We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners. Read More

Log in

Privacy NOTICE

1.       Preamble

The Malta Institute of Accountants (“MIA”) respects your privacy and is committed to protecting your personal data. This Privacy Notice will inform you as to how we safeguard your personal data when you visit our website and tell you about your privacy rights and how the law protects you.

For more information on the way in which the MIA processes its members’ and students’ personal data, as well the personal data of CPE participants and Sponsors, kindly visit:

Members’ Privacy Notice

Students’ Privacy Notice

CPE and Sponsorship Privacy Notice

Where appropriate, the terms of this notice also apply to any other entity in which MIA holds a controlling interest.

2.    Purpose of this Privacy Notice

This Privacy Notice aims to inform you on how the MIA collects and processes your personal data through your use of this website, including any data you may provide when you navigate through the website or utilise any of the services provided therein.

It is important that you read this Privacy Notice together with other notices we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Notice supplements other notices and noticesmentioned in section 1 and is not intended to override them.

3.       Controller

The Malta Institute of Accountants (hereinafter referred to as the “MIA”, ‘’Institute’’, “we”, “us” or “our” in this Privacy Notice) is an approved accountancy body in accordance with the requirements of the Accountancy Profession Act and of the relevant Legal Notices, having its address at Suite 4, Level 1, Tower Business Centre, Tower Street, Swatar, BKR 4013, Malta. For the purposes of this Privacy Notice, MIA shall be the Data Controller.

4.       Contact Details

If you have any questions about this Privacy Notice or our privacy practices, please contact our DPO using the information provided below in a manner which best suits you.


 Maria Mifsud Farrugia
 Email address:  mmfarrugia@miamalta.org
 Postal address:  Suite 4, Level 1, Tower Business Centre, Tower Street, Swatar, BKR 4013, Malta
Telephone number:   (+356) 22581900

5.       Changes to the Privacy Notice and your Duty to Inform us of Changes

We keep our Privacy Notice under regular review, we encourage you to review the Privacy Notice periodically to keep yourself up to date. This version was last updated on 15 October 2021.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. If you have an account on our website, any changes to your personal data should be updated online through the website. If you do not have an account, changes should be communicated to the relevant department, contact details can be found at this link.

6.       What Data do we Collect?

We may collect, use, store and transfer different kinds of personal data about you such as data passed onto us:

  • When subscribing to our mailing list;
  • When booking for an event and creating an account;
  • When applying to become a member;
  • When applying to join as a student;
  • When making a payment through your online account;
  • When contacting us through Social Media sites;
  • When participating in a Survey;
  • Through Cookies (please see section 14 below);

Such data could include your:

  • Identification Data and other Contact Data: such as name(s), surname(s), identity card number, date of birth, nationality, residential address, and e-mail address, telephone numbers, IP address or any similar contact information available;
  • Member/Student/Other User Data; educational qualifications, warrant, current designation and place of work, and other data pertaining to studentship and/or membership
  • Registration Data on courses and other events: such as information related to events’ registration and attendance, and subscription information with respect to reports and any other publications issued by the MIA;
  • Regulatory Data: such as information requests received from legal bodies, such as the Accountancy Board, government authorities or regulators; or
  • Transaction Data and Transaction Information: details of payments, statements, incoming and outgoing payments.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in terms of law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.

We do not collect any Special Categories of personal data about you through the website (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences via the website.        

7.       How we use your personal data?

We will only use your personal data within the constraints of relevant data protection legislation. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
  • Where we need to comply with a legal obligation.
  • Where we have obtained your consent to process your personal data for explicit and specified purposes.

    8.       Where your Provide us with personal data Related to Third Party data subjects

    If you are a company, intermediary or other corporate entity (including a bank or broker), and you provide us with personal data of third-party data subjects such as your employees, affiliates, service providers, underlying clients/customers, directors or any other individuals connected to your business, you shall be solely responsible to ensure that:

    • you immediately bring this Privacy Notice to the attention of such data subjects and direct them to it;
    • the collection, transfer, provision and any processing of such personal data by you fully complies any applicable laws;
    • as Data Controller you remain fully liable towards such data subjects and shall adhere to the applicable law;
    • you collect any information notices, approval, consents or other requirements that may be required from such data subject before providing us with their personal data;
    • you remain responsible for making sure the information you give us is accurate and up to date, and you must inform us if anything changes as soon as possible.

    You hereby fully indemnify us and shall render us completely harmless on first written demand against all costs, damages or liability of whatsoever nature resulting from any claims or litigation (instituted or threatened) against us as a result of your provision of said personal data to us.

    9.        Data which we make publicly available

    The personal data that we make public in relation to MIA members directory includes name, surname, membership level and date of admission. Such option is based on the members opt in.  Members can access their online account and amend their preference at any time.

    In cases where a member or student has been sanctioned in terms of the Disciplinary Proceedings Bye-Law, the name and sanction/s imposed will be published in the Institute website and in any other publications of the Institute.

    10.       Mailing List subscription

    When you subscribe to one of our mail shots, you provide us with personal information such as your name and email address. We use the personal information submitted in the form only to send you the mail shots you subscribed to. We use a third-party service provider called Mailchimp and the system providers to send specific mail shots to users who subscribe to receive them. The systems provides us with support statistics to help us improve our services to you. For more information on how Mailchimp manages your data please visit their Privacy Notice. Mailchimp is a data processor for us and only processes personal information in line with our instructions.

    You will need to provide us with your consent as a legal basis for us to process your personal data to receive third party marketing material and marketing material in relation to services provided by MIA. The latter is applicable only to persons/individuals who are neither members of the Institute nor registered students with the Institute. Personal data is deleted upon withdrawal of such consent by you, or, at the point where the purpose for holding that data is no longer valid.

    11.       Disclosure of personal data?

    We share your personal data with the parties set out below:

    • Mailchimp;
    • Our payment gateway service providers;
    • Google Analytics;
    • System’s Service provider;
    • Zoom Video conferencing;
    • Zoho Corporation PVT Ltd;

    We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

    12.       International Transfers

    Your personal data may be transferred to and stored in locations outside the European Economic Area (“EEA”), including to countries that may not have the same level of protection for personal data as provided for within the EEA.  When such transfers are carried out, we will ensure that the target country has an adequate level of protection and that the transfer is lawful by putting in place the appropriate safeguards in accordance with the applicable laws, and/or any other applicable legislation. These appropriate safeguards include the EU Model Clauses entered into by us and our processors/controllers.

    We may need to transfer your personal data in this way to carry out our contract with you, to fulfil a legal obligation, on the basis of legitimate interests and/or on the basis of consent.

    You can obtain more details of the protection given to your personal data when it is transferred outside the EEA by contacting us using the details provided above.

    13.       Links to other Web Sites

    Our site has a number of links to other local and international organisations and agencies. In some cases, for the benefit of the visitor, it may be required that we link to other web sites of other organisations after permission is obtained from them respectively. It is important for you to note that upon linking to another site, you are no longer on our site and you become subject to the Privacy Notice of the new site.

    14.       Our use of Cookies

    Our website uses cookies which are pieces of information that a website transfers to your computer’s hard disk or to your browser’s memory for record-keeping purposes. They are useful because they help arrange the content and layout of our site and allow us to recognize those computers or other devices that have visited our sites before. For example, we may monitor how many times you visit the website, which pages you go to, traffic data, location data and the originating domain name of a user’s internet service provider. They also allow our website to remember your preferences thereby helping us to enhance the usability and performance of our site and your experience while using it. Cookies do not personally identify users but they simply identify a user’s computer or other device.

    You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

     Cookie Prefix Description 
     absf Stores selected folder in file browser. 
     ARF Additional session key.
    avms Indicates that the site was switched from public view to admin view.
     bc, bs Used to display notifications in place of the Wild Apricot logo.
    cs  Used for CSRF (Cross-site request forgery) attack protection.
    epce  System cookie which indicates that external auth request failed and contains ExternalAuthProvider name.
    hs  Used to determine if the user is viewing the site in https mode.
    lap, apc  Stores the last opened page in admin view. Used when switching between public and admin view.
    mdasau  Used by the member directory gadget to store the advanced search parameters for users who are not logged in.
    ops  Indicates whether an online payment has been initiated.
    pp  Stores the last opened page in public view. Used when switching between admin and public view.
    ppa  Stores the previous selected payment system when saving payment settings.
    ro  Stores role of user (contact/member/admin).
    sk  Used to display information about incomplete applications and event registrations, open invoices etc.
    tcc  Test cookie used to determine if cookies are enabled in client browser.
    ThemeReloadCookieName  Identifies that theme switching is in progress and determines where to redirect after theme switching is completed.
     wa Main authorization cookie.
     wb Used for wizards (member application, event registration, etc).
    wc  Also used for wizards (member application, event registration, etc).

    Most browsers are initially set to accept cookies. However, if you prefer, you can set your browser to block all, or certain, cookies. Please be aware that without cookies you may not be able to use the full functionality of our site. Users can also set their browser to prompt them each time a cookie is offered.

    15.       Data Retention

    We will retain your personal data in accordance with our internal retention policies. Thereafter, your personal data shall be destroyed, unless we have a statutory obligation imposed on us, a business need to retain the personal data, and/or require the personal data to exercise or defend legal claims.

    Any personal data which we may hold on to the basis of your consent shall be retained exclusively until the time at which you withdraw your consent.

    16.       Your Rights

    For as long as we retain your personal data, you have certain rights in relation to your personal data including:

    • Right of access – you have the right to ascertain the personal data we hold about you and to receive a copy of such personal data;
    • Right to complain – you have the right to lodge a complaint regarding the processing of your personal data with the supervisory authority for data protection matters. In Malta this is the Information and Data Protection Commissioner (contact details provided below);
    • Right to Erasure – in certain circumstances you may request that we delete the personal data that we hold about you;
    • Right to Object – you have a right to object and request that we cease the processing of your personal data where we rely on Our, or a third party’s legitimate interest for processing your personal data;
    • Right to Portability – you may request that we provide you with certain personal data which you have provided to us in a structured, commonly used and machine-readable format (except where such personal data is provided to us in hand-written format, in which case such personal data will be provided to you, upon your request, in such hand-written form). Where technically feasible, you may also request that we transmit such personal data to a third party controller indicated by you;
    • Right to Rectification – you have the right to update or correct any inaccurate personal data which we hold about you;
    • Right to Restriction – you have the right to request that we stop using your personal data in certain circumstances, including if you believe that we are unlawfully processing your personal data or the personal data that we hold about you is inaccurate;
    • Right to withdraw your consent – where our processing is based on your consent. Withdrawal of your consent shall not affect the lawfulness of the processing based on your consent prior to the withdrawal of your consent; and,
    • Right to be informed of the source – where the personal data we hold about you was not provided to us directly by you, you may also have the right to be informed of the source from which your personal data originates.

    Please note that your rights in relation to your personal data are not absolute and we may not be able to entertain such a request if we are prevented from doing so in term of an applicable law.

    Note that we may contact you about our legal updates, newsletters and events on the basis of our legitimate interests and to keep you informed of such legal matters. 

    You may exercise the rights indicated in this section by contacting us or our Data Protection Officer at the details indicated above.

    17.       Keeping your data secure

    We shall implement and maintain appropriate and sufficient technical and organisational security measures, taking into account the nature, scope, context and purposes of the processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, to protect your personal data against any unauthorised accidental or unlawful destruction or loss, damage, alteration, disclosure or access to personal data transmitted, stored or otherwise processed and shall be solely responsible to implement such measures.

    We shall ensure that our staff who process your data are aware of such technical and organisational security measures and we shall ensure that such staff are bound by a duty to keep your personal data confidential.

    The technical and organisational security measures in this clause shall mean the particular security measures intended to protect your personal data in accordance with any privacy and data protection laws.

    18.       Complaints

    If you have any complaints regarding our processing of your personal data, please note that you may contact us on any of the details indicated above. You also have a right to lodge a complaint with the Office of the Information and data Protection Commissioner in Malta (www.idpc.gov.mt).


    Contact Us

    Suite 4, Level 1, Tower Business Centre, Tower Street, Swatar, BKR 4013, Malta 

    E-mail: info@miamalta.org

    Tel. +356 2258 1900

    © MALTA INSTITUTE OF ACCOUNTANTS, 2021  Privacy Notice