Privacy Notice for Electricity Consumers

We, namely Enemalta plc (“Enemalta”), a Maltese public limited company bearing registration number C 65836 and having its registered address at Triq Belt il-Hażna, Marsa, MRS 1571, Malta process your personal data for the purposes of providing you with electricity service.

We are committed to respecting your privacy.

If you have questions about our processing of your personal data, you may contact Enemalta at the address Central Administration Building, Church Wharf, Marsa, MRS 1000, or by email at [email protected] or by telephone on 8007 2224.

The Data Protection Officer may be contacted at Central Administration Offices, Church Wharf, Marsa MRS 1000, or by email at [email protected] or by telephone on +356 2298 0583.

Note that we have appointed Automated Revenue Management Services Limited (“ARMS”), a company registered under the laws of Malta, bearing company registration number C 46054 and having its registered address at Gattard House, National Road, Blata l-Bajda, HMR 9010 as our processor of your personal data for the purposes of performing on our behalf meter-reading, account keeping and bill collection services and other functions ancillary to such services.

As our processor, ARMS exclusively processes your personal data on our behalf and on the basis of our instructions.

ARMS may be contacted at the address indicated above, or by email at [email protected]  or by telephone on 8007 2222. ARMS’ Data Protection Officer may be contacted at ARMS offices, Qormi Road, Luqa, [email protected] and +356 2245 2725. 

Please read this Privacy Notice carefully to understand our practices with respect to your personal data.

We may update this Privacy Notice at our sole discretion including as a result of a change in applicable law or processing activities. Amendments as a result of changes in applicable law or processing activities changes will be communicated to you prior to the commencement of the relevant processing activity. 

The term “personal data” refers to all information through which you can be personally identified, such as your name, surname, address and billing information and includes all information which may arise.

As utility service provider, we regularly collect personal data as part of our services and legal obligations. We typically collect personal data:

  • Through application forms filled and submitted to us or ARMS;
  • Through our website and that of ARMS;
  • Through various social media platforms of the two entities, which are used by the individual to communicate with the respective entity;
  • Through calls/emails/visits received at our Customer Care Department and the Customer Care Department operated by ARMS.

Generally, you would have provided your personal data to us, directly, through the account holder who provides your information, or through our processor ARMS. You are also kindly requested to inform us whenever your personal data changes.

The personal data of the customers we typically collect and process includes:

  • Name,
  • Surname,
  • ID card/passport number and associated document number (such document is processed for identity verification: (i) either in person at Our offices when the original is requested upon submission of an application or request for information; or (ii) by email/post, a copy is requested along with a submission of an application or request for information, and such copy will be deleted once the necessary verification has been conducted),
  • Address,
  • Contact number,
  • Contact email,
  • Meter reading data,
  • Meter point location data,
  • Billing information,
  • Electric vehicle details included within the Transport Malta certificate, including car registration number and country of issue, where applicable,
  • Account and meter number.

More data could be collected for specific situations.

Personal data is also collected in relation to persons residing within the premises, persons who will provide access to the premises and persons inspecting and/or certifying the electricity installation.

Irrespective of the manner that we have collected your personal data, we will only process such data for the purposes of the provision electricity services to you and purposes which are inherently related thereto, including the fulfilment of any legal obligation imposed on us.

Typically, in providing you with the service, your personal data will be processed for:

  • Fault investigation and repairs,
  • Routine inspections,
  • Upgrades/updates to the service being provided,
  • Billing,
  • Temporary service requests,
  • Interruption notifications,
  • Claims investigation,
  • Theft and fraud investigation.

We process your personal data on the following bases:

  • Entering into and performing a contract – in particular to provide you with the services you have requested from us. The consequence for not doing such processing would be that we would be unable to perform our contract,
  • Our legitimate interests in terms of security and safety purposes, safeguarding of our rights through arbitration/legal proceedings and any other legitimate interests which we may have in relation to the services provided. When we process your personal data on the basis of legitimate interests, we ensure that the legitimate interests pursued are not overridden by your interests, rights and freedoms,
  • Compliance with legal obligations imposed on us – in particular obligations imposed on us as a result of the provision of electricity services to you,
  • Consent when you have provided your explicit consent to specific processing of your personal data,
  • Given that we process your personal data for the purposes of providing national electricity in Malta, there may be instances where we may also rely on a public interest in processing your data.

On the basis of our legitimate interests or compliance with legal obligations, as applicable, we may also process your personal data for the purposes of establishing, exercising or defending legal proceedings.

We will ensure that we have additional grounds for processing your personal data if processing of special categories becomes envisaged. Note that special categories of personal data include data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic, biometric or health data, sexual orientation and data related to your conviction and offences. Processing special categories of your personal data is not envisaged unless we have reason to institute proceedings or investigations with respect to theft of our services.

The recipients of your personal data are:

  • selected individuals within our companies, on a need to know basis,
  • any service providers that may have access to your personal data in rendering us with their support services, including IT service providers,
  • third parties to whom disclosure may be required as a result of our relationship with you as our client,
  • third parties, including but not limited to governmental institutions and authorities that may be of an executive, judicial or legislative nature, to whom disclosure may be required as a result of legal obligations imposed on us,
  • governmental institutions, ministries and other public authorities and public entities, who request specific personal data about you and/or the persons residing in your premises which we, as the Data Controllers, control. Such personal data will only be shared for the specific and agreed purposes, including for your benefit, and will be delineated in a Data Sharing Agreement between the parties. The receiving party is contractually bound to inform you of such data sharing from us,
  • third parties to whom disclosure may be required as a result of legal obligations imposed on us.

We are a member (‘Member’) of a registered Credit Referencing Agency (‘CRA’) in Malta. The Member shall process Personal Data found herein according to applicable legislation, particularly, the Regulation [EU] 2016/679 (‘GDPR’) as well as the Data Protection Act, amongst others. If you as our client is in default of Our agreement, the Member has the right to pass on any of your personal information to the CRA as well as to any legally entitled third party.

Where such a disclosure is carried out, the relevant CRA, shall be deemed to be a Data Controller of the personal data it processes within its systems, in pursuance of its legitimate interests, such as promoting responsible lending, amongst others.

We do not share your personal data with any entity located outside of the EU or EEA unless required to do so at law.

Your personal data will not be used for any decision solely taken on the basis of automated decision-making processes, including profiling.

In the interest of transparency, note that we use systems which could profile you. Such systems are used by us to monitor your electricity consumption and ensure that you receive a quality service. These systems could also be used to identify abnormal electricity consumption and irregular activities. No automated-decision will result from our use of such systems.

We retain your personal data exclusively for the period in which we may lawfully retain your personal data. Thereafter, your personal data shall be immediately and irrevocably destroyed.

As a result of legal obligations imposed on us, we normally retain your personal data for up to ten (10) years from the closure of your file and you cease to be our client.

We may have a legitimate interest to hold your data for longer periods such as when your data is required for exercising or defending legal claims.

For as long as we retain your personal data, you have certain rights in relation to your personal data including:

  • Right of access – you have the right to ascertain the personal data we hold about you and to receive a copy of such personal data,
  • Right to Erasure – in certain circumstances you may request that we delete the personal data that we hold on you,
  • Right to Object – you have a right to object and request that we cease the processing of your personal data where we rely on our, or a third party’s, legitimate interests for processing your personal data or a task carried out in the public interest,
  • Right to Portability – you may request that we provide you with certain personal data which you have provided to us in a structured, commonly used and machine-readable format. Where technically feasible, you may also request that we transmit such personal data to a third-party controller indicated by you,
  • Right to Rectification – you have the right to update or correct any inaccurate personal data which we hold about you,
  • Right to Restriction – you have the right to request that we stop using your personal data in certain circumstances including if you believe that we are unlawfully processing your personal data or the personal data that we hold about you is inaccurate,
  • Right to withdraw your consent – where our processing is based on your consent, you have the right to withdraw your consent. Withdrawal of your consent shall not affect the lawfulness of the processing based on your consent prior to the withdrawal of your consent,
  • Right to be informed of the source – where the personal data we hold about you was not provided to us directly by you, you may also have the right to be informed of the source from which your personal data originates.

Your rights in relation to your personal data are not absolute.

If you intend to exercise one or more of your rights, you should approach Enemalta at the contact details indicated above.  You may also contact ARMS who will be redirecting your request on your behalf to Enemalta.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights specified above). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We take pride in keeping your data secure and will take appropriate technical and organisational measures to protect your data against unauthorised or unlawful processing, including against accidental loss, destruction, storage or access. Your personal data will be stored in paper files or electronically on our technology systems or on technology systems of our IT providers.

If you have any complaints regarding our processing of your personal data, please note that you may contact us or our Data Protection Officer at the details indicated above. You also have a right to lodge a complaint with the Office of the Information and Data Protection Commissioner in Malta (www.idpc.gov.mt).

 Last updated on the 17 February 2021