The following provisions constitute the current Privacy Statement issued by 3a Malta Limited of Level 2, Palazzo Ca’Brugnera, Valley Road Birkirkara BKR 9024 (“3a”; “we”; “us”; “our”). Your privacy is important to us and we are committed to ensure confidentiality, accuracy and security of your personal data that we collect about you (“you,” or “your”).
This Privacy Statement is applicable to the following persons:
- Visitors of our website www.3amalta.com (the “Website”);
- Persons who may approach and engage us to provide professional and accounting services (the “Services”); and
- Persons who use our Services
This Privacy Statement is intended for you to understand what personal data is, the categories of personal data being collected and the manner in which this is collected, the reasons for collection and the use and disclosure of such personal data. This privacy statement is also intended to explain your rights in relation to the personal data collected about yourself.
Any information you provide to us shall be collected and processed in accordance with the relevant data protection and privacy laws and regulations applicable from time to time, including but not limited to the Data Protection Regulation (EU) 2016/679 (“GDPR”), the Data Protection Act, Chapter 586 of the Laws of Malta and any subsidiary legislation thereto, as may be amended from time to time.
Who we are
The data controller responsible for your personal data is 3a Malta Limited, a private limited liability company, having its registered address at Level 2, Palazzo Ca’Brugnera, Valley Road Birkirkara BKR 9024.
We are the data controller of any personal data which we collect or receive and which we may process in connection with the Services and/or the Website. Kindly note that your personal data may be shared with our related entity, 3a Accountants to provide you with our professional services.
Depending on the Services being offered, there may be instances where we also act as a data processor on behalf of a data controller, for example when providing payroll services. In such cases, we shall provide our clients with an additional Data Processing Agreement which sets out the required terms and conditions as part of that agreement. The said Data Processing Agreement should be read in conjunction with this privacy statement.
Our contact details are as follows:
Full Name of legal entity: 3a Malta Limited
Postal Address: Level 2, Palazza Ca’ Brugnera,Valley Road, Birkirkara, BKR9024 Malta
Telephone Number: +356 2757 2757
Email address: email@example.com
“Data Controller” or “controller” means the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of the personal data;
“Data Processor” or “processor” means a natural or legal person which processes personal data on behalf of the Data Controller; ‘
“Data Subject” means an identifiable natural person whom we collect and process personal data;
“Data Subject Rights” means the rights recognised to the Data Subject pursuant to the relevant applicable data protection legislation and the GDPR;
“Personal Data” means the data relating to a natural living person who can be identified from the personal data we collect and process. Personal data includes but not limited to, name and surname, nationality, date of birth, residential address, gender, identity card and passport number, phone and mobile number, bank account details, personal email address and tax status.
“Services” means the services as agreed upon in the Engagement Letter to be entered into between yourself and 3a.
“Special Categories of Personal Data” means Personal Data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation, including data relating to criminal convictions and offences or related security measures.
“Supervisory Authority” means the Information Data Protection Commissioner;
Kindly note that personal data does not include information related to a legal person such as a company or other similar legal entity. Therefore information such as a company name, company registration number and registered address do not constitute as personal data in terms of the GDPR and Data Protection Act. Henceforth, although we will treat all information with utmost confidentiality, the processing of company data does not give rise to controller obligations in terms of applicable legislation.
Which personal data we collect
We may collect and use any type of personal data which is entrusted to us by you which may include the following categories of personal data:
- Name & surname
- Residential address
- Telephone phone and/or mobile number
- Proof of identification such as identity card or passport number
- Email address
- Professional References
- Know Your client information
- Bank and payment details including information about your bank account and other banking information
- Information in relation to which you are seeking our professional services
- Information processed for client/relationship management and file opening procedures such as business information, identification and your relationship with others
- Occupation and income details such as employer name, status and salary
- Resumes and/or applications
- Letters of offers and letters of acceptance
- Print logs
- Information provided through emails, fax and instant messaging
- Call logs for communication purposes and/or billing purposes
- Data from publicly available sources
- Information provided to us in relation to which you are seeking our professional services
- Other information voluntarily provided to us
- IP addresses
- Browser type and versions
- Locations and Time Zones
If you provide us with personal data about someone else such as an employee, please ensure that you are entitled to disclose such information to us and that, without taking any further action, we may collect, and process personal data as described herein.
How we collect your personal data
Your personal data may be collected or accessed in a number of ways including:
- Directly from yourself in the course of our business relationship with you or your organisation;
- Through the use of our Services;
- Generated by us in correspondence when you communicate with us to request information or when you send us a query, a CV or a complaint;
- When you communicate with us through the use of our Website (www.3amalta.com);
- Through the use of our technologies and security systems such as invoicing software, emails and text messaging and social media platforms
- From government agencies and publicly accessible sources
How and Why we use your personal data
We may process your personal data in different ways depending on the purpose for which we collected the personal data. In terms of data protection legislation, we will only process your personal data, if we have a proper reason to do so, based on any one of the following grounds:
- For the performance of a contract with you;
- To comply with our legal and regulatory obligations;
- For our legitimate interests or those of a third party. A legitimate interest is when we have a commercial or business reason to use your information so long as our legitimate interest is not overridden by your rights and interests;
- For the establishment, exercise or defence of legal claims or proceedings; or
- Where you have given consent. In instances where we process personal data on the basis of consent, we will ensure that your consent is freely given and we will further ensure that you will have the right to withdraw consent at any time, unless there is another lawful ground which permits us to continue processing your personal data.
We may also process special category personal data on the following grounds:
- Where you have given us explicit consent;
- For compliance of our legal obligations;
- For compliance with employment law obligations;
- Where it is necessary to protect your vital interests;
- For the establishment, exercise or defence of legal claims; and/or
- Where you have manifestly made the personal data public
We may process your personal data for the following purposes:
- To enable us to supply professional services to you as our client;
- To verify your identity;
- To manage and administer your (or your organisation’s) relationship with us for example, to process payments, accounting, auditing and billing;
- Process financial transactions on your behalf and as instructed by you;
- To comply with and fulfil our professional, legal and regulatory obligations under the relevant legislation;
- To fulfil external mandatory reporting obligations that we may have to the FIAU, MFSA, the Police and any other public, regulatory law enforcement or tax authorities;
- To enable us to invoice you for our Services and investigate/address any fee disputes that may have arisen;
- To gather, provide or confirm information required or relating to investigations by enforcement authorities, regulatory bodies or government agencies;
- To enable us to maintain appropriate client records as may be required under the applicable law;
- To contact you about other services we provide which may be of interest to you if you have expressly given your consent for us to do so;
- To detect, prevent and/or report fraud or any other criminal activity that comes to our knowledge and attention
- To administer, manage, develop and protect our businesses and services including the management of our relationship with clients, maintain and use IT systems and administer and manage our website, systems and applications;
- For health and safety reasons;
- To record and deal with complaints received
Marketing & Third-party marketing
You may receive marketing communications from us (such as newsletters, publications and other information) when you enter into a client relationship, provided you have not opted out of receiving such marketing communications from us.
We will get your express opt-in consent before we share your personal data with any third parties for marketing purposes.
You may always ask us to stop sending you marketing communications at any time by following any of the available links on any marketing communication sent to you.
Data Subject Rights
As a data subject, you have the following rights:
- Right to request access to your personal data held by us. This enables you to receive a copy of the information which we hold on you. You may send us an email to firstname.lastname@example.org to request a copy of this information. When you make such request, you will receive one copy free of charge via email of the personal data being processed. Further requested copies may be subject to a fee.
- Right to information when we collect and process your personal data from publicly available or third-party sources. In such cases, we will inform you, within a reasonable time about these sources from which we have collected your personal data.
- Right to Rectification or correction of the personal data we hold about you. You may request that your personal data be amended or updated where it is inaccurate or incomplete.
- Right to Erasure (“Right to be Forgotten”) of your personal data. You may request that we delete your personal data, where there is no good reason for us to continue processing such data or your data is being processed unlawfully or you have exercised your right to object to processing. This right is subject to legal, compliance and regulatory obligations which we may be subject to including anti-money laundering regulations.
- Right to Object to processing of your personal data. You have the right to ask us to suspend the processing of your personal data on grounds relating to your particular situation and the right to object to your personal data being processed for direct marketing purposes;
- Right to Data Portability. You have the right to request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service. This is only applicable to automated information to which you provided consent to use to use and to such information used to perform a contract with you.
- Right to withdraw your consent. You have the right to withdraw your consent at any time where we are relying on consent to process your personal data. Please note that the withdrawal of consent will not affect the lawfulness of any processing which we may have carried out before withdrawal of consent.
Disclosure of Personal Data
Throughout the course of providing our Services to you and in order to fulfil our legal obligations, we may be required to share your personal data with the following persons, organisations and public authorities:
- Our associated or affiliated entities
- Our employees and officers who are assigned to carry out the functions of 3a to provide you with our Services
- Professional advisors involved in the provision of the Services, such as such as your internal and external advisors, auditors and law firms
- Our service providers, including IT support and systems administration services contracted
- Suppliers and external agencies or entities that we engage to process information on our behalf
- Regulators and authorities (local and overseas), including the Courts of Malta, the Financial Intelligence Analysis Unit, the Malta Financial Services Authority, Jobsplus, VAT Department, the Commissioner for Revenue, the Malta Business Registry and the Police authorities.
- Any third parties with whom you permit us to correspond with on your behalf and expressly give your consent to us in writing to share your personal data with
We do not generally transfer your personal data to entities outside the European Economic Area (the ‘EEA’), except where necessary to provide the requested Services, to fulfil our contractual obligations to you or your respective entity, to exercise and enforce our contractual rights, to comply with our legal or regulatory obligations or assert, file or exercise a legal claim.
However, where we allow the process of your personal information outside the EEA, we will ensure that your personal data is transferred to countries that have deemed to provide an adequate level of protection for personal data by the European Commission and in the absence of an adequate decision, we will use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
Retention of Personal Data
We retain the personal data processed by us for as long as necessary for the purpose for which it was collected mainly, the provision of Services and the ongoing performance of our professional relationship with you and, thereafter, for the purpose of satisfying any legal, accounting, tax and anti-money laundering reporting obligations.
In the absence of a specific legal, regulatory or contractual requirement, our retention period for personal data, records and other documentary evidence held or otherwise created in the provision of services is eleven years.
Upon your request we will delete or anonymise your personal data so that it no longer identifies you. However, this is limited as there are instances in which we are legally obliged by law to retain your personal data. These may include situations where there is an unresolved issue/claim/dispute relating to yourself where we are legally obliged to keep your personal data for legal, tax, audit and accounting obligations for a specified period of time and where it is necessary for our business legitimate interests such as fraud prevention.
Security of Your Personal Data
We will take all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal data. For example, we store all data electronically on secured servers which data can only be accessed by trained professionals under contract with us i.e. employees or IT consultants. In addition, we also make use of back-up systems and the use of firewalls and encryptions.
We will also limit access to your personal data to those employees, contractors and other professional third parties who strictly need to know this information. They will only process your personal data on our instructions, and they are subject to the duty of confidentiality.
Please be aware that while we will take all necessary steps to ensure the protection of your data, we cannot provide any guarantee should the security be compromised through no fault of our own.
As part of our recruitment process, or in case you send us a CV in connection to a job application through our Website, we may collect and process such personal data. If your application is unsuccessful, we may keep this information on file for up to six months in case of any future employment opportunities for which you may be suited.
Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie.
The information obtained from these cookies does not identify you personally.
To check which cookies are used on these platforms, you may use Chrome’s built-in cookie view by clicking on ‘Secure’ next to the URL Bar and then click cookies. Most browsers allow you to browse privately, whereby cookies are automatically erased after you visit a particular website, such as the following:
- Google Chrome 10 and later versions: Incognito
- Internet Explorer 8 and later versions: In Private
- Firefox 3.5 and later versions: Private Navigation/Browsing
- Safari 2 and later versions: Private Navigation/Browsing
Disallowing or removing cookies
You may use your browser’s settings to prevent the installation of cookies. This may be clicking on “help” on your browser menu. This may lead you to instructions on how to prevent cookies from being installed.
Kindly note that preventing cookies may lead to the Website or parts of the Website not functioning correctly or from functioning at all.
You can manage cookies by activating the setting on your internet browser that allows you to refuse the setting of all or some cookies.
Please be aware that if you remove all cookies some of your settings may not be remembered by the Website and you will have to re-enter the information.
For more extensive information, please refer to www.aboutcookies.org or www.allaboutcookies.org
In case you have any further questions about cookies, please contact us on email@example.com.
Links to other Web Sites
Our Website has a number of links to other local and international organisations and agencies. In some cases, for the benefit of the visitor, it may be required that we link to other web sites of other organisations after permission is obtained from them respectively. It is important for you to note that upon linking to another website, you are no longer on our Website and you become subject to the privacy statement of the new Website, if any.
We shall ensure that all personal data provided to us or collected throughout the provision of the Services is kept confidential. This stipulation on confidentiality shall not apply to personal data which is known to the public or which have been disclosed pursuant to a legal requirement or a court order.
Amendments to this Privacy Statement
3a reserves the right to amend this Privacy Statement from time to time therefore we encourage you to refer to this privacy statement periodically. In case of such amendments, we will inform you accordingly in writing and further supply to you and/or otherwise make available a copy of such amended privacy statement.
If you have requested details of the personal data, we hold about you and you were not satisfied with the response or think that we have not complied with the GDPR or other applicable legislation in some other way, you can send a complaint to us in writing via email on firstname.lastname@example.org.
As a data subject, you have the right to lodge a complaint with the Office of the Information and Data Protection Commissioner (https://idpc.org.mt) if you believe that your rights as indicated under the GDPR have been breached or have not been complied with.
Last updated: 13th May 2021