Privacy Policy

Data Protection Policy


The Data Protection Act, 2001 (hereinafter Act) regulates the processing of personal data whether held electronically or in manual form. The European Union Programmes Agency (EUPA acts is a Data Controller and is set to fully comply with the data protection principles as set out in the above-mentioned Act.

This policy document provides information about the Agency’s processing of personal sensitive information about data subjects in accordance with Article 29 of the Data Protection Act (Chapter 440 of the Laws of Malta).

Handling and Protection of Personal Information

EUPA interacts with a significant number of data subjects which include beneficiaries or prospective beneficiaries of EU funds for education. EUPA is committed to protect the data subject’s ’ privacy and therefore does not collect any personal information unless this is provided voluntarily. Any communicated personal information is treated as confidential and is:
• Only used for the follow up purposes by the EUPA;
• Not shared, with third parties without consent unless obliged under a specific law, international convention or EU regulation.

Data Subjects

In the context of the Programmes administered by the Agency, the following categories of individuals are considered as data subject:
• person legally authorised to sign the grant agreement on behalf of the applicant/beneficiary organisation;
• person coordinating the project in the applicant/beneficiary organisation;
• person coordinating the project in each partner organisation, as applicable;
• person participating in activities organised in the context of the project.

Retention of Personal Information

All data subjects are entitled to know what related information is held and processed by the EUPA. Data subjects are also entitled to know why and how the data is being used by the EUPA.

In this respect, all data subjects have the right to access any personal data kept about them in accordance to the Act (2001)

Procedure to request access for personal data

Requests to access personal data by data subjects must be made in writing and addressed to the Data Controller at the European Union Programmes Agency, Continental Business Centre, Railway Road, Santa Venera, SVR9018, emailed on An identification document such as a photocopy of the Identity Card or photocopy of the Passport of the applicant making the request must be submitted with any requests made. Such identification material will be returned back to the data subject.

Timely provision of requested information

EUPA aims to comply as quickly as possible with requests for access to personal data and ensures that it is provided within a reasonable time unless there is a good reason for delay. When a request for access cannot be met within a reasonable time, the reason is explained to the data subject making the request in writing to the data subject

Amendments to information

Data subjects are to inform the EUPA about related incorrect information. Data subjects have the right to request that related information is amended, erased or not used. Should the EUPA consider the request as appropriate, action is taken accordingly.


This privacy policy only covers the EUPA web site Links within this site to other web-sites are not covered by this policy.

EUPA’s Privacy Policy is subject to change at any time according to business needs and demands.

EUPA’s data controller information is found in