Version 3 / Last updated: 25 July 2018
This Policy applies where we are acting as a data controller or processors with respect to your personal data when you make use of the La Valette Club Lounge and the Additional Services.
We at Malta International Airport p.l.c. are committed to protect your privacy and we will not collect any personal information about you as a visitor unless you provide it voluntarily. We consider that we have a legal duty to respect and protect any personal information you provide to us and we will abide by such duty. We take all safeguards necessary to prevent unauthorised access and we do not pass on your details collected from you as a visitor, to any third party, other than as provided in this notice.
Any personal information you communicate to us is kept within our own records in accordance with the relevant data protection and privacy laws to which the Parties are subject, including but not limited to the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Data Protection Act, Chapter 586 of the Laws of Malta and subsidiary legislation thereto, as may be amended from time to time.
The Data Controller
Malta International Airport p.l.c., a company registered under the laws of Malta with registration number C12663 and having its registered address at Malta International Airport, Luqa, LQA 4000, Malta, is the data controller and responsible for your personal data (hereinafter referred to as the “Company” “we”, “us” or “our”).
We have appointed a Data Protection Officer (hereinafter referred to as the “DPO”) who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including concerns about your personal data or our data collection practices, please contact our DPO via e-mail at firstname.lastname@example.org or via telephone on (+356) 2369 6268 during office hours.
The terms “personal data” or “personal information” mean any information about an individual for which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We only collect and process personal data that you voluntarily provide us with when: (i) you use our website; (ii) you subscribe to the La Valette Member, and/or High Altitude Membership and/or Traveller Member (hereinafter together referred to as the “Membership” and you as the “Member”); (iii) you visit the La Valette Club Lounge as a Member or non-Member; and/or (iv) when you make use of additional services including, but not limited to, meet and greet, chauffer service, special occasion package, conference room, porterage and terminal assistance (the “Additional Services”) both in the main terminal and the VIP terminal.
When you make use of our services, we may collect certain types of personal information, including with regards to the following areas:
- First name and surname;
- Postal and/or email address;
- Phone number;
- Gender, date of birth;
- Country of residence and/or nationality;
- Flight number and date of travel;
- Car registration number;
- Unique identifier information (e.g. your customer username or number and password);
- Financial information (e.g. payment card or bank account information);
- Some details provided by your device such as IP address, device ID, device type, and location data.
In the following sections we provide you with details on the points mentioned above. In particular, we want you to know what personal information we gather, for which purpose we use it and for how long we keep it.
Please note that will not share any of your personal information gathered with any third-party other than as provided in this notice.
The provision of your personal data is not a statutory or contractual requirement. You are not obliged to provide us any personal data and it is your choice whether to provide us.
How we use your personal data
We may use the personal data we collect and process about you:
- To provide you with access to our website;
- As part of our engagement procedures to provide you with the services that you have requested from us;
- To process your information for the purposes of subscribing to the Membership and to provide you with Membership benefits;
- To provide you with access to the La Valette Club as a Member or a non-Member;
- To provide you with access to the Airport Car Park as a Member;
- To process your information for the purposes of providing you with the Additional Services;
- To manage our relationship with you or your company, including for billing and debt collection purposes;
- To process your bank account details and other financial information;
- To process any personal data lawfully generated by us in the course of executing your instructions;
- personal data that we may process as a result of legal obligations imposed on us, including for the detection and prevention of fraud and other criminal activity which we are legally bound to report;
- For the development and improvement of our systems, products and services;
- To provide you with quotations, service documentation, brochures, newsletters and responses to applications;
- When you fill the “Contact Us” form on our website, and to respond to any enquiries from you regarding our products and services;
- Where you have agreed, for direct marketing and to provide you with information about certain other goods and services which we believe may be of interest to you;
- For safety and security purpose, including (amongst others) safety of our premises, property and employees, and the establishment, exercise or defense of legal claims;
- For purposes of a legitimate interest pursued by us or by a third party, provided such interest is not overridden by your interests, fundamental rights and freedom; and/or
- (or) that we may process about third party individuals when you or your company refer other data subjects to us or provide us with personal data relating to such third parties;
Legal Bases of Processing Personal Data
The legal bases of processing your personal data are the following:
- Entering into and performing the obligations and rights under the terms of services for the Membership, the Additional Services, and/or for visiting the La Valette Lounge, in particular to provide the services requested and to manage our relationship with you. Providing such personal data is necessary for our performance of such contracts. The consequence for not doing such processing would be that we would be unable to provide you with the Membership and/or the services that you request from us and to enter into the terms of service with you;
- On the basis of our legitimate interests or compliance with legal obligations, as applicable, we may also process your personal data for the purposes of establishing, exercising or defending legal proceedings; and
- Your explicit consent – in which case, our processing shall be limited to the purposes specifically indicated when your consent was requested.
Contact, Feedback and Newsletter
Cookies and Data Analytics
Where You Provide Us with Personal Data Related to Third Party Data Subjects
If you are a company or other corporate entity and/or you supply to us personal data of third parties such as other visitors, your employees, affiliates, service providers or any other individuals, you shall be solely responsible to ensure that:
- you bring this policy to the attention of such third parties;
- the provision of such personal data to us fully complies with applicable laws;
- any information notices, approval, consents or other requirements that may be required before the provision of such third party personal data to us shall be collected and fulfilled solely by you;
- you remain responsible for making sure the information you give us is accurate and up to date, and you must tell us if anything changes as soon as possible.
You hereby fully indemnify us and shall render us completely harmless against all costs, damages or liability of whatsoever nature resulting from any claims or litigation (instituted or threatened) against us as a result of your provision of such third party personal data to us.
Disclosures of your Personal Data
Any of your personal information gathered through the use of our website and for the purposes of providing you with the services requested from us, will only be shared with selected individuals within our company who have an operational need to retrieve it. We do not share any of your personal information with any third-party other than as provided in this notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. We make use of the following third party services:
We may disclose your personal data to third parties to whom disclosure may be required as a result of legal obligations imposed on us.
We or Our processors may transfer your personal data to non-EEA countries. In doing so we shall ensure the lawful processing of your personal data by putting in place the appropriate safeguards in accordance with the applicable privacy laws, and/or any other applicable legislation. These appropriate safeguards include the EU Model Clauses entered into by us and our processors/controllers; or ensuring that our data processors located in the United States of America subscribe to the Privacy Shield. MIA shall provide you with a copy of these EU model clauses upon reasonable request which may be submitted on email@example.com.
Links to other Websites
Your Rights at Law
Your principal rights under the GDPR are the following:
- Access your personal data by making a Data Subject Access Request.
- Rectification, erasure or restriction of processing of your personal data in certain circumstances
- Object to the processing of your information in certain circumstances
- Data portability to other data controllers, where technically feasible
- Right to be informed of the source – where the personal data we hold about you was not provided to us directly by you, you may also have the right to be informed of the source from which your personal data originates
You can access your personal data by filing a Data Subject Access Request Form online or sending it to our Data Protection Officer. Both the online and offline form together with contact details can be accessed via this link.
To exercise other rights, please contact our Data Protection Officer on firstname.lastname@example.org or via telephone on (+356) 2369 6268 during office hours.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
If you consider that our processing of your personal information infringes data protection laws, you can contact us on email@example.com or via our website. You also have a legal right to lodge a complaint with a supervisory authority responsible for data protection. In Malta the supervisory authority is the Information and Data Protection Commissioner (IDPC).
We guarantee to have in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data only to those employees, agents, contractors and other third parties who have an operational need to know in order satisfy the above outlined purposes of processing. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
As a Member, we’ll normally retain your personal data for the duration of our relationship with you. In all cases, we will only keep your personal data for as long as it is needed for the purposes for which it was collected. Where it is no longer required, your personal data shall be immediately and irrevocably destroyed.
In any case, we will not retain your personal data for more than 5 years for the above mentioned purposes unless we have a statutory obligation imposed on us, a business need to retain the personal data, and/or require the personal data to exercise or defend legal claims. Any personal data which we may hold on the basis of your consent shall be retained exclusively until when you withdraw your consent.
We will keep this privacy notice under regular review. If there are any changes to this Policy, we will replace this page with an updated version on the website. At the start of this page, we will tell you when it was last updated.
We suggest that you check on the Policy any time you access our website so as to be aware of any changes which may occur from time to time. We may also notify you of changes to this Policy by email or other means, where such data is available.