1. Preamble & Definitions

Regulation (EU) 2016/679 (GDPR) sets out the legal framework for the processing of personal data. The International Health Research Institute Ltd (hereinafter "IHRI" or "The Institute") is committed to a concise, transparent, and accessible data protection policy.

• Data Controller: The International Health Research Institute Ltd, located at Level One, Triq Dun Karm, Birkirkara, Malta.
• The Platform: Any and all digital assets within the ihri.edu.eu domain.
• The User: Any individual browsing the Platform or interacting with Institute services.
• Data Subject: Identified or identifiable natural persons whose data is collected, including Doctoral Candidates and Research Partners.

2. Legal Basis for Processing

Under GDPR Article 6, IHRI implementation and operation of personal data processing are based on:

• Public Interest: Necessary for the performance of the Institute’s mandate as a Higher Education Institution.
• Contractual Obligation: Necessary to manage the administrative and academic lifecycle of Doctoral Candidates.
• Consent: Dependent on the explicit and free consent of the person concerned for non-academic communications.
• Legitimate Interest: To maintain the security of our information systems and optimize global field operations.

3. Purposes of Data Processing

Personal data collected by the Institute is utilized for the following mandates:

• Execution of the academic and pedagogical management of Doctoral Candidates.
• Management of online registration, capability assessments, and candidacy interviews.
• Development of statistics to improve the Platform’s operational efficiency.
• Processing of sovereign research alliances and consortium data sharing.
• Compliance with mandatory reporting to the Malta Further & Higher Education Authority (MFHEA).

4. Categories of Personal Data

The Institute may collect and process the following datasets:

• Identity: Surname, first names, address, nationality, date/place of birth, and identity documentation.
• Academic History: MQF/EQF transcripts, degree copies, and institutional records.
• Professional Profile: CVs, research portfolios, letters of recommendation, and industry credentials.
• Metadata: IP addresses and cookies utilized for performance monitoring and security.

5. Data Recipients & Global Transfer

IHRI undertakes to keep all personal data secure, sharing it only with authorized recipients including:

• Authorized administrative and DHS teaching faculty.
• The Malta Further & Higher Education Authority (MFHEA) for regulatory audit purposes.
• Academic partners and external examiners linked by formal data-sharing agreements.

Where data is transferred outside the European Union, the Institute ensures a level of protection at least equivalent to that available within the EU, utilizing Standard Contractual Clauses (SCCs).

6. Retention & Security

Data is retained in accordance with the statutory limitation periods of the Republic of Malta and the European Higher Education Area standards. Academic records are archived following the conclusion of the candidacy period to fulfill legal and institutional verification requirements.

We implement enterprise-grade technical and organizational measures to prevent unauthorized access, disclosure, or alteration of data, including encrypted communication channels and role-based access control.

7. Rights of the Data Subject

In accordance with GDPR, you possess the following rights:

• Access & Rectification: The right to obtain confirmation and correct incomplete information.
• Erasure (Right to be Forgotten): Applicable when data is no longer necessary or consent is withdrawn.
• Portability: The right to obtain your data in a structured, machine-readable format.
• Objection: The right to object to processing for marketing or non-essential communications.