All processing of personal data that is conducted following this Policy is subject to the following documents:
the Malta Data Protection Act (hereafter referred to as the “DPA” – Chapter 586 of the Laws of Malta) and any other regulations issued under the DPA which may be amended from time to time;
Regulation (EC) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals concerning the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (from now on “Regulation” or “GDPR”).
The DPA and the GDPR are from now on jointly referred to as “data protection acts”.
The provider of the website defines the means and purposes for processing Personal Data and acts as a “Data Controller” according to the applicable data protection laws.
“Data controller” is a physical or legal person (public authority, institution or other entity) which independently or together with others defines the purposes and means of personal data processing.
“Data Processor” is a natural or legal person (public authority, agency or other entity) who processes personal data on behalf of the controller.
“Personal Data” means any information that identifies you individually or relates to an identified or identifiable natural person
Only responsible persons have access to personal data. We store only the minimum user data necessary to identify and process user information – email and user name.
Personal data stored with us is protected by processes and security systems that meet the highest industry standards. We are only obliged to process personal data if such processing is based on real and legal grounds on one of the legal grounds stipulated in the GDPR.
The legitimate interest arises when we have a business or commercial reason for processing personal data. In this case, we are obliged to protect all your personal data and the way it is processed and to ensure that such processing does not infringe on your personal interests.
If and when we decide to process your personal data based on legitimate interests, we will notify you of the nature of the interest and describe the process. You will be able to ask any questions or objections related to the processing of your personal data. It should be noted that the data processing process will not be terminated if the user’s objection is not strong in relation to the reason.
We only process your personal data with your permission unless another legal basis exists for such processing. Such a basis may be in compliance with legal obligations or legal interest.
In cases where we process your personal data based on your consent, you have the right to withdraw your consent at any time. In such a case, we determine whether data processing is possible without your consent. If data processing without your consent is permissible, we inform you.
All personal data obtained from you in the course of using our website and services are protected in the best possible way. The information only is used for purposes that are not prohibited by applicable data protection legislation, as well as any other applicable laws. We only store your personal data for as long as necessary (taking into account the purpose for which it was originally collected).
The criteria we use to determine what is “necessary” depend on the specific Personal Data in question and the specific relationship we have with you (including its duration).
We rely on legal requirements to determine how long the Personal Data last. For example, any data that falls within the category of “Account” we retain for ten (10) years, as required. We also set out the laws and regulations to which third parties (or users) may refer. If we discover such laws/regulations, we retain the data for as long as it is useful for our protection.
In cases where your Personal Data is no longer required, we will securely delete or anonymise it.
Refusal to provide Personal Data will prevent us from fulfilling our legal and regulatory obligations. It may also interfere with the provision of the services stated on the website. Therefore, the refusal to provide data may result in the inability to provide you with our services/products.
In the table, we specify the categories of personal data we process. We also provide the purpose of the data processing and the legal regulations enabling us to carry out the processing.
The same data may be processed for different purposes and, accordingly, there is a separate legal basis for each purpose.
|Personal data categories||Processing purpose||Legal basis|
|Contact data (name, surname, email, mailing address, etc)||To create your user account and provide you with relevant information.||Contractual Necessity|
|Identity data (name and surname, birth date, ID, gender, etc.)||To provide you with the best customer service.||Contractual Necessity|
|Contact data||To provide you with newsletters adding you to the mailing list.||Your consent|
|Data for marketing purposes||To personalize your experience and provide you with requested marketing materials||Your consent|
For the avoidance of any doubt, we would like to point out that in those limited cases where we cannot or prefer not to rely on another legitimate basis (e.g. our legitimate interests), we will process your Personal Data with your consent.
Where we process based on your consent (which we will never assume, but which we will receive clearly and explicitly from you), you have the right at any time and in any event to provide us with your consent in the same way as you provided it.
If you exercise your right to withdraw your consent at any time (by writing to us at the physical or email address below), we will determine if, at this stage, there is an alternative legal basis for processing your Personal Data (for example, by virtue of a legal obligation to which we are subject), when we will be authorised (or even obliged) to process your Personal Data without your consent and if so, will notify you accordingly.
When we request such Personal Data, you may always refuse, however, if you refuse to provide us with the necessary data required to provide the requested services, we will not necessarily be able to provide such services to you (especially if consent is the only legal basis available to us).
Just to clarify, consent is not the only basis that allows us to process your Personal Data. In the last previous section, we indicated the various grounds on which we rely to process your Personal Data for specific purposes.
When you visit our site, we automatically collect specific categories of personal information through cookies and similar technologies.
We may be required to use and store personal information to:
Every reasonable effort is made to ensure that any Personal Information we may hold about you is current and as accurate as possible. You can check the information we have about you at any time, and if you find any inaccuracies, we will correct them and delete them if necessary. A detailed list of your legal rights in relation to any applicable data protection legislation can be found below.
Links that we provide to third-party websites are clearly marked and in no event shall we be responsible for (and cannot be deemed to have endorsed in any way) the content of such websites (including any applicable privacy policies or data processing operations of any kind). We encourage you to review the privacy policies of any such third party websites.
DATA MIGRATION OUTSIDE OF THE EEA
Your personal data may only be transferred to countries outside the scope of what the European Commission considers to offer an adequate level of protection (“white list countries”, which are listed here https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en).
Data may be transferred under the following circumstances:
In the case of transfers of personal data outside the EEA, we guarantee the application of all relevant safeguards to ensure the same protection and the same standards as would apply in the EEA. You may obtain a copy of these warranties by contacting us at the address below.
We undertake to assist you if you wish to exercise any of the following rights in relation to personal data. In some cases, we will need to identify you before we can satisfy a request to exercise that right.
You have the right to ask us if we process any personal data that concerns you. If the data is being processed, you can access the data and additional information:
You have a right to ask us to have any inaccurate or incomplete personal data relating to you rectified and/or completed.
You have the right to ask us to delete your Personal Data, and we will do so without undue delay. This right will be exercised in such circumstances:
In any case, we are not legally obliged to fulfil your erasure request if the processing of your personal data is necessary to fulfil a legal obligation imposed on us.
You have the right to ask us to restrict the processing of your personal data. You can exercise this right in such cases:
If you exercise this right, we will only be able to process your personal data in the event that we do so:
You have the right to request the personal data you have previously provided from us. We will provide you with such data in a structured, commonly used, machine-readable format or (if technically possible). You can only exercise this right if:
The processing of your data is based on your consent or on the performance of a contract with you.
The processing is carried out by automated means.
For detailed information on this right, see “Processing on the basis of consent” above.
In some cases, you have the right not to consent to the processing of personal data. In this case, we may only process your personal data for the following reasons:
Processing will only be terminated if the Data Controller has not provided convincing and legitimate reasons that outweigh the objections you have raised.
In cases where your data is processed for direct marketing purposes, you have the right to object to the processing of your personal data at any time.
As a data subject, you can file a complaint with any relevant data protection supervisory authority at any time if you believe that we are infringing your rights. The competent Data Protection Authority in Malta is the Office of the Data and Information Protection Commissioner (‘IDPC’).
Notwithstanding this right, we kindly ask that you try to resolve any issues that you may have with us before submitting a complaint to IDPC.