INTRODUCTION  

This privacy notice regulates our use of the data which you provide us or which we process.

Naudi Mizzi & Associates (hereinafter “Naudi Mizzi & Associates”, “Firm”) is committed to the protection of your data in accordance with the General Data Protection Regulation (EU Regulation 2016/679) (“GDPR”, or the “Regulation”) and the Data Protection Act (the “Act”), Chapter 586 of the Laws of Malta as may be amended or replaced from time to time. The Firm and its professionals are also bound by strict rules on professional secrecy.

The purpose of this Privacy Policy is to outline the use of your personal data and your rights as a data subject, when personal data is provided to the Firm or its professionals, including but without limitation to when you approach or engage the Firm for professional services, during the provision of services which may be provided by the Firm or its professionals, and when you visit and use this website (https://www.naudimizzi.com) (“website”) and any of its pages, aside from any further legitimate reason.

In this Privacy Policy, any reference to you/your/the user/the client means an identified or identifiable natural person, who is using, accessing or viewing the Firm’s website and/or a client or prospective client of the Firm or recipient of the legal services which the Firm or any of its professionals provide.

Any reference to we/our/us/the Firm means Naudi Mizzi & Associates.

In order to be fully informed on how the Firm will collect and process your personal data, please make sure to read this Privacy Policy notice carefully. The contents of this Privacy Policy have been sorted in various categories for your ease of reference and quick access. The Firm may also provide you with further privacy notices, on specific occasions where the Firm is collecting or processing your personal data. You may also contact the Firm through the details provided on this website and below for any clarification which you may require or queries which you may have.

 

DATA CONTROLLER

The ‘data controller’ is Naudi Mizzi & Associates, an independent law firm, with its address at Flat 14, Marina Court, Abate Rigord Street, Ta’ Xbiex, Malta. Naudi Mizzi & Associates is also associated with the corporate entity N Trust Limited (C41582), registered at the same address.

We are also the data controller of any personal data which we collect or receive and which we process in connection with our Services and this website.

The Firm’s data protection contact person is Dr Antoine Naudi. Contact details may be found below in this Privacy Policy and on our website. Any requests in relation to data protection, this Privacy Policy, and the exercise of your rights may be directed to the Firm’s data protection contact person accordingly.

 

DEFINITIONS OF TERMS USED THROUGHOUT THIS POLICY

Data Controller/Controller – ‘Data Controller’ or ‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;

 

Data Processor/processor – ‘Data Processor’ or ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.

 

Data Subject/s – ‘Data subject’ means an identified or identifiable natural person to whom the personal data relates – an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

INFORMATION WE COLLECT 

 

What is Personal Data?

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Personal data does not include information relating to a legal person (for example, a company or other legal entity). In that regard, information such as a company name, its company number, registered address and VAT number does not amount to personal data in terms of both the Act and the GDPR. Therefore, the collection and use of information strictly pertaining to a legal person does not give rise to data controller obligations at law. We will still naturally treat any and all such information in a confidential manner, in accordance with our standard practices and professional secrecy obligations.

 

Special categories of personal data

Special categories of personal data are data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

We treat all data collected with the utmost confidentiality in accordance with our legal obligations, particularly this type of personal data.

 

How is your personal data collected?

Information collected relating to your personal data is provided to us should you voluntarily choose to do so, including in instances where such personal data is requested from you by us.

Your personal data is collected by us in a number of ways, both digitally (for example, through submission of your data through forms on our website, or by sending us your data through electronic correspondence) or in other means, such as by providing us with documentation, and others.

Data may be collected through correspondence with us, whether electronic, postal, via phone, during meetings with us, or otherwise, through submitting data through this website’s contact form, prior to accepting you as a client or otherwise, and during the course of our professional relationship with you.

 

Collected Personal Data

In the course of your use of this website, or the provision of our professional services to you, or in the course of any professional relationship, whether formalized or otherwise, which we may establish with you, you may provide us with a variety of categories and forms of personal data, which we will in turn collect and process in accordance with the law and as required. These may possibly include, without limitation, the following types of personal data:

Identification Data ·        Full name and surname

·        Maiden name if applicable, or previous surnames

·        Title

·        Identity document number

·        Copy of identity document (including without limitation identity card, passport, residence permit etc)

·        VAT number

·        Gender

·        Nationality

·        Residence

·        Marital status

·        Employment status

·        Occupation or profession


Contact Data  

·        Your contact details, including personal or professional email address, residential and mailing address, contact numbers (telephone or mobile), fax numbers, place of work


Corporate/Company Data; Data relating to legal entities  

·        Further personal data collected, including any type of personal data mentioned in this section without limitation and as applicable, on the following persons: directors, shareholders, ultimate beneficial owners, legal and judicial representatives, company officers including company secretary, auditors, cooperative members or stakeholders, founders and board of administrators for Foundations, settlors, beneficiaries, protectors and trustees for Trusts.


Financial Data  

·        Bank account details

·        Payment method details

·        Financial status, outstanding debts/liabilities only if required and/or necessary.


Compliance/AML/KYC/Due Diligence Data  

·        Country of tax residence

·        Tax identification number

·        Copies of identity documentation

·        Copies of documentation proving proof of residence such as utility bills, contracts of lease or sale, or others

·        Professional references

·        Any other documentation or data which may be required from time to time by any legislation in force concerning the prevention of money laundering and the prevention of funding of terrorism regulations, directives from any relevant authorities including the Financial Intelligence Analysis Unit, or the Malta Financial Services Authority, or any other competent authority, policy, or legislation

·        Information related to criminal convictions.

Due diligence data may be required in relation to a number of different persons, including but not limited to the persons outlined in the section above titled ‘Corporate/Company Data; Data relating to legal entities’ and others.


Tracking Data  

·        IP address

·        Other online identifiers, including any data from cookies, usage data and others.


Data required for service provision or legal assistance  

·        Data relating to the case at hand, including relevant details, documentation or any other form of evidence, which may also include sensitive data depending on the case requiring assistance;

·        Other case data;

·        Data relating to other parties which may be involved in the matter at hand solely on a required basis.


 

The above list of categories or types of personal data is only indicative and by no means exhaustive. Furthermore, we may require personal data from a number of the categories above, which are non-exclusive, meaning that we may need to collect any of the data mentioned in the above list as required. This does not mean that we will collect all the information indicated, and we will collect information only on a required basis. We may request that you provide us with other personal data which you voluntarily choose to provide to us as necessary and/or in accordance with any of our legal or compliance obligations.

 

Failure to provide personal data

If you choose not to provide us with personal data, and that data is either required for collection by us at law, or required in order to provide legal assistance, or required for any other legitimate interest of the Firm or on any other legal basis, the Firm may choose to terminate or refuse to enter into any professional relationship with you at its discretion, or will be unable to provide a legal or professional service to you. It could also be that any services which we provide to you are hindered or delayed because of this failure to provide personal data. The Firm cannot accept any liability for such actions to terminate professional relationships with you pursuant to this section.

 

Accuracy of Personal Data

Whilst the Firm takes and will take every reasonable step to ensure that personal data is up to date, particularly with regards to the purposes of the data processed, you, as the data subject, must ensure that the data which you provide us with is true, accurate, correct and updated to the best of your knowledge.

 

The Firm may also be required to verify your identity and other details about you, including any personal detail provided, before being able to provide you with any services.

 

Personal Data relating to Third Parties

If you provide us with data which is someone else’s personal data, you carry the responsibility of ensuring that you are authorized or entitled to disclose such data and that such data may be used as outlined in this Privacy Policy.

 

HOW AND WHY WE USE YOUR INFORMATION

 

Purpose of Processing

Naudi Mizzi & Associates is committed to processing your personal data lawfully, fairly and in a transparent manner. The processing of personal data outlined above is carried out for a number of purposes:

 

Purpose Type of Data Legal basis
To verify your true identity or the identity of other involved persons and to fulfil our AML/CTF and due diligence obligations at law for the purposes of providing our services, and subsequently, where applicable, to register you as a client

 

Identification data, Contact data, Corporate/Company Data; Data relating to legal entities, Financial Data, Compliance/AML/KYC/Due Diligence Data

 

 

 

Compliance with legal obligations

 

The Firm’s legitimate interests

 

 

 

To comply with any of our legal and regulatory obligations

 

 

Identification data, Contact data, Corporate/Company Data; Data relating to legal entities, Financial Data, Compliance/AML/KYC/Due Diligence Data, Data required for service provision or legal assistance and any other personal data as required by law

Compliance with legal obligations

 

The Firm’s legitimate interests

To fully evaluate any request for services which you send us in relation to the request for a legal or professional service

 

Identification data, Contact data, Corporate/Company Data; Data relating to legal entities, Data required for service provision or legal assistance and any other personal data as required  

 

Yours and the Firm’s legitimate interests

 

Compliance with legal obligations

 

Necessity for the provision of legal or professional services

 

 

To carry out and provide our professional services to the best of our ability, including without limitation for the commencement, exercise or defence of legal claims or proceedings

 

Identification data, Contact data, Corporate/Company Data; Data relating to legal entities, Financial Data, Data required for service provision or legal assistance and any other personal data as required  

Yours and the Firm’s legitimate interests

 

Compliance with legal obligations

 

Necessity for the provision of legal or professional services

To update and maintain our client records

 

Identification data, contact data, financial data, data required for service provision or legal assistance and any other personal data as required  

 

Necessity for the provision of legal or professional services

 

Legitimate interest and ensuring that all records are accurate and up to date

 

 

Billing/invoicing purposes

 

 

 

Identification data, contact data, financial data, data required for service provision or legal assistance

 

The Firm’s legitimate interest – payment for provision of service

 

 

To monitor usage of and traffic on our site

 

 

Tracking Data

 

The Firm’s legitimate interest

 

 

Where you have given your consent to process further personal data. Please read the section marked ‘Consent’ in this Privacy Policy

 

 

 

Identification data, Contact data, Corporate/Company Data; Data relating to legal entities, Financial Data, Data required for service provision or legal assistance and any other personal data as required

 

Your consent

 

Legitimate interest

 

Legal obligations

 

Such purposes may be ongoing and may also be subject to further monitoring to ensure that all your personal data is as accurate as possible. We will never process personal data without your consent unless there is another lawful ground permitting us to continue to process such personal data. Other purposes with legitimate bases may arise in the course of our professional relationship. Should this be the case, you as the data subject will also be informed of the purpose for processing such data by us and you may exercise your applicable rights as outlined in this Privacy Policy in relation to such processing.

Any personal data which is processed by us is always done so on a legal basis in line with data protection law.

 

DATA MINIMIZATION

Naudi Mizzi & Associates will only collect and process data which is adequate, relevant and limited to what is necessary for the above outlined purposes.

 

RETENTION PERIODS

The Firm will only retain your personal data for as long as necessary, always keeping in mind the purpose for which it was collected.

Furthermore, the Firm is also bound by legal timeframes for the retention of some specific data, including without limitation legislation related to tax, anti-money laundering, and others. In such case, we are obliged to retain this data for the period of time as established in the law.

Furthermore, in the Firm’s legitimate interests, should there be a possibility of any laws or contractual provisions which may be invoked against us by you or any other third parties, the Firm will keep in mind prescriptive periods for such actions and would necessarily need to retain any personal data provided to us in the interests of defending ourselves should such claims arise.

Where personal data is no longer required by us, keeping in mind also your legitimate interests, we will either securely delete or anonymize the personal data in question. In some circumstances, provided that the request does not go against our legal obligations or legitimate interests as provided in this section, you may also ask us to delete your data. Kindly refer to the section below explaining your rights in this respect.

 

SECURITY OF YOUR PERSONAL DATA

Our professionals at Naudi Mizzi & Associates are bound by strict professional secrecy and professional confidentiality rules save for instances where we are obliged to disclose information by law.

Furthermore, the Firm has in place security measures to prevent personal data from being accidentally used or accessed, altered, or disclosed in an unauthorized manner, thereby doing its utmost to safeguard the integrity and confidentiality of the data.

Access is limited to such persons who must necessarily require to see this information on a need-to-know basis.

The Firm will notify you and any applicable regulator of a breach where it is legally required to do so.

 

CONSENT

In cases where the Firm may not or opts not to rely on another legal ground for processing your personal data, we shall only process your personal data on the basis of your consent. Such consent will be obtained from you in a clear and manifest manner. However, please note that consent is not the only ground that allows us at law to process your personal data. Please refer to the section titled ‘Purpose of Processing’ for an outline of the other legal bases which may arise.

In such cases where processing is done on the basis of your consent, you have the right to withdraw your consent at any time.

When requested by us to provide your personal data, you provide such data to us voluntarily and may always decline. However, if we fail to receive such data, this may impact the possibility of provision of our services. Please refer to the section in this Privacy Policy titled ‘Failure to provide us with personal data’.

 

MINORS

If you are under the age of eighteen (18), please get your parent/guardian’s permission before you give any personal information to us.

This website, and all the services which the Firm provides, are not intended to be used by any natural persons below the age of eighteen (18). Naudi Mizzi & Associates will not collect any personal data from such persons without proper authorisation.

Any personal data which we accept to receive relating to persons under the age of eighteen is treated by us with the utmost confidentiality. Any personal data of minors received by us shall be considered as having been sent with the proper authority and the sender undertakes to be able to demonstrate such authority at any time upon request.

 

SHARING YOUR INFORMATION

The Firm reiterates that information is treated with the utmost confidentiality and is bound by obligations of professional secrecy. Relevant personal data is disclosed or shared with employees of the Firm, who are all bound by strict confidentiality rules. Furthermore, personal data will be shared as required to provide the professional services as requested or for any other legitimate basis.

Authorised disclosures on your part are carried out with your consent. Where personal data is concerned, and therefore not with reference to any other data falling outside the scope of this Privacy Policy, the law provides that in certain circumstances, authorized disclosures may be required on our part which would not require your consent.

Naudi Mizzi & Associates will never share, sell, or disclose, your personal data to third parties for the purpose of marketing.

 

YOUR RIGHTS

Right to Access your Personal Data 

As the data subject, you have the right to obtain confirmation from us as to whether or not the Firm is processing any personal data concerning you, and in the affirmative, you also have the right to access such personal data as well as the following information:

a. The purposes of the data processing (why we are processing the data);

b. What personal data we are processing;

c. The recipients or categories of recipient to whom the personal data have been or will be disclosed;

d. Where possible, how long we intend to store your personal data;

e. What your rights are as a data subject in relation to your personal data;

f. Your right to make a complaint;

g. The source of your personal data; and

h. Whether the Firm has carried out any automated decision making, including data profiling, and any related information.

 

Without prejudice to any other existing rights or legitimate interests, including our own, and with due consideration to both our legal obligations as well as to other laws by which we are bound, we will provide you with a copy of the personal data relevant to you which we hold, upon your request.

 

Right to Rectification

You, as the data subject, have the right to amend or rectify personal data which we hold which is relevant to you and the completion of any incomplete personal data. Naudi Mizzi & Associates reserves the right to verify the accuracy of such data before such rectification.

 

Right to Erasure/Right to be forgotten

You, as the data subject, have the right to request that we delete your personal data. The Firm shall comply without undue delay only where:

a. The personal data are no longer necessary in relation to the purposes for which they were collected or processed; or

b. You withdraw your consent (where we process the personal data on the basis of your consent) and the Firm has no other legal ground to process your personal data; or

c. You shall have successfully exercised your right to object; or

d. Your personal data shall have been processed unlawfully; or

e. There exists a legal obligation to which the Firm is subject; or

f. Other special circumstances exist.

 

The Firm shall not be legally bound to comply with such erasure request if the processing of your personal data is necessary for compliance with a legal obligation to which we are subject, or for the establishment, exercise or defence of legal claims, amongst any other relevant legal grounds.

 

Right to Data Restriction

You have the right to request the Firm to restrict i.e. store but not process further, your personal data, where one or more of the following applies:

a. You contest the accuracy of your personal data, for a period enabling us to verify the accuracy of such personal data;

b. The processing is unlawful and you oppose the erasure of your personal data;

c. The Firm no longer needs the Personal Data for the purposes for which they were collected but you need the personal data for the establishment, exercise or defence of legal claims;

d. You exercised your right to object and verification of our legitimate grounds to override your objection is still pending.

 

Right to Data Portability

You have the right to ask us to provide your personal data which you would have provided to us, back to you in a structured, commonly used and machine-readable format, or (where this is feasible and practical) to have it transmitted directly to another data controller, provided that this does not adversely affect the rights and freedoms of others. This shall only apply where such processing is based on your consent, or on the performance of any contract with you, and the processing is carried out by automated means.

 

Your right to withdraw consent

Your personal data is processed on the basis of your consent where we may not be able or choose not to rely on another legal ground for processing your data under the relevant law.

In such cases, you have the right to withdraw your consent at any time and this in the same manner as you shall have provided to us. 

Should you exercise such right to withdraw your consent at any time, by contacting us and our Data Protection contact person below, we shall determine whether another legal basis exists for processing your data where we may be legally authorised or bound to process your personal data without needing your consent. In such cases, you will be notified accordingly.

Please read the section on ‘Consent’ in this Privacy Policy for further information. For the avoidance of any doubt, the Firm stresses that consent is not the only ground that permits us to process your personal data.

 

Your right to object to processing

Where the Firm processes your personal data when such processing is necessary for the performance of a task carried out in the public interest or when processing is necessary for the purposes of the legitimate interests pursued by us or a third party, you have the right to oject to the processing of your personal data by us.

To clarify, under data protection law, where we process your personal data in circumstances when this is necessary for the performance of a contract or necessary for compliance with a legal obligation to which we are subject or necessary to protect your vital interests or those of another natural person, such general right to object shall not subsist.

 

Your right to lodge a complaint

You have the right to lodge complaints with the Data Protection Supervisory Authority. In Malta, the competent authority is the Office of the Information and Data Protection Commissioner (OIDPC).

Where you are considering filing a complaint, we do ask you to consider contacting us first in order to resolve the issue promptly. Notwithstanding this, you have the right to contact the competent authority at any time.

 

CHANGES TO HOW WE PROTECT YOUR PRIVACY OR UPDATES TO THIS PRIVACY POLICY

Naudi Mizzi & Associates reserves the right to make changes to this Privacy Policy at any point in the future at its discretion. Any further queries with regards to this Privacy Policy may be directed to us via the contact details below.

 

LINKS TO OTHER WEBSITES OR THIRD-PARTY SOURCES

This website includes links to external websites. Naudi Mizzi & Associates cannot be held responsible at all for the content on and consequences of use of any such websites or third-party sources. Furthermore, any third-party links, sources, resources, or websites referred to on this website cannot be construed as an endorsement of the content of the same in any way. It is highly recommended that the privacy policy of such external websites are referred to and read carefully.

 

CONTACT US

 

Naudi Mizzi & Associates

Contact person/Data Protection Officer: Dr Antoine Naudi

Email: [email protected] ; [email protected]

Telephone: 21336555/6

Address: Flat 14, Marina Court, Abate Rigord Street, Ta’ Xbiex, XBX1120, Malta, Europe