- Who is the data controller ?
- What is personal data and what are special categories of personal data?
- What categories of personal data do we collect and how?
- What do we use your personal data for and for what lawful reason?
- Who do we share your personal data with?
- Links to third party websites;
- Security, storage, and transfer of your personal data;
- For how long will we retain your data?
- What are your rights as a data subject;
- Data Protection Officer;
- Changes to this Policy.
Who is the data controller?
All personal data obtained by us is held and used in compliance with this Policy, with the Maltese Data Protection Act (as amended by Act No.XX of 2018), and the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council (hereafter referred to as the “GDPR”). V.J. Salomone Marketing Limited is deemed a “data controller” for the purposes of the GDPR.
What is personal data and what are special categories of personal data?
Under the GDPR, personal data consists of any information relating to an identified or identifiable natural person ('data subject').
The GDPR provides that special categories of data relates to the “processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation”.
What categories of personal data do we collect and how?
In this Policy “you” or “your” means you, the person who provides us with personal data; and, “personal data” shall have the meaning assigned to it by Article 4 of the GDPR.
Personal data is collected through the following channels:
- Personal information collected directly from you
When creating a user account on our website for the purpose of purchasing our products, we ask you to provide us with the following details:
- Name and surname;
- Company name (if applicable);
- Phone number;
- Shipping Address (including city, country and postcode); and
- Email address.
Through our website we also provide you with the facility to purchase gift certificates. When purchasing gift certificates we also ask that you provide us with the following information in addition to your name, surname and email address:
- Recipient’s name and surname; and
- Recipient’s email address.
When subscribing to our newsletter, designed to provide you with information on our products and services, or when using our live chat session, or leaving us a message through our website, we ask you to provide us with your:
- Name and surname; and
- Email address.
Information we obtain
Through cookies and similar technologies we may collect information to recognise you, remember your preferences and tailor the content we provide to you, such as your IP address and your navigation history.
Save for such circumstances described, you may still visit our site anonymously.
What do we use your personal data for and for what lawful reason?
We collect, store and process your personal data to provide you with the best service, and in particular for the following reasons:
- To deliver our products or services
We will need to use your personal data to fulfill your request and provide you with the products ordered. When purchasing gift certificates we will also process the name, surname and email address of the recipient provided by you, so that we can send the gift certificates directly to the recipient.
Through the use of our website we do not collect any payment details. Payments are ordinarily requested upon delivery of the products ordered.
We may also need to contact you if we have questions regarding your request. In this regard, we will process your personal data for the lawful basis of fulfilling our obligations emanating from the sale transaction carried out with you.
- General Administration
We may also process your personal data including your user account details and purchase history, for administrative purposes, which may include for example, accounting and billing, auditing, and systems testing, maintenance and development. Your personal data is processed as this in our legitimate interest and also to comply with our legal obligations.
- To respond to any queries, comments and/or requests, submitted by you, about our products and services
Through our website you may contact us by using our live chat, or by sending us a message, if we are not online at the time. We will make use of your email address provided, when sending this message to contact you and address any query, comment or request that you may have. We will collect and process your personal data for the purpose of responding to your queries, comments and/or requests to ensure that we provide you with the best service and to enable us to continue to improve our products and services, as this is in our legitimate interest.
- To defend and protect our legal rights and interests
We may also process your personal data for our legitimate interest to defend or protect our legal rights and interests, as and if required.
Who do we share your personal data with?
We may also share some of your personal data with the following categories of third parties:
- Group undertakings - which provide us with IT and Finance support services.
- Third party IT companies - which administer, maintain and support our website and which transmit any personal data submitted in the website to us.
- Legal and other professional advisers and law courts in order to enforce our legal rights, where applicable.
Links to third party websites
Occasionally, at our discretion, we may include links to third party websites. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
Security, storage, and transfer of your personal data
We are committed to ensuring that your personal data is secure at all times. We have in place suitable technical and organisational measures to safeguard and secure the personal data we collect, in particular, to protect data against any accidental or unlawful destruction, accidental loss, corruption, unauthorised circulation or access, as well as against any other form of unlawful processing or disclosure to unauthorised persons.
Your personal data will be stored on and processed by our systems and may also be stored on and processed by systems of a third party data processor(s) appointed by us. The personal data we may collect from you, may be transferred to, and stored at, a destination outside the European Economic Area (“EEA“), more specifically the US. All transfers of personal data to third parties is done in accordance with the EU-U.S. Privacy Shield Framework. The EU-U.S. Privacy Shield imposes stronger obligations on U.S. companies to protect Europeans’ personal data. The Privacy Shield requires the U.S. to monitor and enforce more robustly, and cooperate more with European Data Protection Authorities. It includes written commitments and assurance regarding access to data by public authorities. To learn more about the EU-U.S. Privacy Shield Framework, please visit the U.S. Department of Commerce site at a http://www.privacyshield.gov/.
All of our employees and third parties, are contractually obliged to respect the confidentiality of your personal data. We also ensure that sufficient security measures are implemented by such third parties when collecting, storing and/or transmitting data on our behalf.
We take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Policy, the GDPR and any applicable European Union Regulations.
For how long will we retain your data?
We will keep your personal data only for as long as we need it for the purpose it is being processed for. In setting retention periods we take into account our business and administrative needs to process your data, as well as, our legal obligations to retain your personal data. We will actively review the information we hold and delete it securely, or in some cases anonymise it, when there is no longer a legal, business or administrative purpose for it to be retained.
What are your rights as a data subject?
At any point while we are in possession of, or processing your personal data, you have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply you have the right to restrict the processing of your personal data.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing.
- Right to withdraw consent – when we process your personal data based on your consent, (such as marketing communication), you have the right to withdraw consent at any time.
Data Protection Officer
We have appointed a Data Protection Officer (hereafter referred to as “DPO”), for the purpose of ensuring compliance with this Policy.
If you wish to exercise any one of your rights or have any questions or concerns about this Policy, you are invited to contact our DPO, via email: firstname.lastname@example.org or by post using the following mailing address: Data Protection Officer, V.J. Salomone, Upper Cross Road, Marsa, Malta.
We endeavour to process your requests within thirty (30) days from receipt and requests will be processed free of charge, unless requests are deemed excessive or unfounded, in which case we may charge a reasonable fee.
In addition to the rights listed above, you also have the right to lodge a complaint to the Malta Office of the Information and Data Protection Commissioner (IDPC) by visiting their website at: https://idpc.gov.mt, or to the data protection Authority in the country where you reside.
Changes to this Policy
This policy was last modified on 18th June 2018.