Home » Privacy & Cookie Policy
We, the team at Ronald McDonald House Charities Foundation (Malta), strongly value our own privacy – and therefore are committed to protect your personal data (i.e. information that identifies you) as though it is our own.
If you have any questions about how we protect your privacy, get in touch here: [email protected]
One of your rights under EU law – the GDPR – is that you must be informed when your personal data – also known as personal information – is processed (collected, used, stored) by any organisation. You also have the right to know the details and purpose of that processing.
This privacy policy describes our practices relating to the personal data of visitors of www.rmhc-malta.com and make use of our online facilities. For all our services, the data controller — the company that’s responsible for your privacy — is Ronald McDonald House Charities Foundation (Malta) with its address at Ronald McDonald House Charities Foundation (Malta), Nineteen Twenty Three, Valletta Road, Marsa, MRS 3000.
We assure you that we will only use and disclose any personal data collected from you in accordance with the manner set out in this policy.
Most of the personal information which we may collect about you through this website is given to us only if you choose to give it to us.
Such personal information may be requested from you when you fill in a field (e.g. to submit a vacancy, sign up for our newsletter or fill in any other form with your questions and comments or any other form or application downloaded through or from Ronald McDonald House Charities Foundation (Malta) Website. If you send us emails, then the personal data we process will depend on what you send us in the email.
The information we collect from you normally includes the following:
Check out the next sections to understand how and why we use this information.
Some other information is given to us because you accessed this website (e.g. logs, recorded through cookies). This is explained in the Cookies section below.
We use your information in a number of different ways — what we do with it then depends on the information and the purpose for which we collected.
The tables below set this out in detail, showing what we do, and why we do it.
1. Your name and contact details
How we use your:
Name, Surname, and Contact Details
To send you service messages by text, e-mail or through our app, such as order updates.
2. Your contact history with us
What you’ve said to us — for example, over email or contact forms.
Provide customer service and support
3. Information about your device (phone or laptop) with which how used our website
Information you give us when you browse our site or use our app, including your IP address and device type and, if you choose to share it with us, your location data, as well as how you use our website and app.
Improve our website and set default options for you (such as language and currency)
To prevent and detect fraud against either you or us — and to meet our legal obligations about looking after your data
4. Your Payment Information
How and why we use your payment information
Take Payments, and give refunds
To prevent and detect fraud against either you or us — and to meet our legal obligations about looking after your data
The Legal Basis for Processing
This includes, for example, where it is necessary for us to use the information to perform a contract with you or take steps at your request prior to entering into a contract with you, such as to process your order, provide customer-care and support services to you.
It also includes circumstances (such as we have described below) where we have a legitimate interest to use your data, provided that proper care is taken in relation to your rights and interests:
Retention Periods
If you are aged 18 or under, please get your parent/guardian’s permission before you provide any personal information to us.
We will need to process personal data relating to parents or guardians in that case – and we may also need to request for verification documentation to ensure that consent is given or authorised by the holder of parental responsibility.
We do not, and will not, sell any of your personal data to any third party – including your name, address, email address or credit card information. It is not our business to do so – and we want to earn your trust and confidence.
What are cookies?
A cookie is a small text file (typically numbers and letters) that is downloaded onto ‘terminal equipment’ (e.g. your computer or smartphone) when you (or someone else) access a website using that device. Cookies are then sent back to originating website on each subsequent visit – and they are useful because they allow a website to recognize a user’s device and store some information about your preferences or past actions.
Some cookies are needed for the sole purpose of carrying out the transmission of a communication over an electronic communications network – others may be necessary for the provision of a service over the internet, in which case they have to be used.
Other cookies may be desirable to improve your experience, in which case we will ask you for your consent to use them.
What cookies do we use?
The cookies we use are the following:
How do you change your cookie settings?
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.
Other Passive Information which we collect
Apart from the information you provide us with when using our Website, other information is passively collected from you (without you actively furnishing such information) when you navigate through the website. We use various technologies and navigational data collection methods to gather such passive information for various reasons, for example to track how many visitors access our website, the date and time of their visit, the length of their stay and which pages they view. The passive information also aids us to determine which web browsers our visitors use and the address from which they accessed our website – for instance if they connect to our Website through clicking on one of our banner ads. This technology does not identify you personally.
Such passively collected information may be used and combined to improve our services to website visitors, customise the website based on your preferences, compile and analyse statistics and trends of our visitors and their use of the sites operated by us and our related entities or subsidiaries. Together with our related entities and subsidiaries we will use this information and share it with third parties to improve the content, functionality and administration of our websites, to better understand our customers and markets, and to improve our products and services.
We assure you that, unless you have consented, such passive information shall not be combined with personally identifiable information collected elsewhere by our website or respective sites operated by our related entities or subsidiaries.
You enjoy several rights relating to your personal information:
We need to be clear with you about how we process your personal data. We do this through this Privacy Policy, which we will keep as up to date as possible.
You can access the personal data we hold on you by contacting us [email protected]
To process your request, we will ask you to send us proof of identity so that we can be sure we are releasing your personal data to the right person.
We will carry out our best efforts to process your request within one month or, if the request is particularly complex, two months. We can provide you with a copy of your personal data in electronic format.
If we consider the frequency of your requests as being unreasonable, we may refuse to comply with your request. In those circumstances, if you disagree, you can complain to the data protection authority – in Malta, the Information and Data Protection Commissioner.
We appreciate feedback from you to ensure our records are accurate and up-to-date.
If you think that the information we hold about you is inaccurate or incomplete please ask us to correct it by contacting us here [email protected]
You can ask us to delete your personal data; however, this is not an absolute right.
In spite of a request for erasure, we may be justified to keep personal data which we need to keep, e.g. (i) to comply with a legal obligation (for instance, we are required by personal data for VAT reporting purposes); and (ii) in relation to the exercise or defence of any legal claims.
When you ask us to delete your personal data, we assume that you do not want to hear from us again. To ensure that we do not send you any special offers in the future (for example, if we purchased your details from a third party list), we will retain just enough of your personal data solely for suppression purposes.
Other than as described above, we will always comply with your request and do so promptly. We would carry out our best efforts to notify any third parties with whom we have shared your personal data about your request so that they could also comply.
You have a right to object to our use of your personal information including where we use it for our legitimate interests or where we use your personal information to carry out profiling using automated means.
You have the right to move, copy or transfer your personal data from one organisation to another. If you do wish to transfer your personal data we would be happy to help.
If you ask for a data transfer, we will give you a copy of your personal data in a structured, commonly used and machine-readable form (e.g. a CSV file format). We can provide the personal data to you directly or, if you request, to another organisation.
Please note that we are not required to adopt processing systems that are compatible with another organisation, so it may be that the recipient organisation cannot automatically use the personal data we provide.
When making a transfer request, it would be helpful if you can identify exactly what personal data you wish us to transfer.
If you want to exercise your rights, have a complaint, or just have questions, please contact us here [email protected].
Please appreciate that the rights must be exercised within some limitation – for example, if you ask us for information we can only give you what relates to you and not what relates to other persons. When we receive requests, we may also request that you identify yourself and provide documentation or information for verification (we would not want to disclose information to the wrong person). Unreasonable requests may be subjected to a reasonable fee or refusal to respond.
Security of your personal data is very important to us.
Where it’s appropriate, our website uses HTTPS to help keep information about you secure. However, no data transmission over the internet can be guaranteed to be totally secure.
You may complete a registration process when you sign up to use parts of the websites. This may include the creation of a username, password and/or other identification information. Any such details should be kept confidential by you and should not be disclosed to or shared with anyone.
Where you do disclose any of these details, you are solely responsible for all activities undertaken where they are used.
Whenever you create a password, then to protect your account you should choose a strong password, meaning it should be lengthy and include a mixture of letters and numbers with mix of CAPS.
We do our best to keep the information you disclose to us secure. However, we can’t guarantee or warrant the security of any information which you send to us.
Security measures which have implemented to secure information transmitted over our website or stored on our systems include the following:
Please understand, however, that no system is perfect or can guarantee that unauthorised access or theft will not occur.
Our website is continually under review – new functions and features are periodically added and improved to interface, thus changes to our privacy policy may be required from time to time.
We therefore encourage you to check our privacy policy on a frequent basis.
This privacy notice does not cover the links within this site linking to other websites which are not controlled by us. We are not responsible for the collection or use of your personal information from these third-party websites.
Therefore, we encourage you to read the privacy statements on the other websites you visit.
We are always happy to hear from you, whether to make a suggestion but especially if you feel we can do better.
If you have any questions about this Privacy Policy, or if you wish to make a complaint about how we have handled your personal information, please contact us at:
Ronald McDonald House Charities Foundation (Malta)
Ronald McDonald House Charities Foundation (Malta),
Nineteen Twenty Three,
Valletta Road,
Marsa, Malta MRS 3000
STANDARD
Ronald McDonald House Charities Foundation – Malta (RMHC Malta) (VO/0778) does not and shall not discriminate on the basis of gender, marital status, pregnancy or potential pregnancy, family responsibilities, sexual orientation, age, religion or belief, racial or ethnic origin, colour, gender identity or gender expression or sex characteristics, disability, political opinion, membership in a trade union or in an employers’ association or veteran status or any other prohibited basis, in any of its activities or operations. RMHC Malta is committed to providing an inclusive and compassionate environment for all volunteers, staff, service providers, contractors and those to whom RMHC Malta provides services. Fair and equal consideration will be made to any applicant of an RMHC Malta program, including a program which require satisfaction of eligibility criteria for admission thereto. Any such applicant who meets the eligibility criteria will be evaluated on the same basis as any other applicant who meets the same eligibility criteria and without regard to any other condition other than the applicant’s suitability for such program,.
RMHC Malta prohibits any form of harassment, joking remarks, bullying or other abusive conduct (including verbal, non-verbal, written and/or physical conduct) that demeans or shows hostility directed at or discriminates against any other individual as described in this Non-Discrimination Policy.
RMHC Malta does not condone any form of conduct that creates an intimidating, hostile or offensive work environment or that otherwise unreasonably interferes with the mission, purpose and values of RMHC Malta.
APPLICABILITY
This Non-Discrimination Policy shall apply to all RMHC Malta administrators, officers, staff, volunteers and representatives, including individuals who provide support and services to RMHC Malta.
GUIDELINES
Whatever their personal opinions or biases, RMHC Malta staff, contractor and volunteer actions should reflect the RMHC Malta core values of inclusion and diversity.
Staff and volunteers should be aware that invitees and others may bring their own views, prejudices, cultural and religious beliefs, and preconceptions into the RMHC Malta environment. Staff shall accommodate all individuals and shall attempt to diffuse any situations that may potentially create a hostile or offensive work environment. In accordance with all applicable laws and regulations, the needs of each individual should be balanced against the maintenance of a harmonious and productive work environment.
RMHC Malta will investigate all reports of violations of this Non-Discrimination Policy and will take appropriate corrective action as warranted.
Adopted by the RMHC Malta Administrators
RMHC Malta may hold conferences and events from time to time. At such events, we may take pictures or videos of attendees. The legal basis for such processing is the charity’s legitimate interest to build a community and promote its programmes and activities. To this end, we have completed a legitimate interest assessment, a copy of which is available upon request. You have the right to object to such processing at any time by contacting the event organisers or by getting in touch with us at [email protected]. The photos and videos may be shared with third parties or international organisations. In such cases, we will ensure that the third party or international organisation obtains your consent before we share any of your personal data with them. The photos and videos will be stored by the charity for a period of five years from the date of the event. With respect to your personal details collected in order to note your attendance to the event, we will delete this personal data immediately following the event, unless you have a direct working relationship with RMHC Malta. Should you have any queries about how we process your data, please contact us at [email protected].
CCTV Policy
Ronald McDonald House Charities Malta
VO/0778
We believe that CCTV and other surveillance systems have a legitimate role to play in helping to maintain a safe and secure environment for all our staff and visitors. However, we recognise that this may raise concerns about the effect on individuals and their privacy. This policy is intended to address such concerns. Images recorded by surveillance systems are personal data which must be processed in accordance with data protection laws. We are committed to complying with our legal obligations and ensuring that the legal rights of staff, relating to their personal data, are recognised and respected.
This policy is intended to assist staff in complying with their own legal obligations when working with personal data. In certain circumstances, misuse of information generated by CCTV or other surveillance systems could constitute a criminal offence.
For the purposes of this policy, the following terms have the following meanings:
CCTV: means fixed and domed cameras designed to capture and record images of individuals and property.
Data: is information which is stored electronically, or in certain paper-based filing systems. In respect of CCTV, this generally means video images. It may also include static pictures such as printed screen shots.
Data subjects: means all living individuals about whom we hold personal information as a result of the operation of our CCTV (or other surveillance systems).
Personal data: means data relating to a living individual who can be identified from that data (or other data in our possession). This will include video images of identifiable individuals.
Data controllers: are the people who, or organisations which, determine the manner in which any personal data is processed. They are responsible for establishing practices and policies to ensure compliance with the law. We are the data controller of all personal data used in our business for our own commercial purposes. In this case, the data controller is Ronald Mc Donald House Charities Foundation (Malta) VO/0778 with its registered address at Nineteen Twenty Three, Valletta Road, Marsa MRS 3000.
Data users: are those of our employees whose work involves processing personal data. This will include those whose duties are to operate CCTV cameras and other surveillance systems to record, monitor, store, retrieve and delete images. Data users must protect the data they handle in accordance with this policy.
Data processors: are any person or organisation that is not a data user (or other employee of a data controller) that processes data on our behalf and in accordance with our instructions (for example, a supplier which handles data on our behalf). In our case, our data processors include Fire-Tech Limited C 17901, which is our service provider for installation and maintenance of CCTV systems.
Processing: is any activity which involves the use of data. It includes obtaining, recording or holding data, or carrying out any operation on the data including organising, amending, retrieving, using, disclosing or destroying it. Processing also includes transferring personal data to third parties.
We currently use CCTV cameras to view and record individuals on and around our premises at the Learning Centre in Qawra, Malta. This policy outlines why we use CCTV, how we will use CCTV and how we will process data recorded by CCTV cameras to ensure that we are compliant with data protection law and best practice. This policy also explains how to make a subject access request in respect of personal data created by CCTV.
We recognise that information that we hold about individuals is subject to data protection legislation. The images of individuals recorded by CCTV cameras in the workplace are personal data and therefore subject to the legislation. We are committed to complying with all our legal obligations and seek to comply with best practice suggestions from the Information and Data Protection Commissioner (IDPC), as the data protection supervisory authority in Malta.
This policy covers all employees, directors, officers, consultants, contractors, freelancers, volunteers, attendees, interns, casual workers, zero hours workers and agency workers and also visiting members of the public.
This policy will be regularly reviewed to ensure that it meets legal requirements, relevant guidance published by the IDPC and industry standards.
Premier Restaurants Malta Limited Data Protection Officer has overall responsibility for ensuring compliance with the relevant legislation and the effective operation of this policy. Day-to-day management responsibility for deciding what information is recorded, how it will be used and to whom it may be disclosed has been delegated to RMHC Executive Director. Day-to-day operational responsibility for CCTV cameras and the storage of the data recorded is the responsibility of RMHC Executive Director.
Responsibility for keeping this policy up to date has been delegated to RMHC Executive Director.
We currently use CCTV around our sites as outlined below. We believe that such use is necessary for legitimate business purposes, including:
This list is not exhaustive and other purposes may be or become relevant. In addition to the above legal basis, we also process CCTV footage based on the consent which you have provided us upon commencement of the training course, activity or events which visitors may participate in. You are hereby reminded that you have the right to withdraw such consent at any time.
CCTV monitors the exterior of the building and the main entrance. The following areas are also CCTV monitored:
The above areas are monitored 24 hours a day and this data is continuously recorded.
Camera locations are chosen to minimise viewing of spaces not relevant to the legitimate purpose of the monitoring. As far as practically possible, CCTV cameras will not focus on private homes, gardens or other areas of private property.
Surveillance systems will not be used to record sound.
Images are only monitored by authorised personnel.
Staff using surveillance systems will be given appropriate training to ensure they understand and observe the legal requirements related to the processing of relevant data.
Where CCTV cameras are placed, we will ensure that signs are displayed at the entrance of the surveillance zone to alert individuals that their image may be recorded. Such signs will contain details of the organisation operating the system, the purpose for using the surveillance system and who to contact for further information.
Live feeds from CCTV cameras will only be monitored where this is reasonably necessary, for example to protect health and safety.
We will ensure that live feeds from cameras and recorded images are only viewed by approved members of staff whose role requires them to have access to such data. Recorded images will only be viewed in designated, secure offices.
In order to ensure that the rights of individuals recorded by the CCTV system are protected, we will ensure that data gathered from CCTV cameras is stored in a way that maintains its integrity and security. This may include encrypting the data, where it is possible to do so.
Given the large amount of data generated by surveillance systems, we may store video footage using a local server. We will take all reasonable steps to ensure that our CCTV service provider maintains the security of our information, in accordance with industry standards.
We may engage data processors to process data on our behalf. We will ensure reasonable contractual safeguards are in place to protect the security and integrity of the data.
Data recorded by the CCTV system will be stored digitally. Data from CCTV cameras will not be retained indefinitely but will be permanently deleted once there is no reason to retain the recorded information. Generally, recorded images will be kept for no longer than seven (7) days. We will maintain a comprehensive log of when data is deleted.
At the end of their useful life, all images stored in whatever format will be erased permanently and securely. Any physical matter such as tapes or discs will be disposed of as confidential waste. Any still photographs and hard copy prints will be disposed of as confidential waste.
Prior to introducing any new surveillance system, including placing a new CCTV camera in any workplace location, we will carefully consider if they are appropriate by carrying out a privacy impact assessment (PIA).
A PIA is intended to assist us in deciding whether new surveillance cameras are necessary and proportionate in the circumstances and whether they should be used at all or whether any limitations should be placed on their use.
Any PIA will consider the nature of the problem that we are seeking to address at that time and whether the surveillance camera is likely to be an effective solution, or whether a better solution exists. In particular, we will consider the effect a surveillance camera will have on individuals and therefore whether its use is a proportionate response to the problem identified.
No surveillance cameras will be placed in areas where there is an expectation of privacy unless, in very exceptional circumstances, it is judged by us to be necessary to deal with very serious concerns.
We will ensure that ongoing use of existing CCTV cameras on our premises is reviewed periodically to ensure that their sue remains necessary and appropriate, and that any surveillance system is continuing to address the needs that justified its introduction.
We may share data with other group companies and other associated companies or organisations, for example shared services partners, where we consider that this is reasonably necessary for any of the legitimate purposes set out above in paragraph 5.1.
No images from our CCTV cameras will be disclosed to any other third party, without express permission being given by Premier Restaurants Malta Limited Data Protection Officer. Data will not normally be released unless satisfactory evidence that it is required for legal proceedings or under a court order has been produced.
In other appropriate circumstances, we may allow law enforcement agencies to view or remove CCTV footage where this is required in the detection or prosecution of a crime.
We will maintain a record of all disclosures of CCTV footage.
No images from CCTV will ever be posted online or disclosed to the media.
Data subjects may make a request for disclosure of their personal data and this may include CCTV images (data subject access request). A data subject access request is subject to the statutory conditions from time to time in place and should be made in writing.
In order for us to locate the relevant footage, any requests for copies of recorded CCTV images must include the date and time of the recording, the location where the footage was captured and, if necessary, information identifying the individual.
We reserve the right to obscure images of third parties when disclosing CCTV data as part of a subject access request, where we consider it necessary to do so.
If any member of staff has questions about this policy or any concerns about our use of CCTV, then they should email [email protected] in the first instance.