Introduction

Camilleri Cassar  Advocates is a civil partnership established under the laws of Malta (“we”; “us”; “our”) . We respect your privacy and value its importance. The purpose of this Privacy Notice (“Notice”) is to set out the basis on which we will process your personal data when:

1. you approach and engage us to provide you with our legal and advisory services (the “Services”);

2. receive the various Services that you may request from us during the course of our engagement; and/or

3. you visit and use our website: www.camillericassar.com (the “Website”).

This Notice informs you about the items of personal data that we may collect about you and how we will handle it, and in turn, also tells you about (i) our obligations to process your personal data responsibly, (ii) your data protection rights as a data subject and (iii) how the law protects you.

We process your data in accordance with the Data Protection Act (Cap 440 of the Laws of Malta) (the “Act”), as amended from time to time, and the General Data Protection Regulation (Regulation (EU) 2016/679) (the “Regulation” or the “GDPR”).

Whenever you engage us to provide you with any of our Services, we will process your personal data in accordance with this Notice. References in this Notice to the terms “data controller”, “personal data”, “process” and “Data Protection Officer” shall have the meanings attributed thereto in the Act and the GDPR. 

What is personal data and what and how do we collect it?

Personal Data refers to all personally identifiable information about you, such as your name, surname and address, and includes all information which may arise that can be identified with you personally. We generally collect personal data in the course of providing you with our Services and when you contact us voluntarily for reasons outside the scope of our Services, including for potential employment purposes. Information about you may have been collected by third parties, for instance by your employer or through the use of online public searches. 

If you are aged 18 or under, you are required to get your parent/guardian’s permission before you provide us with any personal data . We may need to process personal data relating to parents or guardians in that case – and we may also need to request for verification documentation to ensure that consent is given or authorised by the holder of parental responsibility.

We generally collect information on you, such as identification documentation, address, status, title, telephone numbers and other information that either a) we are required to collect as a result of anti-money laundering obligations or b) for the purpose of enabling us to carry out the Services required of us. 

How do we use your personal data?

We will only use your personal data which we have collected for the purpose of fulfilling our Services and for fulfilling our legal obligations, including anti-money laundering obligations. The following is a list of purposes in respect of which your personal data may be processed: 

1. Carry out our Services to you or to the third party that provided us with your personal data; #

2. Carrying out conflicts checks;

3. Managing our relationship with you, including for billing and debt collection purposes;

4. the purpose of a legitimate interest carried out by us or by a third party.

There may be instances when we process your data as a result of you having provided your explicit consent. 


Legal Basis for Processing your Personal Data

We can only use your personal data if we have a proper reason for doing so, including:

1. For the performance of our Services which you engaged us to perform or to take steps at your request before entering into a contract, for example because processing is necessary for the performance of a client instruction;

2. To comply with our legal and regulatory obligations;

3. For our legitimate interests or those of a third party; A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

4. For the establishment, exercise or defence of legal claims or proceedings; or

5. Where you have given consent. Where we apply your consent as a basis to process personal data we acknowledge that you may withdraw such consent at any time, in which case, unless there is another lawful ground which permits us to continue to process the personal data, we shall cease to process that personal data. Before giving us your consent please be sure that you understood what we are asking your consent for.

Please note that special categories of personal data include data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic, biometric or health data, sexual orientation and data related to your conviction and offences. We expect that we would only be required to process such sensitive data for the purposes of establishing, exercising or defending legal claims. 

Please contact us at info@camillericassar.com if you need details or wish to inquire about the specific lawful basis we are relying on to process your personal data. 

Disclosure of your Personal Data

We may have to grant access to, disclose or share your personal data with the parties set out below for the purposes set out above:

1. Other law firms involved in the provision of the Services to you (including instructing law firms, law firms with whom we are collaborating or law firms that we have engaged for you at your request or on your behalf).

2. Suppliers and external agencies that we engage to process information on our and/or your behalf, including to provide you with the information and/or materials that you have requested.

3. Our service providers, including those that provide IT support and system administration services.

4. Professional advisers such as consultants, bankers, professional indemnity insurers, brokers and auditors.

5. The Commissioner for Revenue, regulators and other authorities, including the Courts of Malta, the Financial Intelligence Analysis Unit, the Police Authorities and the Malta Financial Services Authority.

6. Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets (successors in title). Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Notice.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our documented instructions.

Data Retention

We retain your personal data exclusively for the period which is lawfully permissible to retain your personal data. Thereafter, your personal data shall be immediately and irrevocably destroyed. As a result of our legal obligations, we typically retain your personal data for up to ten (10) years from the closure of your file and you cease to be our client, unless we have a statutory obligation to retain your data for a further period or a business need or require your personal data to exercise or defend legal claims.

If we have a contractual relationship with you and you are not our client, we typically retain your personal data for up to five (5) years from the end of our contractual relationship on the basis of our legitimate interests to protect ourselves from civil cases which you might institute against us in relation to our contractual relationship.

We will keep invoices, credit notes and similar transactional documents or information for up to nine (9) years from completion of the relevant transaction on the basis of legal obligations imposed on us to retain such information.

We may have a legitimate interest to hold your data for longer periods such as when your data is required for exercising or defending legal claims. Any personal data which we may hold on the basis of your consent shall be retained exclusively until when you withdraw your consent.  

Your Rights

For as long as we retain your personal data, you have certain rights in relation to your personal data including:

1. right of access – you have the right to ascertain the personal data we hold about you and to receive a copy of such personal data;

2. Right to complain – you have the right to lodge a complaint regarding the processing of your personal data with the supervisory authority for data protection matters.;

3. Right to Erasure – in certain circumstances you may request that we delete the personal data that we hold about you;

4. Right to Object – you have a right to object and request that we cease the processing of your personal data where we rely on our, or a third party’s legitimate interest for processing your personal data;

5. Right to Portability – you may request that we provide you with certain personal data which you have provided to us in a structured, commonly used and machine-readable format. where technically feasible, you may also request that we transmit such personal data to a third-party controller indicated by you;

6. Right to Rectification – you have the right to update or correct any inaccurate personal data which we hold about you;

7. Right to Restriction – you have the right to request that we stop using your personal data in certain circumstances, including if you believe that we are unlawfully processing your personal data or the personal data that we hold about you is inaccurate;

8. Right to withdraw your consent – where our processing is based on your consent, you have the right to withdraw your consent. withdrawal of your consent shall not affect the lawfulness of the processing based on your consent prior to the withdrawal of your consent; and

9. Right to be informed of the source – where the personal data we hold about you was not provided to us directly by you, you may also have the right to be informed of the source from which your personal data originates.

You may exercise the rights indicated in this section by contacting us at the details indicated above.

Keeping Your Data Secure

We shall keep your personal data secure and shall commit to take appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, including against accidental loss, destruction, storage or access. Your personal data may be stored in paper files or electronically on our technology systems or on technology systems of our IT service providers.

Complaints

If you have any complaints regarding our processing of your personal data, please note that you may contact us at the details indicated above. you also have a right to lodge a complaint with the Office of the Information and data Protection Commissioner in Malta (www.idpc.gov.mt). 

Last Updated 31 July 2018