INTRODUCTION

Schranz Limited (‘we’, ‘us’, ‘our’, ‘Data Controller’) respect your privacy and take the responsibility to process your (‘user’, ‘you’, ‘Data Subject’) Personal Data only in compliance with The General Data Protection Regulation (GDPR) 2018 in the most secure and transparent manner.

This hereby policy has been drawn up in order to ensure that Data Controller takes all the necessary measures to ensure that the principle of data minimisation is respected, hence this policy sets out the basis of how your Personal Data, being any information from which you may be identified, is processed[1] by us.  This includes data gained through our website by automated means and data processed other than by automated means where it is collected for us to be able to provide services to you, including through any contracts which we may enter into with you, which data forms part of a filing system and is only accessed by authorized personnel within our Company.

GENERAL INFORMATION

According to the particular service which we would be providing, it is our policy to enter into contracts or agreements with you, and for such, we need to process your Personal Data. Generally, this shall include data which is strictly necessary for us to provide the services you request, such as your Identity, Contact and Financial Data.  In addition, we may also request certain Personal Data to ensure compliance with our legal obligations.

Specific privacy notices will be provided to you and annexed with any contracts we have with you or when we request the collection of your personal details which shall list the information which we require and other pertinent information relating to how and why we will process your personal data. These privacy notices should be read in conjunction with this Privacy Policy.

Where data processing is carried out in the public interest, for scientific, historical or statistical purposes, and in all other cases, unless the Data Controller deems that lack of such data would seriously impair the achievement of these purposes, pseudonymisation and other technical measures will be used in order to ensure data minimisation.

It is our obligation to protect the data[2] processed by us against any form of mishandling.

 Processing of data includes the collection, recording, storage, retrieval, alteration or erasure of your data.   The different types of data processed by us depend on the service required by you, and such data may include:

  • Identity Data – first name, last name, title, nationality, date of birth, identity card number/ passport number and gender.

This type of data is processed to secure identification and such information is only used under appropriate safeguards for your rights and freedoms.

  • Contact Data – email address and telephone or mobile numbers.
  • Compliance Data – copy of your passport or national identification document
  • Financial Data – your credit card details
  • Technical Data – Internet Protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the site.
  • Usage Data – information about how you use the site and services.
  • Sensitive Data- details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our business partners and your communication preferences.

DATA CONTROLLER

Schranz Limited, is the Data Controller in relation to your personal data, as we designate the purpose of processing your data, while the Data Controlling Officer, Mr. Silvio Mercieca, as appointed by us shall ensure that this policy is fully adhered to, in that your personal data is processed proportionately, only for justified reasons and that your data is protected to the full extent required by GDPR.

PROCESSING YOUR PERSONAL DATA

Principally, we only collect your data for specific and legitimate reasons.  By merely visiting our website, you do not need to reveal any personal information, yet we may process certain data, namely Location and Technical information which in turn can identify you mainly through your IP address or location information from GPS at the time of access.  Such Technical information also provides us with information about your browsing experience through page interaction information, response time and length of visits to certain pages.  Such information is processed in order to be able to provide you with the best browsing experience.

We reserve the right to make use of any publicly available data when carrying out assessments on the credit worthiness of the customer, wherein you shall be provided with information of such processing.

If you do choose to provide us with your basic personal information (name and email address), through the use of our Contact Form or when you request information about any of our services, we will protect it and process it only in the ways described in this Policy. In this case, your personal information would be used in order for us to be able to assist you and reply to your query accurately, whereby you would be contacted by one of our representatives.

When using any of our Services, we do not collect any Sensitive Data about you, nor do we collect any information about criminal convictions and offences.

We will only use your Personal Data when the law allows us to.  Most commonly, we will use your Personal Data in the following circumstances:

  1. Where we need to perform the contract we are about to enter into or have entered into with you.
  2. Where it is necessary for our legitimate interests (or those of a third party[3]) and your interests and fundamental rights do not override those interests.
  3. Where we need to comply with a legal or regulatory obligation.

Where we require your personal data under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract between us or such performance may be delayed.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us through our Data Controlling Officer.

Please note that we may process your personal data without your knowledge or consent, in compliance with this policy, where this is required or permitted by law.

For your peace of mind, we have drawn up a detailed description of how we plan to use your personal data, which may be processed for more than one lawful ground, depending on the specific purpose for which your data is required.  We have also identified what our legitimate interests are where appropriate.

Kindly contact us through our Data Controlling Officer if you have any queries.

WHY WE COLLECT YOUR DATA

Below is a compilation of the type of data which we require from you and the lawful basis supporting the processing of such data.

CCTV SURVEILLANCE

In order to be able to ensure everybody’s safety and security and in furtherance of our legitimate interest to protect our premises our offices are monitored by CCTV surveillance in order to be able to monitor, detect and prevent illegal or otherwise illicit activity, including any data breach on our premises. In this regard, we may collect Personal Data relating to your appearance as well as your location at a given point in time.  All CCTV footage is deleted after 7 days unless there is an over-riding interest to keep such personal data, such as in cases where there is a legal claim or an ongoing investigation and it may be accessed internally within Schranz Ltd, with third-party service providers and legal authorities, where it is imposed by Law.

MARKETING

Opting In

If you consent to receive our marketing material, such as by subscribing to our newsletter, we may use your Identity and Contact Data to help us further our established relationship with you.

Opting out

You may withdraw your consent at any time and you can ask us or third parties to stop sending you marketing material at any time by following the ‘unsubscribe’ links on any marketing message sent to you or by contacting us through our Data Controlling Officer at any time.

Where you opt out of receiving marketing material, this will not affect the processing of Personal Data provided to us as a result of the services which we provide to you or any Personal Data which we are obliged to retain as a result of our legal obligations.

COOKIES

Our website doesn’t store any cookies.

DISCLOSURES OF YOUR PERSONAL DATA

We will not, without consent, transfer Personal Data to any third party except where such transfer is a necessary part of the services provided. Where data is transferred to third parties or employees, these are bound by the same level of confidentiality and security obligations as the company.

It may be necessary for us to give access to your Personal Data to our affiliated entities for any of the reasons indicated in this policy which are necessary for us to be able to provide the services we offer. Additionally, we may transfer your Personal Data to our IT and software support service providers, our auditors, insurers and external legal counsel.

We require all such entities to respect the security of your Personal Data and to treat it in accordance with the law and we only permit them to process your data for our and in accordance with our instructions.

To comply with our legal obligations, we may also disclose your Personal Data to regulatory or governmental agencies as well as executive and Judicial authorities which may have jurisdiction over our operations.

In all other cases, including before we share your Personal Data with a company outside Schranz Ltd, you shall be requested to provide your express opt-in consent.

INTERNATIONAL

We may transfer your Personal Data outside the European Economic Area (EEA) when it is so necessary:

  1. For the performance of a contract between us or for the implementation of pre-contractual measures taken at your request;
  2. For the conclusion or performance of a contract concluded in your interest between us and another natural or legal person;
  3. For important reasons of public interest; or
  4. For the establishment, exercise or defence of legal claims.

Occasionally we may transfer your personal data to our third-party suppliers, located outside the EEA, such as IT and system support providers which may process your data for our own specified purposes and in accordance with our instructions to ensure that your Personal Data is handled responsibly and in line with applicable data protection laws.

DATA SECURITY

Access to your Personal Data is limited to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your Personal Data on behalf of the Data Controller and they are subject to a duty of confidentiality. Additionally, we have set up appropriate security measures to prevent your Personal Data from being accidentally lost, used altered, disclosed or accessed in an unauthorized way.

We follow our internal procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

DATA RETENTION

Your Personal Data is retained for as long as necessary to fulfil the purposes we collected it for, including for any legal, accounting, or reporting requirements.

To determine such appropriate retention period, we consider the nature, and sensitivity of the data, as well as the potential risk of harm from unauthorised use or disclosure of your data, the purposes for which we process your Personal Data, and the applicable legal obligations.

We retain your personal data exclusively for the period which is lawfully permissible to retain your personal data. Thereafter, your Personal Data is immediately and irrevocably destroyed. As a result of our legal obligations, we typically retain your Personal Data for up to ten (10) years from the completion of a project and when you cease to be our client, unless we have a statutory obligation to retain your data for a further period or a business need or require your Personal Data to exercise or defend legal claims

In particular, we shall retain certain transactional and financial information for a period not exceeding ten (10) years, in compliance with tax and accounting reporting legal obligations.

If we have a contractual relationship with you and you are not our client, we typically retain your personal data for up to five (5) years from the end of our contractual relationship on the basis of our legitimate interests to protect ourselves from civil cases which you might institute against us in relation to our contractual relationship.

When using data for historical, research or statistical purposes we will anonymise your Personal Data in which case we may use this information without further notice to you since it will no longer be associated to you.

YOUR LEGAL RIGHTS

Under the applicable Data Protection Laws, you have the right to:

Request access to your Personal Data, whereby you receive a copy of the Personal Data we hold about you and to confirm that we are processing it lawfully.

Request rectification of any incomplete or inaccurate data that we hold about you.   We have no interest in retaining outdated or incomplete data and so we want you to have control over the precision of the data we hold about you, though we may need to verify the accuracy of the new data you provide to us.

Withdraw consent at any time where we are relying on consent to process your Personal Data, yet as a consequence, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

Request erasure of your Personal Data where there is no good or lawful reason for us to continue to process it or when you have successfully exercised your right to object to processing or where we are required to erase your personal data to comply with the law.

Request the transfer of your Personal Data to you or to a third party, such data will be transferred in a structured, commonly used, machine-readable format.

Object to processing of your Personal Data where we are relying on a legitimate interest and you feel it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes and may opt out as stated above. Notwithstanding your objection, we may demonstrate compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your Personal Data, by asking us to suspend the processing of your personal data in the following scenarios: (a) where our use of the data is unlawful but you do not want us to erase it;  (b) if you want us to establish the data’s accuracy;  (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Be informed of the source from which your personal data originates. where the Personal Data we hold about you was not provided to us directly by you.

You also have the right to object to profiling and analysis of your preferences.

If at any time, you wish to exercise any of the rights set out above, please contact the Data Controlling Officer directly.

On receiving a request regarding the exercise of any of the above-mentioned rights, as a security measure we may request specific information from you to help us confirm your identity and ensure your rights in relation to such data.  We may also contact you for further information in relation to your request to speed up our response.

We will not disclose personally identifiable information we collect from you to third parties without your permission except to the extent necessary including:

  • To fulfill your requests for services.
  • To protect ourselves from liability.
  • To respond to legal process or comply with law, or in connection with a merger, acquisition, or liquidation of the company.

CHANGES TO OUR PRIVACY POLICY

This Privacy Policy will be updated from time to time to reflect changes in our Company or in the Law and you should check back regularly.

DATA ERASURE AND CONTACT DETAILS

Questions, comments, complaints and requests regarding your personal data under this Privacy Policy, including any requests concerning your data rights as stipulated in this policy should be addressed to our Data Controlling Officer on smercieca@schranzltd.com or alternatively sent to: The Data Controlling Officer, Schranz Ltd, 2nd Floor, Dallis Building, Birkirkara Road, St.Julian’s.  STJ 1300

COMPLAINTS

You have the right to make a complaint at any time to the Information and Data Protection Commissioner (“IDPC”) as the supervisory authority for Data Protection issues ( https://idpc.org.mt/en/Pages/contact/complaints.aspx)

However, we would, appreciate the chance to deal with your concerns before you approach the IDPC.


[1] Any operations performed on personal data. These include, but are not limited to collecting, recording, organising, structuring, storing, modifying, consulting, using, publishing, combining, erasing and destroying data.

[2] The terms ‘data’ and ‘information’ are used interchangeably throughout this Policy

[3] A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons, who under the direct authority of the controller or processer are authorised to process personal data.