Protecting Your Privacy
Last reviewed: 4th March 2024

We, the team at McDonald’s Malta strongly value privacy and are committed to protecting your personal data (i.e. information that identifies you).

If you have any questions about how we protect your privacy, get in touch here: [email protected].

One of your rights under the GDPR is that you must be informed when your personal data is processed by any organisation. You also have the right to know the details and purpose of that processing.

This privacy policy describes our practices relating to the personal data of visitors of and make use of our online facilities. For the data collected through our website, the data controller is Premier Restaurants Malta Ltd with its address at Nineteen Twenty Three, Valletta Road, Marsa MRS 3000 Malta.

We assure you that we will only use and disclose any personal data collected from you in accordance with the manner set out in this policy.

Most of the personal information which we may collect about you through this website is given to us only if you choose to give it to us. Such personal information may be requested from you when you fill in a field e.g. to submit a vacancy or fill in our contact form with your questions and comments. If you send us emails, then the personal data we process will depend on what you send us in the email.

The information we collect from you normally includes the information about your device (phone or laptop) with which you used our website, and if you reach out to us through our contact form, we will also collect your name and email address In addition, if you apply for a vacancy, other information will be requested (see the section on recruitment below).

The next sections will outline how and why we use this information.

Some other information is given to us because you accessed this website (e.g. logs, recorded through cookies). This is explained in the Cookies section below.

We use your information in a number of different ways — what we do with it then depends on the information and the purpose for which we collected.

The tables below set this out in detail, showing what we do, and why we do it.

Your name and contact details

How we use your Name + surname
+ contact details (email address)


To provide you with service and support messages by  e-mail

We’ve got to do this to respond to your queries.

Knowing what you, and other customers, like

To ensure we are giving you what you want, and to stay ahead of the competition

Information about your device (phone or laptop) 

Information you give us when you browse our site, including your IP address and device type as well as how you use our website.

 How we use information about your phone or laptop, and how you use our website


Improve our website 

To give you the best possible user experience

You don’t have to give us any of this personal information but if you don’t, you may not be able to use our site or all of the services we offer on the site, and you are unlikely to receive an optimal customer experience.  

We also anonymise and aggregate personal information (so that it does not identify you) and use it for purposes including testing our IT systems, research, data analysis, improving our site. We also share this anonymised information with third parties – but they will not be able to identify you.

For all of the uses of your personal data (as described above), we ensure that there is a legal basis under applicable data protection laws for us to use such personal data.

This includes, for example, where it is necessary for us to use the information to perform a contract with you or take steps at your request prior to entering into a contract with you. We also use consent as a legal basis when processing CV data in order to consider you for other posts (more on that below).

It also includes circumstances (such as we have described below) where we have a legitimate interest to use your data, provided that proper care is taken in relation to your rights and interests to carry out research and analysis of your data as this helps us understand our clients better, who they are and how they interact with us; and to improve and ensure the security of the website (for example, for statistical, testing and analytical purposes or troubleshooting).

We will hold on to your information for no longer than is necessary keeping in mind the purpose/s (or compatible purposes) for which we first collected the data.

We may also keep hold of some of your information if it becomes necessary or required to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.

As a guide, we will keep personal data until such time as you ask us to stop communications with you, unless we need to keep the data for longer;– we may keep certain categories of personal data for longer in order to meet any legal or regulatory requirements, or to resolve a legal dispute.

We may keep different types of personal data for different lengths of time if required by law (for instance, we may need to keep certain personal data relating to purchases for about 10 years in order to comply with tax/VAT reporting requirements). You may obtain more information as to the retention periods or the criteria used by us to determine the retention periods by contacting us on [email protected].

If you are aged 16 or under, please get your parent/guardian’s permission before you provide any personal information to us.

We will need to process personal data relating to parents or guardians in that case – and we may also need to request for verification documentation to ensure that consent is given or authorised by the holder of parental responsibility.

We do not, and will not, sell any of your personal data to any third party – including your name, email address or any other information you may provide to us. It is not our business to do so – and we want to earn your trust and confidence.

However, we share your data with the following categories of companies as an essential part of being able to provide our services to you, as set out below:

  1. Companies in the group to which Premier Restaurants Malta Ltd. belongs, as sometimes different entities within our group are responsible for different activities (especially licensed ones); This includes Premier Restaurants Malta Ltd. – related entities and members of the Hili Ventures group (our mother group). Related entities and subsidiaries use the information collected to help us improve the content and functionality of our websites; to better understand our customers and markets; and to improve our products and services. Members of the group vary from time to time.
  2. Professional service providers, such as marketing agencies, advertising partners and website hosts who service us in turn to operate our business.
  3. Credit reference agencies, law enforcement and fraud prevention agencies, so we can help tackle fraud.

In most circumstances we will not disclose personal data without an appropriate legal basis, e.g. in order to comply with a court order, to comply with legal requirements and satisfy a legal request, for the proper administration of justice, to protect your vital interests, to fulfil your requests, to safeguard the integrity of the relevant websites operated by us or by such related entities or subsidiaries, or in the event of a corporate sale, merger, reorganisation, dissolution or similar event involving us and/or our subsidiaries and related entities.

We may also provide third parties with aggregated but anonymised information and analytics about our customers and, before we do so, we will make sure that it does not identify you. Anonymous information means it is anonymous.

If we ever have to share data with entities that are outside of the EEA, we will be sure to do so in a manner that complies with the requirements established by the GDPR.

What are cookies?

A cookie is a small text file (typically numbers and letters) that is downloaded onto ‘terminal equipment’ (e.g. your computer or smartphone) when you (or someone else) access a website using that device. Cookies are then sent back to originating website on each subsequent visit – and they are useful because they allow a website to recognize a user’s device and store some information about your preferences or past actions.

Some cookies are needed for the sole purpose of carrying out the transmission of a communication over an electronic communications network – others may be necessary for the provision of a service over the internet, in which case they have to be used.

Other cookies may be desirable to improve your experience, in which case we will ask you for your consent to use them.

What cookies do we use?

The cookies we use are the following:









These are used as an extra layer of security.


Cloudflare is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis.


These are used to understand, improve, and research users visiting and their needs to improve our website’s user experience. For example, we may use cookies to understand what pages a user browses before submitting using the contact form. We do not share information about this analysis with any third parties.


_gid Google Analytics
We use Google Analytics to measure traffic on our website. Google has their own Privacy Policy which you can review here. If you’d like to opt out of tracking by Google Analytics, visit the Google Analytics opt-out page.




How do you change your cookie settings?

Should you wish to amend your cookie preferences, you may click on the banner at the bottom of this page.

Other Passive Information which we collect

Apart from the information you provide us with when using our website, other information is passively collected from you (without you actively furnishing such information) when you navigate through the website. We use various technologies and navigational data collection methods to gather such passive information for various reasons, for example to track how many visitors access our website, the date and time of their visit, the length of their stay and which pages they view. The passive information also aids us to determine which web browsers our visitors use and the address from which they accessed our website – for instance if they connect to our website through clicking on one of our banner ads. This technology does not identify you personally.

We assure you that, unless you have consented, such passive information shall not be combined with personally identifiable information collected elsewhere by our website or respective sites operated by our related entities or subsidiaries.

Premier Restaurants Malta Limited may hold conferences and events from time to time. At such events, we may take pictures or videos of attendees. The legal basis for such processing is the Company’s legitimate interest to build a community and promote its programs and activities. To this end, we have completed a legitimate interest assessment, a copy of which is available upon request.

You have the right to object to such processing at any time by contacting the event organisers or getting in touch with us [email protected]. The photos and videos may be shared with other group companies. The photos and videos will be stored by the Company for a period of five (5) years from the date of the event. With respect to your personal details collected in order to note your attendance to the event, we will usually delete this personal data immediately following the event and no longer than 7 days therefrom, unless you have a direct working relationship with the Company, or one of Hili Ventures subsidiaries.

You will always be informed in advance of such processing and should contact the event organizers should you prefer not to feature in photos and videos taken at an event. Should you wish to exercise any of your rights in relation to your personal data, please refer to the section above entitled “Your Rights”. Should you have any queries about how we process your data, please contact us on [email protected].

Through our website, you may be redirected to our job application site which includes a section where candidates may submit their information for vacancies we have.

We are the data controller for the information you provide during the process unless otherwise stated. For example, if you apply to work at our If you have any queries about the process or how we handle your information please contact us by email or at Premier Restaurants Malta Limited, Nineteen Twenty Three, Valetta Road, Marsa, Malta MRS 3000.

What will we do with the information you provide to us?

All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.

We will use the contact details you provide to us to contact you to progress your application.

We will use the other information you provide to assess your suitability for the role for which you have applied.

What information do we ask for, and why?

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary. The information we ask for is used to assess your suitability for employment.

You don’t have to provide what we ask for, but it might affect your application if you don’t.

Application stage & Short Listing

If you use our online application system, this will be collected by our recruitment department.

We ask you for your personal details including name and contact details, nationality and date of birth. We may also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. Our recruitment team will have access to all of this information.


Our hiring managers shortlist applications for interview. They will not be provided with your name or contact details.


We might ask you to participate in further recruitment tests or occupational personality profile questionnaires; and/or to attend an interview – or a combination of these. Information will be generated by you and by us and if so, this information is held by us for the recruitment exercise and perhaps after if you are selected.

If we make a conditional offer of employment we may ask you for information so that we can carry out pre-employment checks – which may be required to seek assurance as to trustworthiness, integrity and reliability and the possibility to work in Malta. Further processing of your information would be required if we are to apply for a work permit.

Depending on the job requirements, you may be required to provide proof of your identity and/or proof of your qualifications and we may also ask you to show us your police conduct certificate. We may contact your referees, using the details you provide in your application, directly to obtain references. We may also ask you to provide a certificate issued by a medical professional in order to ensure that you are fit for work in advance. 

Final recruitment decisions are made by hiring managers and members of our recruitment team. All of the information gathered during the application process is taken into account. Once an offer is formally accepted and a contract is entered into by both parties, the Employee Privacy Policy will apply. 

Retention Periods

We may ask if you would like your details to be retained in our talent pool for a period of six (6) months, by asking for your explicit consent. If you provide your consent, we may proactively contact you should any further suitable vacancies arise within that period. You may ask us to stop doing this at any time by revoking your consent – however we normally keep information about your application until we decide whether or not to continue with your application. Once it has been decided that your application has been unsuccessful, we will promptly delete your application documents.

You enjoy several rights relating to your personal information:

(i) The right to be informed about how your personal information is being used;

We need to be clear with you about how we process your personal data. We do this through this Privacy Policy, which we will keep as up to date as possible.

(ii) The right to access the personal information we hold about you;

You can access the personal data we hold on you by filling this form and sending to Premier Restaurants Malta Limited by email: [email protected] or deliver to Data Protection Officer at Premier Restaurants Malta Limited , Nineteen Twenty Three, Valetta Road, Marsa MRS 3000 Malta.

(iii) The right to request the correction of inaccurate personal information we hold about you;

We appreciate feedback from you to ensure our records are accurate and up-to-date. If you think that the information we hold about you is inaccurate or incomplete please fill this form and send to Premier Restaurants Malta Limited by email: [email protected] or deliver to Data Protection Officer at Premier Restaurants Malta Limited , Nineteen Twenty Three, Valetta Road, Marsa MRS 3000 Malta.

(iv) The right to request that we delete your data, or stop processing it or collecting it;

You can ask us to delete your personal data; however, this is not an absolute right.

In spite of a request for erasure, we may be justified to keep personal data which we need to keep, e.g. (i) to comply with a legal obligation (for instance, we are required by personal data for VAT reporting purposes); and (ii) in relation to the exercise or defence of any legal claims.

When you ask us to delete your personal data, we assume that you do not want to hear from us again.

If you would like to exercise your right to be forgotten, please fill in this form and send to Premier Restaurants Malta Limited by email: [email protected] or deliver to Data Protection Officer at Premier Restaurants Malta Limited , Nineteen Twenty Three, Valetta Road, Marsa MRS 3000 Malta.


Other than as described above, we will always comply with your request and do so promptly. We would carry out our best efforts to notify any third parties with whom we have shared your personal data about your request so that they could also comply.

(vi) The right to object to certain processing based on legitimate interest;

You have a right to object to our use of your personal information including where we use it for our legitimate interests or where we use your personal information to carry out profiling using automated means.

(vii) The right to request human intervention if automated processing without human intervention is used to make decisions having legal or similar effects on you;

(viii) The right to withdraw consent for other consent-based processing at any time;

(ix) The right to request that we transfer or port elements of your data either to you or another service provider;

You have the right to move, copy or transfer your personal data from one organisation to another. If you do wish to transfer your personal data we would be happy to help.

If you ask for a data transfer, we will give you a copy of your personal data in a structured, commonly used and machine-readable form (e.g. a CSV file format). We can provide the personal data to you directly or, if you request, to another organisation.

When making a transfer request, it would be helpful if you can identify exactly what personal data you wish us to transfer.

In order to request the transfer of your data, please fill this form and send to Premier Restaurants Malta Limited by email: [email protected] or deliver to Data Protection Officer at Premier Restaurants Malta Limited , Nineteen Twenty Three, Valetta Road, Marsa MRS 3000 Malta.

(x) The right to complain to your data protection regulator — in Malta – the Information and Data Protection Commissioner (IDPC)

If you want to exercise your rights, have a complaint, or just have questions, please contact us here [email protected].

Security of your personal data is very important to us.

Where it’s appropriate, our website uses HTTPS to help keep information about you secure. However, no data transmission over the internet can be guaranteed to be totally secure.

We do our best to keep the information you disclose to us secure. Security measures which have implemented to secure information transmitted over our website or stored on our systems include the following:

  • Use of secure servers;
  • Use of firewalls;
  • Use of encryption;
  • Physical access controls at data centres;
  • Information access controls; and
  • Use of back-up systems.

Please understand, however, that no system is perfect or can guarantee that unauthorised access or theft will not occur.

Our website is continuously under review – new functions and features are periodically added and improved to interface, thus changes to our privacy policy may be required from time to time.

We therefore encourage you to check our privacy policy on a frequent basis.

This privacy notice does not cover the links within this site linking to other websites which are not controlled by us. We are not responsible for the collection or use of your personal information from these third-party websites.

Therefore, we encourage you to read the privacy statements on the other websites you visit.

We are always happy to hear from you, whether to make a suggestion but especially if you feel we can do better.

If you have any questions about this Privacy Policy, or if you wish to make a complaint about how we have handled your personal information, please contact us at:

Premier Restaurants Malta Limited

[email protected]

Premier Restaurants Malta Ltd.
Nineteen Twenty Three,
Valletta Road,
Marsa, Malta MRS 3000

We have appointed a Data Protection Officer who may be contacted here: [email protected]

Last reviewed: 4th March 2024



Closed Circuit Television (CCTV) systems are installed in all restaurants of Premier Restaurants Malta Limited and Arcades Limited, as well as our offices located in the Nineteen Twenty Three Building on Valletta Road, Marsa. The use of the CCTV system will be conducted in a professional, ethical and legal manner and any diversion of the use of CCTV security technologies for other purposes is prohibited by this policy e.g. CCTV will not be used for monitoring employee performance.

The controller – the entity responsible for determining the means and purposes for processing – is Premier Restaurants Malta Limited and/or Arcades Limited, depending on the restaurant which you are visiting. The CCTV systems installed at the Premier offices at Nineteen Twenty Three Building are under the joint controllership of Premier Capital plc and Premier Restaurants Malta Limited both with registered address at 1923, Valletta Road, Marsa MRS4000.

Any queries regarding this policy or the processing of personal data as described herein should be addressed to the controllers’ Data Protection Officer, who may be reached at [email protected].


2.1. Company – Premier Restaurants Malta Limited and/or Arcades Limited and/or Premier Capital plc

2.2. Restaurant – any “McDonald’s” restaurant operated by Company

2.3. Offices – Nineteen Twenty Three Building located in Valletta Road, Marsa.

2.4. Customer – any natural person entering the visibility zone of CCTV cameras installed in or outside of the Restaurants

2.5. Data Subject – any natural person whose personal data is processed as a result of the processing activities described in this Policy, including Customers, Company staff and third parties (e.g. contractors, suppliers, etc.)

2.6. IT Department – the IT Department at Premier Restaurants Malta Limited.


We currently use CCTV cameras to view and record individuals on and around our premises. This policy outlines why we use CCTV, how we will use CCTV and how we will process data recorded by CCTV cameras to ensure that we are compliant with data protection law and best practice. This policy also explains how to make a subject access request in respect of personal data created by CCTV.

We recognise that information that we hold about individuals is subject to data protection legislation. We are committed to complying with all our legal obligations and seek to comply with best practice suggestions from the Information and Data Protection Commissioner (IDPC), as the data protection supervisory authority in Malta.

This policy covers all employees, directors, officers, consultants, contractors, freelancers, volunteers, attendees, interns, casual workers, zero hours workers and agency workers and also visiting members of the public.

This policy will be regularly reviewed to ensure that it meets legal requirements, relevant guidance published by the IDPC and industry standards.

CCTV systems are installed (both internally and externally) on the Restaurant premises as well as at our Offices for the purpose of enhancing security of the building and its associated equipment as well as creating a mindfulness among the Data Subjects, at any one time, that a surveillance security system is in operation within and/or in the external environs of the premises during both the daylight and night hours each day. CCTV surveillance at the Company Restaurants and Offices are intended for the purposes of:

3.1. Preventing crime and protecting buildings and assets from damage, disruption, vandalism and other crime;

3.2. managing the complaints from individuals and incidents at the Restaurants and Offices; and

3.3. to assist in the defence of any possible litigation.

This list is not exhaustive and other purposes may be or become relevant.

The lawful ground for processing personal data through the use of the CCTV system is the Company’s legitimate interest, in order to provide safety and security at our Restaurants and Offices and for the above purposes.

4. CCTV in Restaurants and Offices

4.1. The Company has installed as many CCTV cameras in its Restaurants and Offices as are necessary to achieve the purpose of this Policy laid out in Paragraph 3 above.

4.2. For the purpose of this Policy, CCTV cameras have visibility within the kitchen area of the Restaurants, within the lobby and cash registers area, in the managers’ room (office area), in and outside of Play Places and crew room as well as other indoor premises if necessary for achieving the purpose of this Policy. CCTV cameras may also have visibility of the outside premises of the restaurants. CCTV cameras also have visibility in the reception areas at our Offices as well as all corridors and common areas, external terraces and the internal yard.

4.3. Camera locations are chosen to minimise viewing of spaces not relevant to the legitimate purpose of the monitoring. As far as practically possible, CCTV cameras will not focus on any areas where there is a reasonable expectation of privacy. We have also put in place privacy masks in order to limit the viewing angles of our cameras as much as possible.

4.4. Surveillance will not be used to record sound, and images are monitored only by authorised personnel.

4.5. In the event that the Company opens a new Restaurant or Offices, the CCTV system installed in such premises shall be in line with this Policy.


5.1. The following personal data of Data Subjects shall be collected in CCTV recordings:

5.1.1. Image

5.1.2. Location data

5.2. The following data resources may be visible in CCTV recordings:

5.2.1. Car number plates

5.3. Personal data collected in CCTV recordings will not be retained indefinitely but will be permanently deleted once there is no reason to retain the recorded information. Generally, recorded images shall be stored digitally for 7 (seven) days on a computer hard drive located within the Restaurant, then automatically deleted.

5.4. The computer on which the collected CCTV recordings shall be stored as well as live feedback from CCTV cameras shall be visible and located in a separate room, not generally accessible to the public and all employees. Such computer shall be password protected and its password shall be known only to the IT Department and the Director of IT at Premier Capital plc.

5.5. We have engaged APCO Limited (C 8724) as a data processor to in order to install, service and maintain our CCTV cameras. Reasonable contractual safeguards are in place to protect the security and integrity of the data.

5.6. The Company has made every reasonable effort to inform Data Subjects of the presence of CCTV cameras by installing appropriate signage in the Restaurants and Offices indoor premises, as well as the immediate outdoor premises, such as our drive thrus and office terraces.

5.7. Ordinarily, the IT department shall have access to the CCTV recordings. Subject to of the contents of this Policy, the Company shall not share the recordings with any third party, except where required to do so as a result of a legal requirement or on the instructions of law enforcement authorities or a court order.

5.8. CCTV recordings will not be transferred outside the EEA except where legally required.

5.9. In the event that any incident occurs in the Restaurant or in the territory adjoining the Restaurant, which is captured in CCTV recordings, it may be reasonably necessary to keep the CCTV recordings of such incident for longer than the time period stipulated within Article 5.3. of this Policy, so as to protect the lawful interests of the Company, its employees and/or Customers, or in order to comply with a request for a copy of the footage from the Malta Police Force.

5.10. In the event of an incident as described in the foregoing Article 5.9, the recordings may be shared with the Company’s senior management should this be necessary to tackle the incident in question. The footage may also be shared with third parties including but not limited to law enforcement authorities, insurance companies and security service providers as the case may be should this be necessary in order to safeguard the legitimate interests of the Company, or in the interests of the Data Subjects. The Company shall make every reasonable effort to minimize the amount of personal data contained within these incident recordings.


6.1. Under the General Data Protection Regulation (GDPR), Data Subjects may make a request for disclosure of their personal data and this may include CCTV images (data subject access request). A data subject access request is subject to the statutory conditions from time to time in place and should be made in writing.

6.2. In addition to the data subjects’ right of access to the footage, Data Subjects may also make a request for erasure, or object to the processing of their personal data.

6.3. In order for us to locate the relevant footage, any requests for copies of recorded CCTV images must include the date and time of the recording, the location where the footage was captured and, if necessary, information identifying the individual.

6.4. We reserve the right to obscure images of third parties when disclosing CCTV data as part of a subject access request, where we consider it necessary to do so. Kindly note that if we are unable to separate your personal data from that of any other third parties, we may have to deny your request for access to the data.

6.5. Data Subjects also have the right to lodge a complaint at the Office of the Information and Data Protection Commissioner as data protection supervisory authority in Malta if they feel it is necessary to do so. Nevertheless, we would appreciate it if you could get in touch with us first on [email protected] so that we may resolve the issue.