Website Privacy Notice

Version 3 / Last updated: 26 August 2021

This notice applies where we are acting as a data controller with respect to your personal data as a user of our website.

We at Malta International Airport p.l.c. are committed to protecting our website visitors’ privacy and we will not collect any personal information about you as a visitor unless you provide it voluntarily. We consider that we have a legal duty to respect and protect any personal information you provide to us and we will abide by such duty. We take all safeguards necessary to prevent unauthorised access and we do not pass on your details collected from you as a visitor, to any third party, other than as provided in this notice.

Any personal information you communicate to us is kept within our own records in accordance with the relevant data protection and privacy laws to which the Parties are subject including but not limited to the Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Data Protection Act, Chapter 440 of the Laws of Malta and subsidiary legislation thereto, as may be amended from time to time.

The Data Controller

Malta International Airport p.l.c., a company registered under the laws of Malta with registration number C12663 and having its registered address at Malta International Airport, Luqa, LQA 4000, Malta, is the data controller and responsible for your personal data (hereinafter referred to as the “Company” “we”, “us” or “our”).

We have appointed a Data Protection Officer (hereinafter referred to as the “DPO”) who is responsible for overseeing questions in relation to this notice. If you have any questions about this notice, including concerns about your personal data or our data collection practices, please contact our DPO via e-mail at dataprotection@maltairport.com or via telephone on (+356) 2369 6268 during office hours.

Cookies

We use cookies when you visit our site. Cookies are pieces of information that a website transfers to your computer’s hard disk or to your browser’s memory. There are four main types of cookies that we use. Here’s how and why we use them:

(1) Site functionality cookies – these cookies allow you to navigate the site and use our features, such as “save flight”.
(2) Site analytics cookies – these cookies allow us to measure and analyse how our customers use the site, to improve both its functionality and your online experience.
(3) Customer preference cookies – when you are browsing, these cookies will remember your preferences (like your language or location), so we can make your online experience as seamless as possible and more personal to you.
(4) Targeting or advertising cookies – these cookies are used to deliver ads that are relevant to you. They also limit the number of times that you see an ad and help us measure the effectiveness of our marketing campaigns.

Please note that the cookies used by us do not personally identify you but they simply identify your computer or other device.

Most browsers are initially set to accept cookies. However, if you prefer, you can set your browser to block all, or certain, cookies. You can also set your browser to prompt you each time a cookie is offered. If you wish to block cookies, here’s a guide on how to do so for the most common browsers, such as Microsoft Internet Explorer, Google Chrome, or Mozilla Firefox.

Data analytics

If you read or download information from our site, we automatically collect and store the following information:

• The requested web page or download;
• Whether the request was successful or not;
• The date and time when you accessed the site;
• The Internet address of the web site or the domain name of the computer from which you accessed the site;
• The operating system of the machine running your web browser and the type and version of your web browser.

We use the information that we gather in order to evaluate the website’s usage, content, usability and composition. This statistical analysis allows us to better understand our users’ needs and to generally make your internet experience more enjoyable and to provide a value-added service to you as a visitor. In order to do so, we make use of third-party services called Hotjar and Google Analytics.

Hotjar is a technology service that helps us better understand our users’ experience based on cookies (see cookie policy above) and other technologies to collect data on our users’ behaviour and their devices. Hotjar stores this information in a pseudonymised user profile. For further details, please see Hotjar’s privacy policy here.

Google Analytics is a web analytics service that analyses how you use our website based on cookies (see cookie policy above). Google will use this information for the purpose of evaluating your use of our website. Further information about Google’s privacy policy may be obtained from this link.

Be assured that neither Hotjar and Google nor we will ever use this information to identify individual users or to match it with further data on an individual user.

If you do not wish that your user behaviour is analysed, you can opt-out of both services respectively via the following links – Hotjar Opt-Out, Google Analytics Opt-Out.

Personal Data

The terms “personal data” or “personal information” mean any information about an individual for which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We only collect and process personal data that you voluntarily provide us with when you use our website.
As a visitor, we collect certain types of personal information with regards to the following areas:

• Contact or feedback
• Newsletter subscription
• Journey facilitation for persons with autism
• Photography and filming permits

In the following sections we provide you with details on the points mentioned above. In particular, we want you to know what personal information we gather, for which purpose we use it and for how long we keep it.
Please note that will not share any of your personal information gathered through the use of our website with any third-party other than as provided in this notice.

The provision of your personal data is not a statutory or contractual requirement. You are not obliged to provide us any personal data and it is your choice whether to provide us.

Contact or feedback

When you fill a form on our website, such as the “Contact Us” form or the “Lost-and-Found” form, you provide us with personal information such as your name, email address, country and your message. We have a legitimate interest to process any personal data submitted in the form as this information is necessary to process and address your complaint/feedback in the way you expect us to and to respond to your message.

We use a third-party service provider called Zendesk to manage our customer support services (“tickets”) and Zendesk provides us with support statistics to help us improve our services to you. For more information on how Zendesk manages your data please visit their Privacy Policy. Zendesk is a data processor for us and only processes personal information in line with our instructions.

We may also have to disclose your personal data to whoever the complaint is about, including other businesses located at our premises. If you don’t want information identifying you to be disclosed to such third parties, we will try to respect that; however, it may not be possible to handle a complaint or your feedback on an anonymous basis.

Generally, we do not store personal data longer than necessary for the purpose that you provided it for. Tickets including personal data will be destroyed 400 days after the feedback requirement is met. In order to guarantee a high quality service to all our visitors, we reserve the right to retain tickets containing complaints or negative comments for 750 days from its closing. Personal data will only be retained longer if we are required to keep that information due to a statutory obligation imposed on us and/or due to accepted standards, including where processing may be necessary for the establishment, exercise or defence of legal claims.

Newsletter subscription

When you subscribe to one of our newsletters, you provide us with personal information such as your name and email address. We use the personal information submitted in the form only to send you the newsletter you subscribed to.
We use a third-party service provider called Mailchimp to send newsletters to users who subscribe to receive them and Mailchimp provides us with support statistics to help us improve our services to you. For more information on how Mailchimp manages your data please visit their Privacy Policy. Mailchimp is a data processor for us and only processes personal information in line with our instructions.

You will need to provide us with your consent as a legal basis for us to process your personal data to receive the newsletter. Personal data is deleted upon withdrawal of such consent by you, or, at the point where the purpose for holding that data is no longer valid.

Participation in The Secret Passenger Programme

If you choose to participate in The Secret Passenger Programme survey, you will need to provide us with personal information such as your name and surname and email address. We use the personal information submitted here only for the purposes of this survey.

We use a third-party service provider called SurveyMonkey to collect feedback from respondents who choose to participate in The Secret Passenger Programme. For more information on how SurveyMonkey manages your data, please refer to their Privacy Policy.

You will need to provide us with your consent as a legal basis for us to process your personal data to participate in The Secret Passenger Programme. Personal data is deleted upon withdrawal of such consent by you, or, at the point where the purpose for holding that data is no longer valid.

Journey facilitation for persons with autism

When you request journey facilitation for a person with autism, you provide us with personal information on the guardian of the person as well as the person itself. The information provided includes your name, address, contact details, identification number, travel details as well as information on your requirements and needs with regards to the service and a medical certificate.  Our legal bases for processing your medical certificate (which is deemed to be a special category of data as defined by applicable laws) are our contractual relationship with you as concluded by our terms and conditions and your explicit consent to the processing of those personal data for your use of the service. We use the personal information submitted in the form only for providing the service you requested.

The personal information you provide will not be kept for longer than necessary and will be deleted one month after the service was provided, unless we are required to keep that information due to a statutory obligation imposed on us and/or due to accepted standards, including where processing may be necessary for the establishment, exercise or defence of legal claims.

Photography and filming permits

When you request permission to film or photograph at Malta International Airport for the purpose of recording footage or taking photos to be used in commercials, TV & film productions, documentaries and media reports, both landside and airside you are required to fill the online form provided. When you complete the form, you provide us with pertinent information in relation to the scope of the project and personal information in order to provide contact and/or producer information. The lawful basis of processing will be for the performance of the services by Us in the online form, and to fulfil any duties and obligations therein.

We also have a legitimate interest to process any personal data provided to facilitate the service, communicate operational and security requirements and exchange the relevant terms and conditions. The personal information you provide will not be kept for longer than necessary. In any case, it shall not be kept for longer than 3 years, unless we are required to keep that information due to a statutory obligation imposed on us and/or due to accepted standards, including where processing may be necessary for the establishment, exercise or defence of legal claims.

If you are a company or other corporate entity and/or you supply to us personal data of third parties such as your employees, affiliates, service providers or any other individuals, you shall be solely responsible to ensure that:

• you bring this notice to the attention of such third parties;
• the provision of such personal data to us fully complies with applicable laws;
• any information notices, approval, consents or other requirements that may be required before the provision of such third party personal data to us shall be collected and fulfilled solely by you.

You hereby fully indemnify us and shall render us completely harmless against all costs, damages or liability of whatsoever nature resulting from any claims or litigation (instituted or threatened) against us as a result of your provision of personal data to us.

Disclosures of your Personal Data

Any of your personal information gathered through the use of our website will only be shared with selected individuals within our Company who have an operational need to retrieve it. We do not share any of your personal information with any third-party other than as provided in this notice.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We may disclose your personal data to third parties to whom disclosure may be required as a result of legal obligations imposed on us.

We or Our processors may transfer your personal data to non-EEA countries. In doing so we shall ensure the lawful processing of your personal data by putting in place the appropriate safeguards in accordance with the applicable privacy laws, and/or any other applicable legislation. These appropriate safeguards include the EU Model Clauses entered into by us and Our processors/controllers; or ensuring that Our data processors located in the United States of America subscribe to the Privacy Shield. MIA shall provide you with a copy of these EU model clauses upon reasonable request which may be submitted on dataprotection@maltairport.com.

Links to other Websites

Our site has a number of links to other local and international organisations and agencies. In some cases, for the benefit of the visitor, it may be required that we link to websites of other organisations after permission is obtained from them respectively. It is important for you to note that upon entering a linked website, you are no longer on our site and you become subject to the privacy notice of the other site.

Your Rights at Law

Your principal rights under the GDPR are the following:

• Access your personal data by making a Data Subject Access Request.
• Rectification, erasure or restriction of processing of your personal data in certain circumstances
• Object to the processing of your information in certain circumstances
• Data portability to other data controllers, where technically feasible

You can access your personal data by filing a Data Subject Access Request Form online or sending it to our Data Protection Officer. Both the online and offline form together with contact details can be accessed via this link.

To exercise other rights, please contact our Data Protection Officer on dataprotection@maltairport.com or via telephone on (+356) 2369 6268.

To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
If you consider that our processing of your personal information infringes data protection laws, you can contact us on dataprotection@maltairport.com or via our website. You also have a legal right to lodge a complaint with a supervisory authority responsible for data protection. In Malta the supervisory authority is the Information and Data Protection Commissioner.

Data Security

We have in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have an operational need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

Changes to this Privacy Notice

We will keep this privacy Notice under regular review. If there are any changes to this notice, we will replace this page with an updated version on the website. At the start of this page, we will tell you when it was last updated.

We suggest that you check on the Notice every time you access our website so as to be aware of any changes which may occur from time to time. We may also notify you of changes to this Notice by email or other means, where such data is available.