Home / Privacy Notice
Privacy Notice
Servizz.gov ("Servizz.gov," "we," "us," or "the Agency") recognises the importance of protecting your personal data and is committed to processing such data in a lawful, fair, and transparent manner.
This Privacy Notice provides information on how personal data is collected and processed in connection with the exercise of the Agency's statutory functions, including the provision of services to the general public through various channels.
Data Controller
The Agency acts as a Data Controller in respect of personal data processed for its own purposes, including in connection with the management and operation of its website, direct interactions with users through its communication channels, and its internal administrative functions. In this capacity, the Agency determines the purposes and means of the processing and processes personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation — "GDPR") and the Data Protection Act (Chapter 586 of the Laws of Malta). This Privacy Notice applies to such processing.
The Agency also facilitates the provision of Government services on behalf of Ministries, Departments and other Government entities. In the context of such services, the relevant Government entity determines the purposes and essential means of the processing and acts as the Data Controller, while the Agency processes personal data on its behalf and only in so far as is necessary to enable the delivery or follow-up of the service.
This Privacy Notice does not apply where personal data is processed on behalf of Government entities in connection with specific services. If you have any questions about the processing of your personal data or wish to exercise your data protection rights in relation to such services, you are encouraged to contact the respective Government entity or refer to its privacy notice.
Data Protection Officer
The Agency has appointed a Data Protection Officer ("DPO") who is responsible for overseeing matters relating to privacy and the protection of personal data.
The Data Protection Officer may be contacted as follows:
Email: dpo.servizz@gov.mt
Telephone: (+356) 23164102
Postal Address:
The Data Protection Officer
Servizz.gov
The Victoria Centre, Level 2
Valletta Road
Mosta
What is Personal Data?
Personal Data is any information relating to an identified or identifiable natural person (the "data subject"). A data subject is an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, or an online identifier, or by reference to factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.
These categories of identifying information constitute personal data. Personal data does not include data which has been rendered anonymous in such a manner that the individual is no longer identifiable (anonymous data).
In certain circumstances, personal data may also include special categories of personal data, such as data concerning health, as well as other categories of sensitive personal data as defined under applicable data protection legislation. Such data is afforded a higher level of protection and will only be processed where strictly necessary and subject to appropriate safeguards to ensure its confidentiality and integrity.
What Information Do We Collect and How Is It Used?
The Agency collects, uses and otherwise processes personal data that you provide when you contact us for the provision of services or otherwise communicate with the Agency in the exercise of its functions, including for the submission of queries, requests, applications, feedback or complaints.
Depending on the nature of the service or interaction, personal data may be collected directly from you, obtained through your communications with the Agency, or received in the course of facilitating services with the relevant Government entity. In certain circumstances, the Agency may also combine information provided by you with other information lawfully received in connection with the handling of your request, where this is necessary to facilitate the provision of the relevant service.
The personal data processed may include but is not limited to:
— your name and surname;
— identification number;
— contact details such as your address, email address and telephone number;
— a copy of your identification document (where required); and
— any other information provided in connection with your request, enquiry, complaint or other communication with the Agency.
1. Service Requests, Queries and Complaints
Where you contact the Agency for the provision of a service, the submission of a query, or the lodging of a complaint, your personal data will be processed for the purpose of receiving, assessing, handling and responding to your request, and where necessary, to facilitate follow-up action with the relevant Government entity.
Where an enquiry is of a general nature and does not require the identification of the individual, for example, requests for information relating to services, such interactions may be addressed without the provision or processing of personal data. However, where the nature of the enquiry requires the Agency to provide tailored assistance, follow-up, or to facilitate access to a specific service, the Agency may request and process personal data as necessary for those purposes.
Where a request or service falls within the remit of another Government entity, the Agency may process the personal data strictly to the extent necessary to facilitate communication, referral, transmission or follow-up in connection with that service.
2. Online Forms and Website Facilities
The Agency's website may provide access to online forms and other electronic facilities relating to services offered by Government entities. Where such forms or facilities concern services provided by another Government entity, the website operates as a point of access through which the information submitted is transmitted to the relevant entity responsible for processing the request. In such cases, the processing of the personal data contained in the form or request is carried out by the relevant Government entity in accordance with its own privacy notice. The Agency's role is limited to facilitating access to, and where applicable, the transmission of, such information.
Where you make use of online contact facilities made available by the Agency, including contact forms or feedback mechanisms, any personal data provided will be processed for the purpose of responding to your communication and handling the matter raised.
3. Email, Live Chat and Telephone Communications
Where you correspond with the Agency by email, through live chat facilities, by telephone or through other communication channels made available by the Agency, the personal data you provide will be processed for the purpose of responding to your enquiry, facilitating service delivery, and maintaining an appropriate record of the communication.
Calls made to the Agency's Freephone 153 may be recorded and monitored for quality assurance, service improvement, and for the verification of information in the context of enquiries or complaints. Such recordings shall be retained for a period of six (6) months, unless their continued retention is required in connection with an investigation, complaint, legal proceedings or any other lawful purpose.
4. IP Address and Location
The web server may automatically collect limited technical information, including Internet Protocol (IP) address, browser type, device information and general usage data, for the purposes of system administration, security monitoring and troubleshooting. Such information may also be used in aggregated or anonymised form to analyse usage patterns and improve the performance and usability of the website. IP addresses and related technical data are not used to directly identify individuals beyond what is necessary for security, operational and service improvement purposes.
5. Integrated Digital Services and Authentication
In the provision of digital services, the Agency facilitates interactions across its Portal, chatbot solutions and internal systems, including case management platforms, in order to support the efficient and integrated delivery of services.
Access to certain functions may involve authentication through electronic identification services provided by competent Government authorities, including national or cross-border mechanisms (such as eID or eIDAS). In such instances, authentication is carried out for the purpose of verifying the user's identity and enabling secure access to relevant services. Personal data is only processed where a user accesses, requests, or makes use of a service that necessitates such processing.
Where personal data is processed in connection with the delivery of a service, such processing is limited to what is necessary for the administration and provision of that service. This may include the handling of requests, coordination across the systems supporting the service, the provision of any required follow-up, and the maintenance of records required for the proper administration, management, and accountability of the service.
6. Personalised Guidance and Service Identification
The Portal may provide optional functionality, available to authenticated users, to assist in identifying services, information, and life events that may be relevant to them. Where a user chooses to make use of this functionality, they may be invited to respond to a series of questions relating to their circumstances, interests, or life events. Based on the responses provided, the Portal may generate tailored guidance and present information that may be relevant to the user.
Any guidance, recommendations, or results generated through this functionality are provided solely for informational purposes and are intended to assist users in navigating available services and information. Such guidance does not determine, influence, or affect eligibility for, or access to, any service, benefit, or entitlement.
The functionality uses automated tools to generate tailored guidance based on the information provided by the user. Such processing does not involve automated decision-making that produces legal effects concerning the user or similarly significantly affects them. Information provided through this functionality is used solely for the purpose of generating the requested guidance and is not used to create a broader profile of the user.
7. CCTV Footage
For security purposes, the Agency operates CCTV systems at its premises, including its Regional Hubs, Specialised Hubs and Head Office. CCTV footage may be used for security monitoring and incident investigation and may, where required, be disclosed to competent authorities in accordance with applicable law.
Clear signage informing individuals of the presence of CCTV surveillance is affixed at the entrance of the relevant premises. A specific CCTV Privacy Notice, containing further details on such processing, is also available at these locations.
8. Cookies
The Agency's website makes use of cookies to ensure the proper functioning of the website. Further information on the cookies used by the Agency is available in the Agency's Cookies Policy.
9. External Websites
The Agency's website may contain links to external websites operated by third parties or other Government entities. Once you leave the Agency's website and access such external websites, you will be subject to the Privacy Notice and data protection practices of the relevant website.
On What Basis Does Servizz.gov Use Your Personal Data?
— Performance of a task carried out in the exercise of official authority: Servizz.gov processes personal data to perform its functions related to the provision of access to Government services to service users, as provided for under the Servizz.gov Agency (Establishment as an Agency) Order (Legal Notice 171 of 2016) and any other relevant national and EU law.
— Performance of a contract: Servizz.gov processes your personal data as necessary in order to provide you with the required services.
— Consent: Servizz.gov will process your personal data when you have given your consent to the processing of your personal data for any other purpose not related to the provision of its services or the performance of its statutory functions. You have various rights where we process your information on the basis of your consent. You may withdraw your consent for any such processing at any time.
— Legitimate interest: Servizz.gov may have a legitimate interest to process your personal data in circumstances which are not directly related to the exercise of its functions, such as for security purposes.
— Legal obligation: There may be instances where the Agency is legally obliged to process your personal data.
— Vital interests: Personal data may be processed where necessary to protect your vital interests or those of another natural person.
Recipients and Sharing of Your Personal Data
Your personal data will be received and processed by Servizz.gov agents and employees, as may be necessary to achieve the purpose for its processing.
Servizz.gov may also share your personal data with any of the following:
— other responsible Department or government entities, as necessary in order to process any request made by you;
— any service providers who may have access to the personal data held by Servizz.gov, strictly as required in order to provide the Agency with the required service;
— our professional advisors and auditors, strictly as required for consultation purposes or for compliance with our legal obligations;
— regulators, governments and law enforcement authorities, as and when this is required under applicable laws and regulations; and
— courts, tribunals, arbitrators or other competent bodies who may have authority to request such personal data.
In the ordinary course of its activities, the Agency does not transfer personal data outside of the European Union (EU) or the European Economic Area (EEA).
However, in the event that it becomes necessary to transfer personal data outside of the EU/EEA, such transfers will only take place where it has been determined that the receiving country ensures an adequate level of protection in accordance with applicable data protection legislation.
Where no such level of protection has been recognised, the Agency will ensure that appropriate safeguards are in place to guarantee that personal data remains adequately protected.
Retention of Personal Data
Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected and processed, or to comply with applicable legal and regulatory obligations.
Where personal data is processed by the Agency in the exercise of its own functions, retention is determined by the nature of the data, the purpose of processing, and the applicable legal and administrative requirements.
Where personal data is processed on behalf of other Government entities, retention periods are determined by the respective entity acting as the data controller, in accordance with its applicable policies and legal obligations.
Security
The Agency implements appropriate technical and organisational measures to safeguard the confidentiality, integrity and availability of personal data processed in the course of its functions. Such measures are regularly reviewed and updated to ensure that personal data is protected against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data.
Access to personal data is restricted to authorised personnel who are subject to confidentiality obligations. Service providers engaged by the Agency and having access to personal data are bound by data processing agreements and are required to process such data in accordance with the Agency's instructions and applicable data protection legislation.
Your Rights
You have the right to:
— withdraw your consent at any time where processing is based on consent. The withdrawal of consent shall not affect the lawfulness of processing carried out prior to such withdrawal;
— request access to your personal data, including the right to obtain a copy of the personal data held by the Agency;
— request the rectification of personal data which is inaccurate or incomplete;
— request the erasure of personal data in certain circumstances;
— request the restriction of processing in certain circumstances;
— object to the processing of your personal data in certain circumstances;
— request the portability of your personal data, where applicable; and
— lodge a complaint with the Information and Data Protection Commissioner (IDPC) if you consider that your rights under data protection legislation have been infringed. Further information, including guidance on how to submit a complaint, is available on the IDPC website: https://idpc.org.mt.
You are encouraged to ensure that the personal data held by the Agency is accurate and up to date and to notify the Agency of any changes, where necessary.
Where the Agency processes personal data in its capacity as a data controller, requests relating to the exercise of your rights may be addressed directly to the Agency using the contact details provided in this Privacy Notice.
Where personal data is processed on behalf of other Government entities, the respective entity acting as the data controller is responsible for handling such requests. In such circumstances, the Agency may, where appropriate, assist in facilitating or directing your request to the relevant entity.
Please note that the exercise of certain rights may be subject to restrictions or limitations under applicable law, including where the processing of personal data is necessary for compliance with legal obligations or for the performance of the Agency's functions.
Changes to This Privacy Notice
The Agency may update this Privacy Notice from time to time to reflect changes in legal, regulatory or operational requirements. Any updates will be published on this page to ensure that you remain informed about how personal data is processed.
This Privacy Notice was last updated in June 2026.
Contact Us
Should you have any questions, comments and requests regarding the processing of your data, you may contact us through any of the following methods:
Address: The Data Protection Officer, Servizz.gov, The Victoria Centre, Level 2, Valletta Road, Mosta
Telephone: (+356) 23164102
Email: dpo.servizz@gov.mt