Privacy Policy

                                                       Website Privacy Policy

Effective date:  25 May 2018

Privacy Policy

Diligex Limited having its registered office situated at (the ‘Company’) is committed to respect your right to have your data protected, under the General Data Protection Regulation (the ‘GDPR’) and the Data Protection Act Chapter 586 of the Laws of Malta (the ‘Act’).

  1. Defining ‘Personal Data’

The term Personal Data refers to all information about you from which you may be personally identified, such as your name, surname, address, telephone number, etc.

  1. How Personal Data is collected

The Company collects Personal Data from:

  • email and social media communication;
  • information submitted in client forms;
  • online request of information forms;
  • information submitted when signing up for the newsletter
  1. How consent is obtained

When signing up to the Company`s, website or newsletters, or filling client forms, it is presumed that you are doing this voluntarily, and therefore freely giving your consent to the Company to collect and process the personal data.

It is furthermore presumed that information divulged is correct. The Company reserves the right to erase the information or to even refuse to extend its services to the individual, should it find out that information given was incorrect, even more so if the Company finds out that a person declared that he was more than sixteen years old and it results that this was not the case.

Consent, once given, may be withdrawn at any time, by emailing the Company Data Protection Officer as provided under clause 10 below.

  1. How Personal Data is used

Your Personal Data is only used for the purpose for which it was collected, that is, as part of our business and the services which the Company endeavours to offer you. However, the Company may find itself in a situation where your Personal Data will have to be processed to fulfil a legal or regulatory obligation.

Although the Company wishes to keep in touch with our customers and potential customers, for example by sending them news or even a newsletter, the Company, will only do this if you specifically sign up to receive such news.

  1. How Personal Data is stored

As a general rule, the Company, does not keep physical files. However, in the event that such files are so required the information therein will be limited to the data which is so required to process the information.

 

Any database will be held under lock and key and shall not be left stored on an unsecure device, however the Company or any employees, may store third-party storage platforms, such as a cloud system.

 

Any information transferred or shared with third parties or supplies will only be limited to any obligation legally imposed on the Company, nevertheless any third-parties or supplies shall be fully compliant with the GDPR and the Act.

 

  1. Who Personal Data may be shared with

As a general rule, the Company, do not share your Personal Data with anybody. Having said that, the Company, does not exclude that employees, other officials and related service providers are given access to what Personal Data they will inevitably require in order to carry out their duties.

The Company, also uses services or otherwise of third parties during the course of its work.

The Company’s website may even include links to other websites belonging to third parties. You will be notified when you are exiting the Company`s, website; it is not excluded that by choosing to enter a third-party website, an amount of transferring of your Personal Data may occur.

  1. Retention of personal data

The Company aim to collect no more Personal Data than that which is required to carry out its duties and to provide customers with satisfactory services. The data is kept for no longer than necessary.

  1. Your rights

Your rights under the GDPR include:

  • the right to inquire about what Personal Data about you is held, and the right to receive a reply to such an inquiry;
  • the right to have any inaccuracies in the Personal Data which is held, corrected;
  • the right to request that your Personal Data be deleted, whether partially or completely, on the basis that in your view it is no longer required by the Company;
  • the right to complain primarily with the Company, as a first step, and if still dissatisfied after the Company has reacted to your complaint, to the Data Protection Commissioner;
  • the right to request the Company, to stop processing any of your Personal Data, if you oppose such processing;
  • the right to request that you longer receive news from the Company if you had signed up to the newsletter;
  • the right to have your testimonial removed from the Company`s, website, if you had given your consent to such a testimonial;
  • the right to be informed, within seventy-two (72) hours, if a data breach should occur, and also to be informed about what remedial steps were taken further to that breach.
  1. Data security

The Company undertakes to keep your Personal Data secure and shall commit to take appropriate technical and organisational measures to protect your Personal Data against unauthorised or unlawful processing.

  1. Use of cookies and profiling

The Company`s website does not use any cookies. Nor does it carry out any profiling exercises, from the data it collects.

  1. Personal Data Officer

Should you want to contact the Company in regard to data protection you are kindly requested to email [email protected].

  1. Updates

This privacy policy was brought into effect on 25 May 2018. From time to time the Company may update this Privacy Policy, for example as result of a change in applicable law or processing activities. Any such changes will be communicated to you prior to the commencement of the relevant processing activity.

PRIVACY POLICY – Webinars

Version 1.0

From time to time, Diligex Limited, a company registered under the Laws of Malta, bearing company registration number C 73892 (“we”, “us” or “Diligex”) organises webinars and other virtual events (collectively referred to as “the Events”).

During the organization, your participation, and the actual delivery of these Events, we will be using and processing personal data.  Since your privacy and the protection of personal data is fundamentally important to us, the following constitutes the privacy policy of Diligex, prepared in accordance with the provisions of Article 13 and 14 of the GDPR, and essentially clarifies our data handling practices.

This Privacy Policy is intended to solely govern and regulate the processing of personal data relating to the organisation and delivery of the Events.  They should be viewed as supplementary to, rather than as replacing the Privacy Policy which govern our general data processing practices.  In the case of discrepancy between this specified Privacy Policy and the general Privacy Policy, this specified Privacy Policy take precedence and prevail.

  1. Who are we; what does this policy cover; who is the data controller?

Diligex is a company involved and engaged in the field of AML compliance and provides a number of related services and solutions.

Unless otherwise stated, Diligex shall be deemed to be a data controller for the processing of personal data related to the Events.  Accordingly, the document applies to the processing of such personal data carried out by Diligex in its capacity as data controller.

This policy is intended to provide a high-level overview of the personal data that is collected by us whilst we organise and/or deliver the Events, and thus deals with:

  • how this personal data is collected;
  • why do we need to collect such personal data; and
  • how we comply with the provisions of laws relating to the protection of personal data as applicable to us, in particular Regulation (EU) 2016/679 (“GDPR”).

Throughout this document, we will be using certain specific terms.  Since our intention is that this document is easily understood, we would like to clarify what these terms are intended to refer to.  Naturally, if anything is unclear, please do not hesitate to get in touch with us.

In terms of the provisions of the GDPR, the term “personal data” is defined as ‘any information relating to an identified or identifiable natural person (‘data subject’)’. Furthermore, the term “processing” is also given a wide meaning and is defined as ‘any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means.’  This includes collection, recording, storage, adaptation, and use of personal data.

We use third party IT tools to facilitate the management and delivery of the Events, such as Microsoft Teams, Webex or Zoom (amongst others).  You may need to set up an account with the provider of such tools to be able to access and participate in the Events, which may require you to accept the third-party providers’ specific terms and conditions.

It is essential to acknowledge that the third-party provider, such as Microsoft (in relation to Microsoft Teams), will act as the data controller for any data processed by them to provide their service, in accordance with their terms of use. Diligex does not have any control over the terms and conditions set by these providers, and participants are encouraged to review and comply with their policies independently.

For any concerns or inquiries related to the processing of your data by third-party providers, we recommend consulting the respective provider’s privacy policies and terms of use.

The use of a third-party IT tool does not in any way imply that Diligex endorses them or their privacy policies. In the event that one or more third party IT tools are occasionally unavailable, we accept no responsibility for lack of service due to their downtime.

  1. Do we process personal data? If so, what data and how?

When you register for and/or participate in one of our Events, we will process the following personal data about you:

  1. Registration Information & contact informationData provided during the registration process, such as your name, email address, name of employer (company) and role within the company.
  2. Attendance – whether you participated in the Event, or not. We use this information also to issue attendance certificates.
  3. Participation ContributionsData contributed during your participation in the webinar or virtual event, which may include questions, responses to polls, and interactions through the question and answer or chat functionality.
  4. Feedback and Surveys:Data provided in response to feedback requests, questionnaires, and surveys conducted after the webinar or virtual event.

In addition to the above, please note that we will also collect certain data about your device or browser automatically via log files, such as your Media Access Control (MAC) address, device ID, operating system name and version, browser type, and device manufacturer and model. We may also collect your IP address. We use data about your device to ensure our solutions functions properly, diagnose server problems, and administer our software solutions  and the services we provide.

How do we collect your personal data from?

We typically obtain your personal data directly from you (such as when you submit an online form to register for one of our events), or directly through your participation in the Event (such as when you ask questions). However, there may be occasions where we obtain your personal data from your colleagues or other third parties, when these submit a registration and include your details for purposes related to event registration or coordination.

 

IMPORTANT – If you insert, upload, or otherwise provide us with personal data concerning third-party data subjects (such as one of your colleagues), it is your responsibility to ensure that we are duly authorised to process such personal data, and that each third-party data subject has reviewed and agreed to the contents of this policy.

 

  1. Why do we collect personal data and what is the legal basis for doing so?

We will primarily use and process your personal data to organise, facilitate the delivery of and provide you with access to the Event, in compliance with any terms specific to particular events.

Thus, we need to process personal data to administer and perform our services, including to carry out our obligations arising from our contractual relationship with you in relation to the particular Event for which you have registered.

Our legal basis to process such personal data is performance of a contract, in accordance with the provisions of Article 6(1)(b) GDPR and our legitimate interest, in accordance with the provisions of Article 6(1)(f) GDPR (to organise, manage and run our events).

Moreover, we will process other personal data when we have a proper reason for doing so, and particularly to manage the organisation of, and your participation to the Events, as further set out hereunder:

 

Purpose Description Legal Basis

Management of client relationship & customer support

 

 to administer and perform our services, including to carry out our obligations and any agreements entered into, and to engage third party contractors contract performance; legitimate interests (to enable us to perform our obligations and provide our services to you).
Customer Care To respond to your queries and requests. Legitimate interests (to respond to your queries and requests).
Recording of our Events

Please note, we may also record our Events, including any contribution that you may make.  The recorded Events may be shared with attendees (including those who have registered but did not attend), as well as retained by us and used in the future for training purposes (both for us internally, but also to other entities which we choose to engage with).  If you would like your contribution to be anonymous, please state this when you are registering.

 

 Legitimate interests (Knowledge Sharing, training, quality assurance and improvement).

Business Intelligence & Analytics

 

To collect and anonymise data for statistical and benchmarking purposes.

 

 Legitimate interest (to improve user experience and our solutions).
Safeguard of our interests to keep our software solutions and infrastructure  secure, including through identity management and security monitoring to detect, prevent and respond to suspicious activity, fraud, intellectual property infringement, misuse, violations of our terms or law and for other similar purposes; legitimate interest (to safeguard our interests).

Marketing & business development

 

 To help our business grow and stay connected with clients and business contacts; To improve, or upgrade our services or offerings; (c) To ensure you and our clients know about our offerings and future events that we may organise, by sending updates unless you’ve told us you’re not interested. Legitimate interest (as indicated in the second column); consent
Business take-over To make certain information available to third parties that may be interested in acquiring our business (either prior to or as part of the transaction).  This includes, amongst others, any merger, sale, restructure, acquisition, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock. Legitimate interests (to ensure that we are able to sell our business, should we decide to do so).

 

Prior to relying on legitimate interest as a legal basis for data processing, we have conducted a balancing test in accordance with the provisions of the GDPR.

 

If you fail to provide personal information

Whilst we respect your choice not to share personal data, please note that if you decide not to provide personal data, you will not be able to participate in an Event.

Please note that even if you choose not to provide personal data, we may still collect certain data, as outlined in our privacy policy.

  1. Do we share or make personal data available to third parties?

Your personal data is shared or otherwise made available to the following third parties:

  • Lecturers or presenters – In certain instances, your personal data may be disclosed to lecturers or presenters participating in the Event. This information sharing is essential for the seamless coordination of the Event and ensures that presenters have the necessary details to enhance the overall experience for participants.
  • Event Organisers – We may engage the services of a third-party event organizer to assist in the planning, coordination, and execution of the Event. This third party may have access to participant information, including but not limited to names, email addresses, and any other relevant details required for the successful organization of the event. Additionally, the third-party organiser may provide tools or platforms for hosting the webinar. In such cases, your data may be processed or stored on these platforms, but we will take all necessary measures to ensure the security and confidentiality of your information.
  • Third party service providers – from time to time, and always subject to us complying in full with Article 28 GDPR, we engage a number of third parties to provide us with certain services and in doing so, certain types of personal data may be required to be provided to such third-party service providers. These include third parties providing accountancy services, sales, and customer & IT support;
  • Regulatory authorities, departments or law enforcement agencies, when we are required, or permitted to do so by law;
  • Any other person or entity but solely when we are expressly authorised to do so, such as when you provide us with your consent; and
  • A prospective buyer or any of its advisors, where relevant, in the course of a due diligence exercise or as part of a corporate transaction.

Any sharing of your personal data with third parties is conducted with the utmost consideration for privacy and in accordance with applicable data protection laws. We ensure that these third parties are bound by confidentiality and data protection agreements to safeguard the security and confidentiality of your information.

 

  1. Is the information transferred outside of the EEA?

Currently, all personal data is processed in Malta and the European Economic Area (EEA).  It is however possible that personal data will be made available or otherwise processed outside of the EEA, namely when we engage third-party contractors.

If we do so, we will take adequate measures to ensure that personal data is safeguarded to the same standards as it would have been if processed in the EEA, by relying on one of the following:

  • We will ensure that personal information is sent to a country that is considered to provide an adequate level of data protection, in terms of any adequacy decision adopted by the European Commission, in accordance with the provisions of article 45 of the GDPR;
  • We will enter into agreements that impose a legal obligation on the recipient to protect personal data in accordance with the provisions of the GDPR.

 

  1. Data Subject Rights

The GDPR grants data subjects a number of rights that can be exercised in certain circumstances, including:

  • Right of access (subject access request)
  • Right of rectification
  • Right of erasure
  • Right of restriction
  • Right to object
  • Right of data portability.

 

We do not carry out any automated decision-making or profiling.

In those occasions where we have indicated that we are basing our processing on our legitimate interest, please note that in terms of Article 21 GDPR, you have the right to object to that processing.  Whilst we will fully respect your decision, please note that you will not be able to participate in our Events if you do not permit us to process your personal data.

Where the legal basis of processing is based solely on your consent, you may withdraw such consent at any time by notifying us accordingly.  This shall be without prejudice to the lawfulness of processing based on consent before such withdrawal.

For more information about these rights and how to exercise them (when we are acting in our capacity as data controller), kindly contact our data protection officer on the contact details set out hereunder.

 

  1. For how long do we retain personal data?

The length of time for which we hold personal data depends on a number of factors, such as regulatory rules and any legal requirements.  If you would like further information about our data retention policies, please get in touch with our data protection officer on the contact details set out hereunder.

 

  1. Where can I get more information about your data handling policies?

We have appointed a data protection officer (in terms of the GDPR), to oversee compliance with the GDPR and general data protection related queries.  If you need more information about this this privacy notice or how we handle personal information, please contact the data protection officer on [email protected]

 

Our registered address is situated at:

 

Diligex Limited

Mdina Road, Zebbug

ZBG 9015, Malta

 

  1. Can I file a complaint?

If you are not satisfied with the way we manage personal data, you have the right to file a complaint with any relevant data protection authority (particularly the one situated where you habitually reside).  Contact details of the competent authority in Malta are as follows:

 

Address – Information and Data Protection Commissioner, Floor 2, Airways House, High Street,  Sliema, SLM 1549, Malta.

Telephone – (+356) 2328 7100

Email – [email protected]

 

Version 1

Date: 8th February 2024

Changes to the Privacy Policy – We may alter these terms at any time, but in any case we will inform you accordingly, by means we deem reasonable in the circumstances.  In the event of any conflict between the current version of these terms and any previous version(s), the provisions current and in effect shall prevail unless it is expressly stated otherwise.