1.Who is the holder of the processing?

The company ExAct Malta Ltd., placed in 185E, Old Bakery Street (VLT1455 – Valletta – Malta) as the holder of the processing, is  informing  you that, according to European Regulation n.679 / 2016 ("GDPR"),  your data will be processed based on principles of correctness, lawfulness, transparency and protection of your privacy and your rights. For this reason, we ask you to read this information very carefully.

In this document we would like to give you further information about:

1. Who is the holder of the processing?

2. Which data are we using?

3. Why do we collect your data?

4. How are your data used?

5. How long are your data kept?

6. Who can have access to your data?

7. To whom can your data be communicated?

8. Where can your data be transferred?

9. What are your rights?

10. How to exercise your rights

11. Cookie Policy

2.Which data are we using?

Our company uses your personal data,  which are identification data such as: name, surname, date of birth, nationality, curriculum vitae, identification document, business name, address, telephone, e-mail, VAT number, tax code, bank and payment references etc. which are provided by you when, for example, you contact us directly for information about products / services, for a price quotation, or for defining and / or managing an order or a commercial relationship.

3.Why do we collect your data?

The data that you provide allow us, on one side, to be able to give you the requested information, manage an offer or define a commercial agreement; on the other side, they help us to  understand your habits, interests and preferences in order to be  always in line with your needs.

In particular, your personal data are processed without your explicit consent for the following service purposes:

1. for the execution of the contract or the fulfillment of pre-contractual commitments:

• to contact you as requested  in order to provide all information and answers about  products and offers;
• to define price quotations;
• to manage entirely the commercial relationship, paying attention to the management of all administrative-accounting aspects, sending service communications, organization, shipment and  assistance;
• to improve assistance, services, contents and products , also through aggregate statistical analysis made anonymously;

2. for the fulfillment of legal obligations:

• to respect and fulfill the obligations established by laws, regulations, community regulations, orders and prescriptions of the competent authorities.

3. for the pursuit of a legitimate interest of the owner:

• to manage complaints and disputes, debt collection, prevent fraud and illegal activities;
• to exercise rights and protect the legitimate interests of the owner or third parties, for example the right to be defended in court;
• to manage commercial communications to your email address, related to services and products similar to the ones already used. In each email that we sent you can decide to refuse further mailings by clicking on the appropriate link.

4.How are your data used?

Your personal data are used for several operations as collection, registration, organization, storage, consultation, analysis, combination, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction; your personal data are subjected to paper, electronic and automated processing and stored in electronic or paper archives.

The processing operations are carried out by minimizing the use of personal and identification data not necessary for the specific pursued processing purposes.

Which data are mandatory and which optional?

Among the information we collect, some are indispensable for the definition, stipulation and administration of the contract; others help us to offer you a better service. In particular, the provision of your personal data, which are processed for the service purposes referred to  point a) is necessary for the management of the contractual relationships that come with it.

The provision of your personal data, which are processed for other purposes (e.g. commercial or promotional communications) is optional. Their absence does not prevent the management of the contractual relationship, but implies the interruption of the flow of commercial or promotional communications to you.

5.How long are your data kept?

The data retention period is related to the purpose of the processing in progress. The holder of the processing will keep personal data for a period of time not exceeding the achievement of the purposes for which they were processed. It means: for no more than 10 years from the termination of the relationship in compliance with legal obligations; for no more than 5 years in the absence of a relationship (sale, purchase, provision of services) for marketing purposes only.

6.Who can have access to your data?

We really care about the protection of your personal data. For this reason, we only share your data when strictly necessary or / and only with those who help us to offer you a better service every day. Your data might be accessible:

• To the internal staff of the holder's organization, due to the tasks assigned to them according  to the processing purposes specified in this statement, as persons authorized to the processing and, where clearly mentioned, to the data processors.
• To public and / or private subjects, natural and / or legal persons (hotel structures, B & Bs, educational institutions, training agencies, legal, administrative and tax consultancy offices, any IT companies and any other subject) where the holder of the processing makes use of them during the activities, as external data processors.
• To all those subjects (including public authorities) who have access to data because of regulatory or administrative measures.

7.Who can your data be communicated to?

The holder of the process may communicate your data to supervisory institutions, Juridical authorities as well as to all other subjects to whom data communication is mandatory by law for the purposes described above. Your personal data will in no circumstances be communicated to third parties for promotional purposes and will not be disclosed in any way.

8.What are your rights?

The following we describe what your rights are, which ensure you the control and protection of your personal data. In fact, you have the right to:

• Obtain the cessation of processing  (so-called right of opposition). The data subject  has the right to object at any time, for any reason related to his particular situation, to the processing of personal data concerning him, including profiling based on these provisions. The holder of the processing refrains from further processing personal data unless there are binding legitimate reasons to proceed with the processing that prevail over the interests, rights and freedoms of the data subject or for the assessment, exercise or defense of any right in court.
• If personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him / her carried out for these purposes, including profiling as long as it is connected to such direct marketing .

• If the data subject objects to the processing for direct marketing purposes, personal data are no longer processed for these purposes.

• Obtain information in relation to the purposes for which the personal data are processed, the period of processing and the subjects to whom the data are communicated (so-called right of access);
• Obtain the correction or integration of inaccurate personal data concerning the data subject (so-called right of rectification);
•  Obtain the cancellation of personal data in the following cases:
• (i) data are no longer necessary for the purposes for which they were collected;
• (ii) the data subject has withdrawn his consent to the data processing data if they are processed according to his consent;
• (iii) the data subject has opposed the processing of personal data concerning him in the event that they are processed for our legitimate interest;
• (iv) the processing of your personal data does not comply with the law.
• However, we point out that the retention of personal data is lawful if it is necessary for us to comply with legal obligation or to assessment, exercise or defend a right in court (so-called right of cancellation);
• • Obtain that personal data is only stored without further use of it in the following cases:
• (i) the data subject disputes the accuracy of personal data, for the period necessary for us to verify the accuracy of such personal data;
• (ii) the processing is unlawful but the data subject still opposes the cancellation of personal data from us;
• (iii) personal data are necessary for the assessment, exercise or defense of any right in court;
• (iv) the data subject has opposed the processing and is awaiting verification about the possible prevalence of our legitimate reasons for the processing compared to those linked to the data subject (so-called right of limitation);
• Receive personal data concerning you in a commonly used format, readable by an automatic and device, if they are processed according to the contract or your consent (so-called right of  portability).

9.How to exercise your rights

You can modify and withdraw the processing of your personal data and exercise your rights at any time in different ways: by sending a request to our company, at the addresses indicated in point 1, or by sending an email to the following address officemanager@exactmalta.org

For all the cases mentioned above, if necessary, we will take care to inform third parties to whom your personal data are communicated about any exercise of rights operated by you, except for specific cases (for example when such fulfillment seems impossible to achieve or involves a manifestly disproportionate effort compared to the right to be protected).