Privacy Policy – 25th May 2018 onwards
PKF Malta Limited is a limited liability company established under the laws of Malta having its registered address at No15, Level 3, Mannarino Road, Birkirkara, Malta (“We”/”Us”/”Our”).
We are committed to respecting your privacy. If you wish to contact us about our privacy practices please feel free to do so by post on the above-mentioned address or by email at info@pkfmalta.com. You may also wish to contact us by telephone on (+356) 21493041.
Our Data Protection Officer is Mr. Pierre Mangion who may be contacted by email at info@pkfmalta.com or by telephone on (+356) 21484373.
Please read this Privacy Notice carefully to understand our practices with respect to your personal data.
References to “data controller”, “data subject”, “personal data”, “process”, “processed”, “processing” and “Data Protection Officer” in this Privacy Notice have the meanings set out in, and will be interpreted in accordance with applicable laws, including but not limited to the Data Protection Regulation (EU) 2016/679 and the Data Protection Act, Chapter 440 of the Laws of Malta and subsidiary legislation thereto, as may be amended from time to time.
1. UPDATES
We may update this Privacy Notice in our sole discretion including as result of a change in applicable law or processing activities. Any such changes will be communicated to you prior to the commencement of the relevant processing activity.
2. WHAT AMOUNTS TO PERSONAL DATA?
The term “personal data” refers to all personally identifiable information about you, such as your name, surname and address, and includes all information which may arise that can be identified with you personally.
3. HOW DO WE COLLECT PERSONAL DATA?
As a firm, We regularly collect personal data as part of our professional legal services and obligations. We typically collect personal data:
- As part of our client engagement procedures;
- When you or your company requests our services;
- When you or your company provides services to Us or refers clients to us;
- When you contact Us voluntarily in other circumstances such as when seeking employment or traineeship with us or seeking to attend a firm organised or sponsored event.
- Generally, you would have provided your personal data to us. However, in some instances, we may collect personal data about you from third party sources, such as online searches or from public registers.
- Third parties such as Our clients and business partners may also have provided your personal data to us.
4. WHAT PERSONAL DATA DO WE PROCESS?
The personal data we typically collect and process are:
- The personal data that we collect for the fulfilment of our client engagement procedures including Engagement Letter and Due Diligence and any documents or information which you may be required to supply to us for such purposes;
- Personal data that we may process as a result of legal obligations imposed on us;
- Your identity details such as your name, surname, employer, title, position, and status;
- Your contact information such as your email address, physical address, and telephone numbers;
- Your bank account details and other financial information;
- Any information you provide to us when posting a query, complaint or observation through our website www.pkfmalta.com;
- The information you provide to us for the purposes of attending meetings or events;
- Personal data provided to us by, on behalf of or in relation to our clients, business partners, service providers and employees;
- Any personal data lawfully generated by Us in the course of executing our client’s instructions;
- CCTV footage, when you visit our offices; and
- Any personal data which you may voluntarily provide to us.
5. HOW DO WE USE YOUR PERSONAL DATA?
Irrespective of the manner that we have collected your personal data, we will only process such data for the purposes of our services or purposes which are inherently related thereto, including the fulfilment of any legal or regulatory obligation imposed on Us.
Typically, your personal data will be processed for:
- Providing our services to you or to our clients;
- Complying with our legal obligations, in particular, our legal obligations with respect to antimoney laundering and combating the funding of terrorism;
- Conflict check purposes;
- Managing our relationship with you or your company, including for billing and debt collection purposes;
- Securing access to our offices;
- The purpose of a legitimate interest pursued by us or by a third party, provided such interest is not overridden by your interests, fundamental rights and freedoms;
- The purposes you would have requested when providing us your personal data; and
- Keeping you updated with legal updates, news, and events organised by the firm where it is in our legitimate interests to do so.
We might also process your personal data on the basis of your explicit consent, in which case we will process your data for the purposes for which your explicit consent was requested. Processing your data on the basis of consent is not envisaged, except with respect to applicants for a job at PKF Malta who wish that We retain their personal data for the purposes of being contacted with future potential job openings of interest and with respect to communications related to legal updates, newsletters and events in cases where we do not have a legitimate interest to send you such communications.
6. LEGAL BASES OF PROCESSING PERSONAL DATA
We process your personal data on the basis of the following legal bases:
- Entering into and performing a contract – in particular, to provide our services, managing our relationship or receiving a service from you or your company. Providing such personal data is necessary for our performance of such contract (including the services rendered under our Engagement Letter and Terms of Business). The consequence for not doing such processing would be that we would be unable to provide you with legal services and enter into a contract of engagement;
- Our legitimate interests – in particular, legitimate interests which may arise directly or indirectly in relation to our client’s instructions, CCTV footage at our offices, and in keeping you updated with legal updates and events. When we process your personal data on the basis of our legitimate interests, we ensure that the legitimate interests pursued by us are not overridden by your interests, rights and freedoms;
- Your explicit consent – in which case, our processing shall be limited to the purposes specifically indicated when your consent was requested. Processing on the basis of your consent is not envisaged, except with respect to applicants for a job at PKF Malta who wish that We retain their personal data for the purposes of being contacted with future potential job openings of interest and with respect to communications related to events, news and legal updates where we do not have a legitimate interest to send you such communications; and
- Compliance with legal obligations imposed on Us – in particular, obligations imposed on Us as a result of anti-money laundering and combating the funding of terrorism legislation, and to prevent, detect, respond or report other potential illegal activities;
On the basis of our legitimate interests or compliance with legal obligations, as applicable, We may also process your personal data for the purposes of establishing, exercising or defending legal proceedings.
Note that special categories of personal data include data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic, biometric or health data, sexual orientation and data related to your conviction and offences.
Typically, we do not envisage any processing of special categories of personal data and as an audit firm. When special categories of personal data become envisaged on another basis, we will ensure that we have additional grounds for processing your personal data and will communicate to you any relevant information which may be required under applicable laws.
7. RECIPIENTS
We may share your personal data with third party recipients who are:
- selected individuals within our firm, on a need-to-know basis;
- any service providers that may have access to your personal data in rendering us with their support services, including IT and accounting service providers; and
- third parties to whom disclosure may be required as a result of the relationship with our client;
- third parties involved in the organisation of our legal events;
- any business partners to whom you may have requested that we transfer your personal data;
- and third parties to whom disclosure may be required as a result of legal obligations imposed on Us.
- Unless specifically instructed and consented by you, we do not share your personal data with any entity located outside of the EU or EEA.
8. AUTOMATED DECISION-MAKING AND PROFILING
Your personal data will not be used for any decision solely taken on the basis of automated decision making processes, including profiling, without human intervention.
In the interest of transparency, note that We use systems which could profile you. Such systems are used by Us exclusively to help Us comply with the legal obligations imposed on us as a result of anti-money laundering and combating the funding of terrorism legislation. As stated, no automated-decision will result from our use of such systems.
9. DATA RETENTION
We retain your personal data exclusively for the period which is lawfully permissible to retain your personal data. Thereafter, your personal data shall be immediately and irrevocably destroyed. As a result of legal obligations imposed on Us, we typically retain your personal data for up to ten (10) years from the closure of your file and you cease to be Our client, unless we have a statutory obligation imposed on Us to retain your data for a further period or a business need or require your personal data.
If we have a contractual relationship with you and you are not our client, we typically retain your personal data for up to five (5) years from the end of our contractual relationship on the basis of our legitimate interests to protect ourselves from civil cases which you might institute against Us in relation to our contractual relationship.
Invoices, credit notes, and similar transactional documents or information will be kept by us for up to ten (10) years from completion of the relevant transaction on the basis of legal obligations imposed on us to retain such information.
We may have a legitimate interest to hold your data for longer periods such as when your data is required for exercising or defending legal claims.
Any personal data which we may hold on the basis of your consent shall be retained exclusively until when you withdraw your consent. As noted above, retention of data on the basis of your consent is only envisaged in case you apply for a job at PKF Malta and wish that We hold your data for the purposes of being contacted by us in respect of future job opening at PKF Malta or if you wish that we contact you with and with respect to communications related to legal updates, newsletters, and events in cases where we do not have a legitimate interest to send you such communications.
10. YOUR RIGHTS
For as long as We retain your personal data, you have certain rights in relation to your personal data including:
- Right of access – you have the right to ascertain the personal data We hold about you and to receive a copy of such personal data;
- Right to complain – you have the right to lodge a complaint regarding the processing of your personal data with the supervisory authority for data protection matters. In Malta this is the Information and Data Protection Commissioner (contact details provided below);
- Right to Erasure – in certain circumstances you may request that we delete the personal data that we hold about you;
- Right to Object – you have a right to object and request that We cease the processing of your personal data where we rely on our, or a third party’s legitimate interest for processing your personal data;
- Right to Portability – you may request that we provide you with certain personal data which you have provided to us in a structured, commonly used and machine-readable format. Where technically feasible, you may also request that we transmit such personal data to a third party controller indicated by you;
- Right to Rectification – you have the right to update or correct any inaccurate personal data which We hold about you;
- Right to Restriction – you have the right to request that we stop using your personal data in certain circumstances, including if you believe that we are unlawfully processing your personal data or the personal data that We hold about you is inaccurate;
- Right to withdraw your consent – where our processing is based on your consent, you have the right to withdraw your consent. Withdrawal of your consent shall not affect the lawfulness of the processing based on your consent prior to the withdrawal of your consent; and
- Right to be informed of the source – where the personal data We hold about you was not provided to us directly by you, you may also have the right to be informed of the source from which your personal data originates.
Note that We may contact you about our legal updates, newsletters and events on the basis of our legitimate interests to keep you informed of such legal matters if you are a client of our services. In this respect, you have a right to opt-out and to object to receiving any further such communications from us.
Note that if we contact you about our updates, newsletters and events on the basis of your consent, you have a right to withdraw your consent and no longer be contacted for such purposes at any time.
Please note that in terms of the applicable laws, your rights in relation to your personal data are not absolute.
You may exercise the rights indicated in this section by contacting us or our Data Protection Officer at the details indicated above.
11. KEEPING YOUR DATA SECURE
We shall keep your personal data secure and shall commit to take appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, including against accidental loss, destruction, storage or access. Your personal data may be stored in paper files or electronically on our technology systems or on technology systems of our IT service providers.
12. COMPLAINTS
If you have any complaints regarding our processing of your personal data, please note that you may contact us or our Data Protection Officer at the details indicated above. You also have a right to lodge a complaint with the Office of the Information and Data Protection Commissioner in Malta (www.idpc.gov.mt).