Credit Information at your Fingertips ...


Malta Association of Credit Management - CCTV Policy

      A. Policy Statement

Malta Association of Credit Management (‘MACM’), as a data controller, uses CCTV (closed circuit television) throughout its premises, to provide a safe and secure environment for employees of MACM and for any visitors to the premises, including council members, members and students and to protect the property on the same site. 

The scope of this policy is to define a proper procedure for the use of CCTV and to detail the controls necessary to ensure compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data – the ‘GDPR’ and the Data Protection Act (Cap. 586 of the Laws of Malta) as well as all subsidiary legislation issued thereunder (as may be amended from time to time). These laws shall hereafter be collectively referred to as ‘Data Protection Laws’.

MACM has produced this policy in line with the Guidelines on processing of personal data through video devices as published by the European Data Protection Board (Guidelines 3/2019) and adopted on 10 July 2019. Such Guidelines reflect the principles enshrined in the Data Protection Laws.   

       B. Purpose

 The CCTV system will monitor strategic locations on the premises in which MACM operates, as it may deem necessary at its own discretion, primarily in the common areas, including corridor, Main office and lecture room with the purpose to:

          ·    Deter crime;

          ·    Protect the health and safety of employees and visitors on the site;

          ·    Monitor the security of the property thereon;

 Whereas the CCTV system is in place for all of these purposes,  MACM personnel will not always be monitoring for all of these purposes all of the time.

      C. Responsibilities

 MACM, in relation to the CCTV system, will have the responsibility to:

        ·    Ensure compliance with the Data Protection Laws with reference to the operation and use of CCTV equipment and the recording and viewing of images;

        ·     Ensure that the monitoring of CCTV systems is conducted for all applicable locations, and in compliance with applicable legislation and the MACM policies

        ·     Ensure that the system is maintained and repaired when necessary;

        ·     Deal with any complaints regarding the operation of the CCTV system;

        ·     Deal with any requests regarding the CCTV system by the data subjects;

        ·    Deal with any requests regarding the CCTV system from public authorities and the police;

        ·    Retain images for evidential purposes and ensure they are kept in a secure place to which access is controlled.

       D. Users

Senior Management (the ‘Users’) are allowed to carry on the monitoring of live images and reviewing the recordings of the images at all times (for security purposes stated in section B above).

        E. Actions for the Implementation and Development of the Policy

The principles of operation of the CCTV system are:

1)       The system will only be used in a lawful and fair manner.

2)      The recording medium will be overwritten and any copies destroyed after 7 days unless required as evidence in Police or internal investigations and proceedings. In such case                the recordings shall be kept until the investigation is concluded and shall be destroyed once they are no longer necessary.  

3)      An incident reporting procedure shall be in place ensuring the logging of every occurrence including requests to access, retain and/or have a copy or extract of the recording, both          submitted internally (e.g. employees) and externally (e.g. law enforcement agencies).

4)      On removing the medium on which the images have been recorded for use in legal proceedings, the Users will ensure that there is documentation of:

                      a) The date on which the images were removed from the general system for use in legal proceedings;

                      b) The reason why they were removed from the system;

                      c) Any crime incident number to which the images may be relevant;

                       d) The location of the images;

                       e) The signature of the collecting Police Officer or other Government agent where relevant;

5)      Signs will be placed so that the employees and the visitors on the site are aware that they are entering a zone which is covered by surveillance equipment. The signs are clearly              visible and legible.

6)      Every access to recordings should be justified and a record (audit trail) including the reason for accessing such recordings will be kept.

7)      All MACM staff shall familiarise themselves with this CCTV Policy (and other MACM policies that have been made available) and take all measures to fully comply with the same              and the Data Protection Laws.

8)     Any individual whose personal data are held by MACM in the form of a CCTV recording can request access to that recording under certain conditions and MACM will respond in             accordance with the Data Protection Laws. Such request will be evaluated by the Users and/or other authorised person(s) of MACM responsible for data protection who will                     provide without excessive delay and without expense, written information as required by law. Where required to be provided, the information shall indicate, in particular:

          ·     The actual personal data which are processed;

          ·     The source of the information;

          ·     The purpose of the processing;

          ·     Any recipients or categories of recipients of the data;

          ·     The applicable retention period;

         ·     The various rights to which the data subject is entitled under the GDPR (including the right to rectification, erasure and restriction -where applicable as well as the right to                       lodge a complaint with the Maltese Office of the Information and Data Protection Commissioner);

          ·     As well as any other information to which the data subject is entitled under Article 15 of the GDPR (Right of Access).

In such cases, only information concerning the individual specifically making the request may be provided. Other information revealing the identity of other persons should not be disclosed. In the case of an ongoing investigation, whereby providing information may be prejudicial to the investigation itself or to the rights and freedoms of others, such information could be withheld.  

Although the law does not specifically entitle the individual to have an extract of the images being recorded, or to view directly the images, in the case of CCTV systems, the most practical approach is to invite individuals for direct viewing of the images, provided that the identity of third parties is obscured wherever feasible. If an individual is not satisfied with the reply provided, or with the manner by which access is granted, the matter may be referred to the Information and Data Protection Commissioner who will investigate the case and ascertain that the right of access is properly granted.

9)   MACM may release recordings to the Police or other authorities empowered by law to request the information, for the purposes of prevention or detection of crime, the apprehension or prosecution of offenders, or in the interests of national security, or in other circumstances where MACM is legally obliged to do so, or in accordance with the specified purposes of the CCTV system.

10)    Where individuals appearing in the footage, are third parties to an investigation or a request for access, and their images are not considered relevant, these shall be obscured, wherever technically feasible. In cases where images identifying third parties are relevant to an investigation, the identity of these persons may be disclosed strictly for the purposes of the investigation itself (e.g. to prove their innocence) and should be retained only until the investigation is concluded.

 F. Further Information

For more detailed information on how the data subject’s personal data are processed, please read the MACM Privacy Policy which can be accessed on or ask for a printed copy at the address cited below.

 For further information relating to this policy and the procedures concerning the use of CCTV cameras, employees and other individuals are to contact the MACM secretariat .


   Malta Association of Credit Management

   Mdina Bastions, Block D, Office 1,                                                                                                                                                                                                                                               N/S off Triq Mikielang Sapiano Street, Haz-Zebbug ZBG 1870

  Tel: (+356) 21423638                                                                                                                                                                                                                                                                    Email:

In addition, for matters or enquiries relating to data protection, individuals may wish to contact the Information and Data Protection Commissioner on the details provided below:

       Office of the Information and Data Protection Commissioner
       2, Airways House
       High Street
       Sliema, SLM 16

      Tel: (356) 2328 7100
       Fax: (356) 2328 7198