App Privacy Policy

CORALLO PROJECT

PRIVACY POLICY

Introduction

This document is intended to provide You with information on the manner in which processing of Your personal data takes place on the Corallo Application for mobile devices (hereinafter referred to as “the App”) in a clear and transparent way. We have published this Privacy Policy to take into account Our legal requirements and to explain how Corallo (“Our” or “We” or “Us”) collects, stores and uses the personal data You may provide through this channel. Any personal data provided by You voluntarily through the App will be processed in accordance with the Data Protection Act (Chapter 586 of the Laws of Malta), the EU General Data Protection Regulation (GDPR) and any other relevant data protection legislation, as may be amended from time to time.

We process Your information in order to follow Your instructions.

Data Controller

CORALLO’s is an EU funded project aiming to foster a greater awareness amongst Natura 2000 sites. Corallo, University of Malta, Triq tal-Qroqq, L-Imsida, Malta, is the Data Controller of any personal data You provide via the App; Seasus, the developer of the App, is the Data Processor and will process Your data in line with its contractual obligations and Our instructions.

If You have any questions or concerns about how Your information is handled, please direct any inquiry to the Data Protection Officer by email on corallo.era@era.org.mt, by ordinary mail at The Data Protection Officer, Corallo, University of Malta, Triq tal-Qroqq, L-Imsida, Malta, or by calling (+356) 2340 3704.

Information We collect about You when using the App:

The type of information that We collect and use can be categorised broadly as follows:

information and records of app usage

How we use Your information

We only collect and store the information about You which You provide Us with, in a fair, lawful and transparent manner. Current data protection law provides for specific reasons and circumstances when We may collect, use and store Your information. In Our case, it is one or more of the following four reasons that will justify why We process Your information:

You have provided Us with Your consent to collect, use and store such information; and
there is a legitimate interest for Us to collect, use and store such information.

We carry out automated processing which is based on Your use of the App. Such processing is carried out to help Us understand more about Our users. This helps Us improve the quality of the App.

How we share Your information

In order to provide, improve, customise, support and market Our products, We engage the services or use the products of other companies with whom We have a contractual relationship. If any of the companies provide Us with their services from outside of the EU or EEA or in a country which the EU Commission has not declared safe, then We will take all appropriate measures, in line with Our own legal obligations, to ensure that the companies We engage adhere to the same high standards that are required of all companies operating and processing data within the EU.

We will never share Your personal information with other companies which are not processing Your information upon Our instructions and We shall never share Your personal information for marketing purposes unless You have specifically consented to it.

We may also be obliged to share any of Your personal information which We have access to with competent authorities upon a lawful request. This may include enforcement agencies such as the Police and courts of law and public authorities such as the Malta Communications Authority and the Malta Competition and Consumer Affairs Authority. We may challenge any request to share such information if We do not consider it justified but We are not under an obligation to do so. Unless We are prevented from doing so, We will always try to inform You that we have received such a request and which data We have shared with the requesting public authority/entity or enforcement agency.

How We store Your information and keep it safe

While We implement safety measures designed to protect Your information, no security system is impenetrable and, and due to the inherent nature of the internet and technology, We cannot certify that data, while in transmission through the internet or while stored on Our systems or otherwise in Our care is absolutely safe from any interference by others.

We do not have any access to Your passwords.

How you can access and control Your information

Since We process Your personal information, data protection law gives You specific rights which may be used under certain circumstances. In accordance with law, You have a right to:

Right of Access: This means that You have a right to ask, at no cost to You, for a copy of the personal information We hold about You. This right can only be exercised by You to the extent that it will not affect others
Right to request the correction of Your personal data: This means that if any personal information We hold about You is incomplete or incorrect, You have a right to have this corrected. In order to allow Your request, You may need to provide Us with evidence and documentation (such as Your ID, passport or proof of address). In order for Us to process this request, You need to email us on corallo.era@era.org.mt.
Right to Erasure (‘right to be forgotten’): This means that You may request the erasure of Your personal data where We no longer have a legitimate reason to continue using or retaining it. In such case, We will not be able to fulfil Your request. We will only retain your information if We are under a legal obligation to retain information, or where the retention of Your information is necessary for Us to defend ourselves in a legal dispute or to execute a legal title against You. You must contact Corallo, University of Malta in order for Us to process this request. You may do so in writing by email, and by ordinary mail.
Right to restriction of processing: You may ask Us to temporarily suspend the processing of Your personal data in one of the following scenarios:
1. where You want Us to establish the accuracy of the data;
2. where Our use of the data is unlawful but You do not wish for Us to delete it;
3. where You need Us to retain Your data even when We no longer need it in order for You to establish, exercise, or defend legal claims; and
4. where You have objected the use of Your data but We need to verify whether We have overriding legitimate grounds to use it. You must contact Corallo in order for Us to process this request. You may do so in writing by email or by ordinary mail.
Right to Object to the processing of Your data: You may object to the collection, use and/or sharing of Your personal data if We rely on Our legitimate interests (or those of a third party) to do so and You feel that Our processing of Your data in such a manner impacts Your fundamental rights and freedoms. However, in some cases, We may be able to demonstrate that We have a compelling legitimate ground to process Your data which may override Your rights and freedoms. You may submit Your objections to processing of Your personal data on the grounds of the above-mentioned legitimate company interests by contacting Corallo. You may do so in writing by email or by ordinary mail.
Right to request the transfer of Your personal data (aka data portability): This means You may ask Us to transfer certain data We process about You to You or others. This right only applies to data which You provided Us with and consented Us to use and which were necessary for Us both to honour Our mutual contractual obligations so long as such data is processed by Us in an automated manner. In order for Us to process this request, You must contact Corallo, University of Malta in order for Us to process this request. You may do so in writing by email or by ordinary mail.
Withdrawal of Your consent to processing Your personal data: Withdrawing Your consent will not affect the lawfulness of the processing carried out by Us up until the time You withdrew Your consent. Withdrawing Your consent means that, going forward, You no longer wish for Us to process Your data in such a manner. This means that You may no longer consent for Us to provide You with certain services (such as marketing). You will need to allow Us 24 hours to action Your request. In order for Us to process this request, You must contact Corallo in order for Us to process this request. You may do so in writing by email or by ordinary mail. You will automatically exclude Yourself from further communication via all the various channels We use.However, if You withdraw Your consent, We may still have other lawful grounds or legal obligations to continue to use Your information. If there are, We shall inform You accordingly.

Right to lodge a Complaint with a supervisory authority

All Data Protection enquiries/complaints should be sent to Us by submitting an email to corallo.era@era.org.mt, which is also available at Our outlets, and which can be submitted by email or by ordinary mail.

You also have the right to lodge a complaint with the Information and Data Protection Commissioner in Malta as the data protection supervisory authority:

Information and Data Protection Commissioner
Level 2, Airways House
High Street
Sliema SLM 1549
Malta
Tel: (+356) 2328 7100
Email: idpc.info@idpc.org.mt

Except for Your right to file a complaint with a supervisory authority, for Us to be able to action any of Your requests made in accordance with Your rights described above, We may need to request specific information about You to help Us verify Your identity. This is a security measure to ensure that We are certain that the person to whom We disclose Your personal data is really You.

We will do Our utmost to respond to all legitimate requests within one month from when We receive a request. If Your request is particularly complex, or if You have made multiple requests in a certain time period, it may take Us a little longer. In such a case, We will notify You of this extended period.

By availing Yourself of any of the above-mentioned rights, You understand that there may be instances where, as a result, Your experience on the App may be significantly altered.

Data Retention

The length of time We keep Your personal information for depends on the type of information and on our legal rights and obligations. The personal data You generate by using the App is kept for varying periods, depending on the type of information, Our obligations and Your rights, but the maximum period any data is kept is of 10 years. This information may be kept for a longer period if there is an ongoing dispute between us. In such a case, Your information shall be kept until such a dispute is finally and effectively resolved and any outstanding dues and expenses are fully settled by You.

Beyond this time, We will delete or depersonalise any personal information We may have and use it for research and statistical purposes. If, for some reason, this may not be possible, (such as, for example, because the information was stored in back up archives), We will store it securely and not use it any further until deletion is possible.

If Your personal details are being used with Your consent for marketing purposes, We will only keep that information and use it until Your consent for Us to do so remains valid.

Changes to this Privacy Policy

We may update this Policy from time to time and We will replace this policy with an updated version. It is therefore highly recommended that You access this Privacy Policy frequently so that You will be aware of any changes that may be implemented by Us from time to time.