Privacy Notice for Visitors (EN)
Enemalta plc (“Enemalta” or “We” or “Us” or “Our”) is a Maltese public limited company bearing registration number C 65836 and having its registered address at Triq Belt il-Ħażna, Marsa, MRS 1571, Malta.
We process your personal data when you visit our premises at Marsa and/or Delimara.
We are committed to respecting your privacy.
If you have questions about our processing of your personal data, you may contact Enemalta at Central Administration Building, Church Wharf, Marsa, MRS 1000, Malta or by email at email@example.com or by telephone on 8007 2224.
Enemalta’s Data Protection Officer may be contacted at Central Administration Offices, Church Wharf, Marsa MRS 1000, firstname.lastname@example.org and +356 22980583.
Please read this Privacy Notice carefully to understand our practices with respect to your personal data when you visit Our premises.
We may update this Privacy Notice at our sole discretion including as a result of a change in applicable law or processing activities. Any such changes will be communicated to you prior to the commencement of the relevant processing activity.
2. What amounts to personal data?
The term “personal data” refers to all information through which you can be personally identified, such as your name, surname, identification number and includes all information which may arise that render you personally identifiable.
3. How do we collect personal data?
We regularly collect personal data as part of our legal obligations and security interests. For the purposes of visiting our premises, we typically collect personal data through:
• the pre-notification e-mail that is required to authorise your entry in our premises which is recorded in our internal Access Control Database;
• your inputting of your personal data in our Visitor Management System (the tablet device in which you must enter your data to be allowed entry into our premises);
• any injury/incident report that may be compiled in case of an injury or accident within the Enemalta premises; • Automatic Number Plate Recognition System for vehicle access control; and
• CCTV footage of selected areas within our premises.
Generally, you would have provided your personal data to us.
Third parties such as your employer or colleagues may also have provided your personal data to Us, typically in the pre-notification email required to authorise access to Our premises.
4. What personal data do we process?
The personal data of the visitors that we typically collect and process includes your:
o ID card/passport number
o Passport size photo (if we issue temporary cards)
o Number plate
o Times of entering/exiting the premise.
o Footage / images from CCTV
5. How do we use your personal data?
Irrespective of the manner that we have collected your personal data, we will only process such data for controlling access to Our premises for security purposes including crime prevention and health and safety purposes.
6. Legal Basis
We process your personal data on the basis of the following legal basis:
|Area||Legal basis||Further information|
|Access Control||Legitimate interest and legal obligation||It is Enemalta’s legitimate interest to control entry and exit within its premises for security purposes. Undertaking this processing is also a legal obligation imposed on Enemalta in terms of the SL 499.35 (Ports Security Regulations).|
|CCTV||Legitimate interest||It is Enemalta’s legitimate interest to ensure that its assets are under surveillance for security purposes and to ensure that there is a safe environment for anyone accessing its premises.|
|Visitor Register||Legitimate interest and legal obligation||It is Enemalta’s legitimate interest to control entry and exit within its premises for security purposes. Undertaking this processing is also a legal obligation imposed on Enemalta in terms of the SL 499.35 (Ports Security Regulations), SL 424.19 (Control of Major Accident Hazards Regulations), SL 234.49 (Merchant Shipping Accident and Incident Safety Investigation) and SL 435.49 (Integrated Pollution Prevention and Control Regulations).|
|Accidents and incidents reporting||Legal Obligation||Undertaking this processing is a legal obligation imposed on Enemalta in terms of the SL 424.19 (Control of Major Accident Hazards Regulations) and SL 435.49 (Integrated Pollution Prevention and Control Regulations).|
On the basis of our legitimate interests or compliance with legal obligations, as applicable, we may also process your personal data for the purposes of establishing, exercising or defending legal proceedings.
We will ensure that we have additional grounds for processing your personal data if processing of special categories becomes envisaged. Note that special categories of personal data include data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic, biometric or health data, sexual orientation and data related to your conviction and offences. Processing special categories of your personal data is not envisaged unless we have reason to institute proceedings or investigations with respect to damages of our property or assets, or criminal activity within our premises.
The recipients of your personal data are:
• selected individuals within our companies, on a need-to-know basis;
• third parties to whom disclosure may be required as a result of legal obligations imposed on us; and
• law enforcement authorities if necessary.
We do not share your personal data with any entity located outside of the EU or EEA.
8. Automated Decision-Making and Profiling
Your personal data collected when you visit our premises will not be used for any decision solely taken on the basis of automated decision-making processes, including profiling.
9. Data Retention
We retain your personal data exclusively for the period in which we may lawfully retain your personal data. Thereafter, your personal data shall be immediately and irrevocably destroyed.
As a result of legal obligations imposed on us, we typically retain your personal data within our Visitor Register System, Access Control Database and automatic number plate recognition system for 30 days from your visit to our premises.
Data in our CCTV system is typically retained for a maximum of 90 days depending on the critically of the asset and/or site.
We may have a legitimate interest to hold your data for longer periods such as when your data is required for exercising or defending legal claims.
10. Your Rights
For as long as We retain your personal data, you have certain rights in relation to your personal data including:
• Right of access – you have the right to ascertain the personal data we hold about you and to receive a copy of such personal data;
• Right to Erasure – in certain circumstances you may request that we delete the personal data that we hold on you;
• Right to Object – you have a right to object and request that we cease the processing of your personal data where we rely on our, or a third party’s, legitimate interests for processing your personal data or a task carried out in the public interest;
• Right to Rectification – you have the right to update or correct any inaccurate personal data which we hold about you;
• Right to Restriction – you have the right to request that we stop using your personal data in certain circumstances including if you believe that we are unlawfully processing your personal data or the personal data that We hold about you is inaccurate; and
• Right to be informed of the source – where the personal data we hold about you was not provided to us directly by you, you may also have the right to be informed of the source from which your personal data originates.
Your rights in relation to your personal data are not absolute.
If you intend to exercise one or more of your rights, you should approach Enemalta plc.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights specified above). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
11. Keeping your data secure
We take pride in keeping your data secure and will take appropriate technical and organisational measures to protect your data against unauthorised or unlawful processing, including against accidental loss, destruction, storage or access. Your personal data will be stored electronically on our technology systems or on technology systems of our IT providers.
If you have any complaints regarding our processing of your personal data, please note that you may contact us or our Data Protection Officer at the details indicated above. You also have a right to lodge a complaint with the Office of the Information and Data Protection Commissioner in Malta (www.idpc.gov.mt).
Document Number: POL-043; Version: 1; Date: 07/01/2019