Privacy policy GWU Members

Privacy policy GWU Members

Welcome to the General Workers Union (hereinafter the “Organisation” “We, “Our”, “Us”) privacy policy, which is intended to inform you about the processing and use of personal data collected as part of your membership and to provide you with the services as may be required. We respect your privacy and are committed to handle your personal data in accordance with the applicable data protection laws, namely the Maltese Data Protection Act (Chapter 586 of the Laws of Malta), as well as the EU regulation 2016/679 General Data Protection Regulation (“GDPR”).

Who We Are
The General Workers Union is the entity responsible as controller for your personal data. Our contact details are as follows: General Workers Union, Workers Memorial Building, South Street, Valletta VLT1103. Email: [email protected].

1. The personal data we collect
   Your personal data kept within the membership system includes; ID number, name and surname, postal address, nationality, gender, contact details which can include mobile and phone number, email address, employer and occupation. Moreover, membership data is stored including payment method, first entry date and rejoin dates, statuses information such as resignations and effective dates, payment of welfare fund, employment history, payment history and other relevant information. In addition, we also store scanned copies of application form, check off form, standing order form and resignation letters.
   
2. The Purposes and Legal Basis for processing your personal data
   Your personal data will be processed in order to allow Us to administer your membership, to conduct our operations as a Trade Union, including providing you with services required in relation to collective bargaining and as determined under the organization’s statute, and provide you with information which we believe is relevant to you as a member.
   
   The processing of your personal data for our administration or operational activities as a Trade Union, is deemed necessary to honour the terms and our contractual obligations governing your membership subscription, as further stipulated in the Statute, as well as in any collective agreement which may apply to our relationship with you as a member. Furthermore, as a Trade Union and also as an organization, we have legal obligations to process your personal data when this is stipulated or required under laws to which we are subject, such as the Employment and Industrial Relations Act. (Chapter 452 of the Laws of Malta).
   
   Given that personal data revealing trade union membership is considered Special Category of Personal Data in terms of the GDPR, We will solely process personal data in relation to current or former members and in the course of Our legitimate activities as a Trade Union.
   
   When processing your personal data for the purpose of communicating without your information we believe is relevant to you as a member, such communications will be on an optional basis and subject to your prior consent, unless the communication is mandatory for our administration or operational activities and objects as a Trade Union
   
   
3. Recipients of your personal data
   We will not disclose or otherwise make available your personal data to any third-party unless this is strictly necessary. The following categories of third parties have been identified as possible recipients of your personal data:
   
   a) Your employer if necessary to execute your check-off instructions where this facility is offered,
   
   b) Our own employees and staff members, carrying out specific administrative or operational tasks of our Organization, including external consultants duly authorized and entrusted by Us to carry out similar functions;
   
   c) External service providers, engaged by Us to provide services related to our administrative and /or operational activities;
   
   d) Public Bodies and Authorities empowered by law to request personal data from Us.
   
   When such disclosure is envisaged, this will be subject to additional safeguards, including as the case may require, security protocols to ensure safe transmission and receipt of the data, contractual agreements and/ or confidentiality undertakings to subject recipients to GDPR and equivalent obligations.
   
   
4. What is the retention period
   The member’s data retention period will remain open for as long as the member remains an active member. A membership is considered to become dormant in the event of non-renewal for 6 months. When this happens, following settlement of any amounts due, all personal data is removed but the payments records will be kept for accounting and audit purposes and as specifically required for compliance with statutory and tax obligations. The same applies to resigned members whose data will be removed accordingly and the payment information will be anonymised. Members that have their membership deducted from their wage on regular basis are to be retained as active until further updates are either received by the member or his employer. In any case, personal data concerning a dormant customer will not be retained for more than 2 years following the date the membership becomes dormant, unless such data is required in pursuance or defence of a legal claim, in which case it may be retained until the claim is final and conclusive.
   
   
5. Your rights
   As an individual, you have the following rights under the GDPR and applicable data protection law:
   – Right to request access to your personal data;
   – Right to have your data erased and/or rectified;
   – Right to object to processing (including profiling and use of such data for direct marketing);
   – Right to restriction of processing
   – Right to request your data to be ported to another entity;
   – Right to withdraw your consent, where this is obtained as a basis for processing data;