Data privacy laws are increasingly applying to web businesses around the digital world. The General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and the Lei Geral de Proteção de Dados (LGPD) are among the best-known examples. These laws are designed to protect the rights of citizens and consumers in an online world.
Though both the GDPR, CCPA and the LGPD are designed to protect visitor data, the requirements of each legislation are different. We respect all of these regulations depending on where you view our site.
Any reference in this Policy to “ASO” or “Company” or “We” means Arete Socium Opus Limited with registration number C99404 with registered office at 48, office 2, Balzan Valley, Balzan, Malta. Any reference to “You” or ‘ Your’ shall mean the individual accessing the Website.
ASO respects Your privacy and is committed to protecting Your Personal Data and Processing it in compliance with applicable laws notably the Directive 95/46/EC (General Data Protection Regulation) as transposed into Maltese law, Chapter 586 of the Laws of Malta, and its subsidiary legislation as amended from time to time - “GDPR”.
This Policy applies to all users of the Website and when ASO is acting as a Data Controller with respect to the information pertaining to the Website’s users.
By using the Website You agree with the use of Your information and Personal Data in the manner set out in this Policy.
Data Controller means the person or organisation responsible for determining the purposes and means of the Processing of Personal Data. ASO is the Data Controller in respect of all personal information that is provided by You on the Website.
Data Subject means the identified or identifiable person to whom the Personal Data relates which for the purpose of this Policy shall be You, the Website’s users.
Personal Data means any information that relates to an identified or identifiable living individual. This includes where living individuals can be directly or indirectly identified using information such as a name as well as other identifiers such as unique personal identifiers, location data or other online identifiers, as well as physical, physiological, general, metal, economic, cultural or social identity.
Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Processor means the person or organisation (a third party) who processes Personal Data on behalf of the Data Controller.
4- Types of Data We Process
There are various sources from where we obtain Your Personal Data, these include :
The information You provide us with when filling the contact form on our Website : this includes Your personal details such as: Your name, email address, phone number and any other Personal Data You would insert in the ‘ message’ and “subject” sections of the contact form. This information is obtained through Your voluntary submission and, upon obtaining Your consent, and may be processed for the lawful purposes of answering Your queries, maintaining back-ups of our databases and communicating with You.
The information we obtain from Your use of our Website (Website browsing): This includes which content Your view, Your dynamic IP address, browser type and version, operating system, referral source, length of visit, page views and website navigation paths as well as information about the timing, frequency and pattern of Your use of the Website. This usage data may be processed for the purposes of analysing the use of the Website. The legal basis for this Processing is monitoring and improving our Website (legitimate interests).
Cookies: These are small files with a number of characters sent to Your device when You access the Website. Please refer to Cookies Policy available here [include hyperlink] for detailed information on the cookies we use and how to opt-out from them.
Records: we may keep correspondence from You to us for records-keeping purposes and/or process Your personal information in order to satisfy our legal obligation or where we have a legitimate reason for doing so.
5- Who do We Share Your Personal Data with?
ASO may need to share Your Personal Data with third party providers for legitimate purposes as follows:
We may disclose Your Personal Data to any member of ASO’ group of companies which shall include subsidiaries, sister companies and mother company and its subsidiaries) insofar as reasonably necessary for the purposes set out in this Policy.
We may disclose Your Personal Data to our professional advisers for as long as it is reasonably necessary for the purposes of managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims.
We may disclose Your Personal Data where such disclosure is necessary for compliance with a legal or regulatory obligation to which ASO is subject.
We may disclose Your Personal Data with third party providers for the purpose of Processing and storing Your Personal Data as set out in the Policy.
6- How long do We store Your data for ?
We ensure that any of Your Personal Data we process shall not be kept for longer than it is necessary. ASO may retain Your Personal Data where such retention is necessary to comply with a legal or regulatory obligation to which We are subject, or for the protection of legitimate interests. The information You provide us when you apply for a role such as CVs are kept for a certain period of time in order to assess whether other positions that might arise can suit Your profile.
7- Rights of Data Subjects
The GDPR sets out the rights applicables to Data Subjects. Each Data Subject providing his/her Personal Data to the Company has the following rights subject to the applicable Maltese Law :
(i) the right to be informed;
(ii) the right of access;
(iii) the right to rectification;
(iv) the right to erasure (also known as the right to be forgotten);
(v) the right to restrict Processing;
(vi) the right to data portability;
(vii) the right to object to Processing
(viii) the right to object to marketing; and
(ix) the right to complain to the Malta Information and Data Protection Commissioner “IDPC”.
7.2 Data Subject Access
Data Subjects may make subject access requests (“SAR”) at any time to find out more about the Personal Data the Company holds about them, how they are processed and for which purpose.
Data Subjects that would like to make a SAR should contact the legal department of the Company at email@example.com.
7.3 Rectification of Personal Data
Data Subjects have the right to require the Company to rectify any of their Personal Data that is inaccurate or incomplete within one month which shall be extended to two months in the case of complex requests, subject to applicable Maltese Laws.
In the event that such Personal Data have been disclosed to third parties, these third parties shall be informed by the Data Controller of the rectification that must be made.
7.4 Deletion of Personal Data
Subject to applicable Maltese Laws Data Subjects have the right to request that the Company erases the Personal Data it holds about them when :
It is no longer necessary for the Company to hold that Personal Data with respect to the purpose for which it was originally collected or processed;
The Data Subject wishes to withdraw their consent to the Company holding and Processing their Personal Data;
The Data Subject objects to the Company holding and Processing their Personal Data and the Company has no legitimate interest to do so;
The Personal Data has been processed unlawfully;
The Personal Data needs to be erased to comply with a legal obligation.
All requests for deletion shall be complied with unless the Company has reasonable grounds to refuse such deletion or in accordance with applicable Maltese Laws. Such deletion shall be done within one month from the request and two months in case of complex requests.
In the event the Personal Data to be erased has already been shared with a third party, the Company shall liaise with such third party and request for the deletion.
7.5 Restriction of Personal Data Processing
Data Subjects may request that the Company ceases to process their Personal Data and following such request, ASO shall retain only the amount of Personal Data necessary for legitimate purposes, unless other exceptions apply under applicable Maltese laws.
If such Personal Data has been disclosed to a third party, this third party shall be informed of the restriction requested by the Data Subject, to the extent permissible at law.
7.6 Objection to Personal Data Processing
Subject to applicable Maltese Laws, Data Subjects have the right to object to the Processing of their Personal Data in the following cases :
The Processing of Your Personal Data is for the purposes of direct marketing;
The Processing of Your Personal Data is for a task carried out in the public interest;
The Processing of Your Personal Data is for the exercise of official authority vested in You; or
The Processing of Your Personal Data is for Your legitimate interests
In the cases enumerated above, the Company will cease such Processing immediately unless the Company demonstrates compelling legitimate grounds for the Processing which overrides the interests, rights and freedoms of the Data Subject or where the Processing is required for the establishment, exercise or defence of legal claims or where the applicable Maltese Laws provide exceptions.
If such objection is about the Processing of Personal Data for scientific and/or historical research and statistics purposes, the Data Subject must demonstrate grounds relating to his or her particular situation and the Company shall not be required to comply if such research is necessary for the performance of a task carried out for reasons of public interest or pursuing legitimate interests or any other reasons as provided by Maltese Laws.
7.7 Right to complain
8- Data Security
ASO employs security measures to protect Your Personal Data from access by unauthorised persons and to prevent unlawful Processing, accidental loss, destruction or damage.
Since the internet is not a completely secure environment we cannot guarantee the security of any information disclosed through Your internet connection.
9. Transfer of Personal Data outside the EU
Should we transfer Your Personal Data to any country outside the EEA, such transfer will be protected by making use of standard data protection clauses adopted by the European Commission, and by requiring from our contractors proof that they have the necessary safeguards mechanisms in place to protect Your Personal Data in accordance with this Policy.