What is a cookie?
A cookie is a small piece of data that a website asks your browser to store as text strings on your computer’s hard disk. All cookies are set with expiry dates which determine how long they reside on your browser. Generally, cookies can be removed automatically after the lapse of the expiry date or else can be deleted manually by the user.
Which types of cookies does this website utilise?
This website makes use of the following two different types of cookies:
Session cookies: these are temporary cookies which are used to give you access to the content of this website. These types of cookies expire and are deleted as soon as you close the browser.
Limited third-party cookies: these cookies are set by entities other than this Office and may be temporary or persistent. The use of third party cookies on this website are restricted and only allowed for the purpose of social sharing (allows you to share our articles through the various social media networks) and when we embed content on the pages of this website from other third party websites.
How can I delete or disable cookies?
If your browser is NOT configured, by default, to block all or certain cookies, you may manually configure your browser to either reject all cookies or control which cookies are set on your device through this website. You may find all the necessary information on how to make the necessary configuration settings by visiting the following site: https://www.aboutcookies.org.uk/managing-cookies
Disabling the cookies of this website will not affect your browsing experience.
Electronic messages, including electronic mail (e-mail) may contain confidential information intended solely for the individuals named in communications.
If you are not the intended recipient you should not disseminate, distribute or copy the contents of electronic and e-mail messages. If you have received electronic messages or communications by mistake, please notify the sender immediately and permanently destroy both the message and its contents.
The security, reliability of delivery and integrity of e-mail and electronic communication transmission cannot be guaranteed as information could be modified in transit or may contain viruses. Any views or opinions presented in e-mails and electronic communications are solely those of the author and do not necessarily represent those of Community Malta Agency (the Agency) to the extent permitted by law. The Agency will not accept any liability arising from electronic communication.
Data Protection & Retention Policy
The General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act (Cap 586) regulate the processing of personal data whether held electronically or in manual form. Aġenzija Komunità Malta is set to fully comply with the Data Protection Principles as set out in such data protection legislation.
Purposes for collecting data
Aġenzija Komunità Malta collects and processes information to carry out its obligations in accordance with present legislation. All data is collected and processed in accordance with Data Protection Legislation, the Maltese Citizenship Act (Cap 188), the Public Administration Act (Cap 595) and their Subsidiary Legislation in order to carry out functions and duties of public administration relating to the process of application for citizenship for exceptional services and to cooperate with other Government agencies in all matters relating to citizenship.
Recipients of data
Personal Information is accessed by the employees who are assigned to carry out the functions of Aġenzija Komunità Malta. Personal Data will be disclosed to Aġenzija Komunità Malta’s employees and other relevant stakeholders as indicated in the Maltese Citizenship Act and its Subsidiary Legislation. Disclosure can also be made to third parties but only as authorized by law.
You are entitled to know, free of charge, what type of information Aġenzija Komunità Malta holds and processes about you and why, who has access to it, how it is held and kept up to date, for how long it is kept, and what the Unit is doing to comply with data protection legislation.
The GDPR establishes a formal procedure for dealing with data subject access requests. All data subjects have the right to access any personal information kept about them by Aġenzija Komunità Malta, either on computer or in manual files. Requests for access to personal information by data subjects are to be made in writing and sent to the Agency. Your identification details such as ID number, name and surname have to be submitted with the request for access. In case we encounter identification difficulties, you may be required to present an identification document.
Aġenzija Komunità Malta aims to comply as quickly as possible with requests for access to personal information and will ensure that it is provided within a reasonable timeframe and in any case not later than one month from receipt of request, unless there is good reason for delay. When a request for access cannot be met within a reasonable time, the reason will be explained in writing to the data subject making the request. Should there be any data breaches, the data subject will be informed accordingly.
All data subjects have the right to request that their information is not used or is amended if it results to be incorrect. Data subjects may also request that their data is erased.
These rights may be restricted, if applicable, as per Data Protection Legislation.
In case you are not satisfied with the outcome of your access request, you may refer a complaint to the Information and Data Protection Commissioner, whose contact details are provided below.
Retention of different categories of documents is governed by different requirements and different legislation and regulations. In terms of retention periods, it needs to be pointed out that the same retention period will apply for both electronic and manual data.
The following schedule outlines the retention requirements for the various categories of documentation within the Agency.
- Biographical data (including surname, forename(s), nationality(ies) (at birth and at the time of filling in the Application), place of birth, date of birth, marital status, sex and full residential address in Malta and abroad);
- Contact details (telephone number, mobile number and e-mail address);
- Personal details contained in the travel documents(s) attached to support the Application (including travel document type and number, country of issue, date of issue, date of expiry and scanned copy of the bio-data page of the travel document);
- Information about the stay in Malta (including date of first settlement to Malta, intended duration of stay in Malta, country of residence prior to settlement in Malta, intended country of next settlement);
- Financial information, such as bank statements, bonds and/or other proof of financial assets belonging to the Data Subject in support of the Application;
- Personal data contained in the Residence Permit Card issued to the Data Subject, including card body number, Maltese ID Card number and document number;
- Information about family and dependents, including the full personal details of the latter;
- Information as to whether the Data Subject has carried out military duties, served in the armed forces of any country, or received any military training, or has been part of any other military and/or paramilitary organisation;
- Information about the criminal history of the Data Subject, particularly as to whether the Data Subject has ever been arrested, charged, convicted, found guilty or been discharged of any crime(s) against the law of any country, has ever been charged or accused of illegal activity of any nature in any country, has ever been involved, directly or indirectly, in the financing of terrorism, or terrorist activities, has ever been involved, directly or indirectly, with any terrorist or criminal organisation, has ever been under investigation by any law enforcement agency or tax authority in any country, either personally or as a director of a company;
- Information as to whether the Data Subject has ever been involved personally, or as a director of a company, in any bankruptcy, insolvency or liquidation;
- Information as to whether the Data Subject has ever been refused admission to, or been unlawfully present in, or been deported from, any country, has ever assisted anyone to unlawfully enter, be present, or leave, any country, has ever been refused a residence permit in any country, and/or has ever had an application for citizenship refused in any country;
- Information as to whether the Data Subject is a “Politically Exposed Person” or not;
- Information about the marital status of the Data Subject;
- Information concerning other countries where the Data Subject is authorised to temporarily or permanently reside;
- Unique identifiers such as Passport, ID Card and Social Security numbers;
- Information about language(s) knowledge and level of such knowledge;
- Information about the work and business of the Data Subject;
- Biographical details and residential address of father(s), mother(s), spouse(s), brother(s) and sister(s) and child/children of Data Subject;
- Details of the residential addresses of the Data Subject of the 10 years previous the Application;
- Information on educational history and qualifications, including the diploma(s) and/or qualification(s) obtained by the Data Subject and the details as of the issuing institution(s) and period of study;
- Information on the employment history of the Data Subject for the 10 years previous the Application, and as to whether the Data Subject was employed or self-employed at the time of the Application, including annual income and position held;
- Information concerning the net worth of the Data Subject;
- Information on the bank account held on the name of the Data Subject used for the purposes of the Application;
- Information as to the health status of the Data Subject as indicated by an authorized physician;
- Information concerning the assets held by the Data Subject and the business and corporate affiliations of the Data Subject;
- Information as to the jurisdiction(s) where the Data Subject has his residency for tax purposes.
- Personal data contained in the proof of payment of the CRV;
Data that needs to be destroyed after the noted timeframes will be disposed of in an efficient manner ensuring that such information is no longer available within Aġenzija Komunità Malta.
The application form together with supporting documents submitted by the applicant as per the Maltese Citizenship Act and its Subsidiary Legislation will be kept indefinitely from the date of submission. Any personal data pertaining to the applicant collected and processed by Aġenzija Komunità Malta as part of the due diligence process, excluding the personal data collected by Aġenzija Komunità Malta directly from the applicant will be retained for a period of 10 years from the date of the official decision of the Minister responsible for Citizenship.
Where Aġenzija Komunità Malta pursuant to its functions processes due diligence data, Aġenzija Komunità Malta may restrict the rights and obligations provided for in Articles 14 to 20 and Article 34 of the Data Protection Regulation in accordance with Article 23 of the Data Protection Regulation.
The Data Protection Officer may be contacted at:
Aġenzija Komunità Malta
Mediterranean Conference Centre
Old Hospital Street, Valletta, Malta. VLT 1645
The Information and Data Protection Commissioner may be contacted at:
Information and Data Protection Commissioner
Level 2, Airways House
High Street, Sliema, Malta. SLM 1549