https://www.scope.mt

Thank you for visiting our Website and/or using our Services.

We respect your privacy. When it comes to your personal information, we believe in transparency, not surprises. We want you to know what personal data we collect, what we do with it as well as your choices and rights at law.

Although our goal is to always be as clear and transparent as possible, we appreciate that legal documents can sometimes be difficult to read. However, we strongly encourage you to read this Privacy Policy with care. Please do not hold back from contacting us for any clarification you may need with respect to the processing of your personal data by us.

This Privacy Policy shall be without prejudice to any confidentiality obligations subsisting under relevant contractual arrangements and any liability associated therewith or arising therefrom.

We may need to revise and update this Privacy Policy from time to time to make sure we provide you, at all times, with the information you are entitled to receive under applicable law, as well as for us to ensure that our Privacy Policy addresses your data protection concerns, and that we are/remain compliant with applicable law.

Key Terms

When we say ‘us’, ‘we’ or ‘our’, we mean Scope (‘Scope’), a commercial partnership duly constituted under the Laws of Malta and registered with the Malta Business Registry, with its registered and business address at Scope, Digital Hub, Malta Life Sciences Park, San Gwann, SGN 3000, Malta. Scope enjoys authorised partner/reseller status with a number of independent software vendors of cloud-based software applications. We therefore provide our clients with a comprehensive business solution which comprises procuring or facilitating access to/use of subscription-based cloud-based applications or what is commonly referred to in the industry as Software as a Service (‘SaaS’), as well as the provision of value-added services including software customization, implementation, data migration, maintenance and support services, in our quality as a partner/reseller of the relevant SaaS solutions;

When we refer to ‘you’ or ‘your’, we mean the Client, any Account User or connected organisation, as well as our officers, employees, business partners and suppliers, as the case may be, and any Data Subjects whose personal data is being processed by us, including Website Users and anyone attending our events;

When we refer to ‘Account User’, we mean the Client and any other person or entity, including connected organisations, who is permitted access to/use of the relevant SaaS applications made available and/or supported by us or who otherwise uses and/or benefits from the Services, with the authority of or through the Client;

When we refer to ‘Client/s’, we mean the person or entity to whom we provide Services pursuant to a service agreement duly executed and signed with us, who instructs us to register for and maintain an account with the relevant SaaS provider for the benefit of such person or entity (or other Account User or connected organisation), thereby acting to procure or facilitate access to/use of the relevant SaaS application, and who typically receives from us additional value-added services associated with or in relation to the same, and, where the context permits, includes any person or entity on whose behalf or for the benefit of whom that person or entity enters into such service agreement with us;

When we refer to ‘Data Subject’, we mean any identified or identifiable natural person whose personal data is being processed by us; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to, amongst other things, an identifier such as a name, an identification number, location data, bank account and payment information, an online identifier or to one or more factors specific to that natural person; If you are no longer identified or identifiable and your personal data has been anonymized, this Privacy Policy shall not apply;

When we refer to ‘personal data/information’, we mean any information relating to a Data Subject;

When we refer to ‘processing’, we mean, amongst other things, any operation/s performed on personal data, whether or not by automated means, such as collection, recording, organisation, storage, alteration, retrieval, use, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction;

When we refer to ‘SaaS applications/solutions’, we mean software-as-a-service, hence a creation of cloud computing whereby cloud-based software is licensed by independent software vendors and distributed on a subscription basis, and is centrally hosted;

When we refer to ‘SaaS provider/s’, we mean a developer/vendor of SaaS applications with whom we enjoy authorised partner/reseller status;

When we refer to ‘Service/s’, we mean the business solution which we offer to our Clients, which comprises procuring or facilitating the registration for and maintenance of an account with the relevant SaaS provider for the benefit of the Client (or other Account User or connected organisation), thereby enabling access to/use of the relevant SaaS application for/by the Client and other Account Users or connected organisations, as well as the provision of value-added services associated with or in relation to the same including software customization, implementation, data migration, and maintenance and support services;

When we refer to ‘Website’, we mean Scope’s internet site at the domain https://www.scope.mt  through which Website Users can obtain information about us and what we do, or may otherwise contact us and/or raise support tickets through Scope’s support policy;

When we refer to ‘Website User’, we mean any person who visits our Website.

Applicable Data Protection Legislation

As an entity established in Malta, and therefore in the EU, the main data protection laws that are applicable to us in so far as your personal data is concerned, are the General Data Protection Regulation (the ‘GDPR’), namely, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, repealing Directive 95/46/EC, which Regulation became directly applicable on 25th May 2018; and Chapter 586 of the Laws of Malta, namely the Data Protection Act (the ‘DPA’), as amended or supplemented from time to time, including the various subsidiary legislation issued under the same, which DPA implements and further specifies the relevant provisions of the GDPR and repeals and replaces Chapter 440 of the Laws of Malta, the latter being the former local legislation governing data protection.

This Privacy Policy

We act as a ‘controller’ in relation to your personal data when we process such data in our own right, for our own purposes. This includes the processing of personal data relating to our officers and employees, Website Users, our existing or potential Clients, our recognized or potential business partners, and suppliers.

We act as a ‘processor’ in relation to your personal data when we process such data in our quality as processor, acting for and on behalf of a data controller who controls and determines the purposes and means of processing of personal data. We may also be acting as ‘sub-processor’ when we are appointed by another processor to assist in the processing of personal data by the latter. Our role as processor or sub-processor, as the case may be, may therefore include the processing of personal data relating to officers, employees, suppliers, third-party service providers or clients of our Clients, or possibly officers, employees, suppliers, third-party service providers or clients of the clients of our Clients, hence including organisations or persons that are permitted access to/use of the relevant SaaS application made available  and/or supported by us or otherwise benefit from the Services with your authority or as a result of your use of the Services (‘connected organisations’). We are considered as processors since we may carry out certain activities which may include the collection, recording, organisation, storing, use, transmission, retrieval, deletion or other form of processing of personal data. As processors, we shall process your personal data strictly on the documented instructions received from the controller.

This Privacy Policy attempts to describe what, why and the legal basis for processing your personal data, the relevant security measures to protect the privacy of your personal data and prevent the unauthorised access to or processing of your personal data, as well as details regarding the various rights you are entitled to exercise at law, as Data Subjects, in relation to your personal data.

We assume responsibility for our processing activities, and shall be accountable to Data Subjects, in our quality as a controller and/or processor, as the case may be, in accordance with and to the extent applicable, as prescribed by applicable data protection legislation.

Personal Data and Data Subjects

When we refer to ‘personal data’ we mean any data in relation to you, assuming you are an identified or identifiable natural person. Therefore, if any data we process can be linked or traced back to you, in consequence of us being in possession of, say, your first name/last name, email address, physical personal address, telephone/mobile number, IP Address, unique device IDs, bank account details and other payment information, and so on, this data warrants protection under applicable data protection legislation.

If you can no longer be identified/identifiable (for example, when personal data has been aggregated and anonymised) then this Privacy Policy no longer applies. However, where it is not possible or feasible for us to make use of anonymous and/or anonymised data, we are nevertheless committed to protecting your privacy and the security of your personal data at all times.

 

Furthermore, please keep in mind that information relating to legal persons does not amount to personal data as intended by applicable data protection legislation and therefore falls outside the scope of this Privacy Policy. This Privacy Policy however applies where natural persons are individually identified or identifiable (including possibly physical persons who are themselves partners, shareholders, directors and other officers, and the like, of any such legal persons) and the information relates to such individuals in their personal capacity in so far as they would qualify as Data Subjects in terms of law and must therefore be afforded all data protection rights in accordance with applicable data protection legislation.

 

Lawful Processing and Legal Basis for processing Personal Data

We only process personal data, received from you or otherwise requested and/or obtained from other sources, through lawful means, as described below, that is absolutely relevant and limited to what is necessary in relation to the purpose for which it is processed, and, only if we:

  • require that data to be able to provide you with and perform the Services you request from us;
  • are legally required to collect/use/process that data and to keep it for a pre-determined period to allow us to comply with our contractual obligations, or otherwise in satisfaction of a legal obligation. We have a legal obligation to use and process your personal information when required to do so to enable us to comply with applicable tax, employment or other applicable law and regulations, or to comply with a court order or any other order from a lawful authority;
  • believe this to be necessary to pursue our legitimate business interests (except where such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data):
  • to operate and develop and promote our business interests;
  • for business administration purposes, for instance, to manage our relationship with you, including to process invoices, and so on;
  • to be in a position to establish, exercise, enforce and defend legal claims;
  • to analyse and improve the safety and security of our Services and Website such as by implementing and enhancing security measures and protections that allow us to prevent, detect and protect against fraud, spam, abuse and other malicious activity;
  • to provide and improve the quality of our Services and Website;
  • have obtained your prior consent in a clear and manifest manner, provided that, in those instances where we process personal data on the basis of your consent, you may retract your consent at any time in the same manner as you would have originally made available it to us. Should you exercise your right to withdraw your consent at any time, in the manner and following the procedure prescribed by us, we will determine whether, at that stage, an alternative legal basis exists for the processing of your personal data (for example, on the basis of a legal obligation to which we are subject or on the basis of our legitimate business interest) on the basis of which we would be legally permitted (or even obliged) to process your personal data without needing your consent, and if so, we shall notify you accordingly.

When we ask for your personal data, you are at liberty to provide or otherwise refuse to provide the same to us, however should you decline to provide us with the necessary data that we have requested, this may restrict functionality of the Website or our ability to provide you with the Services.

How do we collect your Personal Data?

We may request or obtain or come into possession of personal information from different sources, provided that, we have a valid lawful basis for doing so:

  • you provide some of it to us, upon request (such as when you agree to use and/or benefit from our Services or are otherwise contractually bound with us, or when you contact us or submit customer queries);
  • we record some of it automatically when you use our Website (such as by applying cookies and other tracking technologies);
  • information we may obtain from third parties (who are themselves presumed to be lawfully permitted to disclose and share such information to/with us).

                                                                    

What Categories of Personal Data do we process and Why do we process it?

The categories and types of information we collect about you or otherwise process can be broadly classified as: (i) personal information (ii) contact information (iii) transactional information including incident history and data resulting from your access to/use of the relevant SaaS application made available and/or supported by us and the provision of value-added services including technical support services (iv) billing information and (v) behavioural information obtained as a result of using our Website or in the course of providing our Services to you.

 

More specifically, the following data (some of which does not necessarily qualify as personal data as such) may be processed for the purposes outlined below:

  • your personal details, including your email address, first name and last name, residential address, contact number, identification number and national insurance contribution number, in your quality as our officers or employees, to enable us to honour our contractual obligations towards you and duly carry out our employment and related tax obligations at law;

 

  • your personal details, including your email address, first name and last name, residential address, contact number, identification number and your CV, may be passed on to us by recruitment agencies when there is a job opening with us on the understanding that you have consented to it being shared with third parties seeking new employment. If you are not the selected candidate for the job, we may keep your CV on file for 2 years in the eventuality of any other future vacancy arising with us, and, in any case, pending the duration of your employment with us;
  • information we may request from you or obtain to allow us to verify your identity for security purposes. It is further noted that our physical premises may be equipped with CCTV cameras intended to enhance security measures at the place of work;

 

  • your contact details, in your quality as our Client, including your email address, first name and last name, and any business information, which you provide to us pursuant to the execution or performance of the service agreement duly entered into with us or which otherwise comes into our possession from our business partners, introducers, other intermediaries or sales channels, as well as any similar personal information relating to other Account Users or connected organisations which may be processed by us in the course of providing the Services;

 

By processing this information, we are able to provide the Services, as well as administer and manage your relationship with us, including:

  • to allow you, or, with your authority, other Account Users and connected organisations, access to/use of the account registered and maintained with the relevant SaaS provider for you or for their benefit;
  • to enable you to open support tickets/requests with us and enable us to provide support and maintenance services and technical support to you, as and when required;
  • to enable us to verify your identity when you report a fault, problem or ask for any information, particularly with regard to the SaaS application made available and/or supported by us or to which our Services are associated with or relate;
  • to enable us to communicate with you about your transactions, account entries as well as to provide Services or Website-related announcements, in particular, technical notices, security and usage alerts, as well as any updates and/or changes to/additional features or functionality of the Website or the relevant SaaS applications made available and/or supported by us or to which our Services are associated with or relate, and so on;
  • to send to you tailored marketing communications about our products, services, offers, programs and promotions or those of our trusted SaaS providers which we believe may be of interest or relevance to you, save and subject to your right to object to your data being used for direct marketing purposes;
  • to ask you for your feedback or to take part in any research we are conducting;
  • your billing details including tax number, in your quality as our supplier or creditor, for billing purposes, internal accounting and auditing purposes;
  • your billing details including tax number, in your quality as our Client or debtor, for billing purposes. We use this information to send financial documents such as invoices and statements, to track any outstanding dues from you, to execute any direct debit mandate granted to us, if any, or generally for internal accounting and auditing purposes. We may also require your banking or other payment details should we need to issue a refund in your favour;
  • your incident history and service support requests made to us, in your quality as our Client, in order to provide you with our assistance to resolve problems you or other Accounts Users or connected organisations may have been experiencing, particularly as regards the functionality or access to/use of the relevant SaaS applications to which our Services are associated with or relate. This is done in order to enable us to comply with our contractual obligations towards you, and, to ensure that we continue to provide you with the best possible service in the future;
  • any form of communication and information which you agree to submit to us by email or online upon visiting our Website in the requested contact form available on the Website, or which you otherwise contribute or share with us, pursuant to the provision of Services to you, including when:
    • signing up for free trials to allow a potential Client, Account User or connected organisation access to/use of the relevant SaaS applications made available and/or supported by us, for a limited period of time – we store and process this information only for the purpose of enabling you to access/use and test the relevant SaaS application and benefit from the Services, free of charge, for a limited period of time, under pre-defined trial usage conditions including conditions as may be prescribed by the relevant SaaS provider; thereafter, even if/where you decide not to instruct us to proceed with registering an account with the relevant SaaS provider for your (or other Account User’s or the connected organisation’s) benefit, we have a legitimate interest to continue to store and process these details for a reasonable time so as to keep record of your trial history thus enabling us to identify potential abusive practices;
    • using customer message boards or participating in community forums and blogs which may be available on the Website, whether you are a Client, other Account User or connected organisation, or otherwise simply a Website User – we use the personal information submitted in this regard only to allow us to respond to your message, and, except where such information is visible on a publicly available community forum or blog, such information will be removed once you are satisfied with the answers/feedback made available;
    • information you provide and actions you carry out, whether you are a Client, other Account User or connected organisation, or otherwise simply a Website User, when you use the ‘raise support ticket’ feature which may be available on our Website, and which is processed by us to be able to respond and provide our assistance to you;

 

  • contact details and other information which you agree to share with us at events, roadshows, and so on, which we have a legitimate interest to continue to store and process, for the purpose of enabling us to identify/solicit/procure/consolidate new business from previous leads;
  • information you agree to share with us in connection with or in pursuance of surveys, contests or marketing promotions you agree to participate in;
  • information obtained automatically upon accessing, reading or downloading information from our Website, or otherwise obtained when you use or benefit from our Services, such that we may process behavioural information, namely information about how you interact with and use our Website and Services, as the case may be, including usage patterns and preferences, timestamps, clicks, scrolling, browsing times, searches, transactions, referral pages, load times, problems you may encounter such as loading errors, and support calls. Actions may be logged so as to provide information regarding ‘what’ data was used ‘when’ and ‘by whom’. Logged in data may include the IP address of the relevant user and what action was requested. This processing activity gives us the opportunity to improve our Website and also enables us to provide better-quality Services, as the case may be. Please see our cookie policy under the heading below entitled ‘Use of Cookies’;
  • should you choose to interact with us using social media platforms such as Facebook, Instagram, Twitter or LinkedIn, we may receive and process certain information about you that is also stored or processed by these online channels independently of us. You are therefore encouraged to make reference to the privacy policy statement of the entities hosting these platforms.

In addition please note that our Website and Services are intended for a general audience interested in using or benefiting from a range of cloud-based business solutions made available and/or supported by us which primarily focus on accounting, billing, job management and other financial management tools, as well as email, calendar and appointments management, and POS and inventory tools. For this reason, we do not knowingly collect or process information with regard to children or other individuals who are not legally capable of using or benefiting from such tools. Nor do we knowingly collect or process special categories of personal data as understood by applicable data protection legislation. If we become aware that we have collected or otherwise processed information with regard to a child or information that is otherwise captured by the ‘special category of data’ provisions, we will promptly do our utmost to delete such data, save where and to the extent that we are legally obligated to retain such data in order to comply with applicable data protection legislation or other applicable legislation. If you believe that we have mistakenly or unintentionally collected or otherwise processed information with regard to a child or special categories of personal data, please contact us.

 

Whom do we share your Personal Data with?

Please note that the information collected or otherwise processed by us is strictly intended for the sole use by us in the manner and for the purpose/s afore-described, and, it is not shared, disclosed, transmitted or otherwise made available, unless and save to the extent as otherwise provided in this Privacy Policy, nor is it leased or sold in any manner, to any other person or organisation. It is not our business to do so and we want to earn your trust and confidence.

However, there will be times when we may receive from or share, disclose, transmit, exchange or otherwise make available personal data, with/to third parties, including:

  • our group companies or associated or related companies, including relevant employees, officers or agents, in furtherance of the provision, delivery or performance of the Services, as afore-described;

 

  • our employees and officers, independent contractors, agents, consultants, and other persons, service providers or entities carrying out professional, administrative and/or operational work in support of our relationship with you or to otherwise assist us in complying with our legal obligations, on a need-to-know basis, who are themselves bound by confidentiality and data protection obligations. This may include persons or entities providing payment processing services to enable us to manage and process online payments we receive from Clients (or Account Users or connected organisations), back-office finance staff handling payroll services, persons or entities carrying out legal, accountancy, audit and other professional services, credit reference agencies, premises management service providers who are responsible for the physical security at our offices, as well as software providers and IT suppliers who host or support our IT systems and infrastructure;

 

  • persons or entities who provide client lead generation and success/retention services, business development and introduction services, or other similar support services, to us;

 

  • the relevant SaaS provider in the course of or pursuant to procuring or facilitating and permitting access to/use of the relevant SaaS application for/by the Client, Account User or connected organisation, as the case may be, activating and maintaining the relevant account with such SaaS provider for the benefit of the Client (or other Account User or connected organisation), enabling and securing functionality of the relevant SaaS application, and assisting with technical and other support-related queries escalated along the various channels, as well as other SaaS providers or facilitators of other applications where and to the extent that this is necessary to permit and support the interoperability of different solutions that ‘talk to each other’. You are therefore also encouraged to make reference to the privacy policy statement of the relevant SaaS provider;

 

  • where required by a regulator, public authority, law enforcement body or the lawful order of a court of law or other lawful competent tribunal or body, and is required or necessary for us to comply with any applicable law or regulations, or to enforce or defend a legal claim;

 

  • if we are involved in an actual or potential business reorganization, including merger, division, acquisition or sale of some or all of our assets or any part of our business, your personal information may, in the course of conducting discussions and negotiations, or in consequence of the reorganization actually taking place, be shared with any such interested party or succeeding entity, as the case may be, and their advisors;

 

  • any other person, entity or organization, provided that, we obtain your prior consent.

 

Use of Processors and Sub-processors

Where we are acting as the controller of personal data, we may appoint other processors to assist us in the processing of personal data on our behalf. Furthermore, the appointment by the processor of further sub-processors along the chain will require our prior written approval in our quality as controller. Where we act as controller, we shall obtain sufficient safeguards from any such other processors appointed by us as to ensure their compliance with applicable data protection obligations, and shall procure that, any sub-processors appointed by such other processors along the chain are also bound by the same data protection obligations binding the processor.

Where we act as a processor, it is further understood that, by providing us with or allowing us to access or process personal data relating to individuals other than yourself (where applicable), you are letting us know that you have obtained the necessary authority for you to disclose, procure, make available or otherwise permit us to access, use or process that data in the manner described in this Privacy Policy. We may also appoint sub-processors to assist us in our processing activities, provided that, no sub- processors will be engaged by us unless we are confident that the controller has authorised such processing.

We shall inform the controller of any intended changes concerning the addition or replacement of other sub-processors so as to give the opportunity to the controller to object to such changes. We shall ensure that any sub-processors appointed by us are bound by the same data protection obligations imposed on us by the controller in our quality as processor, and shall procure that, any such sub-processor imposes the same data protection obligations on other sub-processors appointed along the chain. This includes the provision of sufficient guarantees by the sub-processor toward the implementation of appropriate technical and organisational measures to meet the requirements of applicable data protection legislation. We shall remain answerable to the controller for the failure or improper performance of our sub-processors’ data protection obligations.

We keep an up-to-date list of our (sub) processors:

  • Google Workspace – https://workspace.google.com/
  • Google Analytics – https://analytics.google.com/analytics/web/
  • Microsoft Azure – https://azure.microsoft.com/en-us
  • Stripe – https://stripe.com/en-mt
  • Hubspot – https://www.hubspot.com/products/crm
  • Xero – https://www.xero.com/
  • Fyorin – https://www.fyorin.com/
  • Getaccept – https://www.getaccept.com/
  • Micosoft office – https://www.microsoft.com/en-ww/microsoft-365/business
  • Asana – https://asana.com/

 

Where do we store your Personal Data?

We do not host or store any of your data on our own data centre. We use the business cloud services of different vendors whose servers are located in different countries located in the EU/EEA or possibly even in third countries after we have ensured that appropriate safeguards are put in place so as to protect your personal data and do not undermine your rights under applicable data protection legislation.

International Data Transfers

When we share your personal data with third countries, hence countries outside of the EEA (European Economic Area), we ensure that appropriate safeguards are put in place so as to protect your personal data and do not undermine your rights under applicable data protection legislation.

Consequently, such data shall only be shared with, transferred to or processed in countries that have been identified as providing an adequate level of protection, equivalent to EU standards, as so determined by the EU Commission, or, save where derogations for specific situations may otherwise be invoked in accordance with applicable legislation, by otherwise making sure that appropriate safeguards are met including via the adoption of approved transfer mechanisms by/between the relevant data recipient/importer such as via the acceptance and use, in their entirety, of the European Commission’s Standard Contractual Clauses (accessible on the following URL: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en), or the employment of binding corporate rules for transfers within group companies, where applicable (accessible on the following URL: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/binding-corporate-rules-bcr_en#approval-of-binding-corporate-rules).

What are your rights as Data Subjects?

Where we act as controller of your personal data, besides the right to receive transparent information regarding the processing of your personal data – which is what this Privacy Policy attempts to do – you are entitled to exercise a number of other rights by sending us an email on [email protected]:

  • the right of access to your personal data – including requesting us to confirm, without undue delay, whether or not and which categories of personal data concerning you are being processed by us;

 

  • the right to rectification of your personal data – you can request us to rectify, remove, update or amend, without undue delay, any inaccurate, irrelevant or out-of-date personal data concerning you which is being processed by us;

 

  • the right ‘to be forgotten’ – you can request us to delete your personal information, without undue delay, upon the occurrence of one or more circumstances, including where the Services have expired or are terminate;, the information is no longer necessary to fulfil the purpose for which it was originally collected or processed; you have withdrawn your consent where consent constituted the legal basis for processing; your personal data is being unlawfully processed; or where you have otherwise objected to the processing; provided that, in any such an eventuality, there exists no other over-riding legitimate grounds that justify the continued processing of such data by us. Should you request that we delete your personal data, we may have no other option but to terminate our relationship with you;

 

  • the right to restrict processing – you have the right to request from us that we restrict the processing of your personal data, without undue delay, upon the occurrence of one or more circumstances, including where the accuracy of the data is being contested; your personal data is being unlawfully processed; in the exercise of your right to establish, enforce or defend a legal claim; or where the restriction on processing is justified pending verification as to whether our legitimate interests for processing over-ride your rights and freedoms;

 

  • the right to ‘object to’ processing – you have the right to object to the processing of your personal information on grounds relating to your situation unless such processing is required to enable us to establish, enforce or defend legal claims or we otherwise have compelling legitimate grounds for processing which over-ride your rights and freedoms. Where personal data is processed for direct marketing purposes, you may also object to such processing, at any time, including profiling, to the extent that the said processing is related to or carried out pursuant to such direct marketing activities. You may object by clicking on any ‘unsubscribe’ button following receipt from us of any such marketing communications or by contacting us in furtherance of the exercise of your right;

 

  • the right of ‘data portability’ – the right to request a copy of your personal data processed by us, in a structured and machine-readable form selected by us, and to transmit that data to another controller, should the need arise, without interruption, where processing by automated means is concerned.

Additionally, whenever we rely on your consent for the processing of your personal information, you have the right to withdraw it at any time, free of charge, provided that, we have the right to notify you of an alternative legal basis, if any, on which we may determine to continue processing such data. When you decide to withdraw your consent, this will not affect the lawfulness of the processing before your consent withdrawal.

You also have the right to lodge a complaint with the local Office of Information and Data Protection Commissioner (please refer to https://idpc.org.mt/file-a-complaint/) whenever, as a Data Subject, you believe that your data protection rights have been violated.

Where and to the extent that we act as a (sub) processor of your personal data, our obligation at law shall consist in providing timely and reasonable assistance to the data controller (directly or through such other processor), as the case may be, to assist, support and enable it to demonstrate one’s compliance with applicable data protection obligations, and, where applicable, to enable it to respond to any legitimate requests made by or received from you, as a Data Subject, in the exercise of any such rights available to you under applicable data protection legislation.

 

Security and how do we protect your Personal Data?

While no service is completely secure, we give importance to the integrity of your personal data and keeping information safe. We seek to maintain and implement administrative, technical and organisational safeguards, in accordance with the highest industry standards, that are intended to appropriately protect against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse and any other unlawful form of processing of, personal information in our possession, and make every effort to prevent any such unfortunate occurrences.

We provide the Services to you with your privacy in mind and implement a policy whereby we only process personal data that is deemed necessary pursuant to the lawful purposes outlined earlier on. Our employees, officers and agents who have access to, handle, manage or otherwise process your personal data, appreciate and understand the importance of protecting your personal data and are required to comply with security protocols in the course of the performance of their functions pursuant to the provision of Services to you or for your benefit. In addition, only authorised personnel are granted privileged access/management rights to deal with specific client information.

We also employ security measures such as using firewalls to protect against intruders, use technologies such as Secure Socket Layer (SSL) to ensure that data processed by/flowing from our Website over the internet is encrypted, and test for and protect against network vulnerabilities.

Furthermore, we shall only engage (sub) processors who undertake to implement the technical and organisational measures required of them under applicable data protection legislation to ensure the security of personal data.

In so far as we are not involved in the development or design of SaaS applications but only act to procure or facilitate access to/use of the relevant SaaS applications and provide value-added services including technical support services associated with or in relation to the same, it is the relevant SaaS provider that shall be responsible for the security levels of its SaaS applications both at system design stage and on an ongoing basis such as to ensure that the SaaS application incorporates and implements applicable data protection principles. For this reason you are encouraged to refer to the privacy policy of the relevant SaaS provider in particular the security features of the relevant SaaS application which you have access to/use as a result of our Services.

Retention of Personal Data

Without prejudice to any other data retention provisions made available elsewhere in this Privacy Policy, the precise periods for which we keep your personal information vary depending on the nature of the information and why we need it.

We retain personal information regarding you or your use of our Services for as long as a business relationship with you subsists, hence for as long as the account enabling your access to/use of the SaaS application remains registered, active and maintained with the relevant SaaS provider for you or for your benefit and continues to be made available and supported by us, for as long as needed to enable us to perform and provide the Services to you or for your benefit or for as long as you use or benefit from our Services, and, generally, for as long as is relevant and necessary to achieve the purpose for which such information was originally processed.

In so far as Website Users may use our Website more than once, and Clients, Account Users, connected organisations or trial users, as the case may be, may decide to come back to us after our Services expire or are terminated or even after the account enabling access to/use of the relevant SaaS application made available and supported by us is terminated or becomes inactive, or the relevant trial period ends, we do not immediately delete your personal information. Instead, we keep your personal information for a reasonable period of time so that it will be readily available if you decide to come back, as well as to enable us to identify abusive practices, where applicable.

Thereafter, factors which we consider in determining the appropriate retention periods for different categories of personal data comprise the following:

  • our legal and statutory obligations hence the minimum retention period prescribed by applicable employment, tax, accounting, regulatory or other relevant legislation;
  • the period during which a claim against us may be made or within which we can assert and enforce our rights and protect our interests with respect to/under any existing legislation or contractual arrangement or undertaking;
  • the period recommended as being best practice in the industry; and
  • other relevant criteria including for such time as we believe we have a legitimate interest to retain such data save where and to the extent that your legitimate interest overrides ours.

In order to obtain information regarding the retention period of personal data stored on the relevant SaaS applications or otherwise processed by the relevant SaaS provider, you are encouraged to refer to the privacy policy of such SaaS provider in particular the retention provisions outlined therein.

Please note that in the course of providing the Services or using the Website, we may collect, maintain or otherwise process aggregated, anonymized information, which type of data we may retain or otherwise process indefinitely.

Cookies

When you visit our Website or use or benefit from our Services, we may collect and process certain categories of personal data automatically through the use of cookies and similar tracking technologies to help us analyse how you interact with and use our Website and Services.

Personal information processed through the use of cookies may include the internet address of the website or the domain name/IP address of the computer from which you accessed the Website, the requested web page or download, whether the request was successful or not, the time and date when you accessed the Website, information about your browser, network or device (such as browser type and version, operating system of the machine running your web browser, internet service provider, preference settings, unique device IDs and language and other regional settings).

We use or benefit from cookies and similar tracking technologies for the purpose of:

  • operating or enabling functionality of the Website, or in the course of providing the Services, as the case may be;
  • optimizing, enhancing and customizing your user experience, for instance, we may use your location information to determine your language preferences or display accurate date and time information on our Website;
  • performing analytics with the aim of evaluating and improving our Website or Services. We do not base this on you individually, but we base this assessment on aggregate information which we collect;
  • displaying targeted advertising that we believe is/may be relevant to you.

If you reject any such processing, it is possible that the Website does not work as it is supposed to or for this to impact the quality of our Services to you.

 

Cookies set by us when you visit our Website are usually referred to as first-party cookies. They typically only track your activity on this particular site. Cookies set by other sites and companies (i.e. third parties) are called third-party cookies. They can be used to track you on other websites that use the same third-party service, the likes of Google Analytics and Hubspot CRM.

 

The third-party services which we may use across our Website or in the course of providing the Services to you, may themselves also use cookies as part of their service offering. Please note that this Cookie Policy does not cover their respective cookie practices.

 

Please also note that SaaS applications themselves or the relevant SaaS provider or its website, may each employ cookies or similar tracking technologies. We therefore encourage you to refer to the privacy policy of the relevant SaaS provider for further information regarding applicable cookies and tracking technologies being used or employed by them, their website or the relevant SaaS application provided by them.

 

Internet Communications

You should be aware that data shared or transmitted over the internet may be transmitted across international borders. We cannot be held responsible for the security of your data while in transit through the internet, nor for anything done or omitted to be done by you or any third party in connection with any personal data prior to our receiving it, including but not limited to, any transfers of personal data from you to us via a country having an inferior level of data protection than that in place in the EU, and this, by any technological means whatsoever, including mobile applications and other cloud-based applications.

Links to other Websites

Our Website may have a number of links to other local and international organisations and entities, including in particular links to the websites of the relevant SaaS providers whose SaaS applications we are making available and/or supporting, as well as of any (sub) processors assisting us in our processing activities. It is important for you to note that upon linking you to another website, you are no longer on our Website and you become subject to the privacy policy of the new website.

Updates

We will update this Privacy Policy, from time to time, to reflect changes in technology, law, our business operations or any other reason we determine is necessary or appropriate, and shall, to this effect, replace this page with an updated version. If we make material changes to it or the ways we process personal information, we will notify you by, say, prominently posting a notice of the changes on our Website before they take effect or by directly sending you a notification of the same.

We encourage you to periodically check and review this Privacy Policy for any changes since your last visit. This will help ensure you better understand your relationship with us, including the ways we process your personal information.

How can you contact us?

If you have any questions, comments or feedback about this Privacy Policy or our privacy practices, or if you would like to exercise any of your rights, please reach out on [email protected].