The General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Data Protection Act (CAP 586 of the Laws of Malta) regulate the processing of personal data whether held electronically or in manual form. Identità is committed to protecting the privacy of individuals who visit the website https://certifikati.identita.gov.mt (the “Website”), log into the Website with their electronic identity account provided by the Government of Malta (the e-ID) and/or purchase one or more certificates from the Website. This Privacy Policy (the “Policy”) is rendered to you in line with Article 13 GDPR, and describes the manner in which we (“we”, “Identità”) collect your personal information and how we process it, consistent with the laws and regulations in place whilst providing you with a satisfactory and helpful experience throughout the Website.
Personal data collected within this Website includes cookies. Please consult our Cookie Policy for more detailed information on the use of cookies on this Website.
The data controller for the processing activities carried out within the Website is Identità, Valley Road, Msida, MSD9020, Malta.
The Data Protection Officer is reachable at [email protected]
i. Website visitors
In case you simply browse the Website without logging in with your e-ID or purchase certificates and thus are a “Website visitor”, the purpose of collecting your personal data is to enable you to have access to it, improve the content, functionality of the services we offer you through the Website, and for diagnostics and security purposes. The legal basis relies on our legitimate interest to collect and process such data.
ii. e-ID Users
In case you also log into the Website with your e-ID, the purpose of collecting your personal data is to identify you and pre-populate certain details required to purchase certificates. In this case, the legal basis is also our legitimate interest to offer an efficient, rapid and high level of service.
iii. Certificate(s) purchasers
In case you purchase one or more certificates, either logged in with your e-ID or not, the purpose for processing your personal data is to allow you to purchase Public Registry certificates, as prescribed by law. In this case, the legal basis for processing your personal data is processing in the performance of a task carried in the vest of a public authority by Identità and compliance by Identità with a legal obligation (Art. 252.2 of the Civil Code, Cap. 16 of the Laws of Malta).
In case you are a Website visitor and/or an e-ID User, your personal data may be accessed by the suppliers in charge of the technical maintenance of the Website, in case the need arises.
In case you are (also) a Certificate purchaser, in addition to the above, your personal data will be shared with the entity in charge of processing your payments for the certificates purchased and the postage fees. Your personal data will also be given to the postal service entrusted with delivering the certificate(s) ordered to you.
It is possible that in certain cases, Identità as the data controller is required to disclose certain personal data pertaining to you to other Government entities and/or to law enforcement authorities. You can rest assured that this will happen only where there is a valid legal basis to cater for such data transfers. Identità does not transfer your personal data to third countries and/or international organizations.
Personal data of Website visitors which includes access-related logs will be retained for 6 months.
Personal data of e-ID Users will be retained as long as prescribed in the e-ID or e-RP Subscriber Agreement, section 9.4.
Certificate purchaser’s personal data will be retained on the records of the Public Registry for 10 years. Financial records such as proofs of payments will be retained as prescribed by relevant laws.
You may invoke any of the rights listed below, as applicable, by contacting our Data Protection Officer.
You have the right to obtain confirmation from us as to whether we are processing your Personal Data or not, and, where that is the case, access to the Personal Data, obtain information about the processing and a copy of it.
You have the right to obtain from us without undue delay the rectification of inaccurate Personal Data concerning yourself. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of proving a supplementary statement.
In certain cases, you may have the right to have your Personal Data deleted.
In case any of the conditions of law apply, you have the right to restrict processing of your Personal Data.
You do not have the right to port your Personal Data because we do not process it on the basis of your consent or on the basis of a contract. However, you can always request to access your Personal Data.
You have the right to object processing of Personal Data at any time, on grounds relating to your particular situation. In said case, we will no longer process your Personal Data, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
You can lodge a complaint with the supervisory authority of the Member State of your habitual residence or place of work, or of alleged infringement of data protection legislation.
Personal Data is not object of automated decision-making or profiling.
If there are any changes to this Policy, we will replace this page with an updated version. It is therefore in your own interest to check this page any time you access the Website to be aware of any change which may occur from time to time.