MENU

Privacy Policy

We are committed to protect the privacy of individuals who visit the website and who make use of the online facilities. This Privacy Policy provides you with information in terms of articles 13 and 14 of the General Data Protection Regulation. It also takes consideration of Recommendation 2/2001 of the Article 29 Data Protection Working Party, adopted on 17 May 2001, on certain minimum requirements for collecting personal data on-line. The policy can be easily accessible via a link at the bottom of each web page.

Effective Date: 20/06/2025

About Us

We are Malta Enterprise, a corporation established pursuant to the Malta Enterprise Act (Chapter 463 of the Laws of Malta) (referred to as “we”, “us” and “Malta Enterprise”). 

You can find us at Gwardamangia Hill, Pietà MEC 0001.

For the purposes of this Privacy Policy, we are considered to be the 'Controller’ of Personal Data.

Malta Enterprise is the country's economic development agency, tasked with attracting new foreign direct investment as well as facilitating the growth of existing operations. 

We need to process Personal Data to provide our services. We are committed to protecting the personal data rights of individuals in accordance with global data protection legislation including the General Data Protection Regulation in Europe (the “GDPR”). 

 “Personal Data” means data which identifies a person or could identify a person, such as, for example, their name, contact details, financial data and other identifiers.

 Every individual has a right to understand how their Personal Data is being used and to exercise control over it using data protection rights which are set out in the GDPR.  Through this Privacy Policy, we are providing you with the following information:

  • what Personal Data we collect from you
  • what we are doing with your Personal Data
  • that we will only use your Personal Data for the purposes set out in our Privacy Policy
  • your rights, and how you can exercise control over your Personal Data

Malta Enterprise shall:

  • always ensure that we only share your Personal Data with third parties where absolutely necessary and with appropriate safeguards in place
  • ensure appropriate technical and organisational measures are in place to protect your Personal Data and keep it secure

The data controller of this website is Malta Enterprise Corporation, whose head office is situated at Gwardamangia Hill, Pietà, MEC 0001, Malta.

Contact Details

We have appointed a Data Protection Officer. If you have any questions about this Privacy Policy or the way in which your Personal Data is being used by us, please contact:

Email: [email protected] 

Telephone: +356 2542 0000

The Purpose of this Privacy Policy

This Data Protection Statement describes our approach to data protection and sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be used by us. Please read this Data Protection Statement carefully to understand our views and practices regarding the Personal Data we collect and how we will treat it. 

WHO THIS PRIVACY POLICY APPLIES TO:

This Data Protection Statement provides specific information relating to people we engage with including website users, buyers, suppliers, partners, academics, researchers, mentors, advisors, board members, committee members and visitors to our website.

It also applies to:

  • Applicants: any entities or individuals applying for aid, investment funding, or other support services administered by Malta Enterprise;
  • Beneficiaries: recipients of aid, investment funding, or other support services provided by Malta Enterprise;

Sources of Personal Data

 We receive Personal Data from a variety of sources, as follows:

  • from you directly as part of our relationship or the application process if you are an Applicant;
  • visitors to our website or through any forms submitted therein;
  • from “contact us” or feedback forms
  • from third party websites or from a third party;
  • from public sources such as LinkedIn;
  • from our network groups and partners;
  • from our events.

Additional sources for Applicants and Beneficiaries include:

  • The Personal Data is often provided during the administration process linked to aid and investment;
  • Data may be received from government departments or agencies as part of joint initiatives or projects;
  • Indirectly from public registers or business data aggregators.

Our Legal Basis for Processing Personal Data

We handle all Personal Data in a lawful manner and in full compliance with applicable legal requirements. The GDPR outlines the legal grounds that must be established before we can process any Personal Data.

Our processing of Personal Data generally relies on the following legal bases:

Contract

We may process your Personal Data when it is necessary for the performance of a contract with you, or in order to take steps at your request before entering into such a contract.  

Consent

For certain processing activities, we rely on your explicit, informed, and freely given consent.
If we cannot obtain your consent for a specific activity, we will only proceed with processing if another lawful basis applies.

You may withdraw your consent at any time by contacting us at [email protected].  

Official Authority

As a public corporation, we may process Personal Data where it is necessary to carry out a task in the public interest or in the exercise of official authority conferred upon Malta Enterprise under the Malta Enterprise Act (Chapter 463 of the Laws of Malta).

Legitimate Interest

In some cases, we process your Personal Data to pursue our legitimate interests, provided such processing is not related to our functions as a public corporation.
We will not process your Personal Data on this basis if your interests, rights, or freedoms override our legitimate interests.

You have the right to object to such processing at any time. To do so, please contact us at [email protected] , and we will assess and respond to your concerns accordingly. 

Legal Obligation

We may process Personal Data where required to comply with a legal obligation, such as obligations relating to tax payments or statutory reporting. 

Defence of Legal Claims

We may process Personal Data where necessary for the establishment, exercise, or defence of legal claims, or to protect or enforce our legal rights. 

Categories of Personal Data We Collect

The categories of Personal Data we collect depend on the nature of our relationship with you, including whether you are an Applicant or Beneficiary, we may collect:

  • Contact Data: Includes your email address, phone number, postal address, and other communication details, such as social media profiles.
  • Financial Data: Includes bank account details, payment information, shareholding data, and other financial records.
  • Identification Data: May include full name, date of birth, national ID or tax number, passport details, or driver's license information.
  • Marketing Data: Includes your name, contact preferences, and any marketing or communication preferences you have indicated.
  • Media Data: Encompasses photographs, video recordings, and audio recordings.
  • Professional Data: Covers education, employment history, professional qualifications, directorships, skills, memberships in professional bodies, and shareholding roles.
  • Web Data: Relates to data gathered through interactions with our website, including IP address, device type, operating system, browser information, page views, referral sources, and usage patterns.

How We Use Personal Data

We are committed to ensuring Personal Data is used only for relevant and lawful purposes. The table below outlines our purposes for processing and the corresponding legal basis:

Purpose

Legal Basis

Application Processing and Evaluation
  • Contract
  • The exercise of Official Authority

Onboarding of Beneficiaries
  • Contract
  • Official Authority
  • Legal Obligation

Payment and Administration of Aid
  • Contract

Monitoring and Inspections related to Aid awarded
  • Contract
  • Official Authority
Website Delivery

  • The exercise of Official Authority

  • Legitimate Interest (e.g. website security)
  • Consent

Examples: website registration, feedback collection, form processing, content personalisation, service improvement, website analytics and troubleshooting.

Relationship Management
  • The exercise of Official Authority
  • Contract
  • Legal Claims
  • Legitimate Interest (relationship management)

Examples: responding to enquiries, facilitating programmes and training and organising events.

Audit of Public Expenditure
  • Contract
  • The exercise of Official Authority
  • Legal Obligation

Business Development
  • The exercise of Official Authority
  • Legitimate Interest (developing our services and offerings)

Regulatory and Legal Compliance
  • Legal Obligation
  • Legitimate Interest

 

Examples: fraud prevention, legal proceedings, statutory reporting, tax compliance, and ensuring regulatory alignment.

Disclosure of Personal Data

We may share your Personal Data with third parties in specific situations, including:

  • Service providers, contractors, and partners assisting in service delivery (e.g. CRM platforms, IT consultants, developers, payment processors).
  • Government departments, educational institutions, local authorities, and local and EU agencies.
  • Analytics and search engine providers that support website optimisation.
  • Legal or regulatory bodies, where required to meet obligations or enforce agreements.
  • In cases of corporate restructuring, legislative changes, or mergers involving Malta Enterprise or related entities.
  • In limited circumstances, for fraud prevention or risk management, and always under strict controls.

We ensure that third parties only use Personal Data as necessary to deliver services on our behalf and under confidentiality agreements.

Security Measures

We implement appropriate technical and organisational measures to ensure the security and confidentiality of your Personal Data. These include:

  • Secure storage and access protocols;
  • Monitoring for and protecting against security breaches;
  • Use of encrypted connections during data transmission;
  • Access controls to limit data access to authorised personnel only.

If you suspect any unauthorised access to Personal Data, please notify us immediately.

International Transfers

Personal Data may be stored or transferred outside the European Economic Area (EEA) where necessary for our operations. These transfers are protected by appropriate safeguards such as:

  • Standard contractual clauses (Article 46.2 GDPR);
  • Adequacy decisions (Article 45 GDPR).

For more details on these safeguards, please contact us at [email protected]

Cookies

We use cookies to enhance website functionality and improve your user experience.  

Some cookies are essential, while others are optional. Details of our cookie practices are outlined in our Cookie Policy 

Third Party Websites

Our website may link to external websites. These sites have their own privacy policies and we are not responsible for their practices. We recommend reviewing those policies before submitting Personal Data. 

Retention

We retain Personal Data only for as long as necessary for the purposes for which it was collected. Retention periods are determined by:

  • Duration of our relationship;
  • Type of services provided;
  • Legal and regulatory obligations;
  • Risk factors such as potential litigation or investigations.

Contact [email protected]  for further details on our retention policy.

Your Rights

You have various rights relating to how your Personal Data is used. 

You have the following rights in relation to your Personal Data:

  • Access: Request access to the Personal Data we hold about you.
  • Rectification: Request corrections to inaccurate or incomplete data.
  • Erasure: Request deletion of your data under certain conditions (e.g. consent withdrawal, no longer necessary, legal compliance).
  • Restriction: Ask us to restrict processing of your data in specific cases.
  • Objection: Object to processing based on public or legitimate interests.
  • Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing.

We may be unable to comply in certain legal or public interest scenarios but will explain our reasoning in such cases.

You also have the right to lodge a complaint with your local data protection authority.

Questions or Complaints

For queries or concerns regarding this Privacy Policy, please contact us at:
Email: [email protected] 

Amendments to this Data Protection Statement

We may update this Privacy Policy from time to time. Any changes will be posted on our website, and the “Effective Date” at the top of this page will be revised accordingly. In some cases, we may also notify you directly of significant changes.

Last updated: 20/06/2025

© 2025 MALTA ENTERPRISE
ALL RIGHTS RESERVED