DATA PROTECTION POLICY
1. Introduction
1.1. To ensure that we fulfil all our legal obligations towards you, Dingli & Dingli Law Firm (“we”) need to process certain types of personal data appropriately irrespective of the medium on which they are held or stored, whether in paper or electronic format. Hence, we have created this policy for you to know the what, how, when and why of our data processing.
2.1. Definitions
2.1. This document is the Data Protection Policy, which is also referred to as the privacy policy on many websites. For the purposes of this Data Protection Policy (hereinafter “the Policy”) the definitions contained in Article 4 of the General Data Protection Regulation, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (hereinafter “GDPR”) shall apply. More specifically, the following words shall have the following meanings:-
“the Controller” refers to Dingli & Dingli Law Firm, and “we”, “us”, “our”, and “ours” shall refer to the Controller and construed accordingly.
“You” shall refer to all clients of the Controller, including but not limited to prospective clients, clients, visitors to the offices of the Controller who provide their Personal Data to the Controller, past clients and all other natural persons who may have provided the Controller with their own Personal Data for any reason whatsoever in relation to the services provided by the Controller and “you” and “your” shall refer to all said clients of the Controller and “your” and “yours” shall be construed accordingly.
“Personal Data” shall refer to means any information relating to an identified or identifiable natural person (‘data subject’); identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.2. Contact Information of the Controller
The Controller may be contacted as follows:-
Postal Address: Dingli & Dingli Law Firm, 18/2, South Street, Valletta
Telephone Number:- +356 21236206
Email address:- info@dingli.com.mt
2.3. How do we collect your Personal Data?
Your Personal Data are acquired by us whenever you fill any form, you visit our site, you request any quotation, you send us an email or somehow contact us in writing, when you request our services and whenever you enter with us into a contractual relationship.
We process your Personal Data in the following methods:- collection, storage, access, printing, storing in paper format, storing on servers locally and within the European Union, access and destruction. We also store your personal data insofar as necessary within all the guarantee/warranty documents we issue subsequent to any purchase by you of any product under warranty.
When you visit our site, we collect the information you provide directly to us. You provide us with information every time you fill in an online form, request customer support, or otherwise contact us through any medium. If you call us on our telephones, we store your telephone numbers on our systems for a limited period but we do not record telephone converations.
When you access or use our website, we automatically collect information about you including:-
(a) Log information about your use of this site including the type of browser you use, access times, pages viewed, your IP address and the page you visited before navigating to our site;
(b) Information about the device your are using:- whether it is a personal computer or a mobile device, including the hardware model, operating system and version, unique device identifiers and mobile network information (if applicable);
(c) Information collected by cookies and other tracking technologies. We use cookies on our webste. Cookies are very small data files which are stored on the device memory (including a hard drive) that help us improve the way we serve you and how you experience our site. We also see which areas of our site or our services are most popular and we count visits to our website. Please, would you kindly consult our cookie policy. You may choose to accept cookies, reject or personalise your cookie experience when you land on our website.
2.4. Types of Personal Data processed
We process the following information:- your name, personal address (if you give it to us in the course of our relationship with you), billing address and billing details, telephone number, bank details, identity card number and all other personal data you would have chosen to provide us with.
2.5. Purposes of Processing
The purposes of processing by the Controller (hereinafter “the Purposes”) shall be the following:-
a. You becoming our client;
b. For us to be able to contact you in the context of the supply of our services to you (if applicable);
c. To be able to provide you with the legal services your request.
d. We also retain your personal information to comply with all our legal obligations, prevent and detect fraud, collect any money owed to us, resolve any disputes which you may have with us, troubleshoot any problems and/or issues, enforce our contractual rights with you and honour our legal obligations to you , prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, enforce our Terms of Use, and take other actions as permitted by law, and, more specifically, the GDPR and the Data Protection Act, 2018 (Chapter 586 of the Revised Edition of the Laws of Malta).
3. Principles relating to the processing by the Controller of Personal Data
3.1. We hereby declare and undertake that we process personal data in terms of and in full observance of the following principles:-
(i) lawfully, fairly and in a transparent manner in relation to you;
(ii) we collect personal data only for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with the Purposes. Hence, the Controller processes the data only for the Purposes;
(iii) the Personal Data collected adequate, relevant and limited to what is necessary in relation to the Purposes. (‘data minimisation’); To this end, you shall only be required to provide all the Personal Data which are strictly necessary for the Purposes.
(iv) You shall ensure that all Personal Data shall be accurate and, where necessary, kept up to date; every reasonable step shall be taken to ensure that Personal Data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
(v) You shall keep the Personal Data in a form which permits identification of yous for no longer than is necessary for the Purposes
(vi) All Personal Data shall be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR subject to implementation of the appropriate technical and organisational measures required by the Regulation in order to safeguard the rights and freedoms of you(‘storage limitation’);
(vii) processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
These principles essentially mean that:-
1. We shall not use the Personal Data in any manner which is not in line with the Purposes;
2. We shall not sell or use the Personal Data for any commercial purposes, other than any of the Purposes;
3. We shall not retain Personal Data for longer than necessary;
4. We shall not destroy Personal Data unless we’re authorised to do so in accordance with the law.
5. We shall not ignore any requests by you for restriction of processing or objection to process of your
Personal Data.
6. We shall accede to all requests made by you in exercise of their rights within and to the extent as permitted by Law.
4. Lawfulness of Processing
4.1. The Controller undertakes that all processing of Personal Data shall be lawful and the processing shall only be executed and performed:-
(i) wherever you have given consent to the processing of his or her Personal Data for the Purposes; and/or
(ii) processing is necessary for the performance of a contract to which you and we are parties and/or in order to take steps at the request of you prior to entering into a contract;
(iii) processing is necessary for compliance with a legal obligation to which we are subject.
5A. Your rights as Data Subject
5.1. We hereby declare that you shall have the following rights with respect to your personal data and, further, undertakes to protect and promote same:-
(a) Transparency: the present Data Protection Policy is aimed at providing you ith all the relative information necessary for you to have all information in relation to how your Personal Data is being processed and all the rights available to him.
(b) The right to access your own Personal Data and the right to request that you be provided with a copy of their data free of any charges, unless such requests become repetitive, frivolous or vexatious, in which case a charge shall be levied.
(c) The right to rectify your Personal Data, should there be any incomplete or out-dated data or data which is, somehow, inaccurate.
(d) The right to erasure of your Personal Data unless there are legal rights and/or policy obligations which impose on us any retention periods. You hereby declare that, in any case, no Personal Data shall be retained for longer than is necessary. With this declaration we confirm that we not be retaining any Personal Data for longer than is strictly necessary in terms of the law. This essentially means that as soon as the prescriptive period for the exercise of a potential action elapses, then we shall destroy the Personal Data. It is also to be noted that no Personal Data shall be deleted and/or destroyed during the validity of a warranty period.
(e) The right to restriction of processing in either of the following cases:-
(i) the accuracy of the Personal Data is contested by you for a period enabling the Controller to verify the accuracy of the Personal Data; or
(ii) the processing is unlawful and you oppose the erasure of the Personal Data and request the restriction of their use instead;
(iii) we no longer need the Personal Data for the purposes of the processing, but they are required for the establishment, exercise or defence of legal claims;
(iv) you have objected to processing pursuant to Article 21(1) of the General Data Protection Regulation pending the verification whether the legitimate grounds of the controller override those of you.
(f) The right to have data portability in a machine-readable format and this essentially shall mean that you have the right to receive the Personal Data concerning you, in a structured, commonly used and machine-readable format and also you have the right to transmit those data to another controller without hindrance from us. Furthermore, you shall have the right to have the Personal Data transmitted directly by us to any other controller indicated by you in writing one controller to another, where technically feasible.
(g) The right to object to processing, should processing be no longer justified on the basis given in Clause
5.1. of this Policy.
(h) The right not to be subjected to automated decision making. The Controller declares that there is no automated decision making which is being carried out on the Personal Data.
5B. Exercise of the Rights of Data Subjects
In order to exercise any of the rights listed in Clause 6A, you shall send an email to info@dingli.com.mt and request the right and/or rights which you would want to exercise. We shall endeavour to accede to the request as soon as it is technically possible
6. Breach
6.1. Should any You suspect a Personal Data breach likely to result in a high risk to your rights and freedoms you may lodge a report to info@dingli.com.mt
6.2. We shall investigate such report and take all the necessary measures in terms of the General Data Protection Regulation and the Data Protection Act, 2018 to ensure that your rights and freedoms and your Personal Data are fully protected, including but not limited to, all the measures in the General Data Protection Regulation. Should the circumstances so warrant in terms of the General Data Protection Regulation, the Controller shall report the breach to the Data Protection Commissioner in terms of the General Data Protection Regulation.
6.3. You shall also have the right to inform and report the said breach to the Information and Data Protection Commissioner at the following website:- https://idpc.org.mt/report-a-breach/
The full details of the Information and Data Protection Commissioner (Malta) may be obtained from the following website:- https://idpc.org.mt/contact/
Other contact details of the Information and Data Protection Commissioner are as follows:-
Address:- Floor 2, Airways House, Triq Il-Kbira, Tas-Sliema SLM 1549
Telephone number:- +356 2328 7100
Email address:- idpc.info@idpc.org.mt
7. Data Transfers
The Controller hereby declares that it does not transfer any Personal Data to any processor and/or controller who do not offer the same levels of protection to Personal Data as that obtaining in terms of the General Data Protection Regulation.
However, we may need third party processors to have access to your Personal Data. Auditors, financial institutions (in case of swift transfers), and all other persons we need to rely on to provide our products are services are data processors and we always ensure that such processors are fully cognizant of their legal obligations arising out of the fact that they are engaged by us and they have access to your Personal Data. Processing activities by such processors shall always be made exclusively in pursuance of the Purposes. Consequently,we may share your Personal Data:-
(i) With and among our employees;
(ii) In response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law, regulation or legal process;
8. Your Personal Data is secure:-
We take reasonable precautions to protect your personal information from unauthorized access, use or disclosure, hacking and misuse. We are aware of our responsibilities to protect the security, confidentiality and integrity of your Personal Data. We cannot guarantee that the physical and security systems we employ are impenetrable, cannot fail and are foolproof. However, we will do all that is feasible and possible to ensrue that all the Personal Data you provide us with shall remain private, secure and safe.
9. Power to you
You may delete your account and account history. To do this, kindly please email us at info@dingli.com.mt, but note that we may retain certain information as required by law or for legitimate business purposes. We may also retain cached or archived copies of information about you for a certain period of time which period of time shall necessarily include warranty periods.
With respect to cookies, please note that most web browsers have the default setting of accepting cookies. If you prefer, you can usually choose to set your browser to remove or reject browser cookies by configuring your browser’s settings. Please be aware, however, that if you choose to disable cookies entirely, a portion of this site or specific functions of this site may not function properly.
If you click on “Subscribe”, you would be authorizing us to contact you with news and update. Feel free to unsubscribe by clicking on “Unsubscribe” in the mailshots you receive from us.
We shall not make use of Personal Data for marketing purposes unless you would have first obtained your prior written consent.
10. Changes/Modification to this Data Protection Policy
We reserve the right to modify or amend this Data Protection Policy at any time by posting the amended Policy on our site. All amended terms take effect upon posting. Each time you use this site, the current version of the Data Protection Policy will govern your use. Accordingly, when you use this site, you should check the date of this Data Protection Policy (which appears at the top) and review any changes since the last version.
11. Contact Information
We welcome your comments regarding this Data Protection Policy. If you believe that we have not adhered to this Data Protection Policy, please contact us on info@dingli.com.mt This will not affect your statutory rights.
12. Relationship with the General Data Protection Regulation
We shall observe the General Data Protection Regulation in its entirety. In case of any inconsistencies between the provisions of this Policy and the General Data Protection Regulation, the latter shall prevail.