All references in this Policy to Core Group, “the Company” “we”, “us”,“our” and like terms should be interpreted accordingly.
This Policy is being implemented in accordance to the terms of the Data Protection Act (Cap. 440 of the Laws of Malta) and the General Data Protection Regulation (Regulation (EU) 2016/679), the most recent Regulation implemented within the European Union to regulate data protection in order to guide on the activities of Core Group.
This Policy governs your personal information which is processed as part of your relationship with us and, its collection which shall include legal and regulatory compliance, personnel, security and operations management. It is important to us that you understand how we handle your personal information.
This Policy may be updated from time to time to reflect the current legal obligations and practices laid down by our Company. You will be notified with any changes to this Policy and where explicit consent is necessary, we will obtain such consent directly from you.
Who Are We?
What is Personal Data?
Personal data refers to any information relating to an identified or identifiable natural person, whom the latter can be identified, directly or indirectly, in particular by reference to an identifier. This personal information may be processed – such processing refers to any operation which is performed on personal data such as collection, recording, organisation, structuring and storage.
Which Personal Data do we collect?
To conduct our business we collect personal data of our Clients. Most of the information that we process is information that we are able to obtain about yourself, based on information you provide to us or, from our interactions with you, or other personal data about yourself that we receive from a third party with your knowledge.
In the process of collection of data, you should be aware that there may be instances in which the personal information provided by yourself to us is considered as “Sensitive Data” which may include among others, personal information for the determination of the individual’s racial or ethnic origin, political opinions, religious beliefs, physical or mental health or judicial data.
With respect to our Clients we may collect the following information:
- Maritial status
- Identification Number
- Banking and other financial data
- Date of Birth
- Mailing address
- Email address
- Cookies and similar technologies
- Any other similar information
Procedure for the collection of Client Personal Data
Your personal information may be collected or accessed in a number of ways including:
- Directly from yourself (whether directly or verbally);
- Generated by us in correspondence etc.;
- Received by third parties in relation to the services provided by ourselves following your permission, which may be obtained directly from you or indirectly through your actions. In such instances, we will make sure that such third parties are entitled to disclose such information to us.
Processing for Personal Data
We will process personal data fairly and lawfully, and only to the extent necessary as may be allowed in terms of law. When processing your personal data, we will make sure that the processing shall be lawful only if and to the extent that at least one of the following applies:
1. You have given your clear affirmative consent, signifying agreement to the processing of your personal data for one or more specific purposes;
2. Processing is necessary for compliance with a legal obligation to which we are subject;
3. Processing is necessary in order to protect your vital interests or another person;
4. Processing is necessary for the purposes of our legitimate interests or of a third party except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of your personal data.
Restriction of Processing
We recognise your right to restrict the processing of personal data where one of the following applies:
1. You contest the accuracy of the personal data for a period, enabling you to verify the accuracy of the personal data or;
2. The processing is unlawful, and you oppose the erasure of the personal data and request the restriction of personal data instead or;
3. We no longer need the personal data for the purposes of processing or;
4. You have objected to processing pending the verification whether our legitimate grounds override yours;
When your consent is required for the collection, processing and disclosure of personal data, we will ensure that such consent is freely given and is unambiguous. Furthermore, subject to legal or contractual restrictions, you may withdraw your consent to the processing of your personal data. Any communications with respect to such withdrawal or variation of consent shall be in writing and addressed at Core Group, 102, St Katherine's Street, Attard, Malta.
Accuracy, Access and Rectification of Your Personal Data
We will employ reasonable means to keep your personal data accurate, complete and up to date for its intended use, however you must immediately inform us if and when your personal data changes.
In so far as your data in concerned, you shall have the right to to receive confirmation that your data is being processed and may request access to your personal data. You may further request a copy of the personal information obtained by ourselves – such request may be made verbally or by electronic means. We will provide a copy of such in a commonly used electronic form.
Provided however, your right to access to personal information that we hold about you is not absolute. Where applicable law or regulatory requirements allow us to refuse to provide such personal information, or where the request for access is manifestly unfounded or excessive, we shall reserve our right not to respond, or charge a reasonable fee, taking into account the administrative costs of providing the information.
In those circumstances where it is impossible to provide you with access to your personal data, we will provide reasons as to why this is not possible, subject to any legal or regulatory restrictions.
As our Client, you may review your personal data which we hold on yourself in order for you to be able to verify the lawfulness of the processing carried out by ourselves. When you become aware of any inaccurate or incompleteness in their personal data, you are to inform the Company for rectification. Where it results that there is inaccurate information, we will amend such data with the alternative text that you believe that it is accurate. Furthermore, we shall take all the necessary steps to inform any relevant third parties which hold the inaccurate information to rectify accordingly.
Your Right of Erasure
Unless we are obliged by law to retain your personal data, you may ask to have your data concerning you to be erased and on such demand, we will take all the necessary measures in order to erase all personal information concerning you without undue delay.
Disclosure of Your Personal Data
Your personal data may be shared with our employees, agents and other third parties which may require such information in order to be able to assist us in handling the relationship which we have with you. We may further obtain such technological information to assist us in our day to day business operations.
When we share your personal information with such third parties, we make sure that such parties make use of this data in a manner which ensures safety and security to your personal data.
Protection of Your Personal Data
We will use appropriate administrative, technical and physical measures to safeguard your personal data against loss, misuse, theft, modificiation, disclosure or destruction. We will restrict access to your Personal Data under our control to our employees and agents of our Company who possess legitimate business needs for such access.
How do We Store Personal Data and For How Long is Your Personal Data Retained?
Safeguarding the privacy of your personal data is of utmost importance to us and henceforth, all necessary technical and organisational measures will be taken in securing that your personal data is stored safely and all precautions will be carried out to ensure that no authorised or unlawful processing of personal data takes place.
We will retain your personal data for as long as we believe that such data is necessary to fulfill the purposes for which the personal data was collected, except as otherwise allowed or required by applicable laws and regulatory requirements. When we consider that such personal data is no longer required, we will remove any details that will identify you or destroy any records in relation to yourself.
To improve our services, we sometimes collect already identified information from web users. The information does not identify the individual however it provides us with useful statistics which allows us to control, administer and improve our technological services. Therefore, when visiting our website, we may collect the following information from your browser:
1.Your IP Address and/or domain name
2.Your operating browser and platform
3.Date, time and length of your visit
4. Resources accessed
Kindly note that if no longer want your browser from accepting new cookies or disabling cookies altogether, you may do this by changing your browser settings.
Core Group may use your personal information for the purpose of marketing its services.
If you do not want to receive marketing material from us, you can contact us as detailed below:
1. For electronic communications, you can choose to click on the unsubscribe button in the communication sent to you or;
2. For hard copies of the communications, you can email us on [email protected];
3. Through our contact details on our Website
Complaints and Concerns
If you have any concerns with regards to our privacy methods and processes, you have the right to contact us by telephone, in writing or by e-mail to make a complaint which will be dealt within the shortest time possible.
In case you are not satisfied with our response, you may contact the Office of the Information and Data Protection Officer. You can find the details about how to do this on the IDPC website at https://idpc.org.mt/en/Pages/contact/complaints.aspx