Whether you are our client or not, we understand the importance of your personal data and of your right to privacy. The purpose of this document is to reassure you that we are committed to keeping your personal data as safe as possible. In order to do this, we invite you to read on and learn about the type of personal data we collect, when we collect it, why we do so, what we do with it – including who we may have to share it with and why – and how long we keep it for and why.
By doing this, we hope to give you a clearer picture of how we do things and how you can better manage and control your personal data.
WHO WE ARE
For the purposes of your access and interaction with this website, Demajo House,103
Archbishop Street, Valletta, VLT 1446, Malta, is the data controller under the terms of the Data Protection Act (2018) and the General Data Protection Regulation (EU) 2016/679. As such, we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data.
DATA WE MAY COLLECT ABOUT YOU
When you use our website contact form, or when you contact us via phone, email, ordinary mail, or social media platforms, we may collect the personal data that you provide us with. This essentially includes your name, surname, email address, telephone or mobile number and mailing address.
When you apply for a specific position, or when you send us a general candidacy application, we would be collecting your name, surname, email address, telephone or mobile number, mailing address, your CV, LinkedIn Profile URL, and Covering Letter if provided by you and any other personal data sent to us. This essentially includes the information you provide regarding your education and employment history and your career interests, as well as other personal information such as date of birth, gender, citizenship.
WHY WE COLLECT AND USE THIS DATA
Current data protection law provides for specific reasons and circumstances when we can collect, use and store your information. In our case, it is one of the following four reasons that will justify why we process your information:
1) The information is needed for you or us to fulfil our contractual obligations;
2) The information is needed for you or us to fulfil a legal requirement;
3) You have provided us with your consent to collect, use and store such information;
4) We have a legitimate interest to collect, use and store such information.
When you have given us your consent to process your information, you are free to withdraw this at any time. When we state that we have a legitimate interest to process your information, you may object at any time. For more information on how to withdraw your consent or object to our legitimate interest, please refer to Section 3 “Your Rights”.
We will process your provided data to note and answer your queries, and to provide you with the required service, using the contact details provided to us, as a legitimate interest. We will also send you a receipt of your message via email and we may use your telephone number or any other contact details provided by you to contact you regarding your query or notification.
When you apply for a specific position, or when you send us a general candidacy application, we will process the data provided by you to assess your candidacy to specific positions and/or to be able to provide you with job opportunities, as a legitimate interest. We will send you a receipt of your message via email and we will contact you using the contact details provided by you.
Kindly note that without certain of your personal data, we may not be able to provide you with the services you require from us.
HOW WE USE YOUR DATA AND HOW IT IS STORED
Your personal information is stored in our online webserver and company information systems.
We may share your information with the relevant companies within the M. Demajo Group that are based either inside or outside of the European Union if your request relates to such specific company.
We do not use the information you provide to make any automated decisions that might affect you.
We will never share your personal information with other companies which are not processing your information upon our instructions unless you have specifically consented to it.
We reserve the right to disclose and process any relevant information which we may be processing to authorised third parties in or outside the EU/EEA if such disclosures are allowed under the current applicable laws for the following purposes:
protect and defend our rights, safety, or those of other companies within the M. Demajo Group, of visitors of our website;
protect against abuse, misuse or unauthorised use of our website;
for any purpose that may be necessary for the performance of any agreement you may have entered with us or in order to take steps at your request prior to entering into a contract;
to comply with any court order, legal obligation or competent authorities’ lawful request;
as may otherwise be specifically allowed or required by or under any applicable law.
We will use reasonably expected and industry standard security measures to protect your personal data whilst in our possession or when transferring this data to third parties. Whenever any transfers of your personal data are made to Data Processors located outside of the EU/EEA, we always ensure that your data is protected in the same way as it is in the EU/EEA.
If you have filed a legal claim against us or if we have filed one against you, we shall only use and share any personal information we have access to for the purposes of solving, and during the period necessary to solve, this legal claim as a legitimate company interest. We may use your personal data to assess our responsibility or verify your identity or the identity of others involved in the claim and share this data with the lawyers or other consultants we engage.
We may also save a recording of your calls to us for training purposes. In that case, we will anonymise anything that can identify the call with you and we shall never share any of your personal data with the employees we train. Live calls and call recordings may also be used for internal and external audits and investigations including by law enforcement agencies.
HOW LONG DO WE KEEP YOUR DATA FOR
(DATA RETENTION POLICY)
We will retain your personal data only for as long as is necessary (taking into consideration the purpose for which it was originally obtained). The criteria we use to determine what is ‘necessary’ depends on the particular personal data in question. In any event, we have to take into account specific legal obligations from applicable laws that make the processing of personal data and related storage necessary for specific period of times. We also need to determine whether there are prescriptive periods for legal actions which could apply.
Except for the data collected when sending a candidacy to a specific position or when sending a general candidacy application, we keep data collected through our website (personal data and query information in contact form) for a period of one (1) year.
If you send us a candidacy to a specific position, we will keep the data collected for as long as is necessary to find the correct candidate for the specific position to which the application was received. After this period expires, we will either delete your data or inform you that, should you accept, we would like to keep your data on file and contact you (using the contact details provided by you) for future roles that match your interests and qualifications for a period of one (1) year.
If you send us a general candidacy application, we will keep your data on file for future positions that match your interests and qualifications, and contact you through the contact details provided by you, for a period of one (1) year.
Where your personal data is no longer required by us, we will either securely delete or anonymize the personal data in question.
Data protection law gives you, as a data subject, certain rights in certain circumstances. In accordance with law, you have a right to:
Request access to your personal data - This means that you have a right to request a copy of the personal data we hold about you;
Request the correction of your personal data – This means that if any personal data we hold about you is incomplete or incorrect, you have a right to have this corrected. In such case, we may need you to provide evidence and documentation (such as your ID documentation or proof of address) to support your request;
Request the erasure of your personal data - This means that you may request the erasure of your personal data where we no longer have a legitimate reason to continue processing it or retaining it. This right is not absolute – in certain cases, such as those where we are obliged under a legal obligation to retain the data, or where we have reason that the retention of data is necessary for us to defend ourselves in a legal dispute, we would not be able to accede to your request;
Object to the processing of your personal data – You may object to the processing of your personal data in cases where we rely on our legitimate interests (or those of a third party) to process your data and you feel that our processing of your data in such a manner impacts your fundamental rights and freedoms. However, in some cases, we may be able to demonstrate that we have a compelling legitimate ground to process your data which may override your rights and freedoms. You may submit your objections to processing of your personal data on the grounds of the above-mentioned legitimate company interests by contacting our Data Protection Officer;
Request the restriction of the processing of your personal data – You may ask us to temporarily suspend the processing of your personal data in one of the following scenarios: (a) where you want us to establish the accuracy of the data, (b) where our use of the data is unlawful but you do not wish for us to delete it, (c) where you need us to retain your data even when we no longer need it in order for you to establish, exercise, or defend legal claims, or (d) where you have objected the use of your data but we need to verify whether we have overriding legitimate grounds to use it;
Request the transfer of your personal data – This means you may request us to transfer certain data we process about you to a third party. This right only applies to data acquired through automated means which you initially provided consent for us to use, or where we used the data to perform our obligations under a contract with you;
Withdraw your consent at any time where we rely on your consent to process the data - ‘Opting out’ or withdrawing your consent will not affect the lawfulness of the processing carried out by us up until the time you withdrew your consent. Withdrawing your consent means that, going forward, you no longer wish for us to process your data in such a manner. This means that you may no longer consent for us to provide you with certain services (such as marketing);
File a complaint with a supervisory authority - In case you face difficulties, we invite you to contact our Data Protection Officer by any means so that we can make all possible efforts to resolve any problem that you may have.
However, should you consider at any time that we are handling your personal information in a manner that leaves you dissatisfied or at a disadvantage, you may at any time file a complaint with the Office of the Information and Data Protection Commissioner by email on firstname.lastname@example.org, by ordinary mail at Information and Data Protection Commissioner, Level 2, Airways House, High Street, Sliema, SLM 1549, Malta or by calling (+356) 2328 7100.
In order to exercise your rights as explained above, we may need to request specific information about you to help us verify your identity. This is a security measure to ensure that we are certain that the person to whom we disclose your personal data is really you.
We aim to respond to all legitimate requests within one-month from the receipt of a request. If your request is particularly complex, or if you have made multiple requests concurrently, it may take us a little longer. In such a case, we will notify you of this extension.
For more information and in order to exercise your rights, please feel free to contact our Data Protection Officer (DPO) by email at email@example.com, by phone at (+356) 2552 0000, and / or by mail at The Data Protection Officer, Demajo House,
103 Archbishop Street, Valletta, VLT 1446, Malta