The Institute of Tourism Studies ("ITS", "we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Notice explains in clear and transparent terms how we collect, use, share, and safeguard your personal information when you register and use the Skills/Learning Portal. It also outlines your rights under the General Data Protection Regulation (GDPR) and Maltese law. Our goal is to ensure that you understand what data we collect, why we collect it, and how you can exercise control over your information. This notice applies to all activities related to your use of the portal, including registration, training, assessments, and certification.
This Privacy Notice applies to all users of Skills Pass Portal, including candidates, employers, MTA licensed establishments, educational institutions, and government authorities who access or interact with the platform. It explains how ITS processes personal data for each category of user.
Version: 1.0
Last updated: 02 December 2025
The Institute of Tourism Studies is the data controller responsible for determining the purposes and means of processing your personal data.
We have appointed a Data Protection Officer (DPO) to oversee compliance and address any questions or concerns you may have. You can contact the DPO at the above email address for privacy-related inquiries or to exercise your rights.
ITS acts as the primary data controller for all personal data processed through the Skills Pass Portal, determining the purposes and means of processing for portal operations. Entities such as employers, educational institutions, and government authorities / regulators that access the portal are responsible for their own data as independent controllers. When these entities handle candidate data within the portal under ITS's documented instructions, they do so as data processors, and must comply with GDPR obligations, including confidentiality, security measures, and adherence to ITS's Entity Terms and Conditions. This shared responsibility ensures transparency and accountability across all parties involved in the platform's operation.
To provide you and our other customers with our products and services and operate our portal, we may collect and use personal information about you and others. The types of personal information we collect about you will also depend on how you choose to interact with us and what you tell us during those interactions. If we are not provided with all the personal information we request, we may not be able to supply our products and services.
Your personal data is collected and processed to ensure the effective delivery of services and compliance with statutory requirements. This section outlines the main purposes for which your data is used, as well as the legal grounds that authorise such processing.
Where necessary to fulfil the purposes outlined above, your personal data may be disclosed to relevant government authorities / regulators, educational institutions, employers, and authorised sub-processors engaged in the delivery and maintenance of our services.
Entities that access or process candidate data through the Skills Pass Portal are required to comply fully with the General Data Protection Regulation (GDPR) and all applicable data protection laws. This includes implementing appropriate technical and organizational measures to safeguard personal data, ensuring confidentiality, and processing candidate information strictly for legitimate purposes as permitted under this Privacy Notice. Entities must also adhere to the portal's Terms and Conditions and any contractual obligations agreed with ITS. Unauthorized use, disclosure, or retention of candidate data beyond the scope of these terms is strictly prohibited and may result in regulatory action or termination of access.
Your information, including Personal Data, is processed at our operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Malta or other governmental jurisdiction where the data protection laws may differ.
ITS will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Notice and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.
Transfers outside the EU/EEA will include Standard Contractual Clauses and supplementary safeguards.
ITS will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Notice. We will retain and use Your Personal Data such as test results and certificates to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
ITS will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our services, or We are legally obligated to retain this data for longer time periods.
We are not responsible for the practices or content of third-party apps, websites, or services linked to our Platform. This Privacy Notice does not apply once you leave our Platform; your activity on third-party sites is governed by their own policies. We do not control or take responsibility for any third parties you authorize to access your account. Use of third-party services and granting them access to your account is at your own risk.
ITS is committed to maintaining the confidentiality of your personal data and will assist you in exercising your rights.
You have the right under this Privacy Policy, and by law if You are within the EU, to:
The right to access, update or delete the information We have on You. Whenever possible, you can access, update or request deletion of Your Personal Data directly within Your account settings section. If you are unable to perform these actions yourself, please contact Us to assist You. This also enables You to receive a copy of the Personal Data We hold about You.
You have the right to have any incomplete or inaccurate information We hold about You corrected.
This right exists where We are relying on a legitimate interest as the legal basis for Our processing and there is something about Your particular situation, which makes You want to object to our processing of Your Personal Data on this ground. You also have the right to object where We are processing Your Personal Data for direct marketing purposes.
You have the right to ask Us to delete or remove Personal Data when there is no good reason for Us to continue processing it.
We will provide to You, or to a third-party You have chosen, Your Personal Data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which You initially provided consent for Us to use or where We used the information to perform a contract with You.
You have the right to withdraw Your consent on using your Personal Data. If You withdraw Your consent, We may not be able to provide You with access to certain specific functionalities of the Service.
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the Office of the Information and Data Protection Commissioner of Malta via their website https://idpc.org.mt.
ITS has taken appropriate technical and organizational measures by using the latest technologies to protect your personal data against loss or unlawful processing. We keep on improving our safeguards to help keep the information collected through the Platform secure and take steps to verify your identity before granting you access to the Platform or to your account.
You are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to emails between you and us at all times. We are not responsible for any other organization's functionality, privacy, or security measures.
We may update Our Privacy Notice from time to time. We will notify You of any changes by posting the new Privacy Notice on this page.
We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Notice.
You are advised to review this Privacy Notice periodically for any changes. Changes to this Privacy Notice are effective when they are posted on this page.
If you have questions or concerns regarding the way in which your personal information has been used, please contact [email protected]