Policies

Overview

The Santa Venera Girl Guides unit (“SVGG”, “we”, “us”) operates the public site, member portal, and leader/admin dashboard described on this domain. We follow the policies below to meet EU and Maltese requirements, including GDPR, ePrivacy Directive, safeguarding expectations from Malta Girl Guides (MGG), and Cloudflare’s acceptable use standards.

Last updated: 19 December 2025. Future revisions will be logged here and signposted via the portal announcements feed.

Portal Terms & Conditions Terms of Use Privacy & Data Cookies & Tracking Safeguarding & Conduct Your Rights Contact & Requests

Portal Terms & Conditions

How the SVGG portal is used

Full text below (Last updated: 19 Dec 2025)

The portal is for Girl Guiding use only. By registering or using the portal you confirm you have read and accept these conditions:

Who this applies to: Parents/guardians managing children’s membership, adult members/volunteers, and authorised leaders/admins.

Guardian-led use: If you manage a child’s data, you confirm you are their parent/guardian (or legally authorised) and will keep all personal and medical details accurate and up to date. Children under 16 should not use the portal unsupervised.

Purpose-only processing: The portal supports membership, attendance/activity planning, safeguarding and wellbeing, emergency readiness, and communications. It is not used for advertising, marketing, profiling, or automated decision-making.

Children’s personal data: Not sold or shared for commercial purposes. Access is restricted to authorised leaders and approved technical support who need it to operate the portal safely.

Medical/sensitive data: Treated as special category data and used only to protect health, safety, and wellbeing. It may be shared in emergencies or where legally required. Withdrawing optional medical info may limit participation in activities requiring it.

Accuracy: SVGG relies on guardians to provide correct, current information. SVGG/volunteers are not responsible for issues arising from incomplete or incorrect data supplied by users.

Acceptable use: Keep login details secure; use the portal only for legitimate SVGG activities; do not access others’ data; do not upload offensive/harmful content; do not bypass security controls. Breaches may lead to suspension/removal.

Safeguarding & conduct: Digital safeguarding follows MGG policies. Media sharing (photos/stories) happens only with guardian consent. Concerns are escalated through safeguarding channels.

Data protection & security: We apply appropriate technical/organisational measures (secure hosting, encrypted connections, access controls, logging). Breach notifications follow GDPR requirements.

Your rights: Access, correct, delete where possible, withdraw consent for optional processing, restrict/object, and request copies. We aim to respond to verified requests within 30 days.

Changes: Terms may be updated; continued use means acceptance of the latest version.

Contact: santavenera@maltagirlguides.com. If unresolved, you may contact the Office of the Information and Data Protection Commissioner (IDPC) in Malta.

Terms of Use

Conditions for accessing our digital services

By using our public site, portal, or admin dashboard you agree to:

Use the tools solely for legitimate Malta Girl Guides activities and communications.
Keep login details, passcodes, and session cookies secure. Sharing or re-posting portal/admin content on public channels is prohibited.
Respect intellectual property rights related to MGG branding, photography, resources, and curricula.
Report any suspected misuse, data exposure, or security issue immediately to the Unit Leader (contact below).

Leaders may suspend or revoke access if the terms are breached. Severe cases will be escalated to the Malta Girl Guides Association and, where appropriate, regulators.

Privacy Notice

How we collect and use personal data

For the purposes of the EU General Data Protection Regulation (GDPR), the Santa Venera Girl Guides unit (“SVGG”, “we”, “us”) is the data controller for personal data collected through this website, the member portal, and related digital forms.

The website, portal and leader/admin dashboard are hosted and technically operated by secure.mt, a Maltese cybersecurity and digital services provider, which acts as our data processor. secure.mt processes personal data only on our documented instructions, in order to provide hosting, security, and technical support.

This includes parent/guardian contact details, member registration data, activity preferences, medical/allergy notes shared with consent, newsletter subscriptions, and leader credentials.

Lawful bases for processing

Legitimate interest: running the unit safely, keeping members and guardians informed, tracking attendance, and managing guiding activities.
Consent: optional communications such as newsletters, photography/media permissions, or medical disclosures that are not strictly required. Consent can be withdrawn via email at any time.
Legal obligation: safeguarding records, incident reporting, and financial reporting for events and membership.

Hosting, storage and access

All portal and site data is stored within secure.mt’s Cloudflare Pages environment, including Cloudflare D1/SQLite databases. Cloudflare primarily processes data within the European Union. Where data is routed outside the EU due to Cloudflare’s global network, such transfers are protected using EU Standard Contractual Clauses (SCCs) and additional technical safeguards.

Access to personal data is limited to:

secure.mt (processor): for hosting, system administration, security monitoring, backups, and troubleshooting. secure.mt does not use the data for its own purposes.
Authorised SVGG leaders (controller representatives): for registrations, event and attendance management, communications with guardians, and safeguarding.

Data sharing and processors

We do not sell personal data or publish membership lists. We share data only where necessary for guiding activities and in line with GDPR:

Malta Girl Guides Association leadership, for coordination, safeguarding, and official reporting.
Event partners (such as camp or activity providers) when needed for bookings and safety, subject to appropriate safeguards.
Trusted service providers acting as data processors, including:
- Cloudflare – hosting, CDN, firewall, access control, and serverless functions.
- Cloudflare D1 / SQLite – secure data storage.
- Resend – transactional email delivery (for example, portal access emails).

All processors are bound by written data processing agreements and must implement appropriate technical and organisational measures to protect personal data in line with EU GDPR.

Retention

Most membership records are retained for up to three guiding years after a member leaves, unless a longer period is required for safeguarding or legal obligations. Newsletter subscriber data is removed within 30 days of an unsubscribe request. Technical logs and backups retained by secure.mt are kept only for as long as necessary for security and operational purposes.

Cookies & Tracking

Minimal cookies for access and security

Our public site uses only essential cookies (Cloudflare security cookies). The portal and admin dashboard set signed session cookies to verify passcodes or Cloudflare Access tokens. We do not run advertising pixels or analytics that profile individuals.

Session cookies: Required for logging into the member portal. These are httpOnly, SameSite, and expire automatically.
Cloudflare Access cookies: Required for the admin dashboard. Managed by Cloudflare Access policies configured by MGGA.

You can block cookies at the browser level, but the portal/admin features will not function without the session cookies noted above.

Your Rights

EU GDPR data subject rights

Members, guardians, and leaders can exercise the following rights:

Access and receive a copy of your personal data.
Request corrections where data is inaccurate or incomplete.
Request deletion when data is no longer required (subject to safeguarding/legal retention rules).
Restrict or object to processing for specific purposes.
Withdraw consent for newsletters, media use, or medical details at any time.
Request data portability for information you provided electronically.

We aim to respond to verified requests within 30 days. Complex requests may take an additional 30 days; we will notify you if more time is required.

Safeguarding & Conduct

Protecting minors and leaders online

Sensitive data (medical, safeguarding, incident records) is stored in restricted functions/endpoints and accessed only by vetted leaders.
Members under 16 may only access the portal with guardian guidance; guardians manage registrations and data changes.
Leaders follow MGGA safeguarding flowcharts for reporting concerns; urgent issues are escalated to the District Commissioner and, if needed, state authorities.
Images or stories from events are published publicly only with guardian consent and in line with MGGA communications policies.

Offline safeguarding and behaviour policies continue to apply at meetings, camps, and events. This digital policy extends those expectations to all online interactions managed by SVGG.

Contact & Requests

How to reach us about these policies

Please email santavenera@maltagirlguides.com for any privacy, policy, or safeguarding query. Include:

Your name and contact details.
The member or volunteer you’re writing on behalf of (if applicable).
Which right or policy the request refers to.
Any supporting information that helps us verify and respond quickly.

You may also escalate unresolved privacy issues to the Office of the Information and Data Protection Commissioner (IDPC) in Malta or to the Data Protection Authority where you reside.