Privacy Policy

Definitions

• Personal Data: Personal Data means data about a person who can be identified from this data.
• Cookies: Cookies are small pieces of information stored on the user's hard disk.
• Data Controller: Data Controller refers to the person who determines the purposes for which and the manner in which any personal data is, or is to be, processed. For the purpose of this Privacy Policy, the Authority is Data Controller of your data.
• Data Subject: Data Subject refers to any person who is the subject of Personal Data.

What information does the Authority collect about you?

All personal information that we collect about you will be recorded, used, and protected by us in accordance with applicable data protection legislation at the time and this privacy policy. The term 'personal data' refers to personally identifiable information about you, such as your name, address and/or email address, Identity Card number and phone number. The Authority will not request more information that is necessary in the carrying out of its duties.

The Authority collects your personal information when you make use of the following services available on our website, that require the voluntary submission of your personal information namely:

• Personal information when submitting the Consumers' Complaint form;
• Personal information when submitting the Flag a Concern form;
• Personal information when submitting the 'Contact Us' form.

How will the Authority use your personal information?

The Authority may collect and process your personal information for the following purposes:

• To carry out its legal and enforcement functions;
• To process the submission of personal information with regard to our online forms;
• To provide its services.

Your personal information may also be shared with:

• Third parties engaged by the Authority in the carrying out of its duties, regard being had to the utmost protection of your personal information;
• When it is under a legal or regulatory duty to do so;
• As otherwise permitted under relevant applicable laws.

How long is your personal information retained for?

Except as otherwise mentioned in this privacy policy, we keep your personal information only for as long as required by the Authority:

• to provide you with the services you have requested;
• to carry out the functions of the Authority in accordance with the relevant provisions of the Malta Competition and Consumer Affairs Authority Act (Chapter 510 of the Laws of Malta), and other subsidiary legislation and/or other relevant legislation that falls within the ambit of the Authority;
• to put forward, support a claim or defense in court or tribunal established by law.

Access/Modify/Delete your personal information

As the data subject, you have a right to request what personal information we hold about you as well as to rectify existing personal data that we hold about you and/or deletion thereof.

If you wish to submit a request that your data be deleted or rectified, and/or to receive a copy of the personal information that we hold about you, you may submit such request at any time by sending us an email on [email protected]. We may charge a small fee towards the cost of administering any request you make.

Verification of your personal information

When the Authority receives any request to access, rectify or delete personal identifiable information, it shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.

Legal protection and rights

The Authority is required to comply with the provisions of the General Data Protection Regulation (Regulation (EU) 2016/679), national legislation pertaining to data protection in force at the time and subsidiary legislation made thereunder (collectively referred to as the "Data Protection Laws").

To this end, the Authority will ensure that your personal information is:

• processed fairly and lawfully;
• processed in accordance with your rights;
• updated and accurate;
• obtained merely for a specific and lawful purpose;
• not kept longer than is necessary for its purpose;
• recorded in a secure manner.

Security of information

Our website uses Secure Sockets Layer ("SSL") to ensure secure transmission of your personal data. For a website to be secure, a padlock symbol needs to be shown in the URL address bar and the URL address needs to start with "https://". SSL applies encryption between two end points such as your personal computer and the connecting server. Any data transmitted during the session is encrypted before being sent, and then decrypted at the receiving end. This ascertains that data cannot be read during transmission.

Cookies

As you might have been aware when you first visited our website, we use 'cookies' on our website. Cookies are small pieces of information that your browser stores on your computer's hard drive upon visiting any website. They are used to record how you navigate this website on each visit.

For further information on how we use cookies, please refer to our Cookie Policy.

Personal identifiers from your browsing activity

Requests by your web browser to our servers for web pages and other content on our website are recorded. We record information such as your Internet Service Provider and your IP address. We also record information about which browser you are using to navigate through our website, such as the type of computer or device and the screen resolution.

We use this information in aggregate to assess the popularity of the webpages on our website and how we perform in providing content to you.

If combined with other information we know about you from previous visits, the data possibly could be used to identify you personally.

Third party links

Our website may contain links to third party websites, both local and international. Please note that we shall not take responsibility for the content, use, privacy practices or the consent of any such websites. Kindly be aware that once you link to a third party site, you will no longer be on our website and you will become subject to the privacy policy, if any, of that website. For this purpose, we recommend you to read the privacy policy and terms of use of these third party websites.

Changes to this Privacy Policy

We may update this policy from time to time as it deems necessary. The terms that apply to you are those posted here on our website on the day you make use of it. We advise you to print a copy for your records.

If there are any changes to this privacy policy, these will be posted on this page accordingly. It is therefore in your own interest to check the 'Privacy Policy' page every time you access this website so as to be aware of any changes which may occur from time to time.

If you have any questions regarding our privacy policy, please contact us on the email address specified in this policy.

How to contact us about your personal data or this privacy policy

If you have any questions about this privacy policy or about your personal data, please email the Authority at [email protected] or write to the Authority at the following address:

Where to make a complaint

If you are not happy with our privacy policy or if you have any complaint then you should contact our Data Protection Officer by email on [email protected].

When we receive a complaint, we record all the information you have given to us. We use that information to resolve your complaint.

If your complaint reasonably requires us to contact some other person, we may decide to give to that other person some of the information contained in your complaint. We do this as infrequently as possible, but it is a matter for our sole discretion as to whether we do give information, and if we do, what that information is.

If you are in any way dissatisfied about how we process your personal information, you have a right to lodge a complaint with the Office of the Information and Data Protection Commissioner. This can be done at https://idpc.org.mt/en/Pages/contact/complaints.aspx.