Last updated on 29th August 2025.
Who are we?
We are Project Green. Our address is Avenue 77, Triq in-Negozju, Zone 3 Central Business District, Birkirkara, CBD3010. You can contact us by post at the specified address or by email at info@projectgreen.mt.
The Chief Executive Officer is the Data Controller for the purpose of the Data Protection Act CAP 586 and General Data Protection Regulation (EU) (GDPR) 2016/679. This Privacy Notice sets out the way in which we collect and process your Personal Information, as well as the steps we take to protect such information.
We are committed to protecting our visitors’ and/or user’s privacy and we will not collect any personal information about you as a visitor unless you provide it voluntarily.
Pursuant to the General Data Protection Regulation, Project Green has a legal duty to respect and protect any personal information we collect from you and we will abide by such duty. We take all safeguards necessary to prevent unauthorised access and we do not pass on your details collected from you as a visitor and/or user, to any third party unless you give us your consent to do so or as authorised by law.
Disclosure of Personal Data
Your personal data will only be processed in full compliance with the General Data Protection Regulation (GDPR). In limited and specific circumstances, your data may be shared with third parties, strictly where necessary and in accordance with legal obligations. These may include:
- Project Green, where the disclosure is necessary for the performance of its functions and public interest objectives under:
– The Environment Protection Act (Cap. 549),
– The Sustainable Development Act (Cap. 521),
– Freedom of Access to Information on the Environment Regulations (S.L. 549.39)
and other applicable environmental and public interest legislation. This may include contacting you in relation to your participation in or feedback on Project Green initiatives.
- Any law enforcement body who may have any reasonable requirement to access your personal information.
All such disclosures will be carried out in accordance with the principles of lawfulness, fairness, transparency, and data minimisation as established under the GDPR.
We keep our privacy Notice under regular review and we will place any updates on our website and will communicate such changes to you as and when changes occur.
What personal data we collect and why we collect it?
- E-Forms
We may collect personal information in the process of submission of forms through the website, addressed to a Government of Malta Ministry, Department or other Entity as the case may be. In such cases, the website is used as a User Interface and the information contained through forms is submitted for processing to the relevant Government of Malta Ministry, Department or other Entity. In this case, the retention period of the service in question would apply.
- IP address and location
The web server keeps limited logs about IP addresses or the location of your computer on the Internet, for systems administration and troubleshooting purposes. We do not use IP address logs to track your session or your behaviour on our site.
- Contact Us/Feedback
When using this website’s online facilities, data subjects may be required to provide their contact details for contact purposes. All information and any personal data that you may decide to provide us in the Contact Us/Feedback form shall be processed only for the strict purpose of responding to your enquiry.
Security, Storage and Transfer
We are committed to ensuring that your personal data is secure at all times. We have in place suitable physical, electronic and managerial procedures to safeguard and secure the personal data we collect online.
Your personal data will be stored on and processed by our systems and may also be stored on and processed by systems of a third-party data processor(s) appointed by us. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Policy, the DPA and GDPR (as applicable), any and all applicable European Union Regulations, and any and all data protection related laws that are applicable to Project Green, and we will also ensure that a written agreement is in place between us and every such company containing obligations as to data protection that are no less onerous than those set out in this Policy, the DPA and the GDPR, in order to ensure that your personal data is adequately protected.
To give you a better service, our site can connect you with a number of links to other local and international organisations and agencies. When connecting to such other websites you will no longer be subject to this policy but to the privacy policy of the new site.
We will keep your personal data for as long as we need it for the purpose it is being processed for. We will actively review the information we hold and delete it securely, or in some cases anonymise it, when there is no longer a legal, business or customer need for it to be retained.
In addition to the above, we implement appropriate technical measures such as encryption to safeguard personal data both in transit and at rest. Where applicable, we also apply pseudonymisation techniques to minimise the risk of re-identification of individuals, in line with the principle of data minimisation and the obligations set out in Article 32(1)(a) of the GDPR. These measures are reviewed periodically to ensure continued effectiveness and relevance.
Our security practices are subject to regular internal and external assessments. We conduct periodic testing, evaluation, and audits of both our technical and organisational measures to ensure they are effective in maintaining the confidentiality, integrity, and availability of personal data. This includes reviewing systems operated by third-party processors. These activities support our compliance with Article 32(1)(d) of the GDPR and help us adapt to emerging security threats.
We ensure that all individuals and third-party service providers who have access to personal data do so strictly in accordance with our documented instructions, unless required otherwise by law. Appropriate contractual and policy-based measures are in place to enforce this, and all personnel are trained on their data protection responsibilities. This control aligns with Article 32(4) of the GDPR and forms part of our broader accountability and governance framework.
Transmission of Information over the Internet
This website uses Secure Sockets Layer (SSL) technology to protect your personal data during transmission. SSL establishes an encrypted link between your browser and our servers, ensuring that all data passed between them remains confidential and secure. This is in line with Article 32(1)(a) of the General Data Protection Regulation (GDPR), which requires controllers and processors to implement appropriate technical and organisational measures, such as “the pseudonymisation and encryption of personal data,” to ensure a level of security appropriate to the risk.
The use of SSL encryption helps ensure the confidentiality and integrity of personal data while it is in transit, supporting the principle set out in Article 5(1)(f) GDPR, which states that personal data shall be “processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
To help you verify that SSL encryption is active, you can check for a padlock symbol in the browser’s address bar and confirm that the website URL begins with “https://”, which denotes a secure connection. This visual indication is part of promoting transparency and user awareness, reflecting the broader obligation under Article 5(1)(a) GDPR to ensure that personal data is processed lawfully, fairly, and in a transparent manner.
Additionally, in accordance with Recital 83, we assess the risks involved in the processing of personal data and implement technical measures, such as encryption, to mitigate those risks. As outlined in Recital 83, we emphasises that controllers and processors should evaluate the risks and implement security measures to “prevent, in particular, any unauthorised disclosure of or access to personal data.”
While we take these steps to secure your data during transmission, we remind users that no method of transmission over the Internet or method of electronic storage is entirely secure. Nevertheless, we are committed to maintaining robust security standards.
Changes to this Privacy Notice
We may update this policy to reflect changes to the website. If there are any changes to this privacy policy, these will be posted on this page accordingly. It is therefore in your own interest to check the ‘Privacy Policy’ page every time you access this website so as to be aware of any changes which may occur from time to time. If you have any questions regarding our privacy policy, please contact us on the email address specified in this policy.
Contact Details
If you have any questions about this privacy policy or about your personal data, please contact:
Data Protection Officer
Project Green
Avenue 77, Triq in-Negozju,
Zone 3 Central Business District,
Birkirkara CBD3010, Malta
Email: dpo.pg@projectgreen.mt
Telephone: (+356) 2095 1106
CCTV Policy
Scope
Project Green deals with personal data by means of CCTV camera/s and abides by this policy with regards to the data processed by this means.
Background Information
The Data Controller of Project Green is the Chief Executive Officer.
The Data Protection Officer representing Project Green may be contacted as follows:
Address:
Data Protection Officer
Project Green
Avenue 77, Triq in-Negozju,
Zone 3 Central Business District,
Birkirkara CBD3010, Malta
Telephone: (+356) 2095 1106
Email: dpo.pg@projectgreen.mt
Data subjects will have a right of access to data being processed as per Chapter III (Article 15) of the General Data Protection Regulation. (Please refer to the section relating to Access, below). Data subjects are also hereby informed of their right to lodge a complaint with the Information and Data Protection Commissioner.
The Information and Data Protection Commissioner may be contacted as follows:
Address:
Information and Data Protection Commissioner
Level 2, Airways House,
High Street,
Sliema SLM 1549
Malta
Telephone: (+356) 2328 7100
Email: idpc.info@idpc.org.mt
Location & Purpose
CCTV Surveillance is installed in Project Green’s selected green open spaces (i.e. parks, gardens, valleys and other green infrastructure). Affixed notices are placed in prominent and easily visible places within the monitored area. The primary purposes of CCTV monitoring are:
- To enhance the safety and security of the public, staff, and property;
- To deter and detect vandalism, anti-social behaviour, and crime;
- To assist in the effective management and maintenance of public spaces;
- To support law enforcement agencies as necessary.
Relevant footage will not be used for any purpose other than the one intended.
In view of Chapter II (Article 5) of the GDPR, the Data Controller justifies the use of CCTV Surveillance Camera systems for the above-mentioned purpose. The recognisable images captured by the cameras will be processed adequately, and in a relevant manner and shall be necessary in relation to the purposes of the processing as per Chapter II Article 6 of the GDPR.
Access to Footage & Data
Access to the CCTV footage is restricted to authorised personnel only. The Data Controller shall authorise further access to footage if so required when relevant to the purpose/s specified above.
Any criminal activity caught on camera will be disclosed to law enforcement authorities after filing a Police report.
Project Green undertakes to comply with a strict security policy vis-a-vis the access to recorded images. Any internal access to visual images by Project Green or any disclosure of such images further to a request by a law enforcement authority or by the data subject shall be logged and kept as evidence.
Rights of Access
Any individual whose personal data is held by Project Green, in the form of CCTV recording, can request access to that recording. The Data Controller is obliged to provide access to the footage without disclosing the identity of third parties.
If an individual is not satisfied with the reply as provided or with the manner of access that has been granted, the matter may be referred to the Information and Data Protection Commissioner who will investigate the case and ascertain that the right of access is properly granted.
Right of access request shall be made in writing and addressed to the Controller.
Retention Period
Personal data is retained for 30 days. This period is the necessary period for which the data was obtained. After the lapse of this period, the oldest footages are automatically overwritten by new footages. If data is extracted in relation to unacceptable behavior leading to a criminal investigation it will be held for the period required to satisfy said legal claims, and securely erased after such activities are exhausted.
Conclusion
This policy provides the reasons and means of processing through the use of a CCTV Surveillance System within Project Green whilst ensuring that the rights of the data subjects are not infringed, by processing personal data adequately, not more than necessary and making sure that data is not kept for a period longer than necessary in conformity with Data Protection Legislation.
