This website relates to the objectives of the ERASMUS project – The Guest Experience with its lead partner being the Institute for Tourism Studies, who assume the role of Data Controller in terms of the GDPR.

Established in 1987 and consolidated by the Institute of Tourism Studies Act (2016) of the Laws of Malta, and acting as Malta’s main Tourism and Hospitality educational institution, the Institute of Tourism Studies (hereafter referred to as ITS) offers a vast selection of programmes taught by dedicated lecturers. The Ħal Luqa campus offers multiple specialised labs and kitchens to assure that students receive the essential theoretical and practical education required.

The Institute of Tourism Studies is located close to the Malta International Airport and with a campus in Qala, Gozo, currently offers programmes of studies ranging from Foundation to Degree level.

How we use personal data

The ITS needs to process certain personal data in order to carry out tasks required in the course of the performance of our functions and to comply with certain legal obligations to which the ITS is subject.

Examples of this include processing related to our role as an employer; processing data in order to make payments or carry out audits; processing submissions from public consultations; processing contact details in the course of communicating with a wide range of the ITS’s stakeholders; processing FOI and DPA requests and general queries, requests for information or complaints from customers; processing connected to public procurement and contractual agreements with service providers.


Personal data may need to be exchanged with Project Partners, within ITS, EU and national government agencies under the aegis of the Central Government, or other public bodies or non-governmental bodies, and in all other circumstances where this has to be provided for by law.

How long will we keep your data?

The ITS will only retain your personal data for as long as it is necessary for the purposes for which they were collected and subsequently processed, and in line with certain statutory requirements, where relevant. When the personal data that we collect is no longer required, we destroy or delete it in a secure manner.

Data Security

The ITS is committed to protecting and respecting your privacy and employs appropriate technical and organisational measures to protect your information from unauthorised access.

Your rights

The ITS’s Privacy Policy, sets out how we will use your personal data as well as providing information regarding your rights as a data subject (including details regarding right of access, right to rectification, right to erasure, right to restriction of processing, right to object). The policy can be obtained from the ITS Administrative Offices or reviewed online:

To access a copy of the personal data held by the ITS, in relation to you, please make a Data Subject Access Request. The procedure and the relevant form can be obtained from the ITS Administrative Offices or reviewed online.

You also have the right to complain to the Information and Data Protection Commissioner (details below) if you consider that your rights under GDPR have been infringed, and you have the right to seek a judicial remedy.

Contact Details

The Data Protection Officer and The Data Controller can be contacted on:


Block A, 
Aviation Park, 
Aviation Avenue, 
Ħal Luqa LQA, 9023

Telephone:  +356 2379 3100

The Information and Data Protection Commissioner can be contacted on:


Information and Data Protection Commissioner
Level 2, Airways House,
High Street,
Sliema SLM 1549

Telephone:  +35623287100 

Approvals and sign offs

This statement comes into effect on 1 September 2019.

This policy will be reviewed on an ongoing basis. The DPO is responsible for initiating each review.

Version control



Changes made by

Details ConsultantDraft Privacy Statement