Camilleri Preziosi is a civil partnership established under the laws of Malta having its registered address at Level 3, Valletta Buildings, South Street, Valletta, VLT 1103, Malta (“We”/”Us”/”Our”). We are considered to be the data controller of any personal data provided to Us in terms of this Privacy Notice.
We are committed to respecting your privacy. If you wish to contact Us about Our privacy practices please feel free to do so by post at the abovementioned address or by email on firstname.lastname@example.org. You may also wish to contact Us by telephone on (+356) 21238989
Our Data Protection Officer is Dr Louis de Gabriele who may be contacted by email at email@example.com or by telephone on (+356) 21238989.
Please read this Privacy Notice carefully to understand Our practices with respect to your personal data.
References to “data controller”, “data subject”, “personal data”, “process”, “processed”, “processing” and “Data Protection Officer” in this Privacy Notice have the meanings set out in, and will be interpreted in accordance with applicable laws, including but not limited to the Data Protection Regulation (EU) 2016/679 and the Data Protection Act, Chapter 586 of the Laws of Malta and subsidiary legislation thereto, as may be amended from time to time.
We may update this Privacy Notice at Our sole discretion as result of a change in applicable law or processing activities. Any such changes will be communicated to you prior to the commencement of the relevant processing activity.
2 WHAT AMOUNTS TO PERSONAL DATA?
The term “personal data” refers to all personally identifiable information about you, such as your name, surname and address, and includes all information which may arise that can be identified with you personally, either directly or indirectly.
3 HOW DO WE COLLECT PERSONAL DATA?
As a law firm, We regularly collect personal data as part of Our professional legal services and obligations. We typically collect personal data:
- As part of Our client engagement procedures;
- When you or your company requests Our legal advice;
- When you or your company provides services to Us or refers clients to Us;
- When you post a query, complaint or observation through Our website www.camilleripreziosi.com; and
- When you contact Us voluntarily in other circumstances such as when seeking employment or traineeship with Us or seeking to attend a firm organised or sponsored event.
Generally, you would have provided your personal data to Us. However, in some instances, We may collect personal data about you from third party sources, such as online searches or from public registers.
Third parties such as Our clients and business partners may also have provided your personal data to Us.
4 WHAT PERSONAL DATA DO WE PROCESS?
The personal data We typically collect and process are:
- The personal data that We collect for the fulfilment of Our client engagement procedures including all personal data in Our Client Set-up Form, Engagement Letter and Due Diligence Questionnaire and any documents or information which you may be required to supply to Us for such purposes;
- Personal data that We may process as a result of legal obligations imposed on Us;
- Your identity details such as your name, surname, employer, title, position, and status;
- Your contact information such as your email address, physical address and telephone numbers;
- Your bank account details and other financial information;
- Any information you provide to Us when posting a query, complaint or observation through Our website www.camilleripreziosi.com;
- Information you provide to Us for the purposes of attending meetings or events;
- Personal data provided to Us by, on behalf of or in relation to Our clients, business partners, service providers and employees;
- Any personal data lawfully generated by Us in the course of executing Our client’s instructions;
- CCTV footage, when you visit Our offices; and
- Any personal data which you may voluntarily provide to Us.
5 HOW DO WE USE YOUR PERSONAL DATA?
Typically, your personal data will be processed for:
- Providing Our legal advice and legal services to you or to Our clients;
- Complying with Our legal obligations, in particular Our legal obligations with respect to antimoney laundering and combating the funding of terrorism;
- Conflict check purposes;
- Managing Our relationship with you or your company, including for billing and debt collection purposes;
- Securing access to Our offices;
- The purpose of a legitimate interest pursued by Us or by a third party, provided such interest is not overridden by your interests, fundamental rights and freedoms;
- The purposes you would have requested when providing Us your personal data; and
- Keeping you updated with legal updates, news, and events organised by the firm where it is in Our legitimate interests to do so.
We might also process your personal data on the basis of your explicit consent, in which case We will process your data for the purposes for which your explicit consent was requested. Processing your data on the basis of consent is not envisaged, except with respect to (i) applicants applying for a job at Camilleri Preziosi who wish for Us to retain their personal data for the purposes of being contacted about future potential job openings of interest and (ii) communications related to legal updates, newsletters and events in cases where We do not have a legitimate interest to send you such communications.
6 LEGAL BASES OF PROCESSING PERSONAL DATA
We process your personal data on the basis of the following legal bases:
- Entering into and performing a contract – in particular to provide Our legal services, managing Our relationship or receiving a service from you or your company. Providing such personal data is necessary for Our performance of such contract (including the services rendered under Our Engagement Letter and Terms of Business). The consequence for not providing Us with your personal data would be that We would be unable to provide you with legal services and enter into a contract of engagement;
- Our legitimate interests – in particular legitimate interests which may arise directly or indirectly in relation to Our client’s instructions, CCTV footage at Our offices, and in keeping you updated with legal updates and events. When We process your personal data on the basis of Our legitimate interests, We ensure that the legitimate interests pursued by Us are not overridden by your interests, rights and freedoms;
- Your explicit consent – in which case, Our processing shall be limited to the purposes specifically indicated when your consent was requested. Processing on the basis of your consent is not envisaged, except with respect to applicants applying for a job at Camilleri Preziosi who wish for Us to retain their personal data for the purposes of being contacted with future potential job openings which may be of interest and with respect to communications related to events, news and legal updates where We do not have a legitimate interest to send you such communications; and
- Compliance with legal obligations imposed on Us – in particular obligations imposed on Us as a result of anti-money laundering and combating the funding of terrorism legislation, and to prevent, detect, respond or report other potential illegal activities.
We may also process your personal data for the purposes of establishing, exercising or defending legal proceedings on the basis of Our legitimate interests or compliance with legal obligations, as applicable.
Note that special categories of personal data include data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic, biometric or health data, sexual orientation and data related to your conviction and offences. Typically, We do not envisage any processing of special categories of personal data and as a law firm, generally We would only require to process such data if We are involved in the establishment, exercise or defence of legal claims.
When special categories of personal data become envisaged on another basis, We will ensure that We have additional grounds for processing your personal data and will communicate to you any relevant information which may be required under applicable laws.
We may share your personal data with third party recipients who are:
- selected individuals within Our firm, on a need-to-know basis;
- any service providers that may have access to your personal data in rendering Us with their support services, including IT and accounting service providers;
- third parties to whom disclosure may be required as a result of the relationship with Our client;
- third parties involved in the organisation of Our legal events;
- any business partners to whom you may have requested that We transfer your personal data; and
- third parties to whom disclosure may be required as a result of legal obligations imposed on Us.
Unless specifically instructed and consented by you, We do not share your personal data with any entity located outside of the EU or EEA.
8 AUTOMATED DECISION-MAKING AND PROFILING
Your personal data will not be used for any decision solely taken on the basis of automated decisionmaking processes, including profiling, without human intervention.
In the interest of transparency, note that We use systems which could profile you. Such systems are used by Us exclusively to help Us comply with legal obligations imposed on Us as a result of anti-money laundering and combating the funding of terrorism legislation.
9 DATA RETENTION
We retain your personal data exclusively for the period which is lawfully permissible to retain your personal data. Thereafter, your personal data shall be immediately and irrevocably destroyed.
As a result of legal obligations imposed on Us, We typically retain your personal data for up to ten (10) years from the closure of your file and termination of Our professional relationship, unless We have a statutory obligation imposed on Us to retain your data for a further period or a business need or require your personal data to exercise or defend legal claims.
If We have a contractual relationship with you and you are not Our client, We typically retain your personal data for up to five (5) years from the end of Our contractual relationship on the basis of Our legitimate interests to protect ourselves from civil cases which you might institute against Us in relation to Our contractual relationship.
Invoices, credit notes and similar transactional documents or information will be kept by Us for up to nine (9) years from completion of the relevant transaction on the basis of legal obligations imposed on Us to retain such information.
We may have a legitimate interest to hold your data for longer periods such as when your data is required for exercising or defending legal claims.
Any personal data which We may hold on the basis of your consent shall be retained exclusively until when you withdraw your consent. As noted above, retention of data on the basis of your consent is only envisaged in case you apply for a job at Camilleri Preziosi and wish for Us to hold your data for the purposes of being contacted by Us in respect of future job opening at Camilleri Preziosi or if you wish for Us to contact you with respect to communications related to legal updates, newsletters and events in cases where We do not have a legitimate interest to send you such communications.
10 YOUR RIGHTS
For as long as We retain your personal data, you have certain rights in relation to your personal data including:
- Right of access – you have the right to ascertain the personal data We hold about you and to receive a copy of such personal data;
- Right to complain – you have the right to lodge a complaint regarding the processing of your personal data with the supervisory authority for data protection matters. In Malta this is the Information and Data Protection Commissioner (contact details provided below);
- Right to Erasure – in certain circumstances you may request that We delete the personal data that We hold about you;
- Right to Object – you have a right to object and request that We cease the processing of your personal data where We rely on Our (or a third party’s) legitimate interest for processing your personal data;
- Right to Portability – you may request that We provide you with certain personal data which you have provided to Us in a structured, commonly used and machine-readable format. Where technically feasible, you may also request that We transmit such personal data to a third party controller indicated by you;
- Right to Rectification – you have the right to update or correct any inaccurate personal data which We hold about you;
- Right to Restriction – you have the right to request that We stop using your personal data in certain circumstances, including if you believe that We are unlawfully processing your personal data or the personal data that We hold about you is inaccurate;
- Right to withdraw your consent – where Our processing is based on your consent, you have the right to withdraw your consent. Withdrawal of your consent shall not affect the lawfulness of the processing based on your consent prior to the withdrawal of your consent; and
- Right to be informed of the source – where the personal data We hold about you was not provided to Us directly by you, you may also have the right to be informed of the source from which your personal data originates.
Note that We may contact you about Our legal updates, newsletters and events on the basis of Our legitimate interests to keep you informed of such legal matters if you are a client of Our services. In this respect, you have a right to opt-out and to object to receiving any further such communications from Us.
Note that if We contact you about Our legal updates, newsletters and events on the basis of your consent, you have a right to withdraw your consent and no longer be contacted for such purposes at any time. You may exercise the rights indicated in this section by contacting Us or Our Data Protection Officer at the details indicated above.
Please note that in terms of the applicable laws, your rights in relation to your personal data are not absolute.
11 KEEPING YOUR DATA SECURE
We shall keep your personal data secure and shall commit to take appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, including against accidental loss, destruction, storage or access. Your personal data may be stored in paper files or electronically on Our technology systems or on technology systems of Our IT service providers.
If you have any complaints regarding Our processing of your personal data, please note that you may contact Us or Our Data Protection Officer at the details indicated above. You also have a right to lodge a complaint with the Office of the Information and data Protection Commissioner in Malta
13. PROVISION OF PERSONAL DATA RELATED TO THIRD PARTY DATA SUBJECTS
If you are a company, intermediary or other corporate entity, and you supply Us with Personal Data of third party data subjects such as your employees, affiliates, service providers, underlying clients/customers, directors or any other individuals, you shall be solely responsible to ensure that:
- you immediately bring this privacy notice to the attention of such data subjects and direct them to it;
- the collection, transfer, provision and any processing of such personal data by you fully complies with any applicable laws;
- as data controller you remain fully liable towards such data subjects and shall adhere to applicable laws;
- you collect any information notices, approval, consents or other requirements that may be required from such data subject before providing Us with their personal data; and
- you remain responsible for making sure the information you give Us is accurate and up to date, and you undertake to tell Us immediately if the personal data changes as soon as possible.
You hereby fully indemnify Us and shall render Us completely harmless on first written demand against all costs, damages or liability of whatsoever nature resulting from any claims or litigation (instituted or threatened) against Us as a result of your provision of said personal data to Us.