FinanceMalta (hereinafter referred to as the “Foundation”) is the data controller for the purposes of applicable data protection law. The Foundation respects your privacy and is committed to protecting your personal data which we process. This Privacy Notice explains how the Foundation will comply with applicable data protection law, this includes, the General Data Protection Regulation (EU) 2016/679 (‘GDPR’), the Data Protection Act (Chapter 586 of the Laws of Malta), any subsidiary legislation thereto and any other applicable laws relating to privacy and electronic communications as may be amended from time to time.
It is important that you read this Privacy Notice, together with any other privacy notice that is provided on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using your information.
The data controller is FinanceMalta in Malta, a Foundation set up to promote Malta as an International Financial Centre. This means that we are responsible for deciding how we hold and use personal information about you.
FinanceMalta’s contact details are as follows:
AM Business Centre, Level 1,
Zejtun ZTN 2401,
For general contact please send us an email on firstname.lastname@example.org
Data protection officer
The Foundation has appointed a Data Protection Officer (‘DPO’) who is responsible for matters relating to privacy and data protection. The Foundation’s DPO can be reached by sending an email at email@example.com .
Data protection principles
The Foundation is committed towards compliance. If we need to collect, store or otherwise use your personal data, we will abide by the following data protection principles:
- Lawfulness, fairness and transparency: the processing of personal data shall take place in a lawful, fair and transparent manner;
- Purpose Limitation: the collection of personal data shall only be performed for specified, explicit and legitimate purposes and shall not be further processed in a manner that is incompatible with those purposes;
- Data Minimisation: the collection of personal data shall be adequate, relevant and limited to what is necessary in relation to the purpose for which they are processed;
- Accuracy: the personal data shall be accurate and where necessary, kept up to date. Every reasonable step shall be taken to ensure that personal data that are inaccurate having regard to the purposes for which they are processed, are erased or rectified without delay;
- Storage Limitation: personal data shall be kept in a form which permits identification of the data subject for no longer than it is necessary for the purpose for which the personal data are processed;
- Integrity and Confidentiality: personal data shall be kept confidential and stored in a manner that ensures appropriate security. Personal data shall not be shared with third parties except when necessary and with a justifiable legal basis.
The Personal data we collect and how we use it
We collect and process personal data relating to you in connection with your use of this website and our relationship with you. This personal data may include:
|Personal data||Purpose for processing||Legal basis|
|Your name and contact details, including your address, phone number and email address through the contact form.||To provide you with information and get in touch with you to answer your queries. |
To respond to your message and in respect of the services which we provide.
|The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when processing is necessary for the purposes of the business legitimate interests pursued by the controller except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.|
|Information relating to company details that you may provide in an online application form to register to become a member.||To assess all applications in order to approve or reject applications to be a member.||The legal basis we rely on to process your personal data is article 6(1)(b) of the GDPR, which allows us to process personal data when processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.|
|Personal data such as email address is collected in relation to news and promotions.||To provide you with our newsletter.||The legal basis we rely on to process your personal data is article 6(1)(a) of the GDPR, which allows us to process personal data when the data subject has given consent to the processing of his or her own personal data for one or more specific purposes.|
|Information such as Name, Surname, Company details, student identification etc collected through Registration process during events organised by FinanceMalta.||To determine event attendance and number of leads generated through the event.||The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when processing is necessary for the purposes of the business legitimate interests pursued by the controller except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.|
|Personal data of employees relating to their employment at FinanceMalta.||Personal data is collected for purposes pertaining to the individual's employment with the Foundation, including but not limited to performance reviews, the administration of employee payroll, and for the purpose of complying with applicable employment and health and safety legislations.|
For more information, employees should refer to our Employees Privacy Notice which is provided to all employees.
|The legal basis we rely on for processing your personal data is article 6(1)(b) of the GDPR, which relates to processing necessary to perform a contract.|
|Filming and photography. We aim to avoid using images which could identify members of the public. In certain cases, we will require your consent.||For publication in our official publications, our social media channels and/or third-party printed media.||In certain circumstances we may also rely on consent under article 6(1)(a) of the GDPR, which allows us to process information when the data subject has given his or her consent for a specific purpose.
In such cases, you will be provided with clear information as to what you are consenting to and how you can withdraw your consent.
|Any personal data relating to you that you provide to us or that we generate about you in connection with your use of our official website.|
When you visit our website, the following anonymous information is retained about that visit:
• the number of times per visit a request for data was received;
• the date and time when you accessed the website;
• the length of time spent on our website;
• the IP address of a link if used to access our website;
• the identity of any search engine used to access our website;
• the requested web-page or download;
• a list of all the pages visited while in our website; and
• the name of the browser used, e.g. Firefox, Chrome, Internet Explorer.
No attempt is made to identify individual users or to associate the technical details listed above with any individual
|To improve and develop this website.|
To generate and analyse statistics regarding usage of this website, including the frequency of use of individual pages (where possible, personal data will be anonymised before being used for this purpose).
We collect such information when you read or download information from our site. The information collected is strictly for the sole use of the Foundation and is not shared leased or sold in any manner to any organisation.
|The legal basis we rely on to process your personal data is article 6(1)(a) of the GDPR, which allows us to process personal data when the data subject has given consent to the processing of his or her own personal data for one or more specific purposes.
In such cases, you will be provided with clear information as to what you are consenting to and how you can manage your cookie settings.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Disclosing your personal data
Except as described in this Privacy Notice, we will not intentionally disclose the personal data that we collect or store to third parties without your prior explicit consent. We may disclose information to third parties in connection with the above-mentioned purposes, in the following circumstances:
- any third parties who we engage to provide services to us, such as outsourced IT service providers and professional advisors;
- any advisers/auditors auditing any of our business processes or who need to access such information for the purpose of advising us;
- any law enforcement body which may have any reasonable requirement to access your personal data for the purposes of the prevention, investigation or detection of any crime;
- any regulatory body or authorised entity where required or permitted by law, which may have any reasonable requirement to access your personal data;
- any successor (or receiving) entity in the event of re-organisation or similar event.
All our third-party service providers are required to take appropriate security measures to protect your personal data in line with the Data Protection and other applicable laws. Moreover, we only permit them to process your personal data for specified purposes and in accordance with our legally binding agreements.
The information you provide to us may be shared with third parties situated in other European Economic Area (‘EEA’) Member States. The Foundation will only transfer personal data outside the EEA after taking the necessary steps to ensure that your privacy rights continue to be protected, as outlined in this Privacy Notice and in accordance with applicable data protection laws. For example, we will transfer your personal data outside of the EEA with your consent, to fulfill a legal obligation, to fulfill our contractual obligations, or to protect the public interest.
The personal data that we process for the above-mentioned purposes shall not be kept for longer than is necessary. We retain your personal data for as long as we need it to comply with our obligations under applicable law, to enforce our agreements and, if relevant, for the establishment, exercise and defence of legal claims.
We will actively review the personal data we handle, process and store, and will delete or anonymise it in a secure manner when there is no longer a legal, business or customer need for it to be retained.
For more information on the retention of your personal data please contact us on firstname.lastname@example.org
In those cases where it is not possible for us to specify in advance the periods for which your personal data will be retained, we will base our determination on the following criteria:
- the purpose(s) was for which your personal data was collected;
- whether there are any statutory obligations, obliging us to continue to process your information;
- whether we have a legal basis in place to continue to process your information, including but not limited to consent;
- the value attached to your information;
- whether there are any industry practices stipulating how long information should be retained;
- the risk, cost and liability attached to such retention; and
- any other relevant circumstances.
Data subject rights
As a data subject you have certain rights in relation to your personal data including:
- Right of access – you have the right to ask us for copies of your personal data that is being processed. There are some restrictions which means you may not always receive all the information we process;
- Right to Erasure – you have the right to ask us to delete your personal data in certain circumstances. This is not an absolute right and shall depend on our established retention periods;
- Right to Object – you have a right to object and request that we cease the processing of your personal data where we rely on our, or a third party’s legitimate interests for processing your personal data or a task carried out in the public interest;
- Right to Portability – you may request that we provide you with certain personal data which you have provided to us in a structured, commonly used and machine-readable format. Where technically feasible, you may also request that we transmit such personal data to a third party controller indicated by you;
- Right to Rectification – you have the right to update or correct any inaccurate personal data which we hold about you;
- Right to Restriction – you have the right to request that we stop using your personal data in certain circumstances including if you believe that we are unlawfully processing your personal data or the personal data that We hold about you is inaccurate;
- Right to withdraw your consent – where our processing is based on your consent, you have the right to withdraw your consent. Withdrawal of your consent shall not affect the lawfulness of the processing based on your consent prior to the withdrawal of your consent;
- Right to be informed of the source – where the personal data we hold about you was not provided to us directly by you, you may also have the right to be informed of the source from which your personal data originates; and
- Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority, you shall also have the right to an effective judicial remedy where you consider that your rights under the Regulation have been violated as a result of the processing of your personal data in contravention of the Regulation.
Your rights in relation to your personal data are not absolute. If you intend to exercise one or more of your rights, please send your request to email@example.com.
Generally, no fees are applicable when exercising your rights. However, we may charge a reasonable administrative fee if your request is clearly unfounded, repetitive or excessive. Moreover, you will be provided with a response without undue delay, and in any event within 30 calendar days which start running as soon as your identity is verified.
Following your request to exercise your rights, the Foundation may need to request specific information from you to help verify your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We take appropriate security measures to protect against loss, misuse and unauthorised access, alteration, disclosure, or destruction of your information. The Foundation has taken steps to ensure the ongoing confidentiality, integrity, availability, and resilience of systems and services processing personal information, and will restore the availability and access to information in a timely manner in the event of a physical or technical incident.
No method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or organisational safeguards.
All our staff who process personal data are provided with regular training on information security practices.
We have put in place procedures to deal with any suspected personal data security breach and will notify regulator of a suspected breach where we are legally required to do so. In certain cases, we will also inform you, as the data subject, of the occurrence of the breach and the steps you need to take to safeguard your rights.
If you believe your personal data has been compromised, please contact the Foundation’s Data Protection Officer by email at firstname.lastname@example.org
Links to other websites
Where we provide links to websites of other organisations or entities, this Privacy Notice does not cover how that organisation processes your personal information. We encourage you to read the privacy notices on the other websites you visit.
Changes to this privacy notice
This Privacy Notice may change from time to time. If we change this Privacy Notice in ways that affect how we use your personal data, we will advise you of the choices you may have as a result of those changes. We will also post a notice that this Privacy Notice has changed.
Last updated: 28/04/2020