond 30 days is automatically deleted.
In the case of a Complaint, what personal data does the OAFS process and where does this data come from?
The OAFS processes personal data obtained from the Complaint Forms submitted to it by the Complainant/s and/or their respective representative. In addition, the OAFS processes personal data that is received from the Respondent party/parties, that is, the financial services provider against which the Complaint is lodged. As part of the procedures, the following personal data is usually processed by us, as follows:
- First and last name/s of consumer/s submitting a complaint
- (Correspondence) Address
- Phone number/s
- E-mail address
- Skype ID
- Date and time of the Complaint Registration
- First and last name/s of the person assisting or representing the consumer/s, if applicable
- (Correspondence) Address data of the person assisting or representing the consumer/s, if applicable
- Phone number/s of the person assisting or representing the consumer/s, if applicable
- E-mail address of person assisting or representing the consumer/s, if applicable
- Details of any person/s who originally sold the product or service to the consumer/s
In addition to the above-mentioned items of personal data, there are other data items that would be required in connection with the Complaint submitted to the OAFS and the subsequent procedures relating to the mediation and/or investigation. Such data and information may relate to any contractual agreement/s you may have entered or signed up to, substantiating documentation directly or indirectly related to such contractual agreement/s, products or services you may have purchased or otherwise subscribed to, on a one-off or a continued-delivery basis. In this regard, we may also require the production, from you and/or other parties, correspondence (including voice/video recordings and other media files) that may have passed between you, your representative and/or the Respondent or other relevant third parties.
In the case of a Complaint, what is the personal data processed for (purpose of processing) and on what legal basis does this processing take place?
Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Data Protection Act in Malta (Act 20 of 2018, Chapter 586 of the Laws of Malta). The processing of your personal data takes place exclusively to answer queries and properly conduct the necessary work in connection with the Complaint you would have submitted to us, with regard to the applicable complaint procedure/s and in accordance with the rules of procedure relevant and as contained in the applicable Laws.
The substantive legal basis for the processing of your personal data is the Arbiter of the Financial Services Act (Chapter 555 of the Laws of Malta), which attributes the necessary functions, powers and rights to this Office and, in particular, Article 21 (Competence of Arbiter), Article 22 (Procedure relating to complaints), Article 24 (Mediation), Article 25 (Investigation), Article 26 (Adjudication) and Article 27 (Appeal and enforceability).
In line with GDPR Article 6 (1)(f), processing shall be lawful, only if and to the extent that, it is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, especially where the processing is carried out by public authorities in the performance of their tasks. This, together with the consent provided by the data subject to the processing of his or her personal data for one or more specific purposes, as per GDPR Art. 6(1)(a) for the 7 March 2019 Page 5 of 10 essential legal basis for the data processing activity carried out by the OAFS, in the execution of its mandate.
Furthermore, it is pointed out that in line with L.N. 177 of 2018, Restriction of the Data Protection (Obligations and Rights) Regulations, 2018, and in particular Regulation 4(e), the scope of the obligations and rights provided for in GDPR Articles 12 to 22, 34, as well as Article 5 (as applicable), any restriction to the rights of a data subject shall only apply where such restrictions are a necessary measure for the establishment, exercise or defence of a legal claim and for legal proceedings which may be instituted under any law.
Who has access to your personal data?
Your personal data will only be made accessible and transmitted to the parties directly involved in the complaint procedure or which may have a duty or legitimate interest at law to have access to such data and information. The following will have access to some or all of the personal data pertinent to the said procedures, as follows and at different stages, as may be applicable:
- the personnel acting and serving the OAFS
- any authorised or specifically engaged party acting for or otherwise assisting the OAFS in the course of proceedings
- the person who will assist or represent you in the course of the proceedings or that you may have authorized
- the respondent and its authorised agents, dependents and (legal) representative/s.
If your case is appealed, the case file is passed on to the Courts of Appeal (Inferior Jurisdiction) in its entirety.
After the decision of the Arbiter becomes res judicata (binding on all parties and cannot be pursued any further), if in the Arbiter’s opinion there is substantial evidence of any significant breach of duty or misconduct on the part of a financial services provider, or any criminal conduct of any of the parties, the Arbiter shall refer the matter to the competent authorities to take any further appropriate action, if any, according to law.
Furthermore, it is to be noted that it is not excluded that certain duly contracted service providers (data processors within the meaning of GDPR Art. 28) may also have short-term access to your personal data. Such data processors are, in particular, persons responsible for the continued care and maintenance of the implementation of the I.T. infrastructure and security applications at the OAFS, together with service providers in the telecommunications industry (in providing the necessary electronic communication channels), printing and computer hardware services and general logistics. It is to be noted that all relevant providers (processors) will be engaged by virtue of a written contractual agreement that is to cater to the duties and responsibilities around the GDPR.
It is not usual practice for the OAFS to allow its service providers (data processors) to subcontract to third parties. Should this be the case, the appropriate (contractual) measures will be taken to ensure that the sub-processor will assume the responsibilities bestowed by us on the processor, as may be so applicable.
All the above-mentioned parties are to be regulated or otherwise made subject to the applicable provisions of the GDPR and the Data Protection Act in Malta (Act 20 of 2018 of 28 May 2018).
For how long will your data be stored?
In line with L.N. 177 of 2018, Restriction of the Data Protection (Obligations and Rights) Regulations, 2018, and in particular Regulation 5(3), it is pointed out that the retention period to be applied for personal data that is processed pursuant to these regulations, shall not be longer than what is necessary for the purpose of the processing of such personal data or shall not be longer than the period required to achieve the aim of the restriction, or as provided by law.
Except for decisions of the Arbiter (see below), physical and electronic (i.e. scanned) case files will be kept by the OAFS for five (5) years from the date when the decision becomes binding on all parties to the complaint.
Once the applicable retention period expires, physical and electronic copies of case records (that is, scanned copies of the physical file) will be destroyed, except for names of the parties and details of the complaint which will be retained to facilitate searches of decisions.
Physical and electronic versions of the Arbiter’s decisions as relayed to the parties to the complaint will be retained by us permanently.
Decisions issued by the Arbiter for Financial Services are published on the Office’s website and will remain available for a minimum of ten (10) years from the date of the Arbiter’s decision. The published version will replace complainants’ names with different initials to make them unidentifiable.
We are also obliged to publish a summary of cases decided by the Arbiter in our Annual Report. Here, too, we will replace complainants’ names with different initials to preserve anonymity.
Are data transmitted to a third country or to an international organisation?
There are no transfers of personal data to countries outside the European Union (EU) / European Economic Area (EEA) or to an international organisation.
As part of the remote maintenance of software and standard I.T. components, especially in the context of certain troubleshooting in individual cases stations or terminals, MITA may make use of an I.T. service provider from a third country outside the EU/EEA (e.g. the USA). Details sourced from MITA will be provided to you separately, as and if required by law.
What data subject rights do you have?
In terms of GDPR, consent is not regarded as freely given if the data subject has no genuine or free choice or is unable to refuse or withdraw consent without detriment. Thus, the Data Subject has the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the Data Subject shall be informed thereof. It shall be as easy to withdraw as to give consent.
According to GDPR Art. 15, you have the Right of Access to obtain from the Data Controller confirmation as to whether or not your personal data is being processed, and, where that is the case, access to the personal data and the following information:
- the purposes of the processing
- the categories of personal data concerned
- the recipients or categories of recipient to whom the personal data have been or will be disclosed
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
- the right to lodge a complaint with a supervisory authority
- where the personal data are not collected from the data subject, any available information as to their source
- the existence of automated decision-making, including profiling.
In addition, you may, under GDPR Article 16, obtain from the Data Controller, without undue delay, the rectification of inaccurate personal data about you.
The law also allows for the exercise of other rights, as follows:
Article 17. Right to erasure (‘right to be forgotten’). The data subject shall have the right to obtain from the Data Controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay, depending on the conditions applicable at Law.
Article 18. Right to restriction of processing. This applies in one or more of the following cases:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data
- the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims
- the data subject has formally objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
Article 20. Right to data portability. The right of the data subject to receive his/her personal data (which s/he has provided to a Data Controller) in a structured, commonly used and machine-readable format, and ancillary right to transmit such data to another Data Controller without hindrance.
Please do bear in mind that Data Protection is a civil law right and is not an absolute right law, that is, there are other laws and circumstances which – by their nature – take preference and prevalence over personal data protection, as further detailed in the GDPR and in the relevant body of Laws in Malta (e.g. laws regulated public safety and security, criminal law).
Thus, the Data Subject’s rights referred to above are not absolute and there could be situations where the right may either not be exercised or may only be partially entertained by the Data Controller/Processor.
Furthermore, in order to allow the OAFS to adequately conduct its functions at Law, the necessary personal data would need to be processed. Without the right information, the fair and good delivery of service would be prejudiced. In the event of an objection to processing your personal data, we will no longer process your personal data, unless it is established that there are compelling legitimate grounds for processing such data, which grounds do outweigh your interests, rights and freedoms, and may be justified as being pursued for the common good.
The above is further substantiated by L.N. 177 of 2018, Restriction of the Data Protection (Obligations and Rights) Regulations, 2018, and in particular Regulation 4(e), where the scope of the obligations and rights provided for in GDPR Articles 12 to 22, 34, as well as Article 5 (as applicable) may be restricted for the establishment, exercise or defense of a legal claim and for legal proceedings which may be instituted under any law. Thus, where any restriction provided for under these regulations applies, the OAFS shall inform the data subject, provided such a disclosure will not be prejudicial to the purposes of the restriction applied pursuant to these regulations.
Data Subject Request (DSR). You may exercise the above-mentioned rights by submitting your request, in writing, including the following items:
- Name and Surname
- Contact Details
- Proof of identification
- Indication whether you have a Complaint lodged with OAFS (and whether such Complaint is pending review)
- Indication whether you are engaged or known to the OAFS, otherwise than as Complainant
- Indication of the GDPR right being exercised
The request is to be sent (manually or electronically) to the attention of the DPO as follows:
The DPO, Office of the Arbiter for Financial ServicesN/S in Regional Road, Msida MSD1920 MALTAEmail: dpo.oafs@financialarbiter.org.mt
What are the data subject’s rights of redress and remedy?
Without prejudice to any other administrative or judicial remedy, GDPR Art. 77 allows every data subject the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy.
The Data Protection Supervisory Authority responsible for the OAFS is:
Information and Data Protection CommissionerFloor 2, Airways House, High Street, Sliema, SLM 1549. MALTA.Telephone: (+356) 2328 7100
Email: idpc.info@gov.mt
In line with GDPR Art. 78 and 79, without prejudice to any other administrative or non-judicial remedy:
- each natural or legal person has the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning them
- each data subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under this Regulation have been infringed, as a result of the processing of his or her personal data in non-compliance with this Regulation.
The Data Subject has the right to mandate a not-for-profit body, organisation or association which has been properly constituted at Law has statutory objectives which are in the public interest, and are active in the field of the protection of data subjects’ rights and freedoms with regard to the protection of their personal data to lodge the complaint on his or her behalf, to exercise the rights referred to in this part on his/her behalf, and to exercise the right to receive compensation were provided for by Member State law.
Is there an obligation for you to provide your data?
You only need to provide us with personal data and information required for the adequate completion of your Complaint, or for the processing of your request and the execution of the relevant procedure.
Please be advised that if you withhold or otherwise object to the OAFS processing personal data necessary and required in the consideration of the relevant Complaint or procedures, and in line with the functions and powers of the OAFS, then the OAFS would not be in a position to adequately review and/or decide on your Complaint. In such a case, the Complaint will be rejected or otherwise abandoned/discontinued.
To what extent is there automated decision-making in individual cases?
Automated decision-making within the meaning of GDPR Art. 22, that is, decisions that rely solely on automated processing, including profiling, cannot and are not found in setups such as the OAFS; it is not the remit of the OAFS to perform such automated processing.
Updating of this Policy
We reserve the right to update this Data Protection Policy at any time. The updated Data Protection Policy will be published on our website.
Stay up to date
Join our subscribers list to get the latest news.