e-Communications Policy

Any type of electronic communication, including its contents, may contain confidential information, which may also be legally privileged, and intended solely for the named individual/s.

If you are not the intended recipient of an electronic communication, you should notify its sender immediately and refrain from processing any part of it, except from permanently destroying it in its entirety from your system/s.

The security, reliability of delivery and integrity of the transmission of electronic communication cannot be guaranteed as information could be modified in transit or may contain viruses. Any views or opinions presented in an electronic communication are solely those of the author and do not necessarily represent those of Community Malta Agency (the Agency). To the extent permitted by law, the Agency will not accept any liability arising from an electronic communication.

Data Protection & Retention Policy

The General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act (Cap 586) regulate the processing of personal data whether held electronically or in manual form. Aġenzija Komunità Malta is set to fully comply with the Data Protection Principles as set out in such data protection legislation.

Purposes for collecting data

Aġenzija Komunità Malta collects and processes information to carry out its obligations in accordance with present legislation.  All data is collected and processed in accordance with Data Protection Legislation, the Maltese Citizenship Act (Cap 188), the Public Administration Act (Cap 595) and their Subsidiary Legislation in order to carry out functions and duties of public administration relating to the process of applications for the grant of citizenship and in cooperation with other Government agencies in all matters relating to citizenship.

Recipients of data

Personal Information is accessed by the employees who are assigned to carry out the functions of Aġenzija Komunità Malta. Personal Data will be disclosed to Aġenzija Komunità Malta’s employees and other relevant stakeholders as indicated in the Maltese Citizenship Act and its Subsidiary Legislation. Disclosure can also be made to third parties but only as authorized by law.

Your rights

You are entitled to know, free of charge, what type of information Aġenzija Komunità Malta holds and processes about you and why, who has access to it, how it is held and kept up to date, for how long it is kept, and what the Unit is doing to comply with data protection legislation.

The GDPR establishes a formal procedure for dealing with data subject access requests. All data subjects have the right to access any personal information kept about them by Aġenzija Komunità Malta, either on computer or in manual files. Requests for access to personal information by data subjects are to be made in writing and sent to the Agency. Your identification details such as ID number, name and surname have to be submitted with the request for access. In case we encounter identification difficulties, you may be required to present an identification document.

Aġenzija Komunità Malta aims to comply as quickly as possible with requests for access to personal information and will ensure that it is provided within a reasonable timeframe and in any case not later than one month from receipt of request, unless there is good reason for delay. When a request for access cannot be met within a reasonable time, the reason will be explained in writing to the data subject making the request. Should there be any data breaches, the data subject will be informed accordingly.

All data subjects have the right to request that their information is not used or is amended if it results to be incorrect. Data subjects may also request that their data is erased.

These rights may be restricted, if applicable, as per Data Protection Legislation.

In case you are not satisfied with the outcome of your access request, you may refer a complaint to the Information and Data Protection Commissioner, whose contact details are provided below.



Retention of different categories of documents is governed by different requirements and different legislation and regulations. In terms of retention periods, it needs to be pointed out that the same retention period will apply for both electronic and manual data.

The following schedule outlines the retention requirements for the various categories of documentation within the Agency.

  1. Biographical data (including surname, forename(s), nationality(ies) (at birth and at the time of filling in the Application), place of birth, date of birth, marital status, sex and full residential address in Malta and abroad);
  2. Contact details (telephone number, mobile number and e-mail address);
  3. Personal details contained in the travel documents(s) attached to support the Application (including travel document type and number, country of issue, date of issue, date of expiry and scanned copy of the bio-data page of the travel document);
  4. Information about the stay in Malta (including date of first settlement to Malta, intended duration of stay in Malta, country of residence prior to settlement in Malta, intended country of next settlement);
  5. Financial information, such as bank statements, bonds and/or other proof of financial assets belonging to the Data Subject in support of the Application;
  6. Personal data contained in the Residence Permit Card issued to the Data Subject, including card body number, Maltese ID Card number and document number;
  7. Information about family and dependents, including the full personal details of the latter;
  8. Information as to whether the Data Subject has carried out military duties, served in the armed forces of any country, or received any military training, or has been part of any other military and/or paramilitary organisation;
  9. Information about the criminal history of the Data Subject, particularly as to whether the Data Subject has ever been arrested, charged, convicted, found guilty or been discharged of any crime(s) against the law of any country, has ever been charged or accused of illegal activity of any nature in any country, has ever been involved, directly or indirectly, in the financing of terrorism, or terrorist activities, has ever been involved, directly or indirectly, with any terrorist or criminal organisation, has ever been under investigation by any law enforcement agency or tax authority in any country, either personally or as a director of a company;
  10. Information as to whether the Data Subject has ever been involved personally, or as a director of a company, in any bankruptcy, insolvency or liquidation;
  11. Information as to whether the Data Subject has ever been refused admission to, or been unlawfully present in, or been deported from, any country, has ever assisted anyone to unlawfully enter, be present, or leave, any country, has ever been refused a residence permit in any country, and/or has ever had an application for citizenship refused in any country;
  12. Information as to whether the Data Subject is a “Politically Exposed Person” or not;
  13. Information about the marital status of the Data Subject;
  14. Information concerning other countries where the Data Subject is authorised to temporarily or permanently reside;
  15. Unique identifiers such as Passport, ID Card and Social Security numbers;
  16. Information about language(s) knowledge and level of such knowledge;
  17. Information about the work and business of the Data Subject;
  18. Biographical details and residential address of father(s), mother(s), spouse(s), brother(s) and sister(s) and child/children of Data Subject;
  19. Details of the residential addresses of the Data Subject of the 10 years previous the Application;
  20. Information on educational history and qualifications, including the diploma(s) and/or qualification(s) obtained by the Data Subject and the details as of the issuing institution(s) and period of study;
  21. Information on the employment history of the Data Subject for the 10 years previous the Application, and as to whether the Data Subject was employed or self-employed at the time of the Application, including annual income and position held;
  22. Information concerning the net worth of the Data Subject;
  23. Information on the bank account held on the name of the Data Subject used for the purposes of the Application;
  24. Information as to the health status of the Data Subject as indicated by an authorized physician;
  25. Information concerning the assets held by the Data Subject and the business and corporate affiliations of the Data Subject;
  26. Information as to the jurisdiction(s) where the Data Subject has his residency for tax purposes.
  27. Personal data contained in the proof of payment of the CRV;

Where Aġenzija Komunità Malta pursuant to its functions processes due diligence data, Aġenzija Komunità Malta may restrict the rights and obligations provided for in Articles 14 to 20 and Article 34 of the Data Protection Regulation in accordance with Article 23 of the Data Protection Regulation.


The Data Protection Officer may be contacted at:

Aġenzija Komunità Malta
Mediterranean Conference Centre
Old Hospital Street, Valletta, Malta. VLT 1645
T: 21225232 E: dataprotection@komunita.gov.mt

The Information and Data Protection Commissioner may be contacted at:

Information and Data Protection Commissioner
Level 2, Airways House
High Street, Sliema, Malta. SLM 1549
T: 23287100 E: idpc.info@idpc.org.mt