Any information you provide to us shall be collected and processed in accordance with the relevant data protection and privacy laws and regulations applicable from time to time, including but not limited to the Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Data Protection Act, Chapter 586 of the Laws of Malta and any subsidiary legislation thereto, as may be amended from time to time.
The Controller of Personal Data
The data controller responsible for your personal data is Advocates Primei, a law firm with its address at 19, St. Mark Street Valletta VLT 1362 Malta. In this policy, “we”, “us” and “our” refers to Advocates Primei, and any related person or entity, and shall be construed accordingly.
The personal data acquired by Advocates Primei may be shared with Primei Fiduciary Ltd. with registration number C43957 and with registered address at 19, St. Mark Street Valletta VLT 1362 Malta. Primei Fiduciary Ltd. is a related company to the firm Advocates Primei through which we provide Professional Trustee and Fiduciary Services.
IMPORTANTLY, we declare that we are lawyers and professionals and henceforth in our dealings with DATA and DATA SUBJECTS we will adhere with the OVERRIDING duties emanating from Professional Secrecy Obligations, Legal Privilege & Ethical considerations, Compliance & AML Disclosure obligations, and fiduciary and Trustee laws and licence conditions.
What is Personal Data?
Personal data refers to any information relating to an identified or identifiable natural person, whom the latter can be identified, directly or indirectly, in particular by reference to an identifier. This personal information may be processed; such processing refers to any operation which is performed on personal data such as collection, recording, organisation, structuring and storage.
Legal Basis for Processing Personal Information
We have the following lawful basis to process your personal information:
- To provide you with our services: the legal basis for processing your personal information is the execution of the service/s requested from us or the execution of any agreement which you have with us;
- Complying with our legal and regulatory obligations: We may be subject to a legal or regulatory obligation to which we have to comply;
- Our legitimate Interests or those of third parties: We may process your personal information on the basis of our legitimate interests including but not limited to, to provide you with our services, to improve our services and content and for administration purposes;
- The establishment, exercise or defence of legal claims or proceedings;
- Your consent: In certain instances, we may ask for your consent or specific matters. When your consent is required for the collection, processing and disclosure of personal information, we will ensure that such consent is freely given.
Which Personal Data do we collect?
We may collect and use any type of Personal Data which is entrusted to us by our clients and users, including the following kinds of personal data:
- Name & surname
- Residential address
- Telephone phone and/or mobile number
- Proof of identification such as identity card number
- Email address
- Professional References
- KYC Checks
- Bank and payment details including information about your bank account and other banking information
- Resumes and/or applications
- Letters of offers and letters of acceptance
- Print logs
- Emails, fax and instant messaging
- Call logs for communication purposes and/or billing purposes
- Data from publicly available sources
- Further Business information necessarily processed in the context of the data subject’s contractual relationship with us
- Information provided to us in relation to which you are seeking our advice or services
- Other information voluntarily provided to us
- IP addresses
- Browser type and versions
- Locations and Time Zones
Certain information which may be generated by us during the provision of our services may include special category data including but not limited to data relating to criminal convictions and offences. We will process special category data to assist you with your requested service.
How do we collect your Personal Data?
Your personal data may be collected or accessed in a number of ways including:
· Directly from yourself in the course of our business with you or your organisation;
· Through the use of our services;
· Indirectly from third parties or other data subjects when such provide us with personal data of counterparties or entities with whom they have business or legal issues or disputes.
· Generated by us in correspondence when you communicate with us to request information or when you send us a query, a CV or a complaint;
How do we use the Personal Data?
We may use your Personal Data for the following reasons:
- For the performance of a contract with you
- To provide you with our services and/or legal advice
- To contact you if required in relation to our services provided to yourself and/or to reply to any communications that you might send us from time to time.
- To verify your identity (KYC)
- To keep our client records updated
- To comply with our legal and regulatory obligations
- For the establishment, exercise and/or defence of legal proceedings or claims
- For recruitment and employment purposes
- To record and deal with complaints we may receive
- For operational purposes including but not limited to health and safety
Your Rights at Law:
The rights afforded to yourself in connection to your personal data are the following:
- Right of Access - the right to obtain for us confirmation as whether or not personal data concerning you is being processed, and where that is the case, access to the personal data and the additional information as outlined in the regulations. Limitations to this right will only be applicable if provided in terms of law.
- Right to Rectification - the right to request for your personal data to be amended or updated where it is inaccurate or incomplete;
- Right to Erasure (“Right to be Forgotten”) - the right to request that we delete your personal data, subject to legal, compliance and regulatory obligations which we may be subject to including anti-money laundering regulations.
- Right to Restrict - the right to request that we stop processing all or some of your personal data;
- Right to Object – the right to object at any time, to object to us processing your personal data on grounds relating to your particular situation and the right to object to your personal data being processed for direct marketing purposes;
- Right to Data Portability - the right to request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service; and
- Right not to be subject to Automated Decision-making - the right to not be subject to a decision based solely on automated decision making, including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.
You will not be requested to pay any fees to access your data unless your request is unfounded, repetitive or excessive.
Retention Period of Personal Data
We will retain data subjects’ personal data for a minimum period of 11 years or such other time that we believe that such data is necessary to fulfil the purposes for which the personal data was collected, and will not be kept for longer than is necessary, except as otherwise allowed or required by applicable laws and regulatory requirements and for any legitimate and essential business purpose, such as maintaining the performance of our services back-ups and redundancy purposes.
Upon your request we will delete or anonymise your personal data so that it no longer identifies you. However, this is limited as there are instances in which we are legally obliged by law to retain your personal data. These may include situations where there is an unresolved issue/claim/dispute relating to yourself where we are legally obliged to keep your personal data for legal, tax, audit and accounting obligations for a specified period of time and where it is necessary for our business legitimate interests such as fraud prevention.
Disclosure of Personal Data
There may be instances where we have to share your personal data with various categories of persons. We may disclose your personal data to our lawyers, employees and officers who are assigned to carry out the functions of the firm to provide you with our services. Your personal data may also be disclosed to our auditors and third-party service providers, for example contracted IT consultants which may require such information in order to be able to assist us in handling the relationship which we have with you. When we share your personal information with such third parties, we make sure that such parties make use of this data in a manner which ensures safety and security to your personal data. Moreover, we will not sell or rent your personal information to third parties for marketing purposes.
We may disclose your Personal Data if we are required to comply with any applicable law, a summons, a warrant, a court or regulatory order, or other statutory requirement. In the case we have reason to suspect any form of illegal interaction with the website and/or usage of the services we also reserve the right to, on a voluntary ex officio basis, share your Personal data with relevant law enforcement agencies.
We may further disclose your personal data to other companies or law firms involved in facilitating our services to you.
We may provide non-identifiable data to third parties regarding the number of unique users who visit our website, the demographic breakdown of users of our website, or the activities of users on our website.
International Transfer of Personal Data
Where we allow the process of your personal information outside the EEA, we will make sure that such processing is done in such manner that complies with all the necessary requirements in terms of the General Data Protection Regulation and that there are the proper safeguards in place so as to safeguard your personal information. We will also use standard contract clauses approved by the European Commission or other suitable safeguard to permit data such transfers.
Security of Your Personal Data
We will take all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal data. For example, we store all data electronically on secured servers which data can only be accessed by trained professionals under contract with us i.e. employees or IT consultants. In addition, we also make use of back-up systems and the use of firewalls and encryptions.
Please be aware that while we will take all necessary steps to ensure the protection of your data, we cannot provide any guarantee should the security be compromised through no fault of our own.
As part of our recruitment process, or in case you send us a CV in connection to a job application through our website, we may collect and process such personal data. If your application is unsuccessful, we may keep this information on file for up to one year in case of any future employment opportunities for which you may be suited. We will ask for your consent before we keep your data for this purpose, and you are free to withdraw your consent at any time.
Please note that this policy may change from time to time therefore we encourage you to refer to this policy periodically.
Links to other Websites
Kindly note that when you access other third-party websites from hyperlinks on our website, we will have no control over the content of those websites. These websites have their own privacy policies to which accept no responsibility or liability for.
What are cookies?
Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognizes that cookie. Cookies are useful because they allow a website to recognize a user’s device.
There are two types of cookies:
Persistent Cookies remain on a user’s device for a set period of tie specified in the cookie. They are activated each time that the user visits the website that created that particular cookie.
Session Cookies are temporary. They allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Once you close the browser, all session cookies are deleted.
The cookies we use are the following:
To check which cookies are used on these platforms, you may use Chrome’s built-in cookie view by clicking on ‘Secure’ next to the URL Bar and then click cookies. By viewing your site in incognito mode, the browser does not detect cookies currently placed on your own browser.
Disallowing or removing cookies
You may use your browser’s settings to prevent the installation of cookies. This may be clicking on “help” on your browser menu. This may lead you to instructions on how to prevent cookies from being installed.
Kindly note that preventing cookies may lead to the Website or parts of the Website not functioning correctly or from functioning at all.
You can manage cookies by activating the setting on your internet browser that allows you to refuse the setting of all or some cookies.
Please be aware that if you remove all cookies some of your settings may not be remembered by the Website and you will have to re-enter the information.
In case you have any further questions about cookies, please contact us at info [at] advocatesprimei [dot] com
Complaints and Concerns
If you have any concerns with regards to our privacy methods and processes, you have the right to contact us by email to info [at] advocatesprimei [dot] com.
In case you are not satisfied with our response, you may contact the Information and Data Protection Commissioner of Level 2, Airways house, High Street Sliema SLM 1549 on their website at https://idpc.org.mt.
Last Updated: 02/04/2019