Privacy Policy

Last updated on 29th August 2025.

Who are we?

We are Project Green. Our address is Avenue 77, Triq in-Negozju, Zone 3 Central Business District, Birkirkara, CBD3010. You can contact us by post at the specified address or by email at info@projectgreen.mt.

The Chief Executive Officer is the Data Controller for the purpose of the Data Protection Act CAP 586 and General Data Protection Regulation (EU) (GDPR) 2016/679. This Privacy Notice sets out the way in which we collect and process your Personal Information, as well as the steps we take to protect such information.

We are committed to protecting our visitors’ and/or user’s privacy and we will not collect any personal information about you as a visitor unless you provide it voluntarily.

Pursuant to the General Data Protection Regulation, Project Green has a legal duty to respect and protect any personal information we collect from you and we will abide by such duty. We take all safeguards necessary to prevent unauthorised access and we do not pass on your details collected from you as a visitor and/or user, to any third party unless you give us your consent to do so or as authorised by law.

Disclosure of Personal Data

Your personal data will only be processed in full compliance with the General Data Protection Regulation (GDPR). In limited and specific circumstances, your data may be shared with third parties, strictly where necessary and in accordance with legal obligations. These may include:

Project Green, where the disclosure is necessary for the performance of its functions and public interest objectives under:

– The Environment Protection Act (Cap. 549),
– The Sustainable Development Act (Cap. 521),
– Freedom of Access to Information on the Environment Regulations (S.L. 549.39)

and other applicable environmental and public interest legislation. This may include contacting you in relation to your participation in or feedback on Project Green initiatives.

Any law enforcement body who may have any reasonable requirement to access your personal information.

All such disclosures will be carried out in accordance with the principles of lawfulness, fairness, transparency, and data minimisation as established under the GDPR.

We keep our privacy Notice under regular review and we will place any updates on our website and will communicate such changes to you as and when changes occur.

What personal data we collect and why we collect it?

E-Forms

We may collect personal information in the process of submission of forms through the website, addressed to a Government of Malta Ministry, Department or other Entity as the case may be. In such cases, the website is used as a User Interface and the information contained through forms is submitted for processing to the relevant Government of Malta Ministry, Department or other Entity. In this case, the retention period of the service in question would apply.

IP address and location

The web server keeps limited logs about IP addresses or the location of your computer on the Internet, for systems administration and troubleshooting purposes. We do not use IP address logs to track your session or your behaviour on our site.

When using this website’s online facilities, data subjects may be required to provide their contact details for contact purposes. All information and any personal data that you may decide to provide us in the Contact Us/Feedback form shall be processed only for the strict purpose of responding to your enquiry.

Security, Storage and Transfer

We are committed to ensuring that your personal data is secure at all times. We have in place suitable physical, electronic and managerial procedures to safeguard and secure the personal data we collect online.

Your personal data will be stored on and processed by our systems and may also be stored on and processed by systems of a third-party data processor(s) appointed by us. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Policy, the DPA and GDPR (as applicable), any and all applicable European Union Regulations, and any and all data protection related laws that are applicable to Project Green, and we will also ensure that a written agreement is in place between us and every such company containing obligations as to data protection that are no less onerous than those set out in this Policy, the DPA and the GDPR, in order to ensure that your personal data is adequately protected.

To give you a better service, our site can connect you with a number of links to other local and international organisations and agencies. When connecting to such other websites you will no longer be subject to this policy but to the privacy policy of the new site.

We will keep your personal data for as long as we need it for the purpose it is being processed for. We will actively review the information we hold and delete it securely, or in some cases anonymise it, when there is no longer a legal, business or customer need for it to be retained.

In addition to the above, we implement appropriate technical measures such as encryption to safeguard personal data both in transit and at rest. Where applicable, we also apply pseudonymisation techniques to minimise the risk of re-identification of individuals, in line with the principle of data minimisation and the obligations set out in Article 32(1)(a) of the GDPR. These measures are reviewed periodically to ensure continued effectiveness and relevance.

Our security practices are subject to regular internal and external assessments. We conduct periodic testing, evaluation, and audits of both our technical and organisational measures to ensure they are effective in maintaining the confidentiality, integrity, and availability of personal data. This includes reviewing systems operated by third-party processors. These activities support our compliance with Article 32(1)(d) of the GDPR and help us adapt to emerging security threats.

We ensure that all individuals and third-party service providers who have access to personal data do so strictly in accordance with our documented instructions, unless required otherwise by law. Appropriate contractual and policy-based measures are in place to enforce this, and all personnel are trained on their data protection responsibilities. This control aligns with Article 32(4) of the GDPR and forms part of our broader accountability and governance framework.

Transmission of Information over the Internet

This website uses Secure Sockets Layer (SSL) technology to protect your personal data during transmission. SSL establishes an encrypted link between your browser and our servers, ensuring that all data passed between them remains confidential and secure. This is in line with Article 32(1)(a) of the General Data Protection Regulation (GDPR), which requires controllers and processors to implement appropriate technical and organisational measures, such as “the pseudonymisation and encryption of personal data,” to ensure a level of security appropriate to the risk.

The use of SSL encryption helps ensure the confidentiality and integrity of personal data while it is in transit, supporting the principle set out in Article 5(1)(f) GDPR, which states that personal data shall be “processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”

To help you verify that SSL encryption is active, you can check for a padlock symbol in the browser’s address bar and confirm that the website URL begins with “https://”, which denotes a secure connection. This visual indication is part of promoting transparency and user awareness, reflecting the broader obligation under Article 5(1)(a) GDPR to ensure that personal data is processed lawfully, fairly, and in a transparent manner.

Additionally, in accordance with Recital 83, we assess the risks involved in the processing of personal data and implement technical measures, such as encryption, to mitigate those risks. As outlined in Recital 83, we emphasises that controllers and processors should evaluate the risks and implement security measures to “prevent, in particular, any unauthorised disclosure of or access to personal data.”

While we take these steps to secure your data during transmission, we remind users that no method of transmission over the Internet or method of electronic storage is entirely secure. Nevertheless, we are committed to maintaining robust security standards.

Changes to this Privacy Notice

We may update this policy to reflect changes to the website. If there are any changes to this privacy policy, these will be posted on this page accordingly. It is therefore in your own interest to check the ‘Privacy Policy’ page every time you access this website so as to be aware of any changes which may occur from time to time. If you have any questions regarding our privacy policy, please contact us on the email address specified in this policy.