E&S Consultancy Limited and/or any related entities (hereinafter referred ‘E&S’, ‘E&S Group’, ‘us’ or ‘we’) understands the importance of Your personal data and how it is used and shared online and according to the agreements entered into with E&S Group. We endeavour in respecting the value of the privacy of all who visit our website and enter into agreement for services provided by E&S Group and ensure that we only collect and retain personal data in ways described in this Policy, and in a manner that adheres with the Company’s obligations and rights under the law.
Under the General Data Protection Regulation 2016/679 (GDPR or Regulation) and other applicable legislation E&S Group is required to comply with data protection including procedures so as to ensure that your data is safeguarded at all times and processed in manner that your rights are protected. E&S Group takes these obligations very seriously and ensures that it has taken all the technical and organisational measures to safeguard your privacy.
E&S Group understands the importance of the data subject’s personal data and how it is used and shared online.
The data controller of this website is E&S Consultancy a company registered in Malta with company registration number C 50332, whose registered office is situated at Palace Court, Church Street, St. Julian’s STJ 3049 Malta.
Our privacy officer can be contacted by email at [email protected], or by Post at Palace Court, Church Street, St. Julian’s STJ 3049 Malta.
Requirements, Information collected and purpose
E&S collects data to operate effectively to provide you with the best experience of our products and services. E&S collects and processes the personal data for specified, explicit, and legitimate purposes. Your personal data shall be processed fairly and lawfully. Your personal data shall not be processed for any purpose that is incompatible with that for which it was collected. E&S ensures that your personal data is adequate and relevant in relation to the purpose of the processing. E&S shall strive that your personal data processed is correct and up to date as to its knowledge at the time of processing. E&S shall collect process and retain personal data only for the extent necessary for the specific purposes for which You have been informed and for the retention period as specified under the heading “Data Retention”.
Your personal data may be processed only if you have unambiguously given your consent or the processing is necessary for the performance of a contract to which you are party or in order for you to be able to enter into contract obligation or for compliance with legal obligations as in the case of Anti Money Laundering and Terrorist Financing Regulations (AML/TF) and any other interest carried out in the public interest or in the exercise of official authority vested in E&S or a third party with whom the personal data is disclosed except where such interest is overridden by the interest to protect the fundamental rights and freedoms that arise from the righty of privacy.
Some of your personal data will be provided directly by you, as in the case when you have submitted an enquiry, contact us for support or when you enter into contractual obligations with us. We also collect personal data automatically using technologies like cookies which shall be explained further under the heading “Cookies”.
E&S shall collect the following personal data when entering into contractual obligations with us:
Your name and surname, email address, postal address, phone number, company name, job title, date of birth, nationality, international passport copy, Identity card copy, driving licence copy, proof of residence (E.g. utility bill or a bank statement copy), e-wallet information (where applicable), personal description and Curriculum Vitae, source of wealth and other similar information data provided by you.
When you visit our website, the following information will automatically be processed and this solely for the use of E&S:
- The requested web page or download;
- Whether the request was successful or not;
- The date and time when you accessed the site;
- The Internet address of the website or the domain name of the computer from which you accessed the site;
- The operating system of the machine running your web browser and the type and version of your web browser and other similar security features which are used for authentication purposes and account access.
E&S ensures that it will not retain your personal data for any longer than it is necessary and for the purposes for which the personal data was originally collected, retained and processed. When your personal data is no longer required we shall take all reasonable steps to ensure that all personal data retained is disposed of in a timely manner. Retention periods may vary between a few months with regard to simple enquiries to over ten years due to legal obligations which arise from different applicable laws and/or court orders.
Personal data provided by use of website
When using this website’s online facilities, you may be required to provide your contact details for contact purposes.
All information provided in the notification form, complaints and queries sections will be solely used by the Data Controller and his staff as may be necessary, to provide you with the services required and for other administrative purposes to enable the controller exercises his functions according to law.
Your rights as data subject
As an individual, you may exercise your right to access your personal data held about you by us by submitting your request in writing to the privacy officer.
E&S shall at your request immediately rectify, block or erase your personal data that has not been processed according to the GDPR and Data Protection Act or processed unlawfully and where applicable proceed with notifying any third party about the measures undertaken. Although all reasonable efforts will be made to keep your information updated, you are kindly requested to inform us of any change referring to the personal data held by us. In any case, if you consider that certain information about you is inaccurate, you may request rectification of such data. Provided that no such notification shall be provided if it is shown to be impossible or it will entail a disproportionate effort.
Under the Regulation you have the right to receive, upon request, a copy of the personal data that you have provided to us in a structured, commonly used and machine-readable format and to transmit such data to another controller, for free. E&S shall endeavour to ensure that such requests are processed within one month for free, subject that it is not excessive and does not affect the rights of other individuals’ personal data.
Right to be forgotten
Upon request, you have the right to have your personal data erased by us. E&S acting as a controller will take all necessary actions (including technical measures) to inform third-party data processors to comply with the request unless your personal data needs to be retained to comply with legal obligations or court orders.
In the event that E&S uses a third-party supplier or business partner to process personal data on its behalf, we shall ensure that this processor will provide security measures to safeguard personal data that is appropriate to the associated risks.
E&S shall endeavour that the third party supplier or business partner is to provide the same level of data protection. We shall ensure that the third party supplier or business partner shall process personal data only to carry out its contractual obligations towards us or upon the instructions of E&S and not for any other purposes.
When we process personal data jointly with an independent third party, we will explicitly specify its respective responsibilities of and the third party in the relevant contract or any other legal binding document.
E&S does not engage in any direct marketing. However, in the event that in the future we decide to engage in any direct marketing we will only do so with your given consent. You may always decide to decline from receiving any notifications and may cancel the service by sending an e-mail to [email protected]
Response to Personal Data Breach Incidents
When we learn of a suspected or actual personal data breach, we shall perform an internal investigation and take appropriate remedial measures in a timely manner. Where there is any risk to your rights and freedoms, we shall notify the relevant Supervisory Authorities without undue delay and, when possible, within 72 hours from when we learn of such breach.
International data transfer
We shall ensure that before transferring personal data out of the European Economic Area (EEA), adequate safeguards will be used including but not limited to the signing of a Data Transfer Agreement/Addendum, as required by the European Union. Authorisation may be obtained from the relevant Data Protection Authority where required. Furthermore, the entity receiving the personal data shall comply with the principles of personal data processing set forth in Cross Border Data Transfer Procedure.
Links to other Web Sites
Transaction Security Policy
E&S shall endeavour that all personal data collected, retained, and processed is stored securely and protected against unauthorised or unlawful processing and against any accidental loss, destruction or damage.
This website uses Secure Sockets Layer (SSL) to ensure secure transmission of your personal data. You should be able to see the padlock symbol in the status bar on the bottom right hand corner of the browser window. The URL address will also start with https:// depicting a secure webpage. SSL applies encryption between two points such as your PC and the connecting server.
Any personal data transmitted during the session will be encrypted or scrambled and then decrypted or unscrambled at the receiving end. This will ascertain that data cannot be read during transmission.
Any comments or suggestions that you may have and which may contribute to a better quality of service will be welcome and greatly appreciated.
This Policy shall be deemed effective as of 6th August 2018.