Commission for the Rights of Persons with Disability
Skip Navigation

Data Protection Policy

Commission for the Rights of Persons with Disability (CRPD)
Data Protection Policy

The General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act (Cap 586) regulate the processing of personal data whether held electronically or in manual form. CRPD is set to fully comply with the Data Protection Principles as set out in such data protection legislation.

Purposes for collecting data

CRPD collects and processes information to carry out its obligations in accordance with present legislation. All data is collected and processed in accordance with Data Protection Legislation, Chapter 413 Equal Opportunities (Persons with Disability) Act, Chapter 560 Parking Concessions for Persons with Disability Act, and for the purposes of CRPD’s role in connection with the Planning Authority, according to the Development Planning Act Chapter 552.

Recipients of data

Personal Information is accessed by the employees who are assigned to carry out the functions of CRPD. Personal Data will be disclosed to government departments, authorities, agencies or entities with the aim to facilitate the provision of services related to, but not limited to, employment, education, housing and social benefits. Disclosure can also be made to third parties but only as authorized by law.

Your rights

You are entitled to know, free of charge, what type of information, CRPD holds and processes about you and why, who has access to it, how it is held and kept up to date, for how long it is kept, and what the Unit is doing to comply with data protection legislation.

The GDPR establishes a formal procedure for dealing with data subject access requests. All data subjects have the right to access any personal information kept about them by CRPD, either on computer or in manual files. Requests for access to personal information by data subjects are to be made in writing and sent to the Commissioner for the Rights of Persons with Disability. Your identification details such as ID number, name and surname have to be submitted with the request for access. In case we encounter identification difficulties, you may be required to present an identification document.

CRPD aims to comply as quickly as possible with requests for access to personal information and will ensure that it is provided within a reasonable timeframe and in any case not later than one month from receipt of request, unless there is good reason for delay. When a request for access cannot be met within a reasonable time, the reason will be explained in writing to the data subject making the request. Should there be any data breaches, the data subject will be informed accordingly.

All data subjects have the right to request that their information is not used or is amended if it results to be incorrect. Data subjects may also request that their data is erased.

These rights may be restricted, if applicable, as per Data Protection Legislation.

In case you are not satisfied with the outcome of your access request, you may refer a complaint to the Information and Data Protection Commissioner, whose contact details are provided below.

The Data Protection Officer may be contacted on dataprotection@crpd.org.mt or by telephone on 2226 7600.

The Commissioner for the Rights of Persons with Disability may be contacted at:
CRPD
G5 Offices,
Psaila Street,
Birkirkara BKR 9077
Telephone: 2226 7600
Email: data.controller@crpd.org.mt

The Information and Data Protection Commissioner

The Information and Data Protection Commissioner may be contacted at:
Level 2, Airways House,
High Street,
Sliema SLM 1549
Telephone: 2328 7100
Email: idpc.info@idpc.org.mt

CCTV Surveillance Cameras Policy for CRPD

CCTV Surveillance Cameras Policy for CRPD

Scope

CRPD deals with personal data by means of CCTV camera/s and abides by this policy with regards to the data processed by this means.

Background Information

The data controller for CRPD is the Commissioner for the Rights of Persons with Disability. The data protection officer representing the Commissioner for the Rights of Persons with Disability may be contacted as follows:

ADDRESS
CRPD
G5 Offices
Psaila Street,
Birkirkara BKR 9077

Telephone
(+356) 22267600

Email
datacontroller@crpd.org.mt

Data subjects will have a right of access to data being processed as per Chapter II (Article 15) of the General Data Protection Regulation. (Please refer to section relating to Access, below). Data subjects are also hereby informed of their right to lodge a complaint with the Information and Data Protection Commissioner.

The Information and Data Protection Commissioner may be contacted as follows:

ADDRESS
Information and Data Protection Commissioner
Level 2, Airways House
High Street
Sliema SLM 1549
Malta

Telephone
(+356) 2328 7100

Email
idpc.info@idpc.org.mt

Location & Purpose

CCTV surveillance is installed in CRPD’s premises, i.e on the ground floor including its entrance, the first floor, the second floor and the basement/garage including its entrance. Affixed notices are placed in prominent and easily visible places within the monitored area. The sole purpose of surveillance is to ensure security. Relevant footage will not be used for any other purpose other than the one intended. Processing for a distinct activity that is not compatible with the original reason for which cameras were installed will only be done if prior notice is given to the data subjects.

In view of Chapter II (Article 5) of the GDPR , the Data Controller justifies the use of a CCTV Surveillance Camera system for the above-mentioned purpose. The recognisable images captured by the cameras will be processed adequately, and in a relevant manner and shall be necessary in relation to the purposes of the processing as per Chapter II Article 6 of the GDPR.

Access to Footage & Data

Access to the CCTV footage is restricted to authorised personnel only. The Data Controller shall authorise further access to footage if so required when relevant to the purpose/s specified above.

Any criminal activity caught on camera will be disclosed to law enforcement authorities after filing a Police report.

CRPD undertakes to comply with a strict security policy vis-a-vis the access to recorded images. Any internal access to visual images by CRPD or any disclosure of such images further to a request by a law enforcement authority or by the data subject shall be logged and kept as evidence.

Right of Access

Any individual whose personal data is held by CRPD, in the form of CCTV recording, can request access to that recording. The Data Controller is obliged to provide access to the footage without disclosing the identity of third parties.

If an individual is not satisfied with the reply as provided or with the manner of access that has been granted, the matter may be referred to the Information and Data Protection Commissioner who will investigate the case and ascertain that the right of access is properly granted.

Right of access request shall be made in writing and addressed to the Controller.

Retention Period

Personal data is retained for a period of seven days. This period is the necessary period for which the data was obtained. After the lapse of this period, images are overwritten by new images. If data  is extracted in relation to unacceptable behaviour leading to a criminal investigation it will be held for the period required to satisfy said legal claims, and securely erased after such activities are exhausted.

Conclusion

This policy provides the reasons and means of processing through the use of a CCTV Surveillance System within CRPD ensuring that the rights of the data subjects are not infringed, by processing personal data adequately, not more than necessary and making sure that data is not kept for a period longer than necessary in conformity with Data Protection Legislation.

Date: April 2020