Data Protection


Malta International Airport p.l.c. takes its obligations with regard to your personal information seriously and is committed to ensuring your privacy is protected at all times.

The Company’s principal activities are the operation and management of the passenger terminal at Malta International Airport and the surrounding airport campus.

Importantly, within the airport environment, other organisations may collect your personal information including airlines and their representatives, retail outlets and other service providers.  Personal data collected by these organisations does not fall within Malta International Airport plc’s responsibility and should data subject access be required, they should be lodged directly to the relevant entity.


Article 15 of the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) grants you the right to access your personal data held by Malta International Airport p.l.c. (“Company”, “MIA”, “We”, “Our”), including the right to obtain confirmation that we process your personal data, receive certain information about the processing of your personal data, and obtain a copy of the personal data we process.

We suggest that you submit this request in the online form provided below. However, we also made the form available for download in order for you to be able to submit it electronically via email on or via postal mail to the following address:

Heinz Lachinger
Data Protection Officer
c/o Malta International Airport p.l.c.
Malta International Airport, Level 2
Luqa, LQA4000

Print-Version here


In addition to exercising your access right, the GDPR also grants you the right to request correction or erasure of your personal data; restrict or object to certain types of data processing; and lodge a complaint with the Office of the Information and Data Protection Commissioner (“IDPC”). For more information on your rights under the GDPR we suggest you to refer to our Privacy Policy available on our website via



We want to make sure that you know why we are asking you to fill out this form, what we need to verify your identity and how the access request process will continue. We recommend you to read this section carefully to ensure that the access request can be satisfied quickly and efficiently.

  • We need your details in order to locate the data you are requesting

To help us process your request quickly and efficiently, please provide as much detail as possible about the personal data you are requesting access to. Please include time frames, dates, names, types of documents, file numbers, or any other information to help us locate your personal data. For example, you may specify that you are seeking employment records or personnel records; personal data held by our marketing department; medical records; e-mail or other electronic communications (specify the approximate dates and times); billing information; photographs; video footage; user activity logs; or transaction histories.

  • We will contact you if we need further information to fulfil your request

We will contact you for additional information if the scope of your request is unclear or does not provide sufficient information for us to conduct a search. This would be the case, for example, if you request “all information about me”.

We may also request additional information from you to help confirm your identity and your right to access and to provide you with the personal data we hold about you. We reserve the right to refuse to act on your request if we are unable to identify you.

  • We will use the information you provide only to fulfil your request and nothing else

We will use the information you provide on this form solely to identify the data subject, to identify the person requesting data on behalf of the data subject, if applicable, and the personal data you are requesting access to, in order to respond to your request. After satisfying your request it will be deleted without undue delay.

  • We need to verify your identity

Before we can respond to your access request we require proof of your identity. This enables us to ascertain that no person other than you requests access to and receives your valuable personal data without your knowledge and permission. To help us establish your identity, you must provide identification that clearly shows your name, date of birth, current address and ID number.

Please attach a scanned image of one of the following as proof of identity:

  • Passport
  • Driver’s license
  • National Identification number card
  • Birth or adoption certificate

Please also attach copy of one of the following showing your current address and dated within the last three months:

  • Bank statement
  • Credit card statement
  • Utility bill

If you are making this request on behalf of the data subject, we need information and proof of identity both on you and the data subject.

As soon as we have verified your identity and have all of the information we need to locate your personal data, we can begin processing your access request.

  • If you act on behalf of the data subject we also need proof of your authorization

In addition to proof of identity of yourself and the data subject, we also need to verify that you have the legal authority to act on behalf of the data subject. This is crucial to guarantee the protection of the data subject’s information. Please make sure that you fill in both sections of the form.

We accept a copy of the following as proof of your legal authority to act on the data subject’s behalf: a written consent signed by the data subject, a certified copy of a Power of Attorney or evidence of parental responsibility.

We reserve the right to refuse to act on your request if we are unable to identify the data subject and you or your legal authority to act on the data subject’s behalf.

  • You can contact us anytime

If you have questions relating to the access request or you do not have any of the forms of identification available, please contact our Data Protection Officer, Mr Heinz Lachinger, at or on +356 2369 6661.

  • We will provide you with a variety of information

In response to your request, we will provide you with the information required by Article 15 of the GDPR, including information on:

  • the purposes of processing;
  • categories of personal data processed;
  • recipients or categories of recipients who receive personal data from us;
  • how long we store the personal data or the criteria we use to determine retention periods;
  • information on the personal data’s source if we do not collect it directly from you;
  • whether we use automated decision-making and the consequences of this processing;
  • your rights to request correction or erasure of your personal data; restrict or object to certain types of processing with respect to your personal data; and make a complaint with the IDPC.

If the information you request reveals personal data about a third party, we will either seek that individual’s consent before responding to your request, or we will redact third parties’ personal data before responding. If we are unable to provide you with access to your personal data because disclosure would violate the rights and freedoms of third parties, we will notify you of this decision.

Applicable law may allow or require us to refuse to provide you with access to some or all of the personal data that we hold about you, or we may have destroyed, erased, or made your personal data anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal data, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

  • We will fulfil your valid access request within one month

In line with Article 12 of the GDPR you can expect us to respond to your request within one month of receipt of a fully completed form and proof of identity.

It is up to you decide whether you would like to receive a hard copy or an electronic copy of the personal data you are requesting.