Fenech Farrugia Fiott Legal (hereinafter referred to as “FFFL”) is committed to complying with Data Privacy Laws to which it is subject, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”, the Data Protection Act), Chapter 586 of the Laws of Malta and the e-Privacy Directive 2002/58/EC and respects the privacy rights of Data Subject in respect of their Personal Data.
The following definitions shall have the same meaning as those contained in the GDPR: “Data Subject”, “Data Controller, “Data Processor”, “Personal Data”, “Process” or “Processing”.
- Collection of Personal Data
- Processing of Personal Data
- FFF Security Arrangements
- Providing Personal Data to Third Parties
- Your Rights
- Contacting us
Collection of Personal Data
FFFL may collect Personal Data from you as the Data Subject, when you provide your Personal Data through our website, when you enter into services agreements with us or sign letters of engagement, through your professional/legal relationship with us, while you are in contact with our staff or at any other stage in the course of business.
Through Our Website
You may visit our website without revealing any information about yourself. You may however choose to provide us with Personal Data when you send an e-mail to us via the “Contact Us” link on our site. In such instances, we will store the information that you provide us with and process it further as may be necessary for us to respond to and administer any request that you may make.
From time to time we may process your Personal Data to provide you with information and updates that might be of interest to you in relating to our professional services and developments in legislation. You are requested to inform us by sending an e-mail to [email protected] if you do not wish to receive any such information from us, or opt out via the “Unsubscribe” link in any marketing email.
Our website also uses a technology called “cookies”. A “cookie” is a piece of software, which may be sent to your computer. Cookies enable us to collect information about how our website and services are being used and to manage them more efficiently. The information so gathered through cookies may include:
- the date and time when you access our website;
- the website pages that you view and any download that you may make through such pages;
- whether or not such viewing or download is successful;
- the Internet address of the website or the domain name of the computer from which you access our website;
- the operating system of the machine running your web browser; and the type and version of your web browser.
Should you wish to reject all, or certain cookies used by our website, you may modify your Web browser preferences to do so. If, however, you reject all cookies then you might be unable to use some of the services available on our website. Moreover, you may set your browser to notify you when you receive a cookie, giving you the opportunity to choose whether or not you wish to accept it. In this regard, it is important to note that if you do so, this may materially distort the quality of service and data you receive through our website.
If the product you are using has digital certificates/certificate signatures, then your name and related details may be displayed as part of any certificate issued to you. It will be seen by those to whom your certificate or signature is presented or who rely on it. Your details may also need to be entered into a related status directory of certificates issued.
Through Our Professional Services
Before providing our professional services, we will request and retain Personal Data such as your name, address, email address, date of birth, identification documents and information in relation to your occupation. In the course of providing services to you we may also process data received through your e-mails to us, which may contain Personal Data (e.g. transactional details, payment instructions etc).. This data processing is generally required for the performance of a contract and/or in order for us to comply with applicable legal obligations such as customer due diligence related to anti-money laundering regulations, applicable in Malta.
In view of the strict legal obligations imposed upon us, we may not be able to provide you with our professional services if you do not supply us with the requested Personal Data.
Processing of Personal Data
We use the Personal Data we collect to deliver the professional services and honour the services agreements or letters of engagement which regulate our relationship. Other processing activities include professional communication with you, marketing communication such as newsletters and updates (if you have provided your consent), as well as for the purpose of fulfilling our legal obligations.
The legal basis for the processing of your Personal Data may vary, but this would include the following:
- Your explicit consent, which you may withdraw at any time by sending us an email or unsubscribing from marketing communications;
- When the processing is necessary for the performance of a contract such as a services agreement or letter of engagement;
- When the processing is necessary for our legitimate business interests, in the provision of the services you have engaged us to carry out;
- When the processing is necessary to promote safety and security as described in the ‘Security’ section below;
- When the processing is necessary to comply with any applicable legal obligation.
We use your contact information when necessary, to provide you with our professional services. We may also use your contact information to keep you updated through our newsletters and other updates. You can limit or restrict the receipt of these communications via the “Unsubscribe” link embedded within the email.
FFF Security Arrangements
FFF engages all reasonable efforts for the purpose of safeguarding the confidentiality of all Personal Data that it processes and regularly reviews and enhances its technical, physical and managerial procedures so as to ensure that your personal data is protected from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss.
To this end we have implemented appropriate organisational and technical measures in the form of security policies, procedures and processes to safeguard the Personal Data which we process. FFF policies governing information technology cover areas such as access control, authentication, audit, monitoring, data storage and back up and transmission standards. FFF staff are subject to a code of conduct which requires them to adhere to privacy principles.
All our employees and any third-party data processors who process Personal Data on our behalf, are obliged to respect the confidentiality of our visitors’ and clients’ personal data.
Please note that the internet is not a secure medium and data sent via this medium can potentially be subject to unauthorised acts by third parties that are outside of our control. There can be no absolute guarantee in relation to the privacy or confidentiality of any information passing through our website and we shall accept no responsibility or liability whatsoever for the security of your data while in transit through the internet.
For reasons or security, for detection and prevention of crime and to identify correct recipients or to make sure mail is dealt with during staff absence, FFF may intercept some mail and e-mail addressed to individuals within FFF. In the case of e-mails, we may reject, delay or remove content from e-mails whose nature, content or attachments which may disrupt our systems or because they may pose security issues, possibly through viruses. We may also filter out e-mails which contain certain content on the basis that content is offensive or the e-mail is unwanted or spam. In certain circumstances this may affect unnecessarily certain e-mails containing legitimate content, but we do try and reduce such occurrences.
All e-mail messages sent from FFF are routinely scanned for viruses and as such should be free from any virus, malicious code, script or other executable attachment. The accuracy of scanning products is not guaranteed. The recipient(s) should therefore carry out any checks that they deem to be appropriate in this respect. FFF cannot be held responsible for loss of or damage to data or other damages, resulting from such actions out of its control, howsoever incurred.
Providing Personal Data to Third Parties
- for the purpose of preventing, detecting or suppressing fraud or any other criminal offence;
- where it is necessary as a matter of national or public security;
- in the interest of national budgetary, monetary or taxation matters that can arise;
- to protect and defend our rights and property or that of users of our website;
- to protect against abuse, misuse or unauthorised use of our website;
- to protect the personal safety or property of users of our website (e.g. if you provide false or deceptive information about yourself or attempt to pose as someone else, we shall disclose any information we may have about you in our possession so as to assist any type of investigation into your actions);
- for any purpose that may be necessary for the performance of any agreement you may have entered into with us; or
- as may be allowed or required by or under any law.
Personal Data, once obtained from you, may be transmitted to third parties in those situations where any one of the exceptional instances indicated above arises.
There may be instances where we may transfer your Personal Data to other service providers, acting as Data Processors, who process data for us, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures. Data Processors, include service providers which supply us with services globally, such as information technology system providers.
Please be aware that data sent through the internet may potentially, for reasons beyond our control that are solely of a technical nature, be transmitted across international borders even where sender and receiver of information are located in the same country. Consequently, Personal Data relating to you may be transmitted via a country having a lower level of data protection than that existing in your country of residence.
We do not transfer your Personal Data to any third parties for marketing purposes.
As a Data Subject you have certain rights at law. The core Data Subject rights within the GDPR are set out below as follows:
- Right to access
- Right to rectification
- Right to be forgotten
- Right to object
- Right to withdraw your consent
- Right to restriction of processing
- Right to data portability
- Right to lodge a complaint with a supervisory authority
We keep your Personal Data for as long as necessary for our legitimate business interests, for legal reasons and to prevent harm, including as described in the ‘How we use your Personal Data’ and ‘Providing Personal Data to Third Parties’ sections of this policy.
Right to access and to rectification
You have a right to request access to and/or correction of your personal data processed by FFFL. Please note that the right to be forgotten may be limited depending on our business interests and legal obligations. Any such request must be made in writing to FFFL at the address indicated on the homepage of the website or via email to [email protected] In order to authenticate such requests so as to avoid unauthorised disclosure, we may need to verify your identity.
Right to be forgotten
FFFL acknowledges that you have a right to be forgotten. Therefore, no Personal Data that is processed while providing you with our services, or through our website will be kept longer than necessary for the purposes for which it is processed. Personal Data will only be kept for a period corresponding with our obligations of retention under relevant laws.
Should you wish all or any category of your Personal Data to be deleted, you may request this in writing at [email protected].
Right to object, withdraw your consent and restriction of processing
You may object to / withdraw consent from direct marketing communication at any time by pressing the unsubscribe button on marketing material. Please contact us in relation to other types of requests in relation to restriction of processing.
Right to data portability
The right to data portability is to allow secure handover between data controllers (e.g. mobile phone providers). We do not consider this right to be relevant to FFF’s data subjects.
Right to lodge a complaint with a supervisory authority
Malta’s supervisory authority is the Office of the Information & Data Protection Commissioner (“IDPC”), located at Floor 2, Airways House, Triq Il – Kbira, Tas-Sliema SLM 1549 Malta. Complaints can be lodged on their website.
Last Updated: 17.08.2020