Privacy Notice

1.0 Privacy Notice

This Notice sets out in detail how the Lands Authority (hereinafter referred to as ‘the Authority’) shall process your personal data. It is recommended that you read this Privacy Notice in full to understand our practices regarding your personal data.

This Privacy Notice is dated 26 November 2018.

2.0 The General Data Protection Regulation (Regulation (EU) 2016/679)

The General Data Protection Regulation (‘GDPR’) was adopted by the European Council on 8 April 2016 and came into effect on 25 May 2018, repealing and replacing the Data Protection Directive (Directive 95/46/EC) and the domestic laws implementing it. Accordingly, the Data Protection Act (Chapter 586 of the Laws of Malta) which took effect on 28 May 2018, repeals and replaces the previous Data Protection Act (Chapter 440 of the Laws of Malta), together with a set of subsidiary legislation regulating sector-specific data protection matters.

The Authority has a legal duty to respect and protect any personal information we collect from you and we will abide by such duty. We take all safeguards necessary to prevent unauthorised access and we do not pass on details collected from you as a visitor, to any third party or Government Department unless your consent is required and obtained.

For legal purposes, the Data Controller of this website is the Lands Authority which has been set up by virtue of the Lands Authority Act (Chapter 563 of the Laws of Malta) on 3rd of February 2017 to manage Government land and property.

3.0 Who does this Privacy Notice apply to?

This Privacy Notice applies to the following data subjects:

  • visitors to, or users of, the website;
  • previous, existing and future customers and those acting on their behalf; and
  • service providers and business partners.

3.1 Information Collected

As part of our main functions to administer and make best use of all the land of the Government of Malta and all land that form part of the public domain, as well as our legal obligations, the Authority may collect your personal data through different sources including the following:

  • Data given to us directly by yourself, for example, online through Application Forms or when you call, visit, or send an email addressed to the Lands Authority;
  • Data collected automatically when you use the Lands Authority website;
  • Data collected from other publicly available sources;
  • Data collected during your visit to the Lands Authority, for example, for critical security purposes the Authority has installed CCTV cameras on its premises which may capture images of people accessing our premises. Moreover, the Authority collects your personal details whilst visiting our premises on an ad-hoc basis or as part of a more long-term agreement, for the purposes of site security.

The personal data collected through the website and other channels mentioned above may include the following:

  • Contact or feedback information;
  • Information provided as part of the application/payment process, including but not limited to the applicant’s name and surname, contact details, I.D. Card/Passport details, site plans, location photos, declarations attesting information correctness and other ancillary documentation relative to the applicant’s request;
  • Web Page download information; and
  • Site usage information.

You should consider that any person communicating with the Authority by email will be deemed to have accepted the risks associated with sending information by email, including the interception, amendment and loss, as well as the consequences of incomplete or late delivery. To this end, the Lands Authority shall not be liable for damages arising from messages sent to it via e-mail or other messages sent electronically.

3.2 Information provided as part of the application process

3.2.1. When you submit an application together with any ancillary documentation, the Lands Authority, as administrator of the land of the Government of Malta (Article 3 of the Government Lands Act, 2017, Cap. 573), shall only process your information in line with its statutory obligations to administer and make best use of all the land of the Government of Malta and all land that form part of the public domain.

3.2.2. The Authority shall not retain a copy of an applicant’s Identity Card/Passport beyond the identity verification process, unless pursuant to a statutory provision which confers the power or imposes the obligation on the Authority to retain such information.

3.2.3. Without prejudice to the generality of Clause 3.2.2., the Authority shall consider other alternatives in lieu of retaining the applicant’s Identity Card/Passport. Such alternatives may include but are not limited to the verification of the accuracy and authenticity of the identity document without retaining copies of the documents.

3.2.4. The verification of identity documents is necessary to enable the present or future correct identification of, correct attribution of personal data to, the holder of the identity document, where such correct identification or attribution is or will be necessary.

3.3 Contact or Feedback Information

When you fill the form on the “CONTACT US” page, we use the personal information submitted in the form only to respond to your message. This personal information will not be kept longer than necessary and will be deleted once the feedback requirement is met.

3.4 Download Information

If you read or download information from our site, we automatically collect and store the following non-personal information:

  • The requested web page or download;
  • Whether the request was successful or not;
  • The date and time when you accessed the site;
  • The Internet address of the web site or the domain name of the computer from which you accessed the site;
  • The operating system of the machine running your web browser and the type and version of your web browser.

Please note that this information is strictly for the sole use of and it is not shared, leased, or sold in any manner to any other organisation.

3.5 Site Usage Information

The site creates “cookies” for each session when you visit our web site. These cookies store information that is sent to your browser – along with a web page – when you access a web page. Your browser will return the cookie information only to the domain from where the cookie originated, i.e., and no other web site can request this information.

4.0 Legal Basis

All information provided to the Authority will be solely used as may be necessary to provide you with the required service. The Authority processes your personal data on the basis of the following legal bases:

  • Official authority vested in the Controller – we process your personal data on the basis of Article 6(1)(e) of the GDPR i.e. the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
  • Entering into and performing a contract – we process your personal data on the basis of Article 6(1)(b) of the GDPR, in particular to provide you with the services you have requested from us and as necessary for the performance of a contract;
  • Compliance with legal obligations – we process your personal data on the basis of Article 6(1)(c) of the GDPR, in particular obligations imposed on us to adequately manage Government land and property; and
  • Our legitimate interests – we process your personal data on the basis of Article 6(1)(f) of the GDPR, in particular legitimate interests which may arise directly or indirectly in relation to the services provided e.g. we may process your personal data for the purposes of establishing, exercising or defending legal proceedings. The Authority shall always ensure that your own interests, rights and freedoms are safeguarded.

5.0 Recipients of your Personal Data

The recipients of your personal data include:

  • our employees or selected individuals within the Authority, on a need to know basis or as a result of their duties within the Authority;
  • any service providers that may have access to your personal data in rendering us with their support services;
  • third parties to whom disclosure may be required as a result of our relationship with you as our client;
  • third parties to whom disclosure may be required as a result of legal obligations imposed on us; and
  • authorised processors and any authorised sub-processors who process your data on our behalf and for the same purposes as indicated above.

The Authority does not share your personal data with any entity located outside of the European union (‘EU’) or the European Economic Areas (‘EEA’).

6.0 Automated Decision-Making and Profiling

Your personal data will not be used for any decision solely taken on the basis of automated decision making processes, including profiling.

7.0 Data Retention

We shall retain your personal data exclusively for the minimum amount of time necessary and allowed by law. In particular instances we may have a legitimate interest to hold your data for longer periods such as when your data is required for exercising or defending legal claims.

8.0 Data Subject Rights

As a data subject you have certain rights in relation to your personal data including:

  • Right of access – you have the right to ask us for copies of your personal data that is being processed. There are some restrictions which means you may not always receive all the information we process;
  • Right to Erasure – you have the right to ask us to delete your personal data in certain circumstances. This is not an absolute right and shall depend on our established retention periods;
  • Right to Object – you have a right to object and request that we cease the processing of your personal data where we rely on our, or a third party’s legitimate interests for processing your personal data or a task carried out in the public interest;
  • Right to Portability – you may request that we provide you with certain personal data which you have provided to us in a structured, commonly used and machine-readable format. Where technically feasible, you may also request that we transmit such personal data to a third party controller indicated by you;
  • Right to Rectification – you have the right to update or correct any inaccurate personal data which we hold about you;
  • Right to Restriction – you have the right to request that we stop using your personal data in certain circumstances including if you believe that we are unlawfully processing your personal data or the personal data that We hold about you is inaccurate;
  • Right to withdraw your consent – where our processing is based on your consent, you have the right to withdraw your consent. Withdrawal of your consent shall not affect the lawfulness of the processing based on your consent prior to the withdrawal of your consent;
  • Right to be informed of the source – where the personal data we hold about you was not provided to us directly by you, you may also have the right to be informed of the source from which your personal data originates; and
  • Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority, you shall also have the right to an effective judicial remedy where you consider that your rights under the Regulation have been violated as a result of the processing of your personal data in contravention of the Regulation.

Your rights in relation to your personal data are not absolute. If you intend to exercise one or more of your rights, please send your request to [email protected].

No fees are applicable when exercising your rights. Moreover, you will be provided with a response without undue delay, and in any event within one month from which starts running as soon as your identity is verified.

Following your request to exercise your rights, the Authority may need to request specific information from you to help verify your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

9.0 Security

The Authority is committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable technical and organisational measures to safeguard and secure the personal data that we collect.

If the Authority learns of a personal data breach, we may inform affected data subjects of the occurrence of the breach in accordance with Applicable Laws.

10.0 Links to other Web Sites

Our site has a number of links to other local organisations and agencies. In some cases, for the benefit of the visitor, it may be required that we link to other web sites of other organisations after permission is obtained from them respectively. It is important for you to note that upon linking to another site, you are no longer on our site and you become subject to the privacy notice of the new site.

11.0 Data Protection Officer

The Authority has appointed a Data Protection Officer (‘DPO’) who is responsible for matters relating to privacy and data protection. The DPO can be reached at the following address: [email protected].

12.0 Changes to this Privacy Policy

If there any changes to this Privacy Notice reflecting changes in our services as well as to address any updates to Data Protection and Privacy Laws, this page shall be replaced with an updated version. It is therefore in your own interest to check this Privacy Notice any time you access our web site so as to be aware of any changes which may occur from time to time.

Skip to content