Privacy Policy

Version [1.0], last updated: [18th May 2021-].

This Privacy Notice (“Notice”) applies where [-] (hereinafter referred to as the “Company” “We”, “Us” or “Our”) are acting as a Data Controller with respect to Our Processing of Your Personal Data [when processing your personal data for the purpose(s) of [-]].

Any Personal Data We Process is kept within Our own records in accordance with the relevant data protection and privacy laws to which We are subject including but not limited to the Data Protection Regulation (EU) 2016/679 (the “GDPR”) and the Data Protection Act (Chapter 586 of the Laws of Malta) and the subsidiary legislation issued thereto, as may be amended from time to time (hereinafter collectively referred to as the “Applicable Laws”).

References to “Data Controller”, “Data Subject”, “Personal Data”, and “Process”, “Processed”, “Processing” in this Privacy Notice have the meanings set out in, and will be interpreted in accordance with the Applicable Laws. “You” and “Your” refers to the Data Subject.

  1. Data Controller Details

The Data Controller of your Personal Data is [-]. We are committed to respecting your privacy. If you wish to contact Us about Our privacy practices please feel free to do so by [contacting our Data Protection Officer by] post at [-] or by email at info@beatingheartsmalta.org. You may also wish to contact Us by telephone on [-].

  1. Personal Data

The term “Personal Data” refers to all personally identifiable information about you and includes all the information you provide to Us or information that is provided to Us by third parties, which can be identified with you personally.

The following are the Personal Data that We collect:
a) Name
b) Surname
c) Email Address

We do not collect and/or otherwise Process special categories of Personal Data.

  1. Purposes of Processing

The purposes of Processing for which your Personal Data are intended are [-].

From time to time we would also like to contact you about Our products and services, promotional offers, information relating to operations as well as information in relation to products and services provided by third parties offers and promotions (“Marketing”).

  1. Legal Basis

Our legal bases of Processing your Personal Data are:

a) [-]

We might also have to Process your Personal Data to comply with legal obligations imposed on Us.

  1. Recipients

The recipients of your Personal Data are:

a) selected individuals within Our company;
b) Our intra-group companies and affiliates;
c) Our agents and third parties that provide services to Us; and
d) Third parties to whom disclosure may be required.

Individuals with access to your Personal Data shall be subject to the same limitations under this Privacy Policy and are located within the EU.

  1. Processing Requirement

The processing of your Personal Data is not a statutory requirement – it is a requirement in order for [-].

  1. Automated Decision-Making and Profiling

Your Personal Data will not be used for any automated decision-making or profiling.

  1. Data Retention Period

Your Personal Data shall be held for [-]. Thereafter, it shall be immediately and irrevocably erased unless We need to keep your Personal Data to comply with a legal obligation, or to exercise or defend any legal claim.

  1. Your Rights

For as long as We retain your Personal Data, you have certain rights in relation to your Personal Data including:

• Right of access – you have the right to ascertain the Personal Data We hold about you and to receive a copy of such Personal Data;
• Right to complain – you have the right to lodge a complaint regarding the processing of your Personal Data with the supervisory authority for data protection matters. In Malta this is the Information and Data Protection Commissioner (contact details provided below);
• Right to Erasure – in certain circumstances you may request that We delete the Personal Data that we hold about you;
• Right to Object – you have a right to object and request that We cease the processing of your Personal Data where We rely on Our, or a third party’s legitimate interest for processing your Personal Data;
• Right to Portability – you may request that We provide you with certain Personal Data which you have provided to Us in a structured, commonly used and machine-readable format (except where such Personal Data is provided to us in hand-written format, in which case such Personal Data will be provided to you, upon your request, in such hand-written form). Where technically feasible, you may also request that we transmit such Personal Data to a third party controller indicated by you;
• Right to Rectification – you have the right to update or correct any inaccurate Personal Data which We hold about you;
• Right to Restriction – you have the right to request that We stop using your Personal Data in certain circumstances, including if you believe that We are unlawfully processing your Personal Data or the Personal Data that We hold about you is inaccurate;
• Right to withdraw your consent – where Our processing is based on your consent. Withdrawal of your consent shall not affect the lawfulness of the processing based on your consent prior to the withdrawal of your consent; and,
• Right to be informed of the source – where the Personal Data We hold about you was not provided to Us directly by you, you may also have the right to be informed of the source from which your Personal Data originates.

Please note that your rights in relation to your Personal Data are not absolute and we may not be able to entertain such a request if we are prevented from doing so in term of an applicable law.

You may exercise the rights indicated in this section by contacting Us at the details indicated above.

  1. Complaints

If you have any complaints regarding Our processing of your Personal Data, we kindly ask that you please attempt to resolve any issues you may have with us first by contacting Us at the contact details included above. However, please note that you always have a right to lodge a complaint with the Office of the Information and Data Protection Commissioner in Malta (www.idpc.gov.mt).

  1. Marketing

Marketing may be carried out using the following methods:

  1. Mail;
  2. Telephone/Mobile; and
  3. Email.

You are to tick the appropriate box to confirm that you wish to be contacted for Marketing purposes:

□ Yes I would like to hear about your offers and services by Email
□ Yes I would like to hear about your offers and services by Post
□ Yes I would like to hear about your offers and services by Telephone/Mobile

□ No I would not like to hear about your offers and services

You can change your mind and may withdraw your consent to the processing of your Personal Data for Marketing purposes at any time by [to insert methods how data subjects can unsubscribe from marketing which should be in the same manner as collection of the data].

Withdrawal of your consent does not affect the lawfulness of the processing based on your consent prior to the withdrawal.

We may use the following methods to inform you about such offers by mail, telephone, facsimile or electronically, by email.

  1. Where Your Provide Us with Personal Data Related to Third Party Data Subjects
    If you are a non-natural person and you supply to Us Personal Data of third party Data Subjects such as your employees, affiliates, service providers, underlying clients/customers, directors or any other individuals connected to your business, you shall be solely responsible to ensure that:

• you immediately bring this Privacy Notice to the attention of such Data Subjects and direct them to it;
• the collection, transfer, provision and any Processing of such Personal Data by You fully complies any applicable laws;
• as Data Controller You remain fully liable towards such Data Subjects and shall adhere to the Applicable Law;
• you collect any information notices, approval, consents or other requirements that may be required from such Data Subject before providing Us with their Personal Data;
• you remain responsible for making sure the information you give us is accurate and up to date, and you must tell us if anything changes as soon as possible.

You hereby fully indemnify Us and shall render Us completely harmless on first written demand against all costs, damages or liability of whatsoever nature resulting from any claims or litigation (instituted or threatened) against Us as a result of your provision of said Personal Data to Us.

This clause [12] shall supersede and extinguish all previous agreements, promises, assurances, warranties, representations and understandings between Us and the non-natural person, as applicable, whether written or oral, relating to its subject matter.

  1. Processing of Personal Data relating to Minors

We may Process Personal Data relating to minors. In certain situations, this Personal Data may not be provided to Us by the minors themselves but by a third party individual. Where this type of Processing takes place, We require that such third party individual provides and explains this privacy notice to the minor and ensures that the minor understands the activities that are being undertaken by Us with respect to the minor’s Personal Data.