ESaT Data Protection Policy

The General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act (Cap 586) regulate the processing of personal data whether held electronically or in manual form.

Information Management

ESaT stores all data online. Due to the sensitive nature of this data, students, candidates and users, are requested to sign a consent form. ESaT has recently updated its Data Collection and Privacy Policy to ensure that all students, candidates and users are aware of how ESaT handles their data, what is done with it and to inform them about their rights.

PURPOSES FOR COLLECTING DATA

ESaT collects and processes information to carry out its obligations in accordance with present legislation. All data is collected and processed in accordance with Data Protection Legislation and according to Title X of Chapter 12 of the Laws of Malta, Title III of Chapter 9 of the Laws of Malta, LN 414 of 2014 and LN 64 of 2016.

ESaT only uses personal information in the following ways:

  1. When it is necessary for our legitimate interests:
    • to enable us to supply products and services and information that a student/candidate/user has requested
    • to help us in the development of, and to improve our products and services
    • to provide a student/candidate/user with information about products or services that may be of interest to them, using the email address which they have provided or via social media
    • to invite a student/candidate/user to participate in market research activities, such as responding to interview questions or completing online surveys
    • to send a user, marketing communications, and to show them marketing communications on other websites (including social media sites where they are a member)
    • to ensure that content from our website is presented in the most effective manner for them and their computer
    • to automatically collect data about visitors to our site (for example browsing patterns) by using cookies
    • to maintain our website and ensure network and information security
    • to prevent and detect fraud and other criminal offences as long as, in each case, these interests are in line with applicable law and your legal rights and freedoms; or
  2. where a student/candidate/user has agreed to this for specified, explicit and legitimate purposes; or
  3. where this is necessary for legal obligations which apply to us.

 

Qualifications Managers are responsible for the uploading of data for their centre.

This data is obtained through the:

  1. Student Application Form, which includes information such as:
  • Name and surname
  • Age
  • Gender
  • Address
  • Email address
  • Level of formal schooling
  • Profession
  1. Needs Analysis
  2. Placement Test
  3. Progress Tests
  4. Final Exam
  5. Feedback Forms
  6. Attendance
  7. Copy of Identity Card (National Identity Card/Passport)

 

This data is regularly monitored by the Director of Studies/Head Examiner who then prepares an annual report that is presented to the Board of Directors. The following are examples of how the data collected can help ESaT improve their products and services:

  • In the case of a Centre performing below the expected standards, an immediate inspection is to be carried out to better understand the reasons behind such a poor performance and to find ways of improving the performance in the shortest time possible. Such centres will remain monitored for a 6-month period and if necessary, a second inspection organised before a final decision is taken.
  • The Director of Studies/Head Examiner might also find the data useful in detecting bias towards a particular age group, gender or culture. In such instances, a thorough analysis of the assessment will be carried out to eliminate such bias and in so doing ensure a fair and objective assessment to all candidates.
  • The Managing Director is also provided with valuable data on the typical students that attend ESaT courses. This information can guide him/her when planning future strategies together with the Board.

Retention Statement

It is our policy to retain your personal data for the length of time required for the specific purpose or purposes for which it was collected, which are set out in this Privacy Policy. We may keep data which has been anonymised for up to forty years to allow us to carry out analysis of our products and services and also to enable us to issue replacement certificates in case of loss or damage. 

Recipients of Data

Personal Information is accessed by the employees who are assigned to carry out these specific functions by ESaT. Personal Data will be disclosed to the Regulator, the Malta Further & Higher Education Authority (MFHEA). Disclosure can also be made to third parties but only as authorized by law.

Rights of the Data Subject

As an individual you may exercise your right to access the data held about you by submitting your request in writing to the data controller to the address below: ESaT – Calm Waters Block A Flat 9, Triq Dun Anton Debono St Julians STJ1470 Malta. Although all reasonable efforts will be made to keep your information updated, you are kindly requested to inform us of any change referring to the personal data held by the data controller. In any case if you consider that certain information about you is inaccurate, you may request rectification of such data. You also have the right to request the blocking or erasure of data which has been processed unlawfully.