Privacy Policy
Updated: July 2023
Welcome to Payhound's privacy policy (the "Policy").
Payhound Limited ("Payhound"; "we"; "us"; "our"), respects your privacy and values its importance, and is committed to protecting your personal data. The purpose of this Policy is to set out the basis on which we will process your personal data when:
- You approach us to provide you with our cryptocurrency payment processing services, cryptocurrency sale and purchase services and/or cryptocurrency wallet services (the "Services");
- you receive the requested Services; and/or
- you visit and use our website www.payhound.com (the "Website"), regardless of where you visit and use it from.
We process your personal data in an appropriate and lawful manner, in accordance with the General Data Protection Regulation ((EU) 2016/679) (the "GDPR") and the Data Protection Act (Chapter 586 of the Laws of Malta), as may be amended or replaced from time to time (the "Act") (together, the GDPR and the Act shall be referred to as the "Data Protection Laws").
This Policy details what personal data we may collect about you and the manner in which we handle it, our obligations to process your personal data responsibly, your data protection rights as a data subject and how the Data Protection Laws protect you.
1. IMPORTANT INFORMATION AND WHO WE ARE
This Policy is aimed to ensure you are fully informed on how we will collect and process your personal data.
It is important that you read this Policy together with any other privacy or fair processing notice we may provide from time to time when collecting your personal data so that you are fully aware of the manners in which we use and safeguard your personal data.
The Website and the Services are not intended for minors below the age of 18 years. We do not knowingly collect data relating to minors.
I. CONTROLLER
As data controllers, we are responsible for the Website. We are also the data controller for any personal data which we collect or receive and which we process in connection with the Services and/or the Website.
Payhound has a dedicated data protection contact who is responsible for overseeing queries in relation to this Policy and for handling any data subject requests. If you have any question about this Policy, including any requests to exercise your legal rights, please contact our team. Our full details are as follows.
OUR CONTACT DETAILS
Name of the company: |
Payhound Limited |
Postal address: |
Level 0A, Centris Business Gateway II, Triq is-Salib tal-Imriehel, Zone 3 Central Business District, CBD 3020, Birkirkara, Malta |
Email address: |
[email protected] |
II. CHANGES TO OUR POLICY AND YOUR DUTY TO INFORM US OF CHANGES
This Policy was last updated: July 2023.
We may update this Privacy Policy from time to time. Any changes to our policy will become effective upon the publishing of the revised policy on the Website. The use of this website following such changes constitutes your acceptance of the revised policy then in effect. Please refer to this page every so often.
It is important that the personal data we hold about you is accurate and current at all times. Otherwise, this will impair our ability to provide you with the requested Services (amongst other potential and salient issues). Please keep us informed if your personal data changes during the course of our engagement and professional relationship with you.
III. THIRD PARTY SITES
This Website may, from time to time, include links to third party websites, plug-ins and applications. Clicking those links may permit third parties to collect or share data about you. We do not control these third party sites and are not responsible for their privacy policies, notices or statements. Please read the privacy policy of every third party site you visit or use.
2. PERSONAL DATA COLLECTION
Personal data means any information on or about an individual from which that individual can be identified. It does not include data where the identity has been removed (anonymous data).
Personal data does not include information relating to a legal person. In this regard, information such as a company name, its company number, registered address and VAT number does not amount to personal data in terms of the Data Protection Laws. Therefore, the collection and use of information strictly pertaining to a legal person does not give rise to data controller obligations at law. We will still naturally treat any and all such information in a confidential manner.
I. WHOSE PERSONAL DATA WE COLLECT
This Policy is intended to govern the collection of the personal data pertaining to the below individuals:
- Website visitors: individuals visiting our website;
- Visitors at our premises: individuals visiting our premises for any reason, inclusive of meetings, scheduled maintenance or the provision of services;
- Third parties generally: this is a generic category of data subjects that typically includes individuals with whom we do not have a direct contractual relationship, such as prospective individual service providers and persons contacting Payhound with enquiries or for any other reason;
- Prospective merchants: individuals who have expressed an interest in engaging our Services;
- Individual shareholders, company officers and/or executives of prospective merchants: individuals who are generally owners and/or legal and judicial representatives of a prospective merchant when the latter is a legal person.
- Customers and suppliers of our merchants: individuals being customers of our merchants, through whom they make use of the Services.
- Individual shareholders, company officers and/or executives of legal persons that are customers or suppliers of our merchants: individuals who are generally owners and/or legal and judicial representatives of legal persons, the latter being customers or suppliers of our merchants, through whom such legal persons make use of the Services.
If you provide us with personal data about someone else, it is your responsibility to ensure that you are entitled to disclose that personal data to us. You must ascertain that these persons comprehend how their details will be used, and that they have allowed you to disclose that information to us, as well as allowed us, and our outsourced services providers, to process it.
II. DATA WE COLLECT ABOUT YOU
When processing personal data pertaining to you, we may, depending on the case at hand, collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identification Data: includes name, surname, title, date of birth, username or similar identifier (with regards to the Website), identification documents and details, such as identity card and passport information. We may also request additional information in order to evidence your identity, particularly if we are required by law to do so.
- Contact Data: includes postal address, email address and telephone and/or mobile number.
- Compliance Data (AML, Combatting Funding of Terrorism ("CFT") and Know-Your-Client ("KYC")): includes Identification Data and Contact Data, and shall also cover, as necessary, proof of residence, such as a utility bill, professional references, tax domicile information, financial status information, such as bank statements, source of wealth and source of funds, KYC (database) checks and any other information or documentation which may be required from time to time by the applicable rules and regulations. In carrying out its KYC checks, Payhound may also come across criminal record and conviction information, which it shall only process in strict accordance with the law.
- Financial Data: includes bank account and e-wallet details, as well as any relevant taxation data (this includes any applicable income tax / VAT information).
- Investment Data: includes information about your investment objectives, experience as well as prior investments.
- Transactional Data: includes information about the transactions carried out by end users of our customers on or via our electronic platform.
- Cookie Data: includes information collected via cookies used on our website, as better explained in our Cookie Policy.
In all cases, we may request additional and proportionate information if and when we deem such to be necessary.
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Cookie Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Policy.
We do not collect any sensitive personal data, such us ethnic origin, religious beliefs, or sexual orientation, about you.
If you fail to provide personal dataWhere we need to collect personal data by law, or pursuant to our agreement, and you fail to provide that data when requested, we may not be able to provide you with your requested Services. In certain cases, particularly where it relates to Compliance Data, we may even need to exercise our prerogative to terminate the Services, or otherwise decline to enter into professional relationship with you (as applicable). We will notify you if this is the case at the time.
III. HOW DO WE COLLECT YOUR PERSONAL DATA?
We use different methods to collect your personal data. Any personal data collected is a result of, and relates to, your relationship with us. We will collect personal data as follows:
Website visitors: we collect Identification Data and/or Contact Data as submitted to us by yourself if you decide to utilise the 'Contact Us' form on and through our Website. Furthermore, and upon accessing our Website, Cookie Data is processed by ourselves and by our third party processors throughout the duration of your session. More information on the use of cookies on our Website is found in our Cookie Policy.
Visitors at our premises: upon entering into our Premises, our front desk may manually collect the Identification Data and/or Contact Data that would be deemed proportionate and necessary in the circumstances. We may also hold images of you captured by our CCTV cameras.
Third parties generally: in each of the following categories, Identification Data and Contact Data are usually collected through direct interaction with the data subject:
- Prospective service providers: when you, as a prospective individual service provider, express an interest in doing business with us, and during the course of our negotiations or dealings;
- Persons contacting us: upon contacting us by means other than our Website, such as through a telephone enquiry or written enquiry through an instant messaging application; and
- Representatives/agents: when an individual has been sent to deal with us on behalf of another entity, be it another individual or a third party. For the purposes of this Policy, individual shareholders, company officers and/ or executives of prospective merchants that are legal persons, such as companies, comprise a separate category of data subjects, and shall accordingly be treated as such.
Prospective merchants: we collect your personal data when you express an interest in engaging our Services, and this is typically done through:
- Direct interactions, through meetings, calls, email correspondence or by other means, usually when you submit the relevant Identification Data, Contact Data, Compliance Data, Financial Data and Investment Data to us; and
- Third parties and other available sources, such as the Malta Business Registry, company registers of other jurisdictions, and from electronic data searches, online search tools, anti-fraud databases and other third party databases, sanctions lists and general searches carried out via online search engines.
Individual shareholders, company officers and/or executives of prospective merchants: we collect your personal data when the prospective merchant, of which you are a shareholder, company officer or executive, expresses an interest in engaging our Services, and this is typically done through:
- Direct interactions, through meetings, calls, email correspondence or by other means, usually when you submit the relevant Identification Data, Contact Data and Compliance Data to us; and
- Third parties and other available sources, such as the Malta Business Registry, company registers of other jurisdictions, and from electronic data searches, online search tools, anti-fraud databases and other third party databases, sanctions lists and general searches carried out via online search engines.
Customers and suppliers of our merchants: we collect your personal data when a transaction made by yourself, through our merchant, over our electronic platform is deemed to present a higher risk, and such information is typically collected through our merchant.
Individual shareholders, company officers and/or executives of legal persons that are customers or suppliers of our merchants: we collect your personal data when a transaction made by the legal person of which you are an individual shareholder, company officer or executive, through our merchant (of which said legal person is a customer or supplier), over our electronic platform is deemed to present a higher risk, and such information is typically collected through our merchant.
3. USE OF PERSONAL DATA
We will only use your personal data when the Data Protection Laws allow us to do so. Most commonly, we will use your personal data in the following circumstances:
- where you wish to formally engage our Services;
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
- where we need to comply with our legal and professional obligations to third parties.
We have set out below, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data pursuant to more than one lawful ground or basis, depending on the specific purpose for which we are using your personal data.
DATA SUBJECT |
DATA |
LEGAL BASIS IN TERMS OF GDPR |
PURPOSE |
---|---|---|---|
Website Visitors |
Identification Data Contact Data |
a. Protection of our legitimate interests (or those of a third party), such that we may require this information for security, administrative and logistical purposes in the general course of our business, as well as to handle any relevant issues that may arise on a day-to-day basis. Legitimate interests shall be understood as our interests to conduct and manage our business affairs appropriately, to protect our reputation, and to provide our clients and website users with a professional and secure experience. We make sure we consider and balance any potential impact on your rights before we process your personal data for our legitimate interests. Unless you have consented or it is otherwise required or permitted by law, we do not use your personal data for activities where our interests are overridden by the impact on you.] |
We may collect your personal data in order to stay organised and be in a position to respond to your queries with the intention of growing our customer base and network. |
b. Consent. |
We will, if you so desire, and based on the information you provide, respond to your queries and/ or provide you with further information about our Services. |
||
Website Visitors |
Cookie Data |
a. Protection of our legitimate interests, such that we require this information in order for our website to function securely. |
Please refer to our Cookie Policy for further information. |
Visitors at our Premises |
Identification Data Contact Data |
a. Protection of our legitimate interests (or those of a third party), such that we may require this information for security, administrative and logistical purposes in the general course of our business, as well as to handle any relevant issues that may arise on a day-to-day basis. |
In this regard: - We may keep and update a visitor log which identifies the people that have visited our premises; and - We will also be positioned to defend legal proceedings, pursue any available remedies, or limit the damages that we may sustain. |
b. For reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued. |
We strive to ensure that our premises, as well as our data, are kept secure. Aside from keeping a visitor log, information we record about visitors may be transmitted to law enforcement and other authorities should the need arise. |
||
c. Consent. |
We will, if you so desire, and based on the information you provide, respond to your queries and/ or provide you with further information about our Services. |
||
Third parties generally |
Identification Data Contact Data |
a. The identification of the specific legal ground would be dependent on the case at hand. However, the more common scenarios of data Processing in this case are supported by the following legal grounds: (a) Adherence to our legal obligations generally and as applicable; (b) Eventual performance of a contract with you or a person you represent; (c) Protection of our legitimate interests (or those of a third party), such that we may require this information for security, administrative and logistical purposes in the general course of our business, as well as to handle any relevant issues that may arise on a day-to-day basis. (d) Consent. |
The specific purpose is established on a case-by-case basis. |
Prospective merchants |
Identification, Contact, Compliance, Financial and Investment Data |
a. Adherence to our legal obligations, particularly as deriving from the Prevention of Money Laundering Act (Chapter 373 of the Laws of Malta) (the "PMLA"), the Prevention of Money Laundering and Funding of Terrorism Regulations (Subsidiary Legislation 373.01 of the Laws of Malta) (the "PMLFTR") and the relevant Implementing Procedures (the "IPs") as may be published by the Financial Intelligence Analysis Unit (the "FIAU"). |
In this regard: - We will verify your identity through our KYC processes; - We will be able to determine if we may enter into a contractual relationship with you; - We will be able to detect, prevent, and/or report fraud or any other criminal activity that comes to our knowledge; and - We will be able to fulfil any external mandatory reporting requirements that we may have with the FIAU, the Malta Financial Services Authority (the "MFSA"), the executive police and any other authorities. |
b. Adherence to our legal obligations, as primarily deriving from the Virtual Financial Assets ("VFA") Act (Chapter 590 of the Laws of Malta), the VFA Regulations (Subsidiary Legislation 590.01 of the Laws of Malta), and Chapter 3 of the VFA Rulebook issued by the MFSA. |
In this regard: - Generally, we will be able to fulfil our legal obligations as a licensed entity under the VFA legal framework; - We will be able to classify the entity you represent, being our prospective customer, as an Experienced or Non-Experienced Investor, in terms of the VFA Rulebook. |
||
c. Protection of our legitimate interests (or those of a third party), such that we may require this information for administrative and logistical purposes in the general course of our business, as well as to handle any relevant issues that may arise on a day-to-day basis. |
In this regard:
- We will require this information to eventually enter into a contract with you if we are to provide our Services; - We will develop and improve the manners in which we deal with financial crime; - We will be able to assist and cooperate in any criminal or regulatory investigations as may be required of us; and - We will also be positioned to defend legal proceedings, pursue any available remedies or limit the damages that we may sustain |
||
Individual Shareholders, Company Officers and/ or Executives of Prospective Merchants |
Identification Data Contact Data Compliance Data Investment Data |
a. Adherence to our legal obligations, particularly as deriving from the PMLA, the PMLFTR and the relevant IPs as may be published by the FIAU from time to time. |
In this regard: - We will verify your identity through our KYC processes; - We will be able to determine if we may enter into a contractual relationship with the entity you represent (for example, if we are processing Compliance Data about a director who is representing a prospective corporate customer); - We will be able to detect, prevent, and/or report fraud or any other criminal activity that comes to our knowledge; and - We will be able to fulfil any external mandatory reporting requirements that we may have with the FIAU, the MFSA, the executive police and any other authorities |
b. Adherence to our legal obligations, as deriving from the VFA Act, the VFA Regulations, and Chapter 3 of the VFA Rulebook issued by the MFSA. |
In this regard: - Generally, we will be able to fulfil our legal obligations as a licensed entity under the VFA legal framework; - We will be able to classify the entity you represent, being our prospective customer, as an Experienced or Non-Experienced Investor, in terms of the VFA Rulebook. |
||
c. Protection of our legitimate interests (or those of a third party), such that we may require this information for administrative and logistical purposes in the general course of our business, as well as to handle any relevant issues that may arise on a day-to-day basis. |
In this regard: - We will require this information to eventually enter into a contract with the entity you represent if we are to provide the Payhound Services; - We will develop and improve the manners in which we deal with financial crime; - We will be able to assist and cooperate in any criminal or regulatory investigations, as may be required of us; and - We will also be positioned to defend legal proceedings, pursue any available remedies or limit the damages that we may sustain. |
||
Customers and suppliers of our merchants |
Compliance, Financial and Transactional Data |
a. Adherence to our legal obligations, particularly as deriving from the PMLA, the PMLFTR and the relevant IPs as may be published by the FIAU from time to time. |
We will require this information in order to investigate high risk transactions made by end users of our customers over our electronic platform. |
Individual Shareholders, Company Officers and/ or Executives of customers or suppliers of our merchants that are legal persons |
Compliance Data |
a. Adherence to our legal obligations, particularly as deriving from the PMLA, the PMLFTR and the relevant IPs as may be published by the FIAU from time to time. |
We will require this information in order to investigate high-risk transactions made by end users of our customers over our electronic platform |
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Website may become inaccessible or not function properly. This Policy should be read in conjunction with our Cookie Policy.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose, or we are obliged to process your data by applicable laws or court/enforceable orders.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without the need to obtain your consent, in compliance with the above rules, where this is required or permitted by law.
4. DATA SECURITY
We have implemented appropriate security measures to each data form so as to be able to prevent your personal data from being accidentally lost, altered or disclosed in an unauthorised manner. These include:
- Information security means, such as:
- Appropriate firewalls and security software, inclusive of anti-malware and anti-virus software;
- data segregation mechanisms and user access control;
- robust authentication measures;
- encryption;
- source code security;
- pseudonymisation of data;
- appropriate data backup measures;
- wi-fi network segregation, allowing for a separate 'Guest' network;
- mobile device management solutions; and
- Physical security means, such as fire alarms, implemented at our premises.
We also carry out periodical reviews of our data security measures and regularly perform vulnerability scans and penetration testing on our IT systems, in order to ensure that our IT security is constantly up to standard.
In addition, we limit access to your personal data to those employees, and other third parties who have a business need to know. These persons will only process your personal data on our instructions and are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
5. DATA RETENTION
We retain your personal data only for as long as we have a valid legal reason to do so. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Our standard practice is to determine whether there are any specific laws permitting or even obliging us to keep certain personal data for a certain period of time, in which case we will typically keep the personal data for the maximum period indicated by any such law.
Without prejudice to the hereunder, we would also determine whether there are any laws and/or contracts that may be invoked against us by you and/or third parties and if so, what the prescriptive periods for such actions are. These are usually two or five years. In the latter case, we will keep any relevant personal data that we may need to defend ourselves against any claims, challenges or other such actions by you and/or third parties for such time as is necessary.
Compliance Data and Investment Data will generally be retained for a minimum period of five years following termination of the business relationship or potential business relationship between us and yourself, between us and the entity you represent, or between us and our customer of which you are an end user, as may be the case. This is primarily so as to ensure that we are in line with our legal obligations as deriving from the PMLA, the PMLFTR and the IPs. We may, however, retain the aforementioned data for longer periods when authorised or obliged to do so by the FIAU, other relevant authorities or any applicable legislation.
Transactional Data pertaining to customers of our merchants shall be kept for a minimum period of 10 years from expiry or termination of our business relationship with said customers. This period is based on our legal obligations as emanating from the VFA Rulebook published by the MFSA.
Financial Data, as well as any reasonably related information, shall generally be retained by us for a period of 10 years. The period has been established on the basis of Payhound's record-keeping obligations in its capacity as a private limited liability company under the applicable laws relating to corporate compliance and taxation.
In all situations, and for the purpose of clarity, we may retain your data for longer than the abovementioned periods if we believe - and can accordingly justify - that we are bound to do so, or that any such extended period of retention will protect our legitimate interests (for example, in the case of ongoing legal proceedings).
In the instances not outlined above, personal data pertaining to individuals as governed by this Policy shall be retained for a period which is to be determined on an ad hoc basis, and such depending on the nature of the data collected and the purpose thereof in accordance with the rationale applied as described in this section 5.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
For information relating to the retention of Cookie Data, please refer to our Cookie Policy.
Kindly contact us for further information regarding our data retention practices.
6. DISCLOSURE
We may have to grant access to, disclose or share your personal data with the parties set out below for the purposes set out in the table in Section 3:
IT development services |
Service providers who help us in developing software necessary for the running of our business. |
IT backup and cloud services |
Service providers who assist us in relation to backups for business continuity purposes so that your personal data is not lost. |
Administration | Service providers who provide administrative assistance in order to enable us to better organise and streamline our internal administrative processes. Within this category, we are also considering service providers that will assist us in our onboarding process, such as fraud prevention and identity verification agencies and service providers, that shall undertake required due diligence and anti-fraud checks via the relevant databases. |
Third party consultants and professional advisors | Service providers who assist us in various matters, including lawyers, accountants, insurers, auditors and security consultants. |
Regulators, courts, law enforcement and other authorities | Entities that may require the disclosure of processing activities in certain circumstances, such as the FIAU, the MFSA and the executive police. |
Under normal circumstances, we will not disclose personal data to other parties not mentioned above without your consent. There may however be times where we may need to do so, such as when abiding by a court order, for the proper administration of justice, in complying with a legal request or a legal requirement, to report actual or suspected fraud, money laundering or other criminal activity, to protect your vital interests, and/ or to fulfil your requests.
We require all third parties with whom we share personal data to respect the security of such personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our documented instructions.
7. INTERNATIONAL TRANSFERS
Generally, we do not transfer your personal data to persons or entities outside the EU and the European Economic Area (the "EEA"). However, should this become necessary:
- for the performance of contractual or pre-contractual obligations between you and us;
- for the purpose of IT software support/security;
- for adherence with our legal and/ or regulatory obligations;
- for the establishment, exercise or defence of legal claims; or
- for any other reason where any such transfer would be permitted in terms of law.
We shall endeavour to only transfer personal data to countries in the EU or EEA or to third countries outside the EU or EEA which are deemed to provide an adequate standard of protection for such data by the European Commission. In the absence of an adequacy decision, we will use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
8. YOUR RIGHTS
As a data subject, and under certain circumstances, you have certain data protection rights at law:
- ACCESS: you have the right to access your personal data and request a copy thereof.
- RECTIFICATION: you have the right to rectify any incorrect personal data that we may hold about you.
- ERASURE: you have the right to be forgotten, which enables you to ask us to delete your personal data where there is no good reason for us continuing to process it. Note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, and if we are so permitted, at the time of your request. If you opt to exercise this right, we may not always be able to continue our relationship with you or continue providing our Services to you.
- RESTRICTIONS ON PROCESSING: you have the right to request the restriction of our processing. This can be done in the following cases: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. If you opt to exercise this right, we may not always be able to continue our relationship with you or continue providing our Services to you.
- PORTABILITY: you have the right to data portability. Your data may be requested in a machine-readable format (for example, in the form of a spreadsheet or a '.csv' file) and you may also ask that your data be transferred directly to another person or service provider. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- OBJECTIONS TO PROCESSING: you may object to the processing of your data where we are relying on legitimate interests (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- WITHDRAWAL OF CONSENT: if you have provided consent for the processing of your data you have the right, in certain circumstances, to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn. Any processing activities that are not based on your consent will remain unaffected.
- AUTOMATED DECISION-MAKING AND PROFILING: you shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Note that we do not exercise decision-making and profiling in an automated manner.
If you wish to exercise any of the rights set out above, please contact us - kindly refer to Section 9.I. 'Enquiries' for further information on the manner in which may do so. We will try to respond to all legitimate requests within one month and may require that you send over specific information to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights as outlined directly above).
No fee will be charged to access your personal data (or to exercise any of the other rights mentioned above). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
Please note that none of these data subject rights are absolute, and must generally be weighed against our own legal obligations and legitimate interests. If we are permitted, and if a decision is taken to override your data subject request, we will inform you.
9. MISCELLANEOUS
I. ENQUIRIES
Should you desire to:
- Make any enquiry regarding your personal data;
- Have your personal data corrected; or
- Request access to your personal data,
you may contact us on the below contact details. We may refuse such requests or charge a reasonable fee where these requests are manifestly repetitive or excessive.
Any request must be made in writing and must also include your name, address, email address and a description of the information or correction required. We may also ask for identification documentation, which is essential in order for us to be able to verify your identity.
Postal address: |
Level 0A, Centris Business Gateway II, Triq is-Salib tal-Imriehel, Zone 3 Central Business District, CBD 3020, Birkirkara, Malta |
Email address: |
II. COMPLAINTS
We strive to be receptive to your concerns and would appreciate it if you would contact us in the first instance should you believe that we have breached any privacy rules.
Nonetheless, should you feel wronged by our data protection practices, you may file a complaint with the data protection supervisory authority of your country of residence. In Malta, this would be the Office for the Information and Data Protection Commissioner, the contact details of which are as follows:
OFFICE OF THE INFORMATION AND DATA PROTECTION COMMISSIONER [MALTA]
Email: [email protected]
Phone: +356 2328 7100
III. GOVERNING LAW
This Privacy Policy is governed by and construed in accordance with the laws of Malta.