1. Purpose of this document
Julian’s Pathfinder Foundation is committed to protecting the privacy and security of your personal data. This Privacy Notice sets out the basis for which any of your personal data is collected and processed by us. It covers the types of information that we collect about you, why this is collected, with whom this will be shared and what measures we take to protect your data, in line with data protection legislation, including the General Data Protection Regulation(hereinafter referred to as ‘’ the GDPR’’) (EU) 2016/679 or its successor, the Data Protection Act, Chapter 586 of the Laws of Malta and subsidiary legislation thereto, as may be amended from time to time. Additionally, this Notice also details your rights in terms of data protection and how to approach the Foundation on this subject matter.
In this notice “JPF”, “the Foundation”, “we”, and “us” refers to Julian’s Pathfinder Foundation and “our” shall be construed accordingly.“You” or “your”, refers to you, any attorney duly appointed by means of a power of attorney/mandate, trustees, executors, curators, guardians or any other legitimate representatives.
References to “Controller”, “Personal Data”, “Processor” and “Processing” in this Privacy Notice have the meanings set out in, and will be interpreted in accordance with applicable laws, including but not limited to the General Data Protection Regulation (hereinafter referred to as ‘’ the GDPR’’) (EU) 2016/679 or its successor, the Data Protection Act, Chapter 586 of the Laws of Malta and subsidiary legislation thereto, as may be amended from time to time.
As a “data controller”, JPF is responsible for deciding how to hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this Privacy Notice.
This Notice can be updated at any time to reflect changes in requirements or relevant laws. If there are any substantial changes to the way we process data or changes that will affect you directly, we will notify you of these changes. The latest version can be accessed through https://julianspathfinder.org/privacy.
2. Who are we?
JPF is a public benefit foundation within the meaning of article 1(4)a of the Second Schedule of the Civil Code (Cap. 16 of the Laws of Malta) and enjoys a separate legal personality. It was established on 30th September 2021 and was registered as a Legal Person (LPF- 368) on 6th January 2022. The Foundation is also enrolled with the Commissioner for Voluntary Organizations (VO/2304). The registered address of the Foundation is situated at 5, Triq il-Gamar, Attard, ATD 2462, Malta.
3. General Data Protection Regulation Principles
In complying with the GDPR, we ensure that the personal information that we hold about you is:
• Used lawfully, fairly and in a transparent way.
• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
• Relevant to the purposes we have told you about and limited only to those purposes.
• Accurate and kept up to date.
• Retained only for as long as required for the identified purposes and in line with our retention policy.
• Stored securely.
4. The data we collect about you
We are data Controllers of your Personal Data and shall process your Personal Data for the purposes of assessing your suitability to participate in the event/s which you would have applied for, enabling you to participate in such events, providing you with a service, accepting monetary donations from you and, fulfilling our legal or regulatory requirements where applicable.
More specifically, JPF will process your Personal Data for the purposes mentioned hereunder namely:
• To be able to provide the product or service that you have applied for, in order to fulfil our contract with you;
• To provide you with information regarding those products and services;
• For internal assessment and analysis (including assessing your suitability to participate in our events);
• In furtherance of our legitimate interest in developing and improving the our products and services. We will look at your information to identify possible service and product improvements. We’ll use your information to understand how you have benefited from these products / services and what are your preferences. The lawful basis for processing your information for this purpose is our legitimate interest. We do this to improve our products and services to best meet the needs of our stakeholders;
• For direct marketing, such as to inform you, by mail, telephone, e-mail or other electronic means, about other products and services provided by the Foundation and by other carefully selected third parties, and for research purposes, provided that you have provided us with your specific consent; and
• In compliance with legal obligations which are imposed on us, including (amongst others) money-laundering detection and reporting, and other obligations imposed upon us in terms of applicable law;
• If you have opted in, to inform you about our services and products.
In certain instances, we may request and process special categories of personal data. In terms of the GDPR this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic, biometric data and information about criminal convictions and offences.
Such Personal Data and/or special categories of personal data may include the following:
• Personal details: your names, gender, date and place of birth;
• Personal contact details:, address, contact numbers and personal e-mail address;
• Identification information: identity card, nationality and citizenship, signature, schools attended, exam results;
• Other personal data included in a CV, application form, cover letter or interview notes, such as qualifications, skills, experience, education and employment history;
• References, voluntarily disclosed by you, for which the Foundation would be authorised to contact directly to obtain independent verification of information provided by yourself during the application process;
• Health data including medical conditions and food allergies which could impact your participation in certain events organised by the Foundation;
• Information about criminal convictions and offences: as part of the recruitment process we may perform background checks on you in order to further evaluate and validate your application. Such background checks may include criminal records, public social media checks etc.
• Filming and photographs taken during our events for research and promotional purposes;
• Records of your correspondence and other communications between us;
• Information provided to us by yourself when filling out forms, submitting your ideas/ proposals and presenting them during our events, etc.;
• Any other information we need to support our regulatory obligations.
We do not collect more information than we need to fulfil our stated purposes and will not keep it longer than necessary. The provision of Personal Data is on a voluntary basis. However, if you do not provide us with your Personal Data it may affect your application to participate in our events or the possibility for us to provide you with our services.
5. How do we collect your personal information?
We may collect personal data about you from different sources, data including the following:
• Data given to us directly by yourself;
• Data collected automatically when you use JPF services including when you visit our websites and social media channels;
• Data collected from communications with the Foundation;
• Data collected from photographs and video footage taken present during our events; and
• Data collected from other publicly available sources.
6. Grounds and Scope of Processing
We will only use your personal information when the law allows us to. Hereunder, is the list of the bases for processing your Personal Data in accordance with the GDPR:
• You as the data subject has given consent to the processing of your personal data Article 6(1)(a));
• Processing required for us to perform a contract (Article 6(1)(b));
• Processing is necessary for compliance with a legal obligation to which the controller is subject (Article 6 (1) (c));
• Processing required for the purposes of our legitimate interest (Article 6(1)(f)).
The Foundation will only use your personal information for the purposes for which it was collected, unless it is reasonable to consider that we need to use it for another reason and that reason is compatible with the original purpose.
7. Third Party Personal Data
Should you provide us with Personal Data of third-party data subjects such as that of referees or any other third parties, you shall be solely responsible to ensure that:
• you immediately bring this Privacy Notice to the attention of such data subjects and direct them to it;
• the collection, transfer, provision and any Processing of such Personal Data by you fully complies with any applicable laws;
• you collect any information notices, approval, consents or other requirements that may be required from such data subject before providing us with their Personal Data;
• you remain responsible for making sure the information you give us is accurate and up to date, and you must inform us if anything changes as soon as possible.
You hereby fully indemnify us and shall render us completely harmless on first written demand against all costs, damages or liability of whatsoever nature resulting from any claims or litigation (instituted or threatened) against us as a result of your provision of said Personal Data to us.
8. Marketing
From time to time, the Foundation would like to send you information about JPF products and services which we think may be of interest to you and also products from our partners, sponsors and relevant third parties, such as . educational institutions. Marketing will be carried out primarily through the circulation of e-mails, sms, surveys and social media channels. Other means of communication may also be used. You will need to provide us with your consent in order for us to process your Personal Data for marketing purposes. If you previously agreed to us contacting you about marketing but have now changed your mind, we kindly ask you to contact us as advised below so that we can update your In case of social media marketing, you can control the delivery of certain advertising or social campaigns through the settings offered by the respective third-party platforms (e.g. Facebook). In addition, if you download our mobile applications from the Apple AppStore or Google Play, the only way to prevent receipt of notifications is by changing the settings on the device itself.
Please note that the withdrawal of your consent for marketing purposes does not affect the lawfulness of the Processing of Personal Data based on such consent prior to its withdrawal.
9. Data we share and with whom
We do not share personal data with companies, organisations and individuals outside of the Foundation unless one of the following circumstances applies:
• With your consent – We will share personal data with companies, organisations or individuals outside of the Foundation when we have your consent to do so
• For external processing – We provide personal data to trusted businesses or persons to whom we may outsource certain functions from time to time, in order to provide you with the products or services you have requested, and in compliance with our Privacy Notice and any other appropriate confidentiality and security measures
• For legal reasons – We will share personal data with companies, organisations or individuals outside of the Foundation if we have a good-faith belief that access, use, preservation or disclosure of the data is reasonably necessary to:
– meet any applicable law, regulation, legal process or enforceable governmental request
– enforce applicable terms of service, including investigation of potential violations
– detect, prevent, or otherwise address fraud
– protect against harm to the rights, property or safety of the Foundation, our users or the public as required or permitted by law
We may share your information for the above mentioned purposes with others such as:
• Our employees and representatives, our third party service providers, agents, delegates, sub-contractors, collaborators, sponsors and/or any other party which may be engaged or otherwise used by us (including suppliers of the Foundation and any person engaged by us to carry out services) for any purpose as mentioned in section 6 above;
• Any transactional data shared amongst parties involved in the transactions;
• Maltese or foreign authorities who may request such data in carrying out their functions such as law enforcements units, government, courts and other regulatory bodies;
• Fraud and crime prevention agencies who will use the data provided to verify your identity, detect and prevent fraud and other financial crimes.
We may share non-personally identifiable data publicly. For example, we may share data publicly to show trends about the general use of our services.
10. Data Retention
We will not retain your personal data for longer than it is necessary for the maintenance of your relationship with us, or for any legal or regulatory requirements. Your information will be processed and kept for as long as necessary for us to be in compliance with our legal obligations, industry practices and/or accepted standards (including where processing may be necessary for the establishment, exercise or defence of legal claims).
Data will be kept within the Foundation according to the schedule set out in our internal data retention policy. Further information about retention periods for different aspects of your personal data can be requested by contacting us at info@julianspathfinder.org
11. Data Security
We shall implement and maintain appropriate and sufficient technical and organisational security measures, taking into account the nature, scope, context and purposes of the Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, to protect your Personal Data against any unauthorised accidental or unlawful destruction or loss, damage, alteration, disclosure or access to Personal Data transmitted, stored or otherwise processed and shall be solely responsible to implement such measures. We shall ensure that all those employees, sponsors etc. who process your Personal Data are aware of such technical and organisational security measures and we shall ensure that such persons bound by a duty to keep your Personal Data confidential. The technical and organisational security measures in this clause shall mean the particular security measures intended to protect your Personal Data in accordance with any privacy and data protection laws.
If you have reason to believe that your interaction with us is no longer secure, please advise us immediately.
12. Cookies
When you visit any of JPF’s websites, we use (and authorised third parties to use) cookies and similar technologies (the “Cookies”).
The Cookies allow us to automatically collect information about you and your online behaviour, as well as your device (for example your computer or mobile device), for different purposes such as in order to enhance your navigation on our website, improve our websites’ performance and customize your experience on our websites, perform analytics, deliver content which is tailored to your interests and administer services to our users and customers. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
13. Data Subject Rights
Your rights in connection with personal data under certain circumstances, by law you have the right to:
• Request access to your personal data (known as a subject access request). This enables you to receive a copy of the personal data we hold about you and how we process it.
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
• Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal data to another party.
14. Withdrawal of consent
In the case where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.
To withdraw your consent, please contact the Foundation via the available channels as detailed here below. All requests will be responded to in a timely manner.
15. Use of data processors
As Controllers of data, we make use of data processors who are third parties and provide services to us. To regulate our relationship, we have contractual agreements in place to safeguard our interests and your personal data. They are not authorised to do anything with your Personal Data unless specifically instructed by us. When we do this, we will make sure that it has an appropriate level of protection and that the transfer is lawful. We may need to transfer your data in this way to carry out our contract with you, to fulfil a legal obligation, to protect the public interest and/or for our legitimate interests.
16. Updates to this Privacy Notice
We reserve the right to update this privacy notice at any time. The updated privacy notice will be published on our website. If you have any questions about this Privacy Notice, or should you have any queries or would like to update your data processing preferences, please contact us on the our details hereunder.
Julian’s Pathfinder Foundation’s Contact Details:
Mobile: (356) 9989 2015
Address: Julian’s Pathfinder Foundation, 5, Triq il-Gamar, Attard ATD 2462, Malta
Email: info@julianspathfinder.org
Should you feel the need to escalate the matter further, you can make a complaint to the Supervisory Authority in Malta which is the Information and Data Protection Commissioner; contact details are below.
Supervisory Authority Contact Details:
Land Line: (356) 2328 7100
Address: Information and Data Protection Commissioner, Floor 2, Airways House, High Street, Sliema, SLM 1549, Malta.
Email: idpc.info@idpc.org.mt