FHRD Privacy Notice

Last updated: 23 June 2026

1. INTRODUCTION

The Malta Foundation for Human Resources Development (hereinafter referred to as “FHRD”, “we”, “us”) is a voluntary organisation duly registered with VO number VO/0294. FHRD’s registered office is located at No.5, Clock Tower Building, Tigné Point, Sliema TP01, Malta.

This Privacy Notice explains how we collect, use, disclose and otherwise process personal data in connection with our activities, including our membership services, academic and professional programmes, events, conferences, training programmes, newsletters, website and any related services.

We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 “GDPR”), the Data Protection Act (Chapter 586 of the Laws of Malta), and any other applicable data protection legislation.

2. DATA CONTROLLER

FHRD acts as the data controller in respect of the personal data processed through its services and website. If you have any questions regarding this Privacy Notice or the processing of your personal data, you may contact us at info@fhrd.org.

3. TYPES OF INFORMATION

For the purposes of this Notice, personal data means any information about an identifiable individual. Personal data excludes anonymous or de-identified data that is not associated with a particular individual.

We generally collect personal data directly from you through applications, registrations, enquiries, subscriptions and other interactions with FHRD. In certain circumstances, we may also obtain personal data from third parties, including employers, educational institutions, professional bodies, service providers, referees, publicly available sources and other organisations where this is necessary for the purposes described in this Privacy Notice.

Depending on your interaction with FHRD, we may collect and process the following categories of personal data:

(a) Identification and Contact Data

  1. Name and surname;
  2. Identification card number or passport number;
  3. Date of birth;
  4. Gender;
  5. Nationality;
  6. Postal or correspondence address;
  7. Email address;
  8. Mobile and telephone numbers.

(b) Membership Information

  1. Membership status and history;
  2. Organisation represented; and
  3. Voting and participation records relating to membership matters.
  4. Organisation details and professional information submitted in connection with membership applications and participation in FHRD initiatives.

(c) Academic and Professional Programme Information

  1. Course selections;
  2. Educational and application information;
  3. Attendance records;
  4. Examination and assessment information; and
  5. Certificates and accreditation records.

(e) Event and Conference Information

  1. Registration details;
  2. Attendance records;
  3. Billing information; and
  4. Certificates of attendance.

(f) Newsletter and Marketing Information

  1. Subscription preferences;
  2. Marketing consents; and
  3. Communication records.

(h) Website Usage Information

  1. IP address;
  2. Device and browser information;
  3. Cookies and similar technologies; and
  4. Website usage and browsing information.

(g) Organisational and Assessment Information

  1. Information relating to organisations participating in the HR Quality Mark programme or other FHRD initiatives;
  2. Details of organisational structures, policies, procedures and HR practices;
  3. Information provided as part of assessment, accreditation or certification processes; and
  4. Assessment reports, recommendations and certification records.

Kindly note that most of the personal data listed above is mandatory in order for us to administer the relationship. Failure to provide or allow us to process mandatory personal data may affect our ability to accomplish the purposes stated in this Notice.

4. HOW WE USE YOUR INFORMATION

The information we collect is mainly for our own use in developing our website and based on our business legitimate interests (which we generally rely on as our ground for processing).

In addition, we may use the information for the following purposes:

  1. To provide you with information relating to our website or the services or information you request from us. If you request specific types of marketing communications from us, we will use your data to deliver this to you. Depending on your indicated wishes, this could include research, newsletters, events, webinar invitations, information about new products and promotions.
  2. To provide you with information on other products that we feel may be of interest to you.
  3. To meet our contractual obligations to you.
  4. To improve the content and function of the website. For this reason, we may monitor traffic patterns and website usage to help us improve the website’s design and layout and to tailor our website content.
  5. To notify you about any changes to our website, including improvements, and service or product changes that may affect our website.

If you are an existing Member, we may also seek to contact you with regards to your account.

5. SPECIAL CATEGORIES OF PERSONAL DATA

In certain circumstances, FHRD may process special categories of personal data as defined under Article 9 of the GDPR. This may include information relating to health, accessibility requirements, disabilities, dietary requirements, or other information voluntarily provided to us in connection with our programmes, events, memberships, or service.

We will always treat special categories of personal data as confidential, and we will only share such data internally where there is a specific and legitimate purpose for sharing the data. As set out below, we have implemented appropriate physical, technical, and organisational security measures designed to secure your personal data against accidental loss and unauthorised access, use, alteration, or disclosure.

We will only retain this data for as long as necessary to fulfil the purposes we collected it for, as required to satisfy any legal, accounting, or reporting obligations, or as necessary to resolve disputes.

6. PHOTOGRAPHY AND VIDEOGRAPHY

FHRD will take photographs and video recordings during events, conferences, training sessions and other activities. Such materials may be used for event promotion, marketing and communications, social media, website content and/or internal reporting and documentation. Where required by law, appropriate notices or consent mechanisms will be implemented.

Individuals who do not wish to appear in photographs or recordings may contact us prior to or during the event and we will seek to accommodate such requests where reasonably possible.

7. NEWSLETTERS AND MARKETING

Where you subscribe to receive newsletters or marketing communications, we will use your contact details to send information relating to academic programmes, professional programmes, events and conferences, membership initiatives, and general FHRD updates. You may unsubscribe at any time by using the unsubscribe link included in communications or by contacting us directly.

We use Mailchimp as our email marketing platform to manage newsletter subscriptions and distribute communications. Where you subscribe to our newsletter, your contact details may be transferred to and processed by Mailchimp on our behalf. Mailchimp processes personal data in accordance with its own privacy practices and applicable data protection requirements.

8. COOKIES AND WEBSITE TECHNOLOGIES

Our website may use cookies and similar technologies to improve user experience, analyse website traffic, ensure website functionality and support security.

A cookie is a “small file” of letters and numbers that we store on your browser or the hard drive of your computer or on your mobile device, if you agree to let us do so. They would generally contain or include information about your device, browser, area code, zip code, and IP address. A cookie enables our website to remember users that have already visited. Without a cookie, every time you open a new web page, the server where that page is stored will treat you like a completely new visitor.

We may share cookies with third parties to better understand how you use our websites and the type of devices you use to personalize content and deliver relevant advertisements of interest to you.

Your consent

Strictly necessary cookies do not require your consent. These are cookies that are required for the operation of our Site, and include cookies that enable you to log into its secure areas (e.g., members).

For performance, functionality, targeting and social media cookies, we request your consent before placing them on your device. You can give your consent by continuing to use our Site, or by clicking on the appropriate button on the banner displayed to you, or by going to the Cookie Preference Centre. If you do not wish to give consent or wish to withdraw your consent to any performance, functionality, targeting or social media cookies at any time, you will need to delete, and block or disable cookies via your browser settings; see below for more information on how to do this.

Please note that disabling these cookies will affect the functionality of the website and may prevent you from being able to fully access or use some of the Site’s features (e.g., limited functionality).

Managing cookies and your choices

You do not have to accept cookies to use our Site.

Changing your cookie settings

You can change your cookie preferences (including to block them) by activating the setting on your browser that allows you to refuse the setting of all or some cookies. Typically, such information can be found under the browser’s “Help”, “Preferences” or “Options” menus.

Can you withdraw your consent?

If you wish to withdraw your consent at any time, you will need to delete your cookies using your internet browser settings or click on the Cookie button at the bottom of this policy and change your settings.

To learn more about cookies and how to manage or delete them, visit www.allaboutcookies.com and the help section of your browser.

9. SHARING OF PERSONAL DATA

We may share personal data with academic partners and educational institutions, professional service providers, event and conference service providers, IT and website service providers, cloud hosting providers, payment processing providers, marketing and communication service providers, including Mailchimp, auditors, legal advisers and consultants, and regulatory authorities and public bodies where required by law.

Where third parties process personal data on our behalf, they are required to do so only in accordance with our instructions and are subject to appropriate contractual obligations regarding confidentiality, security and data protection. We only share personal data to the extent necessary for the relevant purpose.

10. INTERNATIONAL TRANSFERS

Certain service providers engaged by FHRD may process personal data outside the European Economic Area (“EEA”) Where such transfers occur, we will ensure that appropriate safeguards are implemented in accordance with applicable data protection laws, including adequacy decisions adopted by the European Commission, standard contractual clauses or other legally recognised transfer mechanisms. We will also take reasonable steps to ensure that recipients protect personal data in a manner consistent with applicable data protection requirements.

11. RETENTION OF PERSONAL DATA

We retain personal data only for as long as necessary for the purposes for which it was collected and to comply with legal, regulatory and contractual obligations.

As a general indication:

  1. Accredited professional programme records will be retained for up to forty (40) years where required by applicable educational accreditation requirements as requested by the Malta Further and Higher Education Authority (MHFEA);
  2. HR Quality Mark application records, assessment reports, supporting documentation and certification records may be retained for up to three (3) years, corresponding to the validity period of the HR Quality Mark certification;
  3. Event attendance records and certificates may be retained for up to one (1) year after the relevant event;
  4. Newsletter subscription data is retained until you unsubscribe;
  5. Other records are retained in accordance with our operational and legal requirements.

In determining appropriate retention periods, we take into account the nature and sensitivity of the personal data, the purposes for which it is processed, applicable legal and regulatory requirements and the potential risk arising from unauthorised use or disclosure of such data. Upon expiry of the applicable retention period, personal data will be securely deleted, anonymised or otherwise disposed of in accordance with our internal procedures.

12. SECURITY

We implement appropriate technical and organisational measures designed to safeguard personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, misuse or access.

Such measures may include access controls, confidentiality obligations imposed on personnel, secure storage systems, password-protected environments, restricted access to information, regular system maintenance and other security procedures designed to protect personal data throughout its lifecycle.

While we take reasonable steps to protect personal data, no transmission or storage system can be guaranteed to be completely secure.

13. YOUR RIGHTS

You have rights under data protection laws in relation to your personal data:

  1. Request access to your personal data.
  2. Request correction (rectification) of your personal data.
  3. Request erasure of your personal data.
  4. Object to processing of your personal data.
  5. Request restriction of processing your personal data.
  6. Request transfer of your personal data.
  7. Right to withdraw consent.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the data (or to exercise any other data subject rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up or facilitate our response.

We try to respond to all legitimate requests within the period of one month from receipt of the request. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

These rights are explained below.

  • Access: You have the right to obtain confirmation that your information is being processed and to obtain access to your information, e.g., by receiving a copy of it.
  • Rectification: You have the right to have your information corrected if it is inaccurate or incomplete
  • Erasure: You have the right to request the deletion or removal of your information in certain circumstances. Please note that there may be circumstances where it is not possible to fulfil the request for your information to be deleted, e.g if there is a legal reason to retain it.
  • Object: You have the right to object to processing of your data where we are relying on a legitimate interest or those of a third party, and you want to object as you feel it impacts on your fundamental rights or freedoms. You also have the right to object to use of your data for marketing purposes.
  • Restrict: You have the right to request that the processing of your information is restricted in certain circumstances. Again, there may be cases where we are legally entitled to refuse such a request.
  • Data Portability: You have the right to request the transfer of your personal data to you or to a third party. We will provide that personal data in a structured, commonly used, machine-readable format. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdrawal: In the rare case that we are relying on consent to process your personal data, you may withdraw it at any time. This will not affect the lawfulness of any processing carried out before you withdrew your consent and any processing activities that are not based on your consent will remain unaffected. Once we have been made aware of your withdrawal, we will no longer process your data for the purpose/s you originally agreed to, unless we have another legitimate basis for doing so.

Kindly note that none of these data subject rights are absolute and must generally be weighed against our own legal obligations and legitimate interests. If a decision is taken to override your data subject request, you will be informed of this by our data protection team along with the reasons for our decision.

14. QUESTIONS AND COMPLAINTS

If you have any questions about this Notice or how we handle your personal data, please contact info@fhrd.org.

You have the right to lodge a complaint at any time to a competent supervisory authority on data protection matters, such as the supervisory authority in the place of your habitual residence or place of work. In the case of Malta, this is the Information and Data Protection Commissioner (“IDPC”), whose website can be found here: https://idpc.org.mt/en/Pages/Home.aspx.

We would, however, appreciate the opportunity to deal with your concerns internally before you approach the supervisory authority, so please bring the matter to our attention at the first instance.

15. CHANGES TO THIS NOTICE

We reserve the right to update this Notice at any time, and we will provide you with a new Privacy Notice when we make substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

16. GLOSSARY

Set out below are key definitions of certain terms which appear in this Notice:

  • data subjects” means living, natural persons about whom we process personal data;
  • data controller” or “controller” means any entity or individual who determines the purposes for which, and the way in which, any personal data is processed;
  • GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;
  • legitimate interest” means our interest to conduct and manage our business appropriately and responsibly, to protect the reputation of our business, and to provide the best possible services. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests;
  • personal data” means data relating to a living individual (i.e., natural person) who can be identified from the data we possess about him or her. This includes, but is not limited to, your name and surname, address, date of birth, contact details. The term “personal information”, where and when used in this Notice, shall have the same meaning as personal data;
  • processing” means any activity or set of operations that involves use of personal data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including, organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties; and
  • special categories of personal data” includes information about a person’s racial or ethnic origin, political opinions, religious, philosophical or similar beliefs, trade union membership, physical or mental health or condition or sexual life or his or her biometric data.