The Research Innovation Unit (RIU) values your privacy and is committed to taking its responsibility to manage and safeguard your data seriously. We will be clear and transparent about the information we are collecting and what we will do with that information.

This Privacy Policy sets out the following:

• What personal data do we collect and process.
• Where do we obtain the data from.
• What do we do with that data.
• How do we store the data.
• How and when we disclose your information and under what circumstances.
• How we deal with your data protection rights.
• How do we comply with the data protection rules.

All personal data is collected and processed under Maltese and EU data protection laws.

Research Innovation Unit [referred to throughout this policy as RIU, we, us, our] is the “data controller” of all personal information collected.

What personal data do we collect?

Personal data means any information that allows us to identify you, such as your name, contact details, and age. We may collect personal data from you when you use our website, participate in a survey, competition, event, or programme, interact with our social media channels, activity or when you contact us.

Specifically, we may collect the following categories of information:

• Name, home address, e-mail address, telephone and cell phone numbers, passport or other recognised personal ID card numbers and details.
• Information about your use of our website.
• The communications you exchange with or direct to us via letters, emails, chat services, calls, and social media.
• Details about your organisation.

What do we use your data for, why and for how long?

Your data may be used for the following purposes:

• Providing services, programmes, events, or any activity you request to be updated on or involved in: we use the information you give us to perform the services you have requested.
• Contacting you in the event of a change in dates, time or location of any service, programme, event, or activity: we send you communications about the services you have asked for and any changes to such services. These communications are not made for marketing purposes and cannot be opted out.
• Administrative or legal purposes: we use your data for statistical analysis, systems testing, surveys, maintenance, and development, or to deal with a dispute or claim. Note that we may perform data profiling based on the data we collect from you for statistical analysis purposes. Any profiling activity will be carried out with your prior consent only and by making the best endeavours to ensure that all data it is based on is accurate. By providing any personal data, you explicitly agree that we may use it to perform profiling activities by this Privacy Policy.
• Promotion: from time to time, we will contact you with information regarding Climate Action Initiatives or stakeholder mappings via e-communications. You will have the choice to opt-in or opt out of receiving such communications by indicating your preference at such stage. You will also be allowed on every e-communication we send you to indicate that you no longer wish to receive our direct marketing material.

We will only process your data where we have a legal basis. The legal basis will depend on the reasons we have collected and the need to use your data.

We will not retain your data for longer than is necessary to fulfil the purpose it is being processed for. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the purposes for which we process it and whether we can achieve those purposes through other means.

We will securely delete or destroy your personal data when we no longer need it. We will also consider if and how we can minimise over time the personal data that we use and if we can anonymise your data so that it can no longer be associated with you or identify you, in which case we may use that information without further notice to you.

Cookies (Website)

Like everything on the web, websites require the use of cookies for functionality as well as your convenience. The hereunder explains the use of such:

• If you leave a comment on our site, you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
• If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
• When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
• If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
• Data Analytics, we make use of Google Analytics to help us determine the performance of our website, understand our viewer’s needs as well to serve us in key performance analysis. Please visit the Google Privacy Policy and GDPR Compliance site here.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

It is being made clear that RIU has no control over embedded cookies from content providers and can’t be held liable in any way for such.

Security of your data

We follow strict security procedures in storing and disclosing your personal, protecting it against accidental loss, destruction, or damage. The data you provide to us is protected using SSL (Secure Socket Layer) technology. SSL is the industry-standard method of encrypting personal information and credit card details so they can be securely transferred over the Internet.

We may disclose your information to trusted third parties for this Privacy Policy. We require all third parties to have appropriate technical and operational security measures to protect your data, in line with Maltese and EU laws on data protection rules.

Sharing your data

Your data may be shared with other entities who, through signed legal agreements, are official partners of the Research Innovation Unit.

Your Data Protection Rights

Under certain circumstances, by law, you have the right to:

• Request information about whether we hold personal information about you and, if so, what that information is and why we are holding/using it.
• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• Object to processing of your personal information where we rely on a legitimate interest (or those of a third party), and something about your situation makes you want to object to processing on this ground. You also have the right to object to where we are processing your personal information for direct marketing purposes.
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it.
• Withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purposes you originally agreed to unless we have another legitimate basis for doing so at law.

Data Protection Officer

We have appointed a Data Protection Officer (“DPO”) to oversee compliance with this policy. You have the right to query at any time by email to info@riu.gov.mt, and the email needs to read Attn: Data Protection Officer in the email’s subject.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to anyone with no right to receive it.

In case you are not satisfied with the outcome of your access request, you may refer a complaint to the Information and Data Protection Commissioner, whose contact details are provided below.

The Information and Data Protection Commissioner

The Information and Data Protection Commissioner may be contacted at their site https://idpc.org.mt/.

Changes to Privacy Policy

Our Privacy Policy may change from time to time, and any changes to the statement will be communicated to you by e-mail or a notice on our website.