Privacy Policy
For the purposes of applicable data protection and privacy laws, Widows Sons Scotland - Malta Chapter (‘our’ ‘us’, ‘we’), with its location in Malta, is considered the ‘Controller’ in respect of the Personal Data that it collects, uses and managers in accordance with this Privacy Policy.
Protecting your privacy is important to us at WSSM. We are committed to protecting all Personal Data provided to us, whether by individuals with whom we do business, visitors to and users of our websites or otherwise. Personal Data is information which relates to an identified or identifiable individual person.
This Policy explains what Personal Data we collect, how we may use and manage it and the rights you have in relation to your Personal Data. Before you provide us with any Personal Data, we recommend that you read through this Policy in full and make sure that you agree with our privacy practices.
Note that our website may contain links to other websites operated by third parties and over which we have no control or responsibility. In this case, these third-party websites are not subject to our Policy, and we recommend that you check their separate privacy and security policies accordingly.
Whose Personal Data do we collect?
WSSM collects Personal Data from individuals in the course of its business activities, including:
- Representatives of our suppliers, customers and business contacts;
- Consultants and contractors;
- Website users;
- Individuals who contact us by any means;
- Job applicants.
How we collect your Personal Data
We obtain Personal Data which you knowingly and voluntarily disclose to us, both in an online and offline context. We collect Personal Data when you:
- Visit our websites and / or complete one of our webforms;
- Communicate with us in any way;
- Complete surveys issued by us;
- Visit our premises or meet our sales representatives and staff;
- Submit an order to us;
- Report issues to us.
What Personal Data we collect
WSSM may collect a range of Personal Data from you in a business context, such as your name, gender, job title, nationality, photographic identification, email, home address or other contact details, details of your business and other interests, communications with you (including meeting notes) and financial and payment information.
When you use our website, we collect certain standard information that is sent by your browser to our websites. This includes technical information, such as your IP address, browser type, operating system, language, time-zone setting, access times and any referring website addresses.
We do not process any Sensitive Personal Information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, or medical conditions, genetic or biometric information, sexual orientation, or criminal convictions unless such processing is necessary to comply with laws and regulations or where you consent for us to do so.
The purposes for which we process your Personal Data
We process your personal data for the following purposes:
- To provide you with information, products and services ordered by you;
- To improve our products and services or events;
- To administer our websites and help improve our communications;
- To carry out website analytics;
- To manage our internal recruitment processes;
- To comply with applicable laws and regulations;
- To carry out business-related processes, including negotiating, concluding, and performing contracts, including licence agreements, administering payments made to us, managing accounts and records, supporting corporate social responsibility activities, legal, regulatory and internal investigations and debt administration.
Your personal data will be processed on the basis of the following statutory bases:
· Performance of the agreement;
· Compliance with a legal obligation;
· A justified interest; or
· With your consent.
Who do we share your Personal Data with?
WSSM may share your Personal Data with people within the Salvo Grima Group who have a ‘need to know’ that data for business or legal reasons, such as to carry out an administrative function such as processing an invoice or to direct a query you have submitted to the relevant subsidiary or team within WSSM
We may disclose your Personal Data to third parties, including the authorities, our advisors, suppliers of IT services and third parties engaged by us in order to provide the services requested by you; for the purposes of seeking legal or other professional advice; to respond to a legal request or to comply with a legal obligation.
We may disclose your Personal Data in the event that we sell, buy or merge any business or assets, including to the prospective seller or buyer of such business or assets.
We may decide to allow users to share comments, postings, testimonials, or other information. If you choose to submit such information to us, the information you submit may be available generally to the public. Information that you provide in these areas may be read, collected, and used by others who access them.
Finally, we may share non-Personal Data with other third parties who are not described above. When we do so, we may aggregate or de-identify the information so that a third party would not be likely to link data to you, your computer, or your device. Aggregation means that we combine the non-personal information of numerous individual people together so that the data does not relate to any one person. De-identify means that we attempt to remove or change certain pieces of information that might be used to link data to a particular individual person.
If personal data about you are processed by a third party in its capacity as a processor, we will enter into a data processing agreement with it in accordance with the requirements of the General Data Protection Regulation (GDPR).
Transfers of Personal Data across borders
WSSM operates across several EU and non-EU countries. Please note that any person to whom we may disclose your Personal Data under this policy may be situated in a country other than your own and that such country may provide a lower level of data protection requirements than your country. By agreeing to this policy, you consent to the transfer of your Personal Data to a country other than your own.
Whenever we transfer Personal Data across borders, we take legally required steps to ensure that adequate safeguards are in place to protect your Personal Data and to make sure it is treated in line with this Policy. If you are located in the EU, you can request a copy of the safeguards which we have put in place by emailing our Data Protection Officer at customer.care@widowsonsmalta.com.
WSSM does not disclose Personal Data to organizations based in countries without an adequate level of protection. If however, WSSM needs to disclose Personal Data to organizations based in countries without an adequate level of protection, WSSM will:
a) Enter into a contract with the organization based on the standard contractual clauses (SCC’s) as drafted by the European Commission in the Implementing Decision (EU) 2021/914; or
b) Ask your explicit consent with the transfer of Personal Data; or
c) Ask permission from the Maltese Data Protection Authority (Malta DPA); or
d) Meet the following conditions:
§ The transfer of the Personal Data is not repetitive;
§ The transfer is limited to a small number of data subjects;
§ The transfer is necessary for urgent justifiable reasons that are not subordinate to the rights and liberties of the data subjects;
§ All circumstances of the transfer have been assessed.
Security
WSSM takes all reasonable technical and organisational security measures to protect Personal Data from accidental or unlawful destruction, accidental loss and unauthorised access, destruction, misuse, modification, or disclosure. We do our best to protect your Personal Data but unfortunately, the transmission of information over the internet is not completely secure. We cannot guarantee the security of your Personal Data and any transmission of Personal Data to us is at your own risk.
Cookies
Our websites use cookies to improve your user experience. You can find our extensive cookie policy on our website.
Records Retention
Your Personal Data is not kept for longer than is necessary for the purposes for which it is collected. This means that data and records (including Personal Data) are destroyed or erased from our systems when no longer required. The amount of time that records are kept for varies depending on the type of Personal Data they retain.
Your rights
Applicable data privacy laws give rights to individuals in respect of the personal Data that organisations hold about them. If you wish to:
- Request a copy of the Personal Data that we hold about you;
- Withdraw the consent you have given previously;
- Transfer your personal data from us to another person or company;
- Request that we rectify, delete, or limit the processing of your Personal Data,
Please submit your written request to our Data Protection Officer via customer.care@widowsonsmalta.com. We ask that you always inform us of changes to your Personal Data so that we can keep it up to date.
Opt out
If you decide that you do not wish to receive commercial communications from us, whether by email, telephone or post, please ‘opt out’ from receiving such communications by clicking on the ‘unsubscribe’ link at the bottom of each commercial email and updating your preferences or by contacting us at customer.care@widowsonsmalta.com.
Changes to the privacy policy
We are permitted to periodically amend our Privacy Policy. Where applicable, we will publish the amended version on our website. As such, we advise you to check this page regularly to see whether any amendments have been made.
Questions and complaints
If you have a concern or complaint about this Policy or how WSSM has used your Personal Data, please contact the Data Protection Officer via customer.care@widowsonsmalta.com or in writing to:
Data Protection Officer
WSSM Villa Blye Paola
If you are not satisfied with the handling of your concern or complaint by WSSM, you can escalate this to your national Data Protection Authority.
Glossary
Controller = a party that determines the purposes and means of data processing
Data Protection Authority: The relevant supervisory authority with responsibility for privacy or data protection matters in the jurisdiction of Salvo Grima Group and/or its subsidiary companies
European Economic Area (EEA): the EEA includes all EU members states and Iceland, Liechtenstein and Norway;
Personal Data: Information which relates to an identified or identifiable individual (i.e., information about all WSSM, contractors, applicants, employees of vendors and suppliers, contractors, customers, and individuals who use our website). It includes names, addresses, email addresses, job applications, user account information and correspondence. Personal Data can also include web browsing information (e.g., data associated with a particular cookie) and IP addresses when such information can be linked to an individual.
Processing: Means doing anything with Personal Data: this includes collecting it, storing it, accessing it, combining it with other data, sharing it with a third party or even deleting it.
More information
Further information can be obtained from the website of the Maltese Data Protection Authority (Malta DPA)
Last updated on: 01-08-2024