Tourism (hereinafter referred to as the “Ministry”, “We” or “Our”)
processes and uses Personal Data pertaining to Our Visitors and/or Users. We are firmly committed to
respecting individuals’ privacy and confidentiality of their Personal Data. In fact, we shall not collect any
personal information about you as a Visitor unless you provide it voluntarily.
All Personal Data shall be processed in accordance with the Data Protection Act (Chapter 586 of the Laws
of Malta) (hereinafter referred to as the “Act”) and subsidiary legislations thereunder and the Regulation
(EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural
persons with regard to the processing of personal data and on the free movement of such data (hereinafter
referred to as the “General Data Protection Regulation” or “GDPR”).
The name of the app – EGM (Electric Government Mobility)
“Controller” or “Data Controller” means any natural or legal person, public authority, agency, or other body
which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
“Data Subject” refers to any living person (natural person) whose Personal Data is being collected, held, or
“Digital Logbook” or “eLogbook” refers to the digital version of the government manual logbook and daily
trip list that is used by employees, staff and officers of the Ministry.
“Personal Data” or “Personal Information” means any information relating to an identified or identifiable
natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or
indirectly, in particular by reference to an identifier such as a name, an identification number, location
data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental,
economic, cultural or social identity of that natural person.
“Processor” or “Data Processor” means a natural or legal person, public authority, agency, or other body
which processes Personal Data on behalf of the Controller.
“Processing” means any operation/s which is/are performed on Personal Data or on sets of Personal Data,
whether or not by automated means, such as collection, recording, organisation, structuring, storage,
adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or
otherwise making available, alignment or combination, restriction, erasure or destruction.
“Transportation System” or “System” means the Ministry’s transportation eLogbook System, which system
will facilitate trip (car) bookings for the Ministry’s staff without the need for manual booking through phone
calls and/or e-mails;
“User” means any employee, staff member or officer of the Ministry who makes use of the Ministry’s
“Website” means the online web page of the Ministry’s transportation – https://egm.gov.mt
The Controller of Personal Data
The Data Controller responsible for the Processing of Personal Data of Data Subjects for the purposes
outlined in this Policy is the Ministry for Tourism located at 233, Republic Street, Valletta Malta.
What Personal Data We collect
Personal Data shall be collected solely from Users of the Ministry’s transportation system or those whose
role within the Ministry is intrinsically connected therewith.
The Personal Data which shall be processed to book a trip are the following:
– CORP username and password (government e-mail address and password);
– Name and surname;
– Pick up location (from a drop-down menu);
– Drop off location (from a drop-down menu);
– Purpose of the trip
In so far as drivers are concerned, it is important to note that live vehicle location tracking will be processed.
Thus, indirect monitoring of the drivers’ location during working hours and whilst using the vehicle shall
All information provided in the Contact Us/Feedback form will dealt-with with strict confidence according
How we collect your personal data
Your personal data may be collected in a number of ways including:
1. Whilst booking a trip via the Ministry’s transportation system
We shall collect your personal information in the process of booking a trip via the System (either via the
Website or the App). In such cases, the Website or the App is used as a user interface and the information
submitted therein shall be passed on for processing to the administrator (or transport office) for the
assignment of a driver and vehicle for the particular trip.
2. Indirect monitoring of drivers
Considering that live vehicle location tracking is used, the appointed drivers shall be indirectly tracked
during their working hours and whilst making use of the vehicle. The information obtained from the live
vehicle location tracking shall only be accessed by the System administrator.
3. Contact Us/Feedback
When using the Website or the App, Data Subjects may be required to provide their contact details for
contact purposes. All information provided in the Contact Us/Feedback form will be processed following
your provision of consent.
4. IP Address and location
The web server keeps limited logs about IP addresses or the location of your computer on the Internet, for
systems administration and troubleshooting purposes. We do not use IP address logs to track your session
or your behaviour on our site.
Legal basis for processing your personal data
The legal basis relied upon shall be Article 6(1)(f) of the GDPR since the processing is necessary for the Ministry’s legitimate business interests including the following:
– To facilitate transportation to its employees, staff and officers;
– To ensure the security of property of the Ministry;
– To ensure the safety of employees, staff and officers;
– To determine the availability of its drivers to uphold the request made by its own employees, staff
and officers via the System;
– To carry out audit systems to ensure that its drivers are adhering to their duties during their
– To record mileage usage which will subsequently be allocated to the drivers.
What we do with your personal data
There may be instances where We have to share your Personal Data with various categories of persons.
We may disclose your personal data with our employees, officers and professional advisors. Your Personal
Data may be shared with other government departments, agencies and public bodies. However, We shall
– Sell or rent your data to third parties
– Share your data with third parties for marketing purposes
When We share your Personal Data with third parties, We make sure that such parties process this Personal
Data in a safe and secure manner.
We will also share your data if we are required to do so by law.
Personal data shall not be transferred to third parties located outside the EU or European Economic Area
(EEA) unless specifically instructed to do so in writing by the Data Subject or mandated by provision of law
or ordered by a duly empowered competent body.
The rights afforded to yourself in connection to your Personal Data are the following:
• The Right to Access Personal Data – the Data Subject may send Us a request to access all Personal
Data that the Ministry holds in his/her respect. To avail of this right, kindly send an e-mail to
email@example.com. We will do Our best to attend to the Data Subject’s request within one (1)
month. In case of more complex requests, the timeframe will be extended by a further one (1)
month. Should the Data Subject disagree with Our judgement, s/he can complain to the
Information and Data Protection Commissioner (hereinafter referred to as the “IDPC”) on
• The Right to Rectification – the Data Subject’s right to request that any inaccurate or incomplete
Personal Data held by the Ministry is corrected accordingly. In such instances, kindly send and email to firstname.lastname@example.org.
• The Right to Erasure (“Right to be Forgotten”) – the Data Subject’s right to request that his/her
Personal Data is deleted. On a general note, We will comply with the Data Subject’s request in this
regard. However, We may have the necessity not to comply with the request if retention of the
data is required for us to be compliant with a legal obligation and/or such data would be required
by Us to exercise or defend any legal claims.
• The Right to be Informed – the Data Subject has the right to be given clear information regarding
how his/her Personal Data is processed. We do this by means of this Policy which will be duly
revised from time to time and by means of any future communications directly with the Data
Subject on a case-by-case basis.
• Right to Object – the Data Subject may object regarding his/her Personal Data being processed
including when such Processing is based on legitimate interest and the right to object to his/her
Personal Data being processed for direct marketing purposes.
• Right to Data Portability – the Data Subject has the right to put forward a request asking Us to
provide him/her with certain personal data which s/he had provided the Ministry in a structured,
commonly used and machine-readable format. When technically feasible, the Data Subject may
also request that his/her Personal Data be transferred to a third-party controller of his/her choice.
• The Right to Withdraw Consent – the Data Subject can also withdraw any consent given at any
• The Right to Lodge a Complaint – the Data Subject has the right to lodge a complaint against any
Personal Data breach by communicating such breach to the IDPC. The IDPC may be notified by
filling in the complaint form available at https://idpc.org.mt/en/Pages/contact/complaints.aspx.
How long we keep your data
The Controller shall only retain the Users’ Personal Data for a period of six (6) months. After the
retention period has expired, the Personal Data of the Users who would have made a booking through
the eLogbook shall be anonymised so that information relating to the System, its use and the booking
patterns will be used for statistical and trend analysis purposes.
Cookies are small pieces of data that the site transfers to the User’s computer or mobile device hard
consequently, for any further information, you are being guided to visit our Cookies Policy.
We are committed to doing all that we can to keep your data secure. We undertake to put in Our best
efforts to keep any disclosed Personal Information secure by implementing the appropriate technical and
organizational measures with the aim of protecting such Personal Data. For example, We protect your data
using encryption. We also make sure that any third parties that We deal with keep all personal data they
process on our behalf secure by entering into Data Processing Agreement setting out the standards that
such parties must adhere to whilst processing Personal Data.
Notwithstanding Our efforts to protect Personal Data, no system can guarantee that Personal Data will not
be compromised at any point.
Accuracy of information
The Ministry undertakes to hold accurate and where necessary up-to-date Personal Data. In view of this,
Data Subjects are asked to keep Us informed of any changes that might occur to Personal Data throughout
the previously stipulated data retention timeframes.
We may update the Policy from time to time in order to reflect changes to Our practices or for other
operational, legal or regulatory reasons.
Complaints and concerns
If you have any concerns with regards to Our privacy methods and processes, please contact Our Data
Protection Officer by email on email@example.com
In case you are not satisfied with Our response, you may contact the Information and Data Protection
Commissioner of Level 2, Airways House, High Street, Sliema SLM 1549 or by visiting their website at
Last Updated: 24th May 2023