Malta Union for Midwives and Nurses
Privacy Notice - Website
Last updated: 09/05/2020
Malta Union for Midwives and Nurses (hereinafter referred to as “MUMN”, “Union”) is the data controller for the purposes of applicable data protection law. The Union respects your privacy and is committed to protecting your personal data which we process. This Privacy notice explains how the Union will comply with applicable data protection law, this includes, the General Data Protection Regulation (EU) 2016/679 (‘GDPR’), the Data Protection Act (Chapter 586 of the Laws of Malta), any subsidiary legislation thereto and any other applicable laws relating to privacy and electronic communications as may be amended from time to time.
The data controller is MUMN in Malta, a non-governmental organisation in its dual role as a trade union and as a professional body seeking to further the professional development of midwives, nurses and other healthcare professionals and workers. This means that we are responsible for deciding how we hold and use personal information about you.
MUMN’s contact details are as follows:
Les Lapins, Court B, Flt 3
Mosta, MST 9022
Tel.: +356 21448542
For general contact please send us an email on firstname.lastname@example.org
Data protection principles
The Union is committed towards compliance. If we need to collect, store or otherwise use your personal data, we will abide by the following data protection principles:
- Lawfulness, fairness and transparency: the processing of personal data shall take place in a lawful, fair and transparent manner;
- Purpose Limitation: the collection of personal data shall only be performed for specified, explicit and legitimate purposes and shall not be further processed in a manner that is incompatible with those purposes;
- Data Minimisation: the collection of personal data shall be adequate, relevant and limited to what is necessary in relation to the purpose for which they are processed;
- Accuracy: the personal data shall be accurate and where necessary, kept up to date. Every reasonable step shall be taken to ensure that personal data that are inaccurate having regard to the purposes for which they are processed, are erased or rectified without delay;
- Storage Limitation: personal data shall be kept in a form which permits identification of the data subject for no longer than it is necessary for the purpose for which the personal data are processed;
- Integrity and Confidentiality: personal data shall be kept confidential and stored in a manner that ensures appropriate security. Personal data shall not be shared with third parties except when necessary and with a justifiable legal basis.
The Personal data we collect and how we use it
We collect and process personal data relating to you in connection with your use of this website and our relationship with you. This personal data may include:
Purpose for processing
Your name and email address through the “Get- in- touch” form.
To provide you with information and get in touch with you to answer your queries.
To respond to your message and in respect of the services which we provide.
The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when processing is necessary for the purposes of the business legitimate interests pursued by the controller except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject..
Personal data that you may provide in an online application form to register to become a member.
To assess all applications in order to approve or reject applications to be a member.
The legal basis we rely on to process your personal data is article 6(1)(b) of the GDPR, which allows us to process personal data when processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Furthermore, we may also rely on to process your personal data is article 9(d) of the GDPR, where processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects.
Personal data such as email address is collected in order to reach out to all members to update them in relation to recent union activities and issues of general concern.
To provide you with all recent updates of union activities.
The legal basis we rely on to process your personal data is article 9(d) of the GDPR, where processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects.
Information such as Name, Surname, ID card no., student identification etc collected through Registration process during events organised by MUMN.
To determine event attendance.
The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when processing is necessary for the purposes of the business legitimate interests pursued by the controller except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
Personal data of employees relating to their employment at MUMN.
Personal data is collected for purposes pertaining to the individual's employment with the Union, including but not limited to performance reviews, the administration of employee payroll, and for the purpose of complying with applicable employment legislation.
For more information, employees should refer to our Employees Privacy Notice which is provided to all employees at commencement of employment.
The legal basis we rely on for processing your personal data is article 6(1)(b) of the GDPR, which relates to processing necessary to perform a contract.
Filming and/or photography. We aim to avoid using images which could identify members of the public. In certain cases, we will require your consent.
For publication in our official publications and/or our social media channels.
In certain circumstances we may also rely on consent under article 6(1)(a) of the GDPR, which allows us to process information when the data subject has given his or her consent for a specific purpose.
In such cases, you will be provided with clear information as to what you are consenting to and how you can withdraw your consent.
Any personal data relating to you that you provide to us or that we generate about you in connection with your use of our official website.
When you visit our website, the following information is retained about that visit:
· IP (Internet Protocol) address;
· the number of times per visit a request for data was received from each IP address;
· the date and time when you accessed the website;
· the length of time spent on our website;
· the IP address of a link if used to access our website;
· the identity of any search engine used to access our website;
· the requested web-page or download;
· a list of all the pages visited while in our website; and
· the name of the browser used, e.g. Firefox, Chrome, Internet Explorer.
No attempt is made to identify individual users or to associate the technical details listed above with any individual
To improve and develop this website.
To generate and analyse statistics regarding usage of this website, including the frequency of use of individual pages (where possible, personal data will be anonymised before being used for this purpose).
The legal basis we rely on to process your personal data is article 6(1)(a) of the GDPR, which allows us to process personal data when the data subject has given consent to the processing of his or her own personal data for one or more specific purposes.
In such cases, you will be provided with clear information as to what you are consenting to and how you can manage your cookie settings.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
What cookies do we use?
Strictly Necessary Cookies
These Cookies are essential to enable you to navigate and use the features of the website. Without these Cookies, you may not be able to take full advantage of our services or features, and the website will not perform as smoothly for you as we would like.
By law we do not need to obtain your consent in order to use these cookies.
We use the following types of cookies that are placed on the Website, their function, the purposes for which the data are collected and how long data collected by cookies are kept. Please note that the names of the cookies may change over time:
Used to distribute traffic to the website on several servers in order to optimise response times.
Used to distribute traffic to the website on several servers in order to optimise response times.
The cookie is necessary for secure log-in and the detection of any scam or abuse of the website.
Preserves users states across page requests.
Disclosing your personal data
Except as described in this privacy notice, we will not intentionally disclose the personal data that we collect or store to third parties without your prior explicit consent. We may disclose information to third parties in connection with the abovementioned purposes, in the following circumstances:
- any third parties who we engage to provide services to us, such as outsourced IT service providers and professional advisors;
- any advisers/auditors auditing any of our business processes or who need to access such information for the purpose of advising us;
- any law enforcement body which may have any reasonable requirement to access your personal data for the purposes of the prevention, investigation or detection of any crime;
- any regulatory body or authorised entity where required or permitted by law, which may have any reasonable requirement to access your personal data;
- any successor (or receiving) entity in the event of reorganisation or similar event.
All our third-party service providers are required to take appropriate security measures to protect your personal data in line with the Data Protection and other applicable laws. Moreover, we only permit them to process your personal data for specified purposes and in accordance with our legally binding agreements.
The information you provide to us may be shared with third parties situated in other European Economic Area (‘EEA’) Member States. The Union will only transfer personal data outside the EEA after taking the necessary steps to ensure that your privacy rights continue to be protected, as outlined in this privacy notice and in accordance with applicable data protection laws. For example, we will transfer your personal data outside of the EEA with your consent, to fulfil a legal obligation, to fulfil our contractual obligations, or to protect the public interest.
The personal data that we process for the abovementioned purposes shall not be kept for longer than is necessary. We retain your personal data for as long as we need it to comply with our obligations under applicable law, to enforce our agreements and, if relevant, for the establishment, exercise and defence of legal claims.
We will actively review the personal data we handle, process and store, and will delete or anonymise it in a secure manner when there is no longer a legal, business or customer need for it to be retained.
For more information on the retention of your personal data please contact us on email@example.com.
In those cases where it is not possible for us to specify in advance the periods for which your personal data will be retained, we will base our determination on the following criteria:
- the purpose(s) was for which your personal data was collected;
- whether there are any statutory obligations, obliging us to continue to process your information;
- whether we have a legal basis in place to continue to process your information, including but not limited to consent;
- the value attached to your information;
- whether there are any industry practices stipulating how long information should be retained;
- the risk, cost and liability attached to such retention; and
- any other relevant circumstances.
Data subject rights
As a data subject you have certain rights in relation to your personal data including:
- Right of access – you have the right to ask us for copies of your personal data that is being processed. There are some restrictions which means you may not always receive all the information we process;
- Right to Erasure – you have the right to ask us to delete your personal data in certain circumstances. This is not an absolute right and shall depend on our established retention periods;
- Right to Object – you have a right to object and request that we cease the processing of your personal data where we rely on our, or a third party’s legitimate interests for processing your personal data or a task carried out in the public interest;
- Right to Portability – you may request that we provide you with certain personal data which you have provided to us in a structured, commonly used and machine-readable format. Where technically feasible, you may also request that we transmit such personal data to a third party controller indicated by you;
- Right to Rectification – you have the right to update or correct any inaccurate personal data which we hold about you;
- Right to Restriction – you have the right to request that we stop using your personal data in certain circumstances including if you believe that we are unlawfully processing your personal data or the personal data that We hold about you is inaccurate;
- Right to withdraw your consent – where our processing is based on your consent, you have the right to withdraw your consent. Withdrawal of your consent shall not affect the lawfulness of the processing based on your consent prior to the withdrawal of your consent;
- Right to be informed of the source – where the personal data we hold about you was not provided to us directly by you, you may also have the right to be informed of the source from which your personal data originates; and
- Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority, you shall also have the right to an effective judicial remedy where you consider that your rights under the Regulation have been violated as a result of the processing of your personal data in contravention of the Regulation.
Your rights in relation to your personal data are not absolute. If you intend to exercise one or more of your rights, please send your request to firstname.lastname@example.org
Generally, no fees are applicable when exercising your rights. However, we may charge a reasonable administrative fee if your request is clearly unfounded, repetitive or excessive. Moreover, you will be provided with a response without undue delay, and in any event within 30 calendar days from which starts running as soon as your identity is verified.
Following your request to exercise your rights, the Union may need to request specific information from you to help verify your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We take appropriate security measures to protect against loss, misuse and unauthorised access, alteration, disclosure, or destruction of your information. The Union has taken steps to ensure the ongoing confidentiality, integrity, availability, and resilience of systems and services processing personal information, and will restore the availability and access to information in a timely manner in the event of a physical or technical incident.
No method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or organisational safeguards.
All our staff who process personal data are provided with regular training on information security practices.
We have put in place procedures to deal with any suspected personal data security breach and will notify regulator of a suspected breach where we are legally required to do so. In certain cases, we will also inform you, as the data subject, of the occurrence of the breach and the steps you need to take to safeguard your rights.
If you believe your personal data has been compromised, please contact us at email@example.com
Links to other websites
Where we provide links to websites of other organisations or entities, this privacy notice does not cover how that organisation processes your personal information. We encourage you to read the privacy notices on the other websites you visit.
Changes to this privacy notice
This Privacy notice may change from time to time. If we change this notice in ways that affect how we use your personal data, we will advise you of the choices you may have as a result of those changes. We will also post a notice that this privacy notice has changed.