Whether you are our client or not, we understand the importance of your personal data and of your right to privacy. The purpose of this notice is to reassure you that we are committed to keeping the personal data, we process about you through this website, as safe as possible. In order to do this, we invite you to read on and learn about the type of personal data we collect, when we collect it, why we do so, what we do with it – including who we may have to share it with and why – and how long we keep it for and why.
By doing this, we hope to give you a clearer picture of how we do things and how you can better manage and control your personal data. However, if you have any questions or need any clarifications whatsoever, our Data Protection Officer will be more than glad to help you. Please send any such requests to email@example.com or call on (+356) 2011 2000. You may also write to Data Protection Officer, 66, Dun Karm Street, Birkirkara BKR 9038, Malta.
1. WHO WE ARE
For the purposes of your access and interaction with this website, Exigy Limited (C 30110) under the terms of the Data Protection Act (2018) and the General Data Protection Regulation (EU) 2016/679 is the Data Controller. As such, we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data.
Our Data Protection Officer may be contacted at firstname.lastname@example.org
2. YOUR DATA
DATA WE MAY COLLECT ABOUT YOU
When you use our website contact form, or when you contact us via phone, email, ordinary mail, or social media platforms, we may collect the personal data that you provide us with. This essentially includes your name, surname, organization, email address, telephone or mobile number and mailing address.
If you have used, or are using, this website to apply for a job vacancy with us please refer to our candidate’s privacy notice to understand how we process the data you provide us with.
WHY WE COLLECT AND USE THIS DATA
Current data protection law provides for specific reasons and circumstances when we can collect, use and store your information. In our case, it is one of the following four reasons that will justify why we process your information:
1. The information is needed for you or us to fulfil our contractual obligations;
2. The information is needed for you or us to fulfil a legal requirement;
3. You have provided us with your consent to collect, use and store such information;
4. We have a legitimate interest to collect, use and store such information.
When you have given us your consent to process your information, you are free to withdraw this at any time. When we state that we have a legitimate interest to process your information, you may object at any time. For more information on how to withdraw your consent or object to our legitimate interest, please refer to Section 5.
3. YOUR RIGHTS
We will process your provided data to note and answer your queries, and to provide you with the required service, using the contact details provided to us, as a legitimate interest. We will also send you a receipt of your message via email and we may use your telephone number or any other contact details provided by you to contact you regarding your query or notification.
If you have filed a legal claim against us or if We have filed one against you, We shall only use and share any personal information We have access to for the purposes of solving, and during the period necessary to solve, this legal claim as a legitimate company interest. We may use your personal data to assess our responsibility or verify your identity or the identity of others involved in the claim and share this data with the lawyers or other consultants We engage.
IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with information related to your query).
HOW WE USE YOUR DATA AND HOW IT IS STORED
Your personal information is stored in our company information systems which are based within the European Union.
We do not use the information you provide to make any automated decisions that might affect you.
We will never share your personal information with other companies which are not processing your information upon our instructions unless you have specifically consented to it.
We reserve the right to disclose and process any relevant information which we may be processing to authorised third parties in or outside the EU/EEA if such disclosures are allowed under the current applicable laws for the following purposes:
• protect and defend our rights, safety, or those of other visitors to our website;
• protect against abuse, misuse or unauthorised use of our website;
• for any purpose that may be necessary for the performance of any agreement you may have entered with us or in order to take steps at your request prior to entering into a contract;
• to comply with any court order, legal obligation or competent authorities’ lawful request;
• as may otherwise be specifically allowed or required by or under any applicable law.
We will use reasonably expected and industry standard security measures to protect your personal data whilst in our possession or when transferring this data to third parties. We do not normally share your information with third parties that are based outside of the European Union. If there is the need to transfer any of your personal data to Data Processors located outside of the EU/EEA, we always ensure that your data is protected in the same way as it is in the EU/EEA and we will inform you about it before transferring the data.
We may need to share your data with third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
HOW LONG DO WE KEEP YOUR DATA FOR (DATA RETENTION POLICY)
We will retain your personal data only for as long as is necessary, taking into consideration the purpose for which it was originally obtained. The criteria we use to determine what is ‘necessary’ depends on the particular personal data in question as well as specific legal obligations from applicable laws that make the processing of personal data and related storage necessary for specific periods of time. We also need to determine whether there are prescriptive periods for legal actions which could apply.
Should we respond to your query as sent through the website contact form, we will keep this information to safeguard our legitimate interest to keep track of potential customer acquisitions and to safeguard our rights should this information be needed for litigation purposes.
Where your personal data is no longer required by us, we will either securely delete or anonymize the personal data in question.
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact our Data Protection Officer.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
4. DATA SECURITY
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
5. CORRECTION AND ERASURE
In accordance with law, you have a right to:
Request access to your personal data – This means that you have a right to request a copy of the personal data we hold about you;
Request the correction of your personal data – This means that if any personal data we hold about you is incomplete or incorrect, you have a right to have this corrected. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Request the erasure of your personal data – This means that you may request the erasure of your personal data where, amongst others, the purposes for collecting and processing your personal data have been extinguished or fulfilled. This right is not absolute – in certain cases, such as those where we are obliged under a legal obligation to retain the data, or where we have reason that the retention of data is necessary for us to defend ourselves in a legal dispute, we would not be able to accede to your request;
Object to the processing of your personal data – You may object to the processing of your personal data in cases where we rely on our legitimate interests (or those of a third party) to process your data and you feel that our processing of your data in such a manner impacts your fundamental rights and freedoms. However, in some cases, we may be able to demonstrate that we have a compelling legitimate ground to process your data which may override your rights and freedoms.
Request the restriction of the processing of your personal data – You may ask us to temporarily suspend the processing of your personal data in one of the following scenarios: (a) where you want us to establish the accuracy of the data, (b) where our use of the data is unlawful but you do not wish for us to delete it, (c) where you need us to retain your data even when we no longer need it in order for you to establish, exercise, or defend legal claims, or (d) where you have objected the use of your data but we need to verify whether we have overriding legitimate grounds to use it;
Request the transfer of your personal data – This means you may request us to transfer certain data we process about you to a third party. This right only applies to data acquired through automated means which you initially provided consent for us to use, or where we used the data to perform our obligations under a contract with you;
Withdraw your consent at any time where we rely on your consent to process the data – ‘Opting out’ or withdrawing your consent will not affect the lawfulness of the processing carried out by us up until the time you withdrew your consent. Withdrawing your consent means that, going forward, you no longer wish for us to process your data in such a manner. This means that you may no longer consent for us to provide you with certain services (such as marketing);
File a complaint with a supervisory authority – In case you require any clarifications or further information related to your personal data, we invite you to contact our Data Protection Officer by any means so that we can make all possible efforts to resolve any problem that you may have.
However, should you consider at any time that we are handling your personal information in a manner that leaves you dissatisfied or at a disadvantage, you may at any time file a complaint with the Office of the Information and Data Protection Commissioner by email on email@example.com, by ordinary mail at Information and Data Protection Commissioner, Level 2, Airways House, High Street, Sliema, SLM 1549, Malta or by calling (+356) 2328 7100.
In order to exercise your rights as explained above, we may need to request specific information about you to help us verify your identity. This is a security measure to ensure that we are certain that the person to whom we disclose your personal data is really you.
We aim to respond to all legitimate requests within one-month from the receipt of a request. If your request is particularly complex, or if you have made multiple requests concurrently, it may take us a little longer. In such a case, we will notify you of this extension.
For more information and in order to exercise your rights, please feel free to contact our Data Protection Officer (DPO) by email at firstname.lastname@example.org, by phone at (+356) 2011 2000, and by mail at Data Protection Officer, Exigy, 66, Dun Karm Street, Birkirkara, BKR 9038, Malta.
CHANGES TO THE PRIVACY NOTICE