Last updated: 23/06/2018
1.2. This Policy provides You with information in terms of the Data Protection Act – Chapter 586 of the Laws of Malta and any of its subsidiary legislation which is relevant, and the EU General Data Protection Regulation (GDPR). For more information on data protection principles please refer to article 5 of the GDPR here.
1.3. The Policy sets out the different areas where user privacy is concerned and outlines the obligations & requirements of the users, the Website and Website Owners. Furthermore, the way this Website processes, stores and protects user data and information will also be detailed in this policy.
1.5. If We make any changes to this policy, We will add an alert on this Website and contact You in case of any major updates.
1.6. The Policy can be easily accessible via a link on each web page.
|Cookies||Cookies are small pieces of data stored on your device (such as a computer, mobile or a tablet device) that the Website transfers to the User’s device when the User visits the Website.|
|Data Controller||Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed.
|Delegate||A delegate is someone who has successfully applied to attend a MaltMUN Conference.|
|Partners||Partners include, but are not limited to, venue vendors, charitable donors and liaisons.|
|Personal Data||Personal Data means data about a living individual who can be identified from those data (or from those and other information either in Our possession or likely to come into Our possession). Non-personal data means data that is in no way personally identifiable.|
|Register of Systems||A register of all systems or contexts in which personal data is processed by MaltMUN.|
|Registrant||A registrant is someone who has registered to attend Our annual conference. People can register online solely through the MaltMUN Website. Registration is considered successful once all fields are filled in and after payment of the delegate fee is effected.|
|Responsible Person||A responsible person is the person who will take responsibility for the Society’s ongoing compliance to this policy.|
|Service||Service refers to the MaltMUN Website (https://maltmun.org.mt) and other content operated by MaltMUN.|
|Service Provider||Service Provider means any natural or legal person who processes the data on behalf of the Data Controller.
We may use the services of various Service Providers in order to process your data more effectively.
|Staff||A person who has applied to staff Our annual conference. Roles include Logistics, Chairing, Press and Secretariat members.|
|Subscriber||A Subscriber is someone who has registered to receive MaltMUN email updates.|
|Usage Data||Usage Data is data collected automatically, either generated by the use of the Service or from the Service infrastructure itself.|
|User||A User is any living individual who is using Our Service and is the subject of Personal Data. This term may also be used interchangeably collectively to refer to a visitor, newsletter subscriber, registrant, applicant or business partner.
|Visitor||A Visitor is someone who browses Our Website.|
3. Data Controller
3.1. The Data Controller of this Website is the Malta Model United Nations Society Association which is a Maltese voluntary organisation with registration number VO/0800 whose office is situated in Malta.
3.2. MaltMUN uses Model UN as a tool in teaching young participants about international cooperation. The Society is committed in investing in personal development and nurturing leadership skills, whilst embracing the spirit of the United Nations throughout. We are committed to providing an easy environment within which members may share their ideas whilst refining a range of valuable professional skills. Furthermore, We are intent on participating in editions of Model United Nations (MUNs) all over the world.
4. Lawful Purposes
4.1. All data processed by MaltMUN must be done on one of the following:
- legal obligation,
- vital interests,
- public task or
- legitimate interests
4.2. MaltMUN shall note the appropriate lawful basis in the Register of Systems.
4.3. Where consent is relied upon as a lawful basis for processing data, We will keep evidence of opt-in consent with the personal data.
4.4. Where communications are sent to users based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in the Society’s systems.
5. How We use Your Data
5.1. We may use Your Personal Data to contact You with newsletters, marketing or promotional materials and other information that may be of interest to You. You may opt out of receiving any, or all, of these communications from Us by following the unsubscribe link at the bottom of any email We send or by contacting Us.
5.2. We will never sell your personal information to others. However, We may share your information with selected third party partners if you have asked us to do so. Our partners are usually similar organisations with shared social objectives and We will never share Your details without Your explicit consent.
6.1. Our Website uses only session cookies which are erased when the user closes the Web browser. The session cookie is stored in temporary memory and is not retained after the browser is closed. Session cookies do not collect information from the user’s device. They will typically store information in the form of a session identification that does not personally identify the user.
7. Our Responsibilities
7.1. MaltMUN is committed to processing data in accordance with its responsibilities under the Data Protection Act and the GDPR.
7.2. If You are a MaltMUN registrant, delegate, subscribed to receive emails from Us or a visitor to Our Website We act as the ‘data controller’ of personal data. This means We determine how and why Your data are processed.
7.3. The Responsible Person shall take responsibility for the Society’s ongoing compliance with this policy.
7.4. To ensure its processing of data is lawful, fair and transparent, the Society shall maintain a Register of Systems.
7.5. The Register of Systems shall be reviewed at least annually.
7.6. Individuals have the right to access their personal data and any such requests made to the Society shall be dealt with in a timely manner.
8. Your Responsibilities
8.2. If You are a MaltMUN or foreign UN Model conference registrant or delegate, please also check the terms and conditions between Us: they may contain further details on how We collect and process Your data.
9. When, how and on whom is data collected?
From the moment you first start interacting with MaltMUN, We are collecting data. There are two ways in which data about You is collected, either by You providing the data Yourself, or the data is collected automatically.
9.1. Types of data We collect and on who
9.1.1. Contact details: Your name, address, telephone number, email address and other information stipulated in registering to attend a MaltMUN or a foreign Model UN conference.
Who: Subscriber, Registrant, Delegate, Staff
9.1.2. Financial information: Your Paypal account number, email address and other information necessary to process your payment.
Who: Delegate, Staff
9.1.3. Data from Your application: First name, last name, date of birth, nationality, personal ID documents and/or passport number, email address, mobile number, current or most recent educational institution, other personal details disclosed in application form in required and/or free text boxes (questions about past conference attendance, delegation achievement, main areas of studies/expertise, place of work (if applicable), experience as a delegate, experience as a chair, chairing style, preferred committee, visa acknowledgment). These requests vary on delegate or chair application forms.
Who: Delegate, Staff
9.1.4. Data that identifies You: Your IP address, URL accessed, time zone setting, method, protocol, referring URL, user agent.
Who: Visitor, Registrant, Delegate, Staff
9.1.5. Data on how You use the Website: Your URL clickstreams (the path You take through our site), products/services viewed, page response times, download errors, how long You stay on Our pages, what You do on those pages, how often, and other actions.
Who: Visitor, Registrant, Delegate, Staff
9.2.6. Does MaltMUN collect sensitive data?
We do not collect any “sensitive data” about You (such as racial or ethnic origin, political opinions, religious/philosophical beliefs, trade union membership, genetic data, biometric data, health data, data about Your sexual life or orientation, and offences or alleged offences) except when We have Your specific consent, or when We have to comply with the law.
9.2.7. Is data on children collected?
MaltMUN is a non-profit organisation and is intended to be used by those who are 16 years of age or over. We do not target the MaltMUN conference or foreign UN Model conferences at individuals below 16 years of age, and we do not knowingly collect any personal data from any person under 16 years of age.
10.1. You have given clear consent for Us to process Your personal data for the specific purpose of participating in the MaltMUN Society’s events.
10.2. If you have previously given consent to Our processing Your data, You can freely withdraw such consent at any time. You can do this by emailing us at email@example.com.
10.3. If you do withdraw Your consent, and if We do not have another legal basis for processing Your information, then We will stop processing Your personal data. If We do have another legal basis for processing Your information, then We may continue to do so subject to Your legal rights.
11. Your Privacy Choices and Rights
11.1. Your Choices
11.1.1. You can choose not to provide Us with personal data: If You choose to do this, You can continue to use the Website and browse Its pages, but We will not be able to process transactions without personal data.
11.1.3 You can ask us not to use your data for marketing: We do not use Your data for marketing but if in the future this will be done, We will inform You (before collecting Your data) if We intend to use Your data for marketing and if third parties are involved. You can opt out from marketing by emailing Us at firstname.lastname@example.org
11.2. Your Rights
11.2.1. You can exercise Your rights by sending Us an email at email@example.com.
11.2.2. You have the right to Your data: We will give You a copy of your data in CSV form. We will not do so to the extent that this involves disclosing data about any other individual.
11.2.3. You have the right to access information We hold about You: This includes the right to ask Us supplementary information about:
- the categories of data We are processing
- the purposes of data processing
- the categories of third parties to whom the data may be disclosed
- how long the data will be stored (or the criteria used to determine that period)
- Your other rights regarding Our use of Your data
- We will provide You with the information within one month of Your request, unless doing so would adversely affect the rights and freedoms of other persons. We will inform You if We cannot meet Your request for that reason.
11.2.4. You have the right to make Us correct any inaccurate personal data about You.
11.2.5. You can object to Us using Your data for profiling You or making automated decisions about You: We may use Your data to determine whether We should let you know information that might be relevant to You. Otherwise, the only circumstances in which We will do this is to provide the Model UN experience to You.
11.2.6. You have the right to be ‘forgotten’ by Us: You can do this by asking Us to erase any personal data We hold about You, if it is no longer necessary for Us to hold the data for purposes of Your use of the Website.
11.2.7. You have the right to lodge a complaint regarding Our use of Your data: Please contact Us first, so We have a chance to address Your concerns. If We fail in this, You can address any complaint to the Office of the Information and Data Protection Commissioner by accessing their contact information at https://idpc.org.mt/.
12. Data Minimisation and Security
12.1. We have physical, electronic, and managerial procedures to safeguard and secure the information We collect.
12.2. MaltMUN shall ensure that personal data is stored securely using modern software that is kept-up-to-date.
12.3. Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information.
12.4. When personal data is deleted this should be done safely such that the data is irrecoverable.
12.5. Appropriate back-up and disaster recovery solutions shall be in place.
12.6. IMPORTANT NOTE: You provide personal data at Your own risk: no data transmission is guaranteed to be 100% secure.
13. Where do We store the data?
13.1. The personal data We collect is processed at Our registered office in Malta and in any data processing facilities operated by the third parties identified below.
14. How long do We store Your data?
14.1. To ensure that personal data is kept for no longer than necessary, MaltMUN shall put in place an archiving policy for each area in which personal data is processed and review this process annually.
14.2. The archiving policy shall consider what data should/must be retained, for how long, and why.
14.3. We will stop actively using any personal identifiable information about You within 12 months from the last time You used services offered by MaltMUN or accessed Its Website.
14.4. We will retain Your personal data in Our archives for no longer than 12 months from the date of first communication as obliged by law and will delete it after that period of retention expires, unless You grant Us Your consent to retain the personal data for a further definite or indefinite period.
15. Third parties who process Your data
15.1. MaltMUN uses third parties to facilitate its services.
15.4. Here are the details of Our main third-party service providers, and what data they collect, or We share with them, where they store the data and why they need it:
|Data Collected or Shared||Purpose||
Place of Processing
Paypal (Europe) S.a.r.l. et Cie, S.C.A. and subsidiaries or affiliates
This service processes payments for Us.
Gmail by Google L.L.C
We use this service for sending, storing and tracking emails.
Drive by Google L.L.C
We use this service to store data generated through your interaction with MaltMUN.
MailChimp for WordPress
We use this service to send you emails about MaltMUN.
16. Transaction Security Policy
16.1. This Website uses Secure Sockets Layer (SSL) to ensure secure transmission of Your personal data and to process your payment. You should be able to see the padlock symbol in the status bar of the browser window You are using. The URL address will also start with https:// depicting a secure webpage. SSL applies encryption between two points such as Your device and the connecting server. Any data transmitted during the session will be encrypted or scrambled and then decrypted or unscrambled at the receiving end. This will ascertain that data cannot be read during transmission.
17.1. In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, MaltMUN shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the Office of the Information and Data Protection Commissioner Malta.
17.2. If You believe Your privacy has been breached, please contact Us immediately on firstname.lastname@example.org
19.1. Any comments or suggestions that You may have, and which may contribute to a better quality of service will be welcome and greatly appreciated. Please email Us at email@example.com