The General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act (Cap 440) regulate the processing of personal data whether held electronically or in manual form. The Foundation for Transport (FfT) is set to fully comply with the Data Protection Principles as set out in such data protection legislation.
The FFT collects and processes information to carry out its obligations in accordance with its Statute.
Personal Information is only accessed by those FfT employees who are assigned to carry out the functions of the Association in line with its duties prescribed at law and in terms of its Statute. Personal Data will be disclosed to third parties when necessary but only as authorised by law.
You are entitled to know, free of charge, what type of information the FFT holds and processes about you and why, who has access to it, how it is held and kept up to date, for how long it is kept, and what the FFT is doing to comply with data protection legislation.
The GDPR establishes a formal procedure for dealing with data subject access requests. All data subjects have the right to access any personal information kept about them by the FFT, either through information technology or in manual files. Requests for access to personal information by data subjects are to be made in writing and sent to the Data Controller of the FFT, whose contact details are provided below. Your identification details such as ID number, name and surname have to be submitted with the request for access. In case we encounter identification difficulties, you may be required to present an identification document.
The FFT aims to comply as quickly as possible with requests for access to personal information and will ensure that it is provided within a reasonable timeframe and in any case not later than one month from receipt of request, unless there is good reason for delay. When a request for access cannot be met within a reasonable time, the reason will be explained in writing to the data subject making the request. Should there be any data breaches, the data subject will be informed accordingly.
All data subjects have the right to request that their information is amended, erased or not used in the event the data results to be incorrect. In case you are not satisfied with the outcome of your access request, you may refer a complaint to the Information and Data Protection Commissioner, whose contact details are provided below.
The Information and Data Protection Commissioner may be contacted at:
Level 2, Airways House,
Sliema SLM 1549