International Health Research Institute

International Health Research Institute

Privacy Policy

Thank you for visiting this site.

Policy for the processing of personal data for the website of the International Health Research Institute Ltd

  1. Introduction

1.1 Preamble

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, otherwise known as the General Data Protection Regulation (hereinafter GDPR) sets out the legal framework for the processing of personal data.

The GDPR strengthens the rights and obligations of data controllers, data processors, data subjects and data recipients.

For a clear understanding of this policy, it is stated that:

  • The “data controller” is the natural or legal person who determines the purposes and means of processing personal data. For the purposes of this policy, the data controller is the International Health Research Institute Ltd.
  • The “Institute” will refer to the International Health Research Institute Ltd, unless otherwise specified;
  • A “processor” is any natural or legal person who processes personal data on behalf of the controller. In practice, this means the service providers with whom the Institute works and who process the Institute’s personal data;
  • The “Platform” means the website, and more generally any and all of the sites of the domain of the International Health Research Institute ;
  • The “User” means any Internet user browsing and consulting the Platform;
  • Data subjects” are persons who can be identified, directly or indirectly, and their personal data are collected by the data controller, i.e. the users of the Platform;
  • The “recipients” of the data are the natural or legal persons who receive the personal data. The recipients of the data can therefore be both employees of the Institute and external organizations (institutions, social organizations;
  • Personal data” means any information relating to an identified or identifiable natural person;
  • Processing” means any operation or set of operations that is performed on personal data or sets of personal data;

Article 12 of the GDPR requires that data subjects be informed of their rights in a concise, transparent, understandable and easily accessible manner.

1.2 Purpose

In order to ensure its proper functioning, the International Health Research Institute Ltd is required to implement and operate the processing of personal data relating to the Users of the Platform.

The purpose of this policy is to satisfy the Institute’s obligation to provide information and thus to formalize the rights and obligations of Platform Users with regard to the processing of their personal data.

1.3 Scope

This personal data protection policy applies to any person who browses the Platform, uses the various services intended for the administrative and pedagogical management of students available on the Platform and/or interacts with the Institute in the context of using the Platform.

By providing personal data when using the Platform and the Services, the User acknowledges that he/she has read the terms of this Data Protection Policy.

1.4 Evolution

The data protection policy can be consulted on the Platform and may be modified or amended at any time in the event of changes in the law, case law, decisions and recommendations of the Malta IDPC. The User is therefore invited to regularly read the provisions of the Data Protection Policy.

1.5 Identity and contact details of the data controller

Our personal data protection policy describes the way in which the Institute, in its capacity as Data Controller within the meaning of the applicable regulations on the protection of personal data, treats the personal data of users of the Platform.

The International Health Research Institute , located at Level One, Triq Dun Karm, Birkirkara BKR 9037 Malta,  is represented by its president Dr. Andrew Hodgers.

We have appointed a Data Protection Officer (DPO): Nicole Foster.

The personal data collected by the Institute concerning you is accessible upon request to the personal data protection officer whose contact information is indicated below.

The processing of personal data implemented on the Platform is documented in the register of processing activities maintained by the Institute.

  1. Legal basis

Under the European General Data Protection Regulation 2016/679 (known as RGPD), the personal data processed on the Platform are according to the purposes:

  • Necessary for the performance of the Institute’s mission of public interest; or
  • Dependent on the consent of the persons concerned;
  • Legitimate interest of the Institute.

None of the personal data processing carried out by the Institute involves automated decision-making within the meaning of Article 22 of the GDPR.


  1. Purposes of the processing

As the data controller, the Institute processes users’ personal data in a lawful and fair manner and in compliance with their rights.

Personal data collected by the Institute used for the following purposes:

  • Manage user account creation and access;
  • Ensure the administrative and pedagogical management of students;
  • Develop statistics and improve the Platform and services;
  • Communicate with users and answer their questions submitted via the contact forms;
  • Web application management ;
  • Processing online registration forms;
  • Comply with applicable laws and regulations.
  1. Categories of personal data

The International Health Research Institute  may in particular collect and process the following User data:

  • The user account credentials: username and email address;
  • Identity and contact details: title, surname, first names, address, telephone number (landline and/or mobile), fax number, e-mail addresses, date and place of birth, nationality, photo, photocopy of a national identity card;
  • Professional life: CV, cover letter, copy of transcripts and degrees obtained, letter of recommendation ;
  • Academic status: transcripts, copies of diplomas, copies of school records, etc.

The Institute may ask the User to provide certain personal data for canvassing/marketing purposes (sending newsletters, invitations to events, etc.). The User may explicitly and freely consent or not to the collection and processing of his/her personal data for these purposes by means of a checkbox. The user also has the possibility, at any time, to unsubscribe, at least by request by e-mail via the unsubscribe link present on the newsletter or by simple e-mail to the address indicating as subject “Unsubscribe to the Newsletter”.

  1. Recipients of the data

5.1 Communication of users’ personal data

The Institute undertakes to keep all personal data collected via the Platform and to share them only in certain circumstances and in accordance with the provisions of the applicable regulations.

The International Health Research Institute Ltd may in particular give access to users’ personal data to third-party service providers, acting as subcontractors, to perform services relating to the Platform and in particular hosting, storage, analysis, data processing, database management or computer maintenance services. These service providers will only act on the instructions of the Institute and will only have access to users’ personal data to perform these services and will be bound by the same security and confidentiality obligations as the Institute.

User data can be shared:

  • To administrative and teaching staff authorized by the Institute;
  • To the relevant departments of the Institute;
  • To foreign universities linked by an agreement with the Institute;
  • To the Malta Futher & Higher Education Authority;
  • To the holder of the maintenance of the Institute Platform (exceptional cases).

5.2 Data transfer

Where transfers are made outside the European Union, the Institute ensures that the transfer is made in compliance with applicable data protection legislation.

In particular, the Institute shall ensure that the recipient of the data will offer a level of data protection at least equivalent to that available to the data subject within the European Union. If this is not the case, the transfer can only be made with the consent of the data subject.

  1. Duration of data retention

The data collected will be kept in accordance with the legislation in force and the applicable limitation periods.

  1. Special cases of data collected by means of cookies

Cookies may be used on the Platform. Cookies are small files that are stored on the user’s computer or on any electronic communication device used by the user when browsing the Platform. These files allow the exchange of status information between the Platform and the user’s browser.

The Institute uses the following cookies:

  • Cookies necessary for operation: These cookies are essential for the proper functioning of the Platform and its features. These cookies do not collect information intended to be used for commercial prospecting or advertising targeting;
  • Performance Cookies: These cookies collect information about how users use the Platform as a whole. In particular, performance cookies help identify particularly popular sections of the Platform and count the number of visits. These elements make it possible to adapt the contents of the Platform to the needs of the users and thus to improve the offer and the ergonomics of the services offered on the Platform. To use the data for statistical purposes, the Platform uses the Google Analytics tool.

You can accept or refuse cookies via the cookie manager, accessible on the home page (“Learn more” button) when you first visit the Platform, or set your browser according to your navigation preferences.

You can delete any cookies that have been installed in your browser’s cookie folder. Each browser has different procedures for managing your settings:

If you do not use any of the above browsers, you will need to select the “cookies” option in the “Help” function to obtain information about the location of your cookie file.

Please be aware that if you choose to disable cookies completely, you may not be able to use all of our features.

The data is kept in an active database for the current academic year and during the academic year and then archived.

  1. Security

The security of personal data is one of the priorities of the Institute. The Institute undertakes to take all reasonable administrative, technical and organizational measures to prevent any disclosure, unauthorized access, unauthorized use, alteration or destruction of personal data provided by a user (access control, password security, access according to specific authorizations, etc.).

The data is only accessible to authorized internal or external recipients according to an access and authorization policy defined by the Institute and depending on the use case and the treatment implemented.

Recipients of student personal data within the Institute are subject to a specific confidentiality obligation. Where the Institute is the data controller, the Institute implements all reasonable and legitimate measures to ensure that data recipients, external to the Institute, will provide an adequate level of data protection and comply with the requirements of the GDPR.

Appropriate technical and organizational security measures are implemented to combat accidental or unlawful destruction, loss, alteration, unauthorized access or disclosure of data.

These measures are taken in compliance with other applicable laws and regulations, particularly with regard to the use of cryptographic means.

The Institute shall implement all necessary measures to ensure the security of the information system and the protection of users.

The Institute facilitates users’ access to the resources of the information system. The resources made available to them are primarily for professional use, but the Institute is required to respect the privacy of each individual.

The Institute ensures the proper functioning and security of the Institute’s networks, computer and communication resources. The agents/staff of this service have technical tools to investigate and control the use of the computer systems in place, and undertake to respect the rules of confidentiality applicable to the contents of documents.

They are subject to a duty of confidentiality and are required to maintain the confidentiality of any data they come into contact with in the course of their duties.

The Institute informs the User that the information system may give rise to monitoring and control for statistical, tracking, optimization, security or abuse detection purposes.

  1. Your rights regarding the processing of your personal data

9.1 What are your rights

In accordance with the regulations in force, you have the right to access your personal data, to rectify them, to object to their processing or to obtain their limitation, deletion or portability insofar as applicable.

Furthermore, you may at any time withdraw your consent for processing based on it, or request that you no longer receive communications from us regarding information, announcements, greetings, newsletters, and invitations to events organized by the Institute.

Depending on the treatment, you have the following rights:

  • Right to object: you have the right to object at any time to the processing of your personal data for the purpose of sending information, announcements, greetings, newsletters and invitations;
  • Right of access: you have the right to obtain confirmation as to whether or not your personal data is processed by the Institute;
  • Right of rectification: you have the right to obtain the rectification of inaccurate or incomplete information concerning you;
  • Right to withdraw your consent: you may, for processing that would be based on consent, withdraw at any time the consent you have given for a processing;
  • Right to erasure or right to be forgotten: you have the right to have the Institute erase your personal data where any of the following grounds apply:
    1. The data are no longer necessary for the purposes for which they were collected;
    2. You withdraw your consent to the processing and there is no other legal basis for the processing;
    3. You object to the processing of your personal data and there is no compelling legitimate reason for the processing;
    4. The data are subject to unlawful processing;
    5. Data must be deleted to comply with a legal obligation.
  • Right to Portability: you have the right to obtain the personal data you have provided to the Institute in a structured, commonly used and machine-readable format so that you can transmit it to another data controller. This right is applicable when the processing is based on your consent or on the performance of a contract, and is carried out by means of automated processes.
  • Right to file a complaint: with the Office of the Information and Data Protection Commissioner at Floor 2, Airways House, Triq Il – Kbira, Tas-Sliema SLM 1549, Malta. 

9.2 How to exercise them: If you wish to exercise these rights, you may send your request to our Data Protection Officer (DPO), by email to or by post with your contact details.

International Health Research Institute Ltd
Data Protection Officer / DPO

Level One, Triq Dun Karm,

Birkirkara BKR 9037