Privacy Notice for Visitors (EN)
Enemalta plc (“Enemalta” or “We” or “Us” or “Our”) is a Maltese public limited company bearing registration number C 65836 and having its registered address at Triq Belt il-Ħażna, Marsa, MRS 1571, Malta.
We process your personal data when you visit Our premises at Marsa and/or Delimara.
We are committed to respecting your privacy.
If you have questions about Our processing of your personal data, you may contact Enemalta at Central Administration Building, Church Wharf, Marsa, MRS 1000, Malta or by email at [email protected] or by telephone on 8007 2224.
Enemalta’s Data Protection Officer may be contacted at Central Administration Offices, Church Wharf, Marsa MRS 1000, [email protected] and +356 22980583.
Please read this Privacy Notice carefully to understand Our practices with respect to your personal data when you visit Our premises.
We may update this Privacy Notice at Our sole discretion including as a result of a change in applicable law or processing activities. Any such changes will be communicated to you prior to the commencement of the relevant processing activity.
For as long as We retain your personal data, you have certain rights in relation to your personal data including:
- Right of access – you have the right to ascertain the personal data We hold about you and to receive a copy of such personal data;
- Right to Erasure – in certain circumstances you may request that We delete the personal data that We hold on you;
- Right to Object – you have a right to object and request that We cease the processing of your personal data where We rely on Our, or a third party’s, legitimate interests for processing your personal data or a task carried out in the public interest;
- Right to Rectification – you have the right to update or correct any inaccurate personal data which We hold about you;
- Right to Restriction – you have the right to request that We stop using your personal data in certain circumstances including if you believe that We are unlawfully processing your personal data or the personal data that We hold about you is inaccurate; and
- Right to be informed of the source – where the personal data We hold about you was not provided to Us directly by you, you may also have the right to be informed of the source from which your personal data originates.
Your rights in relation to your personal data are not absolute.
If you intend to exercise one or more of your rights, you should approach Enemalta plc.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights specified above). However, We may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, We may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help Us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up Our response.
We take pride in keeping your data secure and will take appropriate technical and organisational measures to protect your data against unauthorised or unlawful processing, including against accidental loss, destruction, storage or access. Your personal data will be stored electronically on Our technology systems or on technology systems of Our IT providers.
If you have any complaints regarding Our processing of your personal data, please note that you may contact Us or Our Data Protection Officer at the details indicated above. You also have a right to lodge a complaint with the Office of the Information and Data Protection Commissioner in Malta (www.idpc.gov.mt).
The term “personal data” refers to all information through which you can be personally identified, such as your name, surname, identification number, number plate and includes all information which may arise that render you personally identifiable.
We regularly collect personal data as part of Our legal obligations and security interests. For the purposes of visiting Our premises, We typically collect personal data through:
- the pre-notification e-mail that is required to authorise your entry in Our premises which is recorded in Our internal Access Control Database;
- the inputting of your personal data in our Visitor Management System (electronically in the tablet device or manually in the logbook, in which the security officer must enter your data to be allowed entry into our premises);
- any injury/incident report that may be compiled in case of an injury or accident within the Enemalta premises;
- Automatic Number Plate Recognition System for vehicle access control; and
- CCTV footage of selected areas within Our premises.
Generally, you would have provided your personal data to Us.
Third parties such as the company/ies for whom you are rendering the service within Our facility, your employer or colleagues may also have provided your personal data to Us, typically in the pre-notification email required to authorise access to Our premises.
The personal data of the visitors that We typically collect and process includes your:
- Name
- Surname
- ID card/passport number
- Company
- Passport size photo (if we issue temporary cards)
- Nationality
- Number plate
- Times of entering/exiting the premises
- Footage / images from CCTV
- Monitoring of temperature upon entry (and refusal of entry if such temperature is higher than 37 degrees Celsius (no records are retained)
Irrespective of the manner that We have collected your personal data, We will only process such data for controlling access to Our premises for security purposes including crime prevention and health and safety purposes.
We process your personal data on the basis of the following bases:
| Area | Legal basis | Further information |
|---|---|---|
| Access Control | Legitimate interest for security and safety purposes and legal obligation | It is Enemalta’s legitimate interest to control entry and exit within its premises for security and safety purposes. Undertaking this processing are also legal obligations imposed on Enemalta in terms of the S.L. 499.35 (Ports Security Regulations) and S.L. 460.24 (Critical Infrastructures and European Critical Infrastructures (Identification, Designation and Protection) Order). |
| CCTV | Legitimate interest for security and safety purposes and legal obligation | It is Enemalta’s legitimate interest to ensure that its assets are under surveillance for security purposes and to ensure that there is a safe environment for anyone accessing its premises. Undertaking this processing are also legal obligations imposed on Enemalta in terms of the S.L. 499.35 (Ports Security Regulations) and S.L. 460.24 (Critical Infrastructures and European Critical Infrastructures (Identification, Designation and Protection) Order). |
| Visitor Register | Legitimate interest for security and safety purposes and legal obligation | It is Enemalta’s legitimate interest to control entry and exit within its premises for security and safety purposes. Undertaking this processing is also a legal obligation imposed on Enemalta in terms of the S.L. 499.35 (Ports Security Regulations), S.L. 424.19 (Control of Major Accident Hazards Regulations), S.L. 234.49 (Merchant Shipping Accident and Incident Safety Investigation), S.L. 435.49 (Integrated Pollution Prevention and Control Regulations) and S.L. 460.24 (Critical Infrastructures and European Critical Infrastructures (Identification, Designation and Protection) Order). |
| Accidents and incidents reporting | Legal Obligation | Undertaking this processing is a legal obligation imposed on Enemalta in terms of the S.L. 424.19 (Control of Major Accident Hazards Regulations) and S.L. 435.49 (Integrated Pollution Prevention and Control Regulations). |
| Monitoring of temperature upon entry and refusal of entry if it is higher than 37 degrees Celsius | Legitimate Interest to prevent the spread of coronavirus and safeguarding our operations and the health and safety of our employees | Undertaking this processing is based on recommendations from the public health authorities to prevent the spread of coronavirus and to safeguard Enemalta’s operations, which are an essential service, as well as to safeguard the health and safety of our employees. |
On the bases of Our legitimate interests or compliance with legal obligations, as applicable, We may also process your personal data for the purposes of establishing, exercising or defending legal proceedings.
We will ensure that We have additional grounds for processing your personal data if processing of special categories becomes envisaged. Note that special categories of personal data include data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic, biometric or health data, sexual orientation and data related to your conviction and offences. Processing special categories of your personal data is not envisaged unless We have reason to institute proceedings or investigations with respect to damages of Our property or assets, or criminal activity within Our premises.
The recipients of your personal data are:
- selected individuals within Our company, on a need-to-know basis;
- third parties to whom disclosure may be required as a result of legal obligations imposed on Us;
- if you are entering Delimara Power Station:
- third parties who are operating within the same facility at Delimara Power Station, and who require access to such data as a result of legal obligations imposed on them;
- third parties who are offering Us security services at Delimara Power Station; and
- law enforcement authorities if necessary.
We do not share your personal data with any entity located outside of the EU or EEA.
Your personal data collected when you visit Our premises will not be used for any decision solely taken on the basis of automated decision-making processes, including profiling.
We retain your personal data exclusively for the period in which We may lawfully retain your personal data. Thereafter, your personal data shall be immediately and irrevocably destroyed.
We may have a legitimate interest to hold your data for longer periods such as when your data is required for exercising or defending legal claims.
Document Number: POL-043; Version: 3.1; Date: 25/02/2021
