Data Protection Policy
The General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act (CAP 586) regulate the processing of personal data whether held electronically or in manual form. The Malta Philharmonic Orchestra (MPO) is set to fully comply with the Data Protection Principles as set out in these Regulations.
Purposes for collecting data:
The MPO operate through National Orchestra Limited, a company registered in Malta (c 21996) under the Companies Act ,1995, and during the course of its operations it collects and processes information to carry out its obligations in accordance with present legislation. All data is processed in accordance with Data Protection Legislation.
Recipients of data:
Employees and service providers who are assigned to carry out the functions of the MPO, access the information that is being processed. Personal data will be disclosed to the personnel of the MPO so that activities, events and initiatives organized by the company may be promoted and implemented. Disclosure to other departments and third parties may also be made but only as authorized by law.
You are entitled to know, free of charge, what type of information the MPO holds and processes about you and why, who had access to it, how it is held and kept up to date, its retention period and what the MPO is doing to comply with data protection legislation.
All data subjects have the right to access any personal information kept about them by the MPO, either on computer or in manual files. The GDPR establishes a formal procedure for dealing with data subject access requests. Requests for access to personal information by data subjects are to be made in writing and sent to the Exec Chair of the MPO, who is also the Company’s Data Controller. Your identification details such as ID number, name and surname must be submitted with the request for access. In case we encounter identification difficulties, you may be required to present an identification document.
The MPO aims to comply as quickly as possible with requests for access to personal information and will ensure that it is provided within a reasonable time from receipt of request, unless there is a good reason for delay. When a request for access cannot be met within a reasonable time, the reason will be explained in writing to the data subject making the request. Should there be any data breaches, the data subject will be informed accordingly.
All data subjects have the right to request that their information is not used or is amended if it results to be incorrect. Data subjects may also request that their data is erased.
These rights may be restricted, if applicable, as per Data Protection Legislation.
In case you are not satisfied with the outcome of your access request, you may refer a complaint to the Information and Data Protection Commissioner, whose contact details are provided at the end of this policy.
Your personal data is collected through:
- Consent in relation to your subscription for receiving promotional material. Opting out will be possible at any time and at no charge
- Data subjects are advised that photography may take place at public events organised by the MPO. Images captured may be disseminated in published material including social media. The MPO will ensure that safeguards are in place in the capture of such images to ensure the respect to privacy of individuals. Concerns in relation to this may be forwarded to the DPO on the email address specified in this policy. The following schedule outlines the retention requirements for the various categories of documentation within the MPO.
The following schedule outlines the retention requirements for the various categories of documentation within the MPO.
|Category of Document||Retention Period||Justification|
|Personal information of subscribers to the MPO membership scheme : Name, Surname, Email address etc||For the duration of the membership||Until consent is revoked by the data subject|
|Personal information of subscribers to MPO mailing list||Until consent is revoked by the data subject||Until consent is revoked by the data subject|
|HR documentation||Ten years from termination of employment||This is in line with Government’s HR Corporate procedures.|
|Unsuccessful recruitment candidates||Two years from conclusion of Recruitment Procedure||This is in line with Government’s HR Corporate procedures.|
|Personal information of artists, musicians and contractors||For the duration of the MPO operations||Until consent is revoked by the data subject|
|Financial information: Yearly Financial Statement||Ten years from the end of the Financial Year||This is in line with the provisions of relevant legislation.|
|Digital Photographs and Videos of Public Events and Concerts||For the duration of the MPO operations.||The MPO will apply safeguards in the capture of images during such event to respect the right to privacy of data subjects. Requests for erasure will still apply in the event that these images contain personal data.|
Data that needs to be destroyed after the noted time frames will be disposed of in an efficient manner ensuring that such information is no longer available within the MPO.
The Data Protection Officer may be contacted on:
The Information and Data Protection Commissioner
The Information and Data Protection Commissioner may be contacted at: