GDPR

1.0 Privacy Policy​

This Notice sets out in detail how the Institute of Tourism Studies (hereinafter referred to as ‘the Institute’) shall process your personal data. It is recommended that you read this Privacy Notice in full to understand our practices regarding your personal data.

2.0 The General Data Protection Regulation (Regulation (EU) 2016/679)​

The General Data Protection Regulation (‘GDPR’) was adopted by the European Council on 8 April 2016 and came into effect on 25 May 2018, repealing and replacing the Data Protection Directive (Directive 95/46/EC) and the domestic laws implementing it. Accordingly, the Data Protection Act (Chapter 586 of the Laws of Malta) which took effect on 28 May 2018, repeals, and replaces the previous Data Protection Act (Chapter 440 of the Laws of Malta), together with a set of subsidiary legislation regulating sector-specific data protection matters.

The Institute of Tourism Studies has a legal duty to respect and protect any personal information we collect from you and we will abide by such duty. We take all safeguards necessary to prevent unauthorised access and we do not pass on details collected from you as a visitor, to any third party or Government Department unless your consent is required and obtained.

For legal purposes, the Data Controller of this website is the Institute of Tourism Studies, adopted by the European Council on 8 April 2016 and came into effect on 25 May 2018, repealing and replacing the Data Protection Directive (Directive 95/46/EC) and the domestic laws implementing it. Accordingly, the Data Protection Act (Chapter 586 of the Laws of Malta) which took effect on 28 May 2018, repeals, and replaces the previous Data Protection Act (Chapter 440 of the Laws of Malta), together with a set of subsidiary legislation regulating sector-specific data protection matters.

​3.0 Who does this Privacy Notice apply to?

The Privacy Notice applies to the following data subjects:

  • visitors to, or users of, the website;
  • previous, existing and future customers and those acting on their behalf; and
  • service providers and business partners.

When you fill the form on the “CONTACT US” page, we use the personal information submitted in the form only to respond to your message. This personal information will not be kept longer than necessary and will be deleted once the feedback requirement is met.

If you read or download information from our site, we automatically collect and store the following non-personal information:

  • The requested web page or download;
  • Whether the request was successful or not;
  • The date and time when you accessed the site;
  • The Internet address of the web site or the domain name of the computer from which you accessed the site;
  • The operating system of the machine running your web browser and the type and version of your web browser.

Please note that this information is strictly for the sole use of the Institute of Tourism Studies and it is not shared, leased, or sold in any manner to any other organisation.

The site www.its.edu.mt creates “cookies” for each session when you visit our web site. These cookies store information that is sent to your browser – along with a web page – when you access a web page. Your browser will return the cookie information only to the domain from where the cookie originated, i.e., www.gov.mt and no other web site can request this information.

​4.0 Recipients of your Personal Data

The recipients of your personal data include:

  • Our employees or selected individuals within the Institute of Tourism Studies, on a need-to-know basis or as a result of their duties within the Institute; and
  • Authorised processors and any authorised sub-processors who process your data on our behalf and for the same purposes as indicated above.

The Institute does not share your personal data with any entity located outside of the European union (‘EU’) or the European Economic Areas (‘EEA’).

5.0 Automated Decision-Making and Profiling​

Your personal data will not be used for any decision solely taken on the basis of automated decision-making processes, including profiling.

6.0 Data Retention​

We shall retain your personal data exclusively for the minimum amount of time necessary and allowed by law. In particular instances, we may have a legitimate interest to hold your data for longer periods such as when your data is required for exercising or defending legal claims.

​7.0 Data Subject Rights

As a data subject you have certain rights in relation to your personal data including:

  • Right of access – you have the right to ask us for copies of your personal data that is being processed. There are some restrictions which means you may not always receive all the information we process;
  • Right to Erasure – you have the right to ask us to delete your personal data in certain circumstances. This is not an absolute right and shall depend on our established retention periods;
  • Right to Object – you have a right to object and request that we cease the processing of your personal data where we rely on our, or a third party’s legitimate interests for processing your personal data or a task carried out in the public interest;
  • Right to Portability – you may request that we provide you with certain personal data which you have provided to us in a structured, commonly used, and machine-readable format. Where technically feasible, you may also request that we transmit such personal data to a third-party controller indicated by you;
  • Right to Rectification – you have the right to update or correct any inaccurate personal data which we hold about you;
  • Right to Restriction – you have the right to request that we stop using your personal data in certain circumstances including if you believe that we are unlawfully processing your personal data or the personal data that We hold about you is inaccurate;
  • Right to withdraw your consent – where our processing is based on your consent, you have the right to withdraw your consent. Withdrawal of your consent shall not affect the lawfulness of the processing based on your consent prior to the withdrawal of your consent;
  • Right to be informed of the source – where the personal data we hold about you was not provided to us directly by you, you may also have the right to be informed of the source from which your personal data originates; and
  • Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority, you shall also have the right to an effective judicial remedy where you consider that your rights under the Regulation have been violated as a result of the processing of your personal data in contravention of the Regulation.

Your rights in relation to your personal data are not absolute. If you intend to exercise one or more of your rights, please send your request to info@its.edu.mt.

No fees are applicable when exercising your rights. Moreover, you will be provided with a response without undue delay, and in any event within one month from which starts running as soon as your identity is verified.

Following your request to exercise your rights, the Institute may need to request specific information from you to help verify your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

8.0 Security​

The Institute is committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable technical and organisational measures to safeguard and secure the personal data that we collect.

If the Institute learns of a personal data breach, we may inform affected data subjects of the occurrence of the breach in accordance with Applicable Laws.

9.0 Links to other Web Sites​

Our site has a number of links to other local and international organisations and agencies. In some cases, for the benefit of the visitor, it may be required that we link to other web sites of other organisations after permission is obtained from them respectively. It is important for you to note that upon linking to another site, you are no longer on our site and you become subject to the privacy notice of the new site.

10.0 Changes to this Privacy Policy​

If there any changes to this Privacy Notice, this page shall be replaced with an updated version. It is therefore in your own interest to check this Privacy Notice any time you access our web site so as to be aware of any changes which may occur from time to time.