Data Protection Policy
The Data Protection Act, 2001 (hereinafter Act) regulates the processing of personal data whether held electronically or in manual form. The European Union Programmes Agency (EUPA acts is a Data Controller and is set to fully comply with the data protection principles as set out in the above-mentioned Act.
This policy document provides information about the Agency’s processing of personal sensitive information about data subjects in accordance with Article 29 of the Data Protection Act (Chapter 440 of the Laws of Malta).
EUPA interacts with a significant number of data subjects which include beneficiaries or prospective beneficiaries of EU funds for education. EUPA is committed to protect the data subject’s ’ privacy and therefore does not collect any personal information unless this is provided voluntarily. Any communicated personal information is treated as confidential and is:
• Only used for the follow up purposes by the EUPA;
• Not shared, with third parties without consent unless obliged under a specific law, international convention or EU regulation.
In the context of the Programmes administered by the Agency, the following categories of individuals are considered as data subject:
• person legally authorised to sign the grant agreement on behalf of the applicant/beneficiary organisation;
• person coordinating the project in the applicant/beneficiary organisation;
• person coordinating the project in each partner organisation, as applicable;
• person participating in activities organised in the context of the project.
All data subjects are entitled to know what related information is held and processed by the EUPA. Data subjects are also entitled to know why and how the data is being used by the EUPA.
In this respect, all data subjects have the right to access any personal data kept about them in accordance to the Act (2001)
Requests to access personal data by data subjects must be made in writing and addressed to the Data Controller at the European Union Programmes Agency, Continental Business Centre, Railway Road, Santa Venera, SVR9018, emailed on firstname.lastname@example.org. An identification document such as a photocopy of the Identity Card or photocopy of the Passport of the applicant making the request must be submitted with any requests made. Such identification material will be returned back to the data subject.
EUPA aims to comply as quickly as possible with requests for access to personal data and ensures that it is provided within a reasonable time unless there is a good reason for delay. When a request for access cannot be met within a reasonable time, the reason is explained to the data subject making the request in writing to the data subject
Data subjects are to inform the EUPA about related incorrect information. Data subjects have the right to request that related information is amended, erased or not used. Should the EUPA consider the request as appropriate, action is taken accordingly.
EUPA’s data controller information is found in http://idpc.gov.mt/public/dcregister_frm.aspx?mode=view&id=9307