Privacy Notice
This Privacy Notice (the “Notice”) Applies to the Processing of Personal Data to the use of the website www.macc.org.mt.
For the purposes of users’ use on the website, Malta Association of Crohn’s and Colitis (“We”/”Us”/”Our”) will be the Data Controller. We are committed to respecting your privacy and comply with Regulation (EU) 2016/679.
With this Notice, We aim to ensure that users understand what Personal Data is collected about them, how such Personal Data is used and how it is secured.
Access to this website implies the users’ full and unreserved acceptance of this Notice, and the Cookie Notice, available here. The user acknowledges that they have read and understood the terms within this Notice and agree to the Processing of their Personal Data.
This Notice is valid for all pages hosted on the website. It is not valid for the pages hosted by third parties to which We may refer and whose privacy notices may differ. We therefore, cannot be held responsible for any Personal Data Processed on these websites by other third parties. This Notice also applies to other websites that We may operate, including our organisation page on Facebook.
For the purposes of social media, We will be Joint-Controllers with the respective social media vendor only for the following activities: accessing and Processing statistical aggregate data provided by Facebook. For any other purposes on the platform Facebook shall be considered as the sole Data Controller.
1. Personal Data Processing
Below please find the relevant information regarding what Personal Data We collect about you, Our intended purpose of Processing and the respective legal basis and retention periods.
Category |
Data |
Purpose |
Legal Basis |
Retention |
---|---|---|---|---|
Contact Information |
Name |
To answer contact queries submitted through the website |
Consent |
Until your consent is withdrawn |
Surname |
||||
|
||||
Mobile |
||||
Register of consent |
||||
e-Commerce Information |
Name |
To deliver products and services purchased, and to provide invoices and receipts, as well as for our accounting records |
To fulfill our contract with you |
Three years after the completion of the transaction, for accounting purposes. |
Surname |
||||
|
||||
Mobile |
||||
Address |
||||
Marketing |
Name |
To receive marketing communications from Us |
Consent |
Until your consent is withdrawn |
Surname |
||||
|
||||
Register of Consent |
||||
Membership |
Name |
To process your membership application and keep Our member database updated, and to keep you updated about news related to your membership. |
To enter into a contract with you |
Until the termination of the business relationship. |
Surname |
||||
|
||||
Mobile |
||||
Telephone |
||||
Address |
||||
ID Card Number |
||||
Statistical Data |
Non personally identifiable information |
To generate business analytics based on user website usage, which shall be anonymised. |
Our Legitimate Interest in business continuity and provision of better services |
N/A |
CCTV Footage |
Pictures or Videos of you in front of or within the Premises |
To secure our premises |
Our Legitimate interest in the security of our premises and when necessary, evidence. |
14 days. |
Health Data |
Information as to if you or a relative suffer from Crohn’s or Colitis |
To provide more accurate services and information. This is a special category of data and is processed with the highest level of confidentiality and security |
Explicit Consent |
Until consent is withdrawn |
Register of Consent |
||||
Promotional Photos and Videos |
Pictures or Videos of you at Our events |
For promotional purposes, to be posted on our website and social media pages |
Consent |
Until consent is withdrawn |
Register of Consent |
It is important to note that since Health Data is considered as a special category of data, it will be treated in a particular manner. This data is transferred to us via email, which email is then printed and deleted. The physical copy of the email is kept under lock and key. No other copies of this data shall be stored.
2. Personal Data Sharing
We do not sell or otherwise monetise your Personal Data to third parties.
We have contracted the following service providers to manage the website that may have access to your Personal Data:
- Cyberspace Solutions Limited for the purpose of website hosting and maintenance.
Your Personal Data may be transferred to such third parties which may be located outside of the EU/EEA. We are therefore committed to comply with international transfer rules and ensure that:
- Your Personal Data will be transferred to a country where the data recipient is located in a jurisdiction that has been recognized as adequate by the European Commission; or
- Where a jurisdiction has not been recognised as adequate, to implement appropriate safeguards such as the EU Standard Contractual Clauses as of July 2021.
3. Security Measures
We treat your Personal Data in a confidential manner and ensure that Our staff and business partners have implemented the appropriate confidentiality arrangements.
Your Personal Data is also contained behind secure networks and is only accessible to select individuals who have been granted special access rights to such systems and are required to retain confidentiality.
We also implement other technical and organisational measures to safeguard your Personal Data such as:
- Encryption of all data using industry standard encryption methods.
- Logical and software measures such as firewalls, password protection, anti-virus etc.
- Physical and material measures such as limited access to the Premises, and special categories of data are stored under lock and key.
- Regular back-ups and logs.
4. Your Rights
You have certain rights over your Personal Data, subject to statutory limitations where applicable.
Access |
You have the right to obtain confirmation as to whether or not Personal Data concerning you is being Processed, and if so, relevant information related to such Processing and to a copy of such Personal Data. |
---|---|
Rectification |
You have the right to require rectification of inaccurate or incomplete Personal Data about you. |
To be Forgotten |
You have the right to obtain deletion of your Personal Data under specific circumstances. |
Restrict Processing |
You have the right to restrict Processing of Personal Data under specific circumstances. |
Data Portability |
You have the right to request for the receipt or the transfer of your Personal Data to another organisation in a machine-readable format. |
Object |
You have the right to object, on grounds relating to your particular situation, to the Processing of your Personal Data |
Withdraw Consent |
You have the right to withdraw your consent for the Processing of your Personal Data where applicable, at no cost and with no justification required. |
5. Changes to this notice
This Notice is effective as of the date stated above. We may, at our sole discretion, amend this Notice as We deem necessary and will inform you when this is done.
6. Contacts
Malta Association of Crohn’s and Colitis (MACC) acting as Data Controller, available at info@macc.org.mt, +356 9930 3964, and c/o Kisba, 28, Triq il-Karwija, Kirkop, KKP 1231, Malta
You may also complain to the supervisory authority, the Information and Data Protection Commissioner (the “IDPC”) whose website is available here.