Data Protection Policy
- Last updated:
Menu
The General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act (Cap 586) regulate the processing of personal data whether held electronically or in manual form. The National Commission for the Promotion of Equality (NCPE) is set to fully comply with the Data Protection Principles as set out in such data protection legislation.
Purposes for collecting data
NCPE collects and processes information to carry out its obligations in accordance with present legislation. All data is collected and processed in accordance with the Data Protection legislation, CAP. 456 Equality for Men and Women Act and NCPE’s GDPR related policies and any Government Directive, policy and circular to which NCPE may be subject to.
Recipients of data
Personal Information is accessed by the employees who are assigned to carry out the functions of the NCPE. Personal Data will be disclosed to:
- Employees within NCPE carrying out similar tasks in connection with functions laid down in 456
- Organisations processing data on behalf of the data controller including, but not limited to NCPEs’ service providers for legal advisor services, accountancy, auditing and other service providers and suppliers. Third parties process data only third parties and processors process data only in accordance with the Data Protection Legislation who are bound to adhere to this Policy as well as NCPE’s Retention Policy via a data processing service agreement.
Your rights
You are entitled to know, free of charge, what type of information NCPE holds and processes about you and why, who has access to it, how it is held and kept up to date, for how long it is kept, and what the Unit is doing to comply with data protection legislation.
The GDPR establishes a formal procedure for dealing with data subject access requests. All data subjects have the right to access any personal information kept about them by NCPE either on computer or in manual files. Requests for access to personal information by data subjects are to be made in writing and sent to the Executive Director of NCPE. Your identification details such as ID number, name and surname have to be submitted with the request for access. In case we encounter identification difficulties, you may be required to present an identification document.
NCPE aims to comply as quickly as possible with requests for access to personal information and will ensure that it is provided within a reasonable timeframe and in any case not later than one month from receipt of request, unless there is good reason for delay. When a request for access cannot be met within a reasonable time, the reason will be explained in writing to the data subject making the request. Should there be any data breaches, the data subject will be informed accordingly.
All data subjects have the right to request that their information is not used or is amended if it results to be incorrect. Data subjects may also request that their data is erased. These rights may be restricted if applicable as per Data Protection Legislation.
In case you are not satisfied with the outcome of your access request, you may refer a complaint to the Information and Data Protection Commissioner, whose contact details are provided below.
Retention Policy
Your personal data is collected through the Equality for Men and Women Act, CAP. 456.
The following schedule outlines the retention requirements for the various categories of documentation within the NCPE whether held electronically or in manual form.
| CATEGORY OF DOCUMENT | RETENTION PERIOD | JUSTIFICATION |
|---|---|---|
| Human Resources – Core staff | ||
| Applications – Calls for filling of NCPE positions | 1) For selected candidates – Ten (10) years from date of termination of employment 2) All others – one (1) year after notifying candidates of the outcome of the recruitment process, unless in the interim, a complaint connected with a particular call for application has been filed. | Retention period in line with the ‘HR Corporate Procedures issued by the People and Standards Division, OPM
|
| Employee files for core staff | Ten (10) years from date of termination of employment | Retention period in line with the ‘HR Corporate Procedures issued by the People and Standards Division, OPM |
| Personal details of staff – Excel sheet | Employee details are to be deleted from this sheet ten (10) years from date of termination of employment | Retention period in line with the ‘HR Corporate Procedures issued by the People and Standards Division, OPM |
| Payroll files, finger reader software and payroll software | Ten (10) years from date of termination of employment | Retention period in line with the ‘HR Corporate Procedures issued by the People and Standards Division, OPM |
| Attendance Sheets and Vacation Leave requests | Two (2) years | Retention period in line with the ‘HR Corporate Procedures issued by the People and Standards Division, OPM |
| Vacation Leave balance sheets | Four (4) years | Retention period in line with the ‘HR Corporate Procedures issued by the People and Standards Division, OPM |
| Sick Leave Certificates | One (1) year from issue of certificate | Retention period in line with the ‘HR Corporate Procedures issued by the People and Standards Division, OPM |
| Training records | Five (5) years from date of termination of employment | To be in a position to reply to PQs |
| Admonishments | Removed from employee file after six (6) months; no records retained | Retention period in line with the ‘HR Corporate Procedures issued by the People and Standards Division, OPM |
| Written warnings | Removed from employee file after one (1) year | Retention period in line with the ‘HR Corporate Procedures issued by the People and Standards Division, OPM |
Minor Disciplinary Charges Serious Disciplinary Charges | a) After conclusion of case: – If found guilty, documents retained for ten (10) years from termination of employment – If found not guilty, documents retained for two (2) months from conclusion of case and no record kept thereafter b) If case is inconclusive and the employee has terminated employment, documents are retained until the employee concerned reaches retirement age | Retention period in line with the ‘HR Corporate Procedures issued by the People and Standards Division, OPM |
| Human Resources – Staff recruited for EU co-financed Projects | ||
| All documents listed in the ‘Human Resources – Core staff’ category | For the period stipulated in the regulations governing the relative EU programme/s | Retention period as per rules and regulations of the EU programme/s |
| Procurement and Finances | ||
| Procurement files which includes the personal data of potential bidders, bidders, contractors, service providers and suppliers | – For EU co-financed projects – For the period stipulated in the regulations governing the relative EU programme/s – Others – | -For EU co-financed projects – retention period as per rules and regulations of the EU programme/s -Others – retention period as per DoC circular … |
| Finance files with data/records of creditors and debtors | Five (5) years after payment settlement | For auditing purposes |
| Administration | ||
| Students’ academic records, contact details and time sheets | – Internship/placement – Five (5) years from termination of placement – Students asking for interviews/information – Two (2) years | To be in a position to reply to PQs |
| Travel | ||
| Travel organisers and participant records | Five (5) years from date of termination of employment | To be in a position to reply to PQs |
| Investigations | ||
| Details of any person in connection with processing and investigating complaints alleging discrimination and sexual harassment as per CAP. 456 Equality for Men and Women Act | Five (5) years from closure of case | To be in a position to reply to PQs |
| Request for Information | ||
| Details of persons putting forward requests for information via various means of communication | Five (5) years | To be in a position to reply to PQs |
| Training | ||
| Training attendance sheets and evaluation sheets | – Attendance sheets – Three (3) years from training – Evaluation sheets – Three (3) years from training | Required data regarding NCPE’s training sessions is included in Annual Reports |
| Equality Mark | ||
| Equality representative/s/Committee, Head of organisation, staff lists for re-certification training | For the period stipulated in the regulations governing the relative EU programme/s | Retention period as per rules and regulations of the EU programme/s |
| Projects | ||
| Project partners and records of participants of various project activities namely conferences, training / consultation / mentoring sessions, outreach activities and events | For the period stipulated in the regulations governing the relative EU programme/s | Retention period as per rules and regulations of the EU programme/s |
| Online Directory of Professional Women | ||
| Application forms for Directory registration | Unsuccessful applicants – Five (5) years | Minimum eligibility in connection with the online Directory of five (5) years in a decision-making position. NCPE retains all forms for unsuccessful applicants in case they become eligible in due course. |
| Personal data, experience and qualifications of profilers | Profilers have the option to opt out at any time | Unless professionals opt out, this data will be kept online. NCPE has measures in place to ensure the accuracy of the data. |
| Communications & PR | ||
| Conferences and other events attendance sheets and evaluation sheets, speakers and panellists | – Attendance sheets – Three (3) years from event – Evaluation sheets – One (1) year from event | – Attendance sheets are kept for three years for audits as well as for reference purposes in the organisation of similar events – A report is drawn summarising feedback provided in evaluation sheets which are consequently kept for 1 year |
| Mailing Lists | Recipients will have the possibility to opt-out | When contacting persons from the general public on NCPE’s mailing lists, recipients will be given the option to opt out/unsubscribe. Otherwise, NCPE is empowered ‘to keep direct and continuous contact with local and foreign bodies working in the field of equality issues, and with other groups, agencies or individuals as the need arises’ as per the Equality for Men and Women Act, CAP.456, Art. 12(1)(e) |
| Library | ||
| Library borrowers’ details | Six (6) months after the return of all resources borrowed from the library | To ensure resources are returned in good condition |
| GDPR | ||
| Data protection breaches documents | 2 years following conclusion of data breach investigation | This will allow for the necessary follow up icw data breaches. Records of breaches will be kept but no personal data will be kept following the established retention period. |
Data that needs to be destroyed after the noted timeframes will be disposed of in an efficient manner ensuring that such information is no longer available within the NCPE.
The Data Protection Officer may be contacted on [email protected] or by telephone +356 22768200.
A/Executive Director
The NCPE’s Data Controller may be contacted at:
NCPE, Gattard House, National Road,
Blata l-Bajda, HMR 9010 Telephone: +356 22768200 Email: [email protected]
The Information and Data Protection Commissioner
The Information and Data Protection Commissioner may be contacted at: Level 2, Airways House,
High Street, Sliema SLM 1549
Telephone: 23287100
Email: [email protected]
1 In case of investigation of complaints, CAP. 456, Art. 18(5) stipulates that:
“(5) The Commissioner and every other member of the Commission or any member of the staff of the Commission shall treat any matter coming to their knowledge in the course of an investigation as confidential and shall not disclose the same unless such disclosure is necessary in the course of a prosecution or an action for redress under this Act.”
2 Data Protection Public Administration Human Resources Corporate Procedures –
Corporate-Procedures-2020-as-at-30.4.20-ver-1.8.pdf
3 DoC and DPU confirmed that retention period for procurement files is not in place yet
4 Same as aboveatio