Refalo & Zammit Pace Advocates
Banner 1 Background
Privacy Policy

Introduction

Refalo and Zammit Pace Advocates of 61, St. Paul’s Street, Valletta VLT 1212, Malta (“RZP”; “we”; “us”; “our”) respects your privacy and values its importance and is committed to protecting your personal data. The purpose of this Notice is to set out the basis on which we will process your personal data when:

  • you approach and engage us to provide you with our legal and advisory services (the “Services”);
  • receive the various Services that you may request from us during the course of this engagement; and/or
  • you visit and use our website <http://www.bar.com.mt> (the “Website” or the “Site”), regardless of where you visit and use it from.

We process your data in an appropriate and lawful manner, in accordance with the Data Protection Act (Chapter 586 of the Laws of Malta) (the “Act”), as may be amended or replaced from time to time, and the General Data Protection Regulation (Regulation (EU) 2016/679) (the “Regulation” or the “GDPR”).

Kindly note that, by engaging us as your lawyers or as other advisors, you enter into a contractual relationship with Refalo and Zammit Pace Advocates, as subject to and governed by our Terms of Engagement.

1. Important information

The aim of this Notice is to ensure that you are fully informed on how RZP will collect and process your personal data in the circumstances indicated above.

The Website is not intended for minors, and we do not expressively collect data relating to minors except and unless where it is necessary in order to provide you with the Services that you may request from us (most commonly, where the requested Services concern your family, including your children). We will treat any information relating to minors which is disclosed to us in connection with the Services in a sensitive manner and with the utmost confidentiality.

We (RZP) are the data controllers as defined by the current relevant data protection laws and regulations. We control any personal data which we collect or receive and which we process in connection with (i) the Services and/or (ii) the Website.

You have the right to file a complaint at any time to the competent supervisory authority on data protection matters, the Office of the Information and Data Protection Commissioner (the “IDPC”) (https://idpc.org.mt/en/Pages/Home.aspx). We would, however, appreciate the opportunity to deal with your concerns before you approach the supervisory authority, so please contact our Data Protection Officer Dr Mark Refalo on dpo@bar.com.mt> in the first instance.

2. The information we collect about you

In order to provide you with Our assistance, We will need to collect, use and sometimes disclose various items of personal data about you for various purposes associated with the scope of the Services that we provide, as requested and directed by you or by your organisation.

The information we collect, store and use may include:

  • Basic Personal Details such as your first name, maiden name, last name, title, identity document number, gender, nationality, employment status, organisation, occupation, billing address, mailing address, email address and contact numbers.
  • In respect of companies and other legal entities that we assist, we may collect Basic Personal Details about the persons responsible for the organisation including directors, shareholders, ultimate beneficial owners, officers, founders and board of administrators in the case of Foundations and settlors, beneficiaries, protectors and trustees in the case of Trusts.
  •  Due Diligence data and any other documentation which may be requested to collect, process and retain from time to time by the Prevention of Money Laundering Act (Chapter 373 of the Laws of Malta) (“PMLA”), the Prevention of Money Laundering and Funding of Terrorism Regulations (“PMLFTR”), the Financial Intelligence Analysis Unit (“FIAU”) and/or any other competent authority or related legislation in order to carry out our compliance duties.
  • Data in relation to the Services requested by and provided to the client including any legal requirements, interests and/or objectives.
  • The collection, processing and retention of Data about the counter and adverse parties, related parties, parties in interest, business partners, witnesses, investors, assets, shareholders, security holders, guarantors, buyers, sellers and customers of the client, contracts, agreements, public deeds, testamentary dispositions, judicial acts and Court decisions or orders issued in favour or against the client (The data held is strictly relevant and necessary to provide the Services).
  • Data relating to Financial Transactions including invoices issued, payments made to and received by the client, the bank account details of the client together with details about any payment methods used by the client to settle the invoices and, as may be necessary under the particular circumstances, the financial status and creditworthiness of the client.
  • Data collected when visiting our website including the internet protocol (IP) address, browser type and version, time zone setting and location.
  • We may also collect, store and use “Special Categories” of more sensitive personal data relating to your criminal convictions and offences in relation to the Services you requested and also in accordance with our obligations at law.
  • We may also hold images of you captured by CCTV cameras whilst at our offices.

Failure to provide personal data

If you fail to provide certain information when requested, we may not be in a position to perform the Services requested or we may be prevented from complying with our legal obligations.

3. How is your personal data collected

We may collect personal data about you from different sources, including the following:

  • Data given to us directly by yourself;
  • Data collected automatically when you use Our website;
  • Data collected from other publicly available sources such as public court documents, anti-fraud databases and other third-party databases as may be required.

 4. How we use your personal data

We will only use your personal data when the law allows us to and mainly in the following circumstances:

  • To verify your identity;
  • To provide you with the requested Services;
  • To maintain and manage our business relationship;
  • To fulfil our internal compliance function and to comply with the obligations under the PMLA and PMLFTR, other rules, laws and regulations applicable to us, including our professional duties to the Courts of Malta;
  • To assist and cooperate in any criminal or regulatory investigation against you.

Note that we may process your personal data pursuant to more than one lawful ground or basis, depending on the specific purpose for which we are using your data.

5. Sharing of data:

We may have to grant access to, disclose or share your personal data in line with our regulatory and legal obligations especially statutory and regulatory bodies, any public or governmental authority and/or to disclose any information before any court or adjudicating body of a competent jurisdiction where such disclosure is compelled by law or authorised/ordered by a court or adjudicating body of a competent jurisdiction.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our documented instructions.

6. Processing of your data

Your personal data may be processed both inside and outside the European Economic Area (“EEA”), in order to provide you with the requested Services, fulfil our contractual obligations to you or exercise our contractual obligations against you, comply with our legal or regulatory obligations or assert, file or exercise a legal claim.

7. Security

We have appropriate measures in place to protect Personal Data, in order to prevent it from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. Retention of Data

We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it and in line with our regulatory and legal obligations to which we may be subject and/or to the extent that we may also need to retain your personal data to be able to assert, exercise or defend possible future legal claims against or otherwise involving you, we will generally keep your personal data for a maximum period of eleven (11) years from date of termination of the client relationship, after which time it will be destroyed if it is no longer required for the lawful purpose(s) for which it was obtained.

We may on exception retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from the courts or an investigation by law enforcement agencies or our regulators.

9. Your rights

You have the following rights in relation to your personal data:

   i.   Right to information

You have the right to ask us for the personal data (about you) that is being processed and the rationale for such processing.

   ii.   Right to access

You have the right to access your personal data that is being processed, to review and also to request copies of such personal data.

   iii.   Right to rectification

You have the right to ask for modifications to your personal data in case the data is not up to date or accurate.

   iv.   Right to withdraw consent

You have a right to withdraw a previously given consent for processing of your personal data.

   v.   Right to object

You have a right to object to the processing of your personal data while we are relying on a legitimate interest (or those of a third party) in the event that processing will impact your fundamental rights and freedoms.

   vi.   Right to object to automated processing

You have a right not to be subject to a decision based solely on automated processing (including profiling) if these decisions produce legal effects or similarly significantly affects you. However, automated processing may be undertaken if this is necessary to enter into or perform a contract between the data subject and the controller or it is authorised by the EU or Member State law to which the controller is subject (and lays down suitable measures to safeguard the data subject’s rights, freedom and legitimate interests) or it is based on the data subject’s express consent.

   vii.  Right to be forgotten/erasure

You have a right to ask for the deletion of your data where the professional relationship has ended. It is important to note however that in certain cases we may be entitled to decline your request especially in instances where your data is needed to:

  • comply with a legal obligation which requires processing by Union or Member State law to which we are subject; or
  • for the performance of a task carried out in the public interest or in the exercise of official authority vested in us; or
  • for the establishment, exercise or defence of legal claims.

   viii.   Right for data portability

You have a right to ask for transfer of your personal data back to you or transferred to another controller. When doing so, the personal data must be provided or transferred in a machine-readable electronic format.

10. Conclusion

We reserve the right to make changes to this Notice in the future. If you have any questions regarding this Notice, or if you would like to send us your comments, please contact us on dpo@bar.com.mt