Privacy Policy

Version 4 / Last updated: 27 July 2021

This Policy applies where we are acting as a data controller or processors with respect to your personal data when you make use of the La Valette Club Lounge and the Additional Services.

We at Malta International Airport p.l.c. are committed to protect your privacy and we will not collect any personal information about you as a visitor unless you provide it voluntarily. We consider that we have a legal duty to respect and protect any personal information you provide to us and we will abide by such duty. We take all safeguards necessary to prevent unauthorised access and we do not pass on your details collected from you as a visitor, to any third party, other than as provided in this notice.

Any personal information you communicate to us is kept within our own records in accordance with the relevant data protection and privacy laws to which the Parties are subject, including but not limited to the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Data Protection Act, Chapter 586 of the Laws of Malta and subsidiary legislation thereto, as may be amended from time to time.

The Data Controller

Malta International Airport p.l.c., a company registered under the laws of Malta with registration number C12663 and having its registered address at Malta International Airport, Luqa, LQA 4000, Malta, is the data controller and responsible for your personal data (hereinafter referred to as the “Company” “we”, “us” or “our”).

We have appointed a Data Protection Officer (hereinafter referred to as the “DPO”) who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including concerns about your personal data or our data collection practices, please contact our DPO via e-mail at or via telephone on (+356) 2369 6268 during office hours.

Personal Data

The terms “personal data” or “personal information” mean any information about an individual for which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We only collect and process personal data that you voluntarily provide us with when: (i) you use our website; (ii) you subscribe to the La Valette Member, and/or High Altitude Membership and/or Traveller Member (hereinafter together referred to as the “Membership” and you as the “Member”); (iii) you visit the La Valette Club Lounge as a Member or non-Member; and/or (iv) when you make use of additional services including, but not limited to, meet and greet, chauffer service, special occasion package, conference room, porterage and terminal assistance (the “Additional Services”) both in the main terminal and the VIP terminal.

When you make use of our services, we may collect certain types of personal information, including with regards to the following areas:

  • First name and surname;
  • Postal and/or email address;
  • Phone number;
  • Gender, date of birth;
  • Country of residence and/or nationality;
  • Flight number and date of travel;
  • Car registration number;
  • Unique identifier information (e.g. your customer username or number and password);
  • Financial information (e.g. payment card or bank account information);
  • Some details provided by your device such as IP address, device ID, device type, and location data.

In the following sections we provide you with details on the points mentioned above. In particular, we want you to know what personal information we gather, for which purpose we use it and for how long we keep it.

Please note that will not share any of your personal information gathered with any third-party other than as provided in this notice.

The provision of your personal data is not a statutory or contractual requirement. You are not obliged to provide us any personal data and it is your choice whether to provide us.

How we use your personal data

We may use the personal data we collect and process about you:

  • To provide you with access to our website;
  • As part of our engagement procedures to provide you with the services that you have requested from us;
  • To process your information for the purposes of subscribing to the Membership and to provide you with Membership benefits;
  • To provide you with access to the La Valette Club as a Member or a non-Member;
  • To provide you with access to the Airport Car Park as a Member;
  • To process your information for the purposes of providing you with the Additional Services;
  • To manage our relationship with you or your company, including for billing and debt collection purposes;
  • To process your bank account details and other financial information;
  • To process any personal data lawfully generated by us in the course of executing your instructions;
  • personal data that we may process as a result of legal obligations imposed on us, including for the detection and prevention of fraud and other criminal activity which we are legally bound to report;
  • For the development and improvement of our systems, products and services;
  • To provide you with quotations, service documentation, brochures, newsletters and responses to applications;
  • When you fill the “Contact Us” form on our website, and to respond to any enquiries from you regarding our products and services;
  • Where you have agreed, for direct marketing and to provide you with information about certain other goods and services which we believe may be of interest to you;
  • For safety and security purpose, including (amongst others) safety of our premises, property and employees, and the establishment, exercise or defense of legal claims;
  • For purposes of a legitimate interest pursued by us or by a third party, provided such interest is not overridden by your interests, fundamental rights and freedom; and/or
  • (or) that we may process about third party individuals when you or your company refer other data subjects to us or provide us with personal data relating to such third parties;

Legal Bases of Processing Personal Data

The legal bases of processing your personal data are the following:

  • Entering into and performing the obligations and rights under the terms of services for the Membership, the Additional Services, and/or for visiting the La Valette Lounge, in particular to provide the services requested and to manage our relationship with you. Providing such personal data is necessary for our performance of such contracts. The consequence for not doing such processing would be that we would be unable to provide you with the Membership and/or the services that you request from us and to enter into the terms of service with you;
  • Our legitimate interests, in particular legitimate interests which may arise directly or indirectly in relation to your instructions, to communicate with you and keep you updated with information in relation to the services that you requested from us. We also have a legitimate interest to process your personal data for safety and security when you are visiting the La Valette Lounge, the airports premises, including the Airport Car Park, such as monitoring secured areas by means of CCTV footage (please read our CCTV Privacy Policy here). When we process your personal data on the basis of our legitimate interests, we ensure that the legitimate interests pursued by us are not overridden by your interests, rights and freedoms;
  • On the basis of our legitimate interests or compliance with legal obligations, as applicable, we may also process your personal data for the purposes of establishing, exercising or defending legal proceedings; and
  • Your explicit consent – in which case, our processing shall be limited to the purposes specifically indicated when your consent was requested.

Contact, Feedback and Newsletter

For more information on the processing of your personal data for the purposes of contacting us, providing your feedback or subscribing to our Newsletter, please refer to our Website Privacy Policy. If you would like to receive a paper copy please contact us on

Cookies and Data Analytics

For more information on the processing of your personal data for the purposes of use of cookies on our website and data analytics, please refer to our Website Privacy Policy. If you would like to receive a paper copy please contact us on

Where You Provide Us with Personal Data Related to Third Party Data Subjects

If you are a company or other corporate entity and/or you supply to us personal data of third parties such as other visitors, your employees, affiliates, service providers or any other individuals, you shall be solely responsible to ensure that:

  • you bring this policy to the attention of such third parties;
  • the provision of such personal data to us fully complies with applicable laws;
  • any information notices, approval, consents or other requirements that may be required before the provision of such third party personal data to us shall be collected and fulfilled solely by you;
  • you remain responsible for making sure the information you give us is accurate and up to date, and you must tell us if anything changes as soon as possible.

You hereby fully indemnify us and shall render us completely harmless against all costs, damages or liability of whatsoever nature resulting from any claims or litigation (instituted or threatened) against us as a result of your provision of such third party personal data to us.

Disclosures of your Personal Data

Any of your personal information gathered through the use of our website and for the purposes of providing you with the services requested from us, will only be shared with selected individuals within our company who have an operational need to retrieve it. We do not share any of your personal information with any third-party other than as provided in this notice.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. We make use of the following third party services:

  • Zendesk to help us manage our customer support services and to provide us with support statistics to help us improve our services. For more information on how Zendesk manages your data please visit their Privacy Policy;
  • Mailchimp who assist us in sending newsletters to users who subscribe to receive them and to provide us with support statistics to help us improve our services to you. For more information on how Mailchimp manages your data please visit their Privacy Policy;
  • Google Analytics to evaluate the airport’s website usage, content, usability and composition. Further information about Google’s privacy policy may be obtained from this link.
  • Hotjar to help us better understand our website users’ experience based on cookies (see cookie policy above) and other technologies to collect data on our users’ behaviour and their device. For further details, please see Hotjar’s privacy policy here.
  • Endeavour is our payment gateway service provider. You can find Endeavour’s privacy policy on their website.

We may disclose your personal data to third parties to whom disclosure may be required as a result of legal obligations imposed on us.

We or Our processors may transfer your personal data to non-EEA countries. In doing so we shall ensure the lawful processing of your personal data by putting in place the appropriate safeguards in accordance with the applicable privacy laws, and/or any other applicable legislation. These appropriate safeguards include the EU Model Clauses entered into by us and our processors/controllers; or ensuring that our data processors located in the United States of America subscribe to the Privacy Shield. MIA shall provide you with a copy of these EU model clauses upon reasonable request which may be submitted on

Insurance Cover

As a Member, you may benefit from Insurance Cover under a travel policy provided by MAPFRE Middlesea plc (the “Insurer”). We may process your personal data to correspond with you and the Insurer regarding the insurance policy, and to facilitate the policy set up and the relationship between you and the Insurer. In so doing, we might need to pass on your personal data to the Insurer for them to process information related to this policy but before doing so, we will ask for your consent. In that case, the Insurer will be your Data Controller and will process your personal data in line with their Privacy Policy.

Links to other Websites

Our site has a number of links to other local and international organisations and agencies. In some cases, for the benefit of the visitor, it may be required that we link to websites of other organisations after permission is obtained from them respectively. It is important for you to note that upon entering a linked website, you are no longer on our site and you become subject to the privacy policy of the other site.

Your Rights at Law

Your principal rights under the GDPR are the following:

  • Access your personal data by making a Data Subject Access Request.
  • Rectification, erasure or restriction of processing of your personal data in certain circumstances
  • Object to the processing of your information in certain circumstances
  • Data portability to other data controllers, where technically feasible
  • Right to be informed of the source – where the personal data we hold about you was not provided to us directly by you, you may also have the right to be informed of the source from which your personal data originates

You can access your personal data by filing a Data Subject Access Request Form online or sending it to our Data Protection Officer. Both the online and offline form together with contact details can be accessed via this link.

To exercise other rights, please contact our Data Protection Officer on or via telephone on (+356) 2369 6268 during office hours.

To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

If you consider that our processing of your personal information infringes data protection laws, you can contact us on or via our website. You also have a legal right to lodge a complaint with a supervisory authority responsible for data protection. In Malta the supervisory authority is the Information and Data Protection Commissioner (IDPC).

Data Security

We guarantee to have in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data only to those employees, agents, contractors and other third parties who have an operational need to know in order satisfy the above outlined purposes of processing. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

Data Retention

As a Member, we’ll normally retain your personal data for the duration of our relationship with you. In all cases, we will only keep your personal data for as long as it is needed for the purposes for which it was collected. Where it is no longer required, your personal data shall be immediately and irrevocably destroyed.

In any case, we will not retain your personal data for more than 5 years for the above mentioned purposes and for no more than 10 years in relation to invoices and/or any other accounting records that we retain, unless we have a statutory obligation imposed on us, a business need to retain the personal data, and/or require the personal data to exercise or defend legal claims. Any personal data which we may hold on the basis of your consent shall be retained exclusively until when you withdraw your consent.

Changes to this Privacy Policy

We will keep this privacy notice under regular review. If there are any changes to this Policy, we will replace this page with an updated version on the website. At the start of this page, we will tell you when it was last updated.

We suggest that you check on the Policy any time you access our website so as to be aware of any changes which may occur from time to time. We may also notify you of changes to this Policy by email or other means, where such data is available.