Introduction

The Malta Chamber of Commerce, Enterprise and Industry (Malta Chamber) is committed to protect the privacy of individuals who communicate with it, use its services, visit its websites, and who make use of its online facilities. This privacy notice provides data subjects with information in terms of the provisions of the Data Protection Act (Chapter 586 of the Laws of Malta) (the ‘Act’) and the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’). Together this legislation shall be considered as the ‘applicable law’.



About us

The Malta Chamber of Commerce, Enterprise and Industry (Malta Chamber) is the independent voice of the private sector in Malta. 



Mission statement

The Malta Chamber shall seek: “To vigorously influence the formation of policy at national and European level towards the development of an enterprise culture, the creation of favourable economic conditions to the advantage of Members and the interests of the wider community.”



Controller of personal data

The Malta Chamber collects and processes personal data of its members, and of all persons 

  1. who visit and make use of its websites, including its online portal and intranet; 
  2. who make use of any of its services;
  3. who participate in any of its surveys or in any of the events that it organizes; and
  4. with whom it interacts in the fulfilment of its mission. 

This privacy notice applies to all personal data processed by the Malta Chamber as a controller. Except as listed further on in this Privacy Notice the Malta Chamber is the sole data controller of all the personal data abovementioned. 

The Malta Chamber may be contacted on all matters relating to data protection as follows:

Postal address: The Malta Chamber of Commerce, Enterprise and Industry,

The Exchange Buildings, 

Republic Street, Valletta VLT 1117

E-mail address: data.protection@maltachamber.org.mt.



Minors

The only services that the Malta Chamber provides to minors are in the context of its role as a test and examination centre and a specific privacy notice exists in this respect. Other than the above, Malta Chamber websites are not designed or intended for minors and the Malta Chamber does not knowingly collect or process personal data of minors. 



Data protection principles

The Malta Chamber is committed to processing data in accordance with its responsibilities established by the applicable law.

Article 5 of the GDPR requires that personal data shall be:

  1. processed lawfully, fairly and in a transparent manner in relation to individuals;
  2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
  3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
  5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.



Lawfulness of processing

Article 6.1 of the GDPR requires that processing of personal data shall be lawful only if and to the extent that at least one of the following applies:

  1. the data subject has given consent to the processing of his or her personal data for one or more specific purposes (‘consent’); 
  2. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (‘contract’); 
  3. processing is necessary for compliance with a legal obligation to which the controller is subject (‘legal obligation’); 
  4. processing is necessary in order to protect the vital interests of the data subject or of another natural person (‘vital interests’); 
  5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (‘public interest’); 
  6. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child (‘legitimate interests’).

Point (f) of the first subparagraph shall not apply to processing carried out by public authorities in the performance of their tasks.”



Processing of special categories of personal data

Article 9.2 of the GDPR states that processing of special categories of personal data shall not be prohibited if one of the following applies:

  1. “the data subject has given explicit consent to the processing of those personal data for one or more specified purposes...;
  2. processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law…;
  3. processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent;
  4. processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim…;
  5. processing relates to personal data which are manifestly made public by the data subject;
  6. processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity;
  7. processing is necessary for reasons of substantial public interest…;
  8. processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...;
  9. processing is necessary for reasons of public interest in the area of public health…;
  10. processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1)...;”

Article 9.3 of the GDPR states that:

“Personal data referred to in paragraph 1 may be processed for the purposes referred to in point (h) of paragraph 2 when those data are processed by or under the responsibility of a professional subject to the obligation of professional secrecy…;”

Types of data collected

The Malta Chamber collects and keeps such data as it deems necessary to fulfil its role and to be in a position to give the services it undertakes to provide. The following is a list of such data: 

  1. Identity Data of individual members and representatives/company officers of corporate members: name, surname, nationality, ID card / passport number, date of birth; designation ; 
  2. Contact Data: postal address, fixed line / mobile telephone number, e-mail address;
  3. Subscription Data Information provided to us for the purpose of subscribing to our email notifications and/or newsletters;
  4. Profile Data: membership of economic groups / business sections / thematic groups, areas of interest and inclusion in related mailing lists, ‘open/read’ statistics of Malta Chamber Newsletters, survey responses, records of participation in Malta Chamber events and activities;
  5. Assistance Data: data relating to the services requested from and / or provided by the Malta Chamber;
  6. Financial Data: bank account details; account history; VAT number; 
  7. Financial Transaction Data: invoices issued and received, payments made and received, amounts outstanding;
  8. Website Technical Data: IP address, login data, browser details;
  9. Website Usage Data: website usage details;
  10. CCTV Data: CCTV cameras may record images of persons in The Exchange Buildings.

Other types of personal data related to tests and examinations:

  1. Minors: as a test and examination centre the Malta Chamber may collect and process personal data of minors under a separate privacy notice;
  2. Special categories of personal data: in those cases where candidates request special treatment due to a health or medical condition, the Malta Chamber asks these candidates to provide it with such health or medical data as is necessary to enable it to process and address such requests.



Methods of Data Collection

The Malta Chamber collects data through various ways. The following is a non-exhaustive list of such methods: 

  1. Directly: through forms / applications / surveys filled by the data subject, through any other interactions with the Malta Chamber;
  2. Automatically: Malta Chamber websites may record technical and other data of persons who visit or interact with them, CCTV cameras may record images of persons in The Exchange Buildings;
  3. Third party and publicly available sources; Malta Business Registry, Accountancy Board Registers, credit reference agencies, websites of the data subjects themselves, other publicly available data and data available on the internet.



Data Retention

The Malta Chamber does not keep personal data for a period of time longer than is necessary, having regard to the purposes for which it is processed. The Malta Chamber retains and uses information as necessary to comply with its legal obligations, fulfil its mission statement, resolve disputes, protect the interests of data subjects, and enforce its agreements. Please contact us on data.protection@maltachamber.org.mt should you wish to have more information in this regard.

Data sharing with third parties

The Malta Chamber may disclose information to the following third parties:

  • any entities or other institutions of the Malta Chamber, trusted third parties which assist us in our daily operations or administer activities on our behalf, including IT service and software providers;
  • any contractors, consultants or other advisers auditing any of our processes or who have the need to access such information for the purpose of advising us;
  • any law enforcement body which may have any reasonable requirement to access personal data; and
  • any regulatory body or authorised entity which may have any reasonable requirement to access personal data.

The majority of the service providers mentioned above who are able to access any of the personal information that we process are located within the EEA and we have data processing agreements in place with these parties. Our website is hosted in Malta. Personal data that we hold is at all times accessible on a strict ‘need to know’ basis. We also work with web maintenance providers located outside the EEA. We have appropriate legal and security relationships with these parties and have taken steps to ensure that they are complying with the General Data Protection Regulation, including, as necessary, execution of contracts based on the European Union’s Standard Contractual Clauses for cross-border data transfers.

In addition to the above, the Malta Chamber may:

In the case of Members:

  • publish the Name of Firm, Business Tel No, Business E-mail, and Business Address in the B2B Directory of its online Business Portal, the Members’ Gateway and elsewhere as it deems fit;
  • divulge their membership of Malta Chamber Economic Groups, Business Sections, and areas of thematic interest to the members of the respective Economic Group Executive Boards, Business Section Executive Committees, Thematic Committees etc.

In the case of members of Malta Chamber Council, Boards, Committees etc:

  • in addition to the above, publish the Name and Surname;
  • in addition to the above, distribute to the other members of the same Council, Boards, Committees etc the Personal E-mail;

In the case of individuals participating in events and activities organised by the Malta Chamber:

  • divulge the Name, Surname and Name of Firm, where applicable, to the other individuals participating in the same events;
  • publish photographs, videos or audio recordings taken at the said events (see ‘Participation in events held at the Exchange Buildings or organized elsewhere by the Malta Chamber’ elsewhere in this notice).

Other than as stated above the Malta Chamber will not disclose personal data that it collects to affiliates or third parties without informing the data subject beforehand, or without the data subject’s consent where applicable.

EEN - European Enterprise Network

The Malta EEN consortium, of which the Malta Chamber forms part together with other entities, is the EEN Malta Data Controller, with its own Privacy Notice and data protection terms and provisions. All data processing conducted by Malta Chamber staff for, on behalf of, or in the name of the Malta EEN network is conducted in line with the applicable law and subject to all the data protection terms and provisions of the said Controller.

Links to other Web Sites

To give data subjects a better service Malta Chamber websites may provide them with links to a number of third-party websites. When data subjects click on such links they may allow third parties to collect or share data about them and they will no longer be subject to this privacy policy but to those of the sites they have accessed through such links.

Purposes for which the various types of data are used and lawful basis thereof

The following table lists the purposes for which the Malta Chamber uses various types of data and the lawful basis it relies on to do so. It should be noted that, as a general rule, the Malta Chamber does not rely on consent as the lawful basis for the processing of personal data.










Purpose of processing

Types of data

Lawful basis

MEMBERS

  • to fulfil the mission of the Malta Chamber and to further its objects as listed in Article 2.4 of its statute;
  • for all individual and / or collective correspondence;
  • for classification by type of business, location, firm size etc.;
  • for all other purposes associated with membership;
  • for publication online in the B2B Directory, the Members’ Gateway and elsewhere as it deems fit; and
  • to update the databases that the Malta Chamber uses for its Business Surveys and other surveys that it conducts, on its own or with other entities, from time to time;
  • to invite data subjects: to participate in the surveys abovementioned, in seminars, information meetings, training courses, and in other events; and, to provide feedback.
  • identity; 
  • contact; 
  • profile;
  • assistance;
  • financial; 
  • website
  • contract Art 6.1(b) (the “contract” of membership); and 
  • legitimate interests Art 6.1(f).

The legitimate interests pursued by the Malta Chamber are encapsulated in its mission statement.

NON-MEMBERS

  • for all individual and / or collective correspondence;
  • for inclusion in one or more Malta Chamber mailing lists;
  • to invite data subjects: to participate in seminars, information meetings, training courses, and in other events; and, to provide feedback.

In addition, in the case of businesses or persons in business:

  • for classification by type of business, location, firm size etc.;
  • to update the databases that the Malta Chamber uses for its Business Surveys and other surveys that it conducts, on its own or with other entities, from time to time;
  • to invite data subjects: to participate in the surveys abovementioned; and, to join Malta Chamber membership.
  • identity; 
  • contact; 
  • profile;
  • financial;
  • assistance;
  • website
  • consent Art 6.1(a) (in those cases where the Malta Chamber specifically asked the data subjects to give their consent); and
  • legitimate interests Art 6.1(f).

The legitimate interests pursued by the Malta Chamber are encapsulated in its mission statement.

COMMERCIAL AGENTS

  • for processing of applications and renewals of Commercial Agent’s Licence
  • identity; 
  • contact; 
  • profile; 
  • financial; 
  • website
  • legal obligation Art 6.1(c); and 
  • public interest Art 6.1(e).

Failure to comply with the provisions of Articles 71 and 72 of Chapter 13 of the Commercial Code may result in non-acceptance of an application for registration or, in the case of a person who is already registered, in the withdrawal or suspension of such registration.

TRADE DOCUMENTATION

  • for processing of Certificates of Origin and other Trade Documentation
  • identity; 
  • contact; 
  • profile; 
  • financial; 
  • website
  • contract Art 6.1(b) (the “contract” to issue the Certificate of Origin or Trade Documentation).

The Malta Chamber issues Certificates of Origin and endorses other trade documentation only on the basis of a properly filled up and currently valid Trade Documentation Authorized Signatures Form.

  • public interest Art 6.1(e); and 
  • legitimate interests Art 6.1(f) 

The legitimate interests pursued by the Malta Chamber are encapsulated in its mission statement.

SURVEYS

  • for conducting and processing of business and other surveys
  • identity; 
  • contact; 
  • profile; 
  • website
  • public interest Art 6.1(e); and
  • legitimate interests Art 6.1(f).

The legitimate interests pursued by the Malta Chamber are encapsulated in its mission statement.

FINANCIAL TRANSACTIONS

  • for issuing invoices and receipts in respect of membership subscriptions;
  • for paying of bills issued by vendors;
  • for issuing invoices and receipts to purchasers of goods and services provided by the Malta Chamber;
  • for establishing the amounts still outstanding.
  • identity; 
  • contact; 
  • profile; 
  • financial; 
  • website
  • contract Art 6.1(b) (the membership ‘contract’ in the case of members, the purchase contract in the case of vendors, and the sales contract in the case of purchasers of goods and services provided by the Malta Chamber).
  • public interest Art 6.1(e); and 
  • legitimate interests Art 6.1(f).

The legitimate interests pursued by the Malta Chamber are encapsulated in its mission statement.

WEB PORTAL AND B2B DIRECTORY

  • for providing information on the Malta Chamber and the services it offers;
  • for providing news and information to portal users;
  • for providing portal users with a medium of correspondence;
  • for providing portal users with a medium of payment;
  • for classification of portal users to enable enhancement of the service provided;
  • for granting of publicity to the goods / services produced / put for sale by the data subject.
  • identity; 
  • contact; 
  • profile;
  • assistance
  • financial;
  • website
  • consent Art 6.1(a) (in those cases where the Malta Chamber specifically asked the data subjects to give their consent);
  • contract Art 6.1(b) (the membership ‘contract’);
  • public interest Art 6.1(e); and 
  • legitimate interests Art 6.1(f).

The legitimate interests pursued by the Malta Chamber are encapsulated in its mission statement.

CCTV

  • to ensure the safety of persons who work at, or who visit, the Exchange Buildings, and to safeguard the Malta Chamber’s assets.
  • identity
  • legitimate interests Art 6.1(f).

The legitimate interests pursued by the Malta Chamber are encapsulated in its mission statement.



Rights of the data subject

Chapter III of the GDPR lists the rights that the data subject may exercise when the appropriate conditions exist. These rights include the right:

    • to be informed;
    • of access to personal data;
    • to rectification of personal data;

  • to erasure of personal data;

    • to restriction of processing of personal data;

  • to data portability;
  • to object to processing of personal data;

  • not to be subject to automated decision-making, including profiling;
  • to complain to a supervisory authority; and
  • to withdraw consent.

Data subjects can exercise any such rights by submitting their request in writing to the data controller on data.protection@maltachamber.org.mt. The Malta Chamber will respond to these requests within the timeframes specified by the applicable law. In accordance with such law, the Malta Chamber reserves the right to withhold personal data if disclosing it would adversely affect the rights and freedoms of others. If requests are refused the data subjects will be informed of the reason for refusal. 

The Malta Chamber reserves the right to charge a fee for complying with such requests if they are deemed manifestly unfounded or excessive. 



Supervisory authority

Data subjects who consider that the Malta Chamber is processing their personal data in an unlawful manner may lodge a complaint with a supervisory authority, which is an independent public authority established by a Member State in terms of the GDPR. In the case of Malta, the supervisory authority is the Information and Data Protection Commissioner (https://idpc.org.mt/en/Pages/Home.aspx).



Data Protection Officer for Commercial Agents

In terms of Art 37 of the GDPR the Council of the Malta Chamber, in its role as the regulatory authority of Commercial Agents (Article 70A of the Commercial Code), appointed a Data Protection Officer for Commercial Agents. Commercial Agents may contact the Data Protection Officer with regard to all issues related to the processing of their personal data and to the exercise of their rights under the applicable law, at the postal address abovementioned or on data.protection@maltachamber.org.mt.



Participation in events held at the Exchange Buildings or organized elsewhere by the Malta Chamber

Data subjects are to note that they may be featured in any pictures, video, and audio recordings made in events held at the Exchange Buildings or organized elsewhere by the Malta Chamber. By registering for and/or participating in such events data subjects give the Malta Chamber the right to use such material, including the posting of photos and/or videos on its online portal and on social media, within the limits allowed under applicable law.



Test & Examination Centre

The Malta Chamber is the Malta test centre for a number of schools. The processing of data for this purpose is described in separate privacy notices.



Changes to this Privacy Policy

If there are any changes to this privacy notice, the Malta Chamber will replace this page with an updated version. It is therefore in the own interest of data subjects to check this ‘Privacy Notice’ page any time they access this portal so as to be aware of any changes which may occur from time to time. 




1st March 2021

Privacy Notice