Updated to EU Regulation No 679/2016 otherwise known as the “GDPR”
Strategic Supplies Ltd processes information as an essential part of its business function. This includes confidential information about businesses and individuals. Information is a valuable asset and business continuity is dependent on its integrity and continued availability.
THE INFORMATION WE USE AND WHERE WE GET IT FROM
We collect and process various categories of personal information, including but not limited to basic information such as name and contact details, and information about financial circumstances and behavioural data. Most of the information will have been provided by the client or created through the use of our services.
Where permitted by law, we may process information about criminal convictions or offences and alleged offences for specific and limited activities and purposes, such as to perform checks to prevent and detect crime.
Any information you provide to us shall be collected and processed in accordance with the relevant data protection and privacy laws and regulations applicable from time to time, including but not limited to the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Data Protection Act, Chapter 586 of the Laws of Malta and any subsidiary legislation thereto, as may be amended.
WHY AND HOW STRATEGIC SUPPLIES LTD USES PERSONAL DATA
Strategic Supplies Ltd collects, processes, and determines how to process your personal information as Data Controller for the follow purposes:
· Providing and improving our products and services;
· To contact you if required in relation to our services/products provided to yourself and/or to reply to any communications that you might send to us from time to time;
· Marketing communications with clients in relation to the company’s own products and services, subject to the client’s prior expression of consent;
· In order to carry our customer due diligence;
· To keep our clients’ records updated
· In order to comply with regulatory obligations;
· For the establishment, exercise and/or defence of legal proceedings or claims;
· For employment purposes.
PROCESSING OF DATA
Your personal data will be processed and stored either on paper or with the aid of automated tools according to logic strictly related to the aforementioned purposes and, in any case, to ensure the security and confidentiality of your data.
An employee shall always ensure with regards to the processing of personal data that:
· it is processed fairly and lawfully;
· it is processed in accordance with good practice;
· it is only collected for specific, explicitly stated and legitimate purpose;
· it is not processed for any purpose that is incompatible with that for which the information is collected;
· personal data that is processed is adequate and relevant in relation to the purpose of processing;
· no more personal data is processed than is necessary having regard to the purpose of the processing;
· personal data that is processed is correct and, if necessary, up to date;
· all reasonable measures are taken to complete, correct, block or erase data to the extent that such data is incomplete or incorrect, having regard to the purposes for which they are processed;
· personal data is not kept for a period longer than is necessary, having regard to the purposes for which they are processed.
Strategic Supplies Ltd will retain your personal information for as long as is necessary to provide the services to you and others, and to comply with our legal obligations. We will not keep personal data longer than is necessary. Once the client has terminated the contract with the company, Strategic Supplies Ltd will anonymise, to extent permitted by law, the personal data of the client and keep it for an indefinite period without further notice, for the following reasons:
· To respond to any questions or complaints
· To demonstrate that you are, or have been, treated fairly
· To satisfy our record keeping obligations in accordance with the applicable legislation and regulations.
HOW YOU CAN ACCESS YOUR PERSONAL INFORMATION
Any person has the right of access to any personal data Strategic Supplies Ltd hold about them either on computer or in a structured manual file. To exercise this right, they should put their request in writing to the Data Protection Officer, there is no charge for this request however, a ‘reasonable fee’ may be liable should the data requests be deemed excessive.
Strategic Supplies Ltd is obliged to respond to such requests within one month of receipt of the request. Therefore, it is essential that such a request is recognised by all members of staff and is passed expeditiously to the Data protection Officer to deal with.
The Data Protection Officer will record all such requests and ask all departmental heads to search their computer and manual files for data concerning the applicant.
Any person has also the right to make a request to correct any information we hold. Altering or deleting information AFTER such a request has been made AND in order the prevent disclosure of the information is a criminal offence. However, this does not prevent any change to the data, which would be made in the normal course of business.
KEEPING PERSONAL INFORMATION SECURE
In relation to security, the Data Controller must take appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of or damage to personal data and set out specific considerations for ensuring security.
Strategic Supplies Ltd adopts a risk-based approach in assessing and understanding the risks, and uses physical, technical and procedural means to achieve appropriate security measures. We take into account technological developments and associated costs to achieve a level of security appropriate to the nature of our information and the harm, which may result from its loss or disclosure.
Members of staff will keep confidential that information, which is provided to Strategic Supplies Ltd, conduct its business and may only disclose it when authorised to do so. Strategic Supplies Ltd provides training to staff to enable them to understand and carry out their responsibilities in respect of security.
Members of staff are responsible for ensuring that:
· all personal data is kept securely by using, preserving and not sharing, secure passwords, logging off when not at one’s workstation, locking data in filing cabinets or drawers, ensuring desks are clear when leaving the office and locking doors.
· data are not removed from the office on any laptop or disk or memory stick which is not encrypted.
· all documents containing personal data or other confidential information are shredded when no longer needed.
· personal data is not disclosed orally, in writing or by any other means to any unauthorised third party, and that every reasonable effort will be made to ensure that data is not disclosed accidentally.
Unauthorised disclosure is a disciplinary matter and may be considered gross misconduct. If in any doubt, consult the Data Protection Officer.
Strategic Supplies Ltd is responsible for ensuring computer hardware is securely disposed of, in such a way that personal and/or confidential data is impossible to retrieve from it.
Those persons and organisations that process personal data on behalf of Strategic Supplies Ltd (but who are not employees of Strategic Supplies Ltd are classed as ‘data processors’ by the Act. There is a legal obligation for Strategic Supplies Ltd to have a written contract with them in relation to the security of the data whilst in their custody. Such contracts are arranged, monitored and maintained by the Data protection Officer who is also responsible for ensuring the security procedures are inspected.
Strategic Supplies Ltd have put in place procedures to deal with any suspected personal data breaches and will notify you and any applicable regulator where we are legally required to do so.
YOUR DATA PROTECTION RIGHTS
Under certain circumstances, by law you have the right to:
· Request access to your personal data.
This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
· Request correction of the personal data that we hold about you
This enables you to have any incomplete or inaccurate personal data we hold about you corrected, though we may need to verify the accuracy of the new data you provide us.
· Request erasure of your personal data
This enables you to ask us to delete or remove personal data where there is no lawful basis for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing. You need to be aware of how such a request will affect the running of your product and we will explain this to you if you make such a request.
· Object to processing of your personal data
You can object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
· Request the restriction of processing of your personal data
This enables you to ask us to suspend the processing of your personal date in the following scenarios: (a) if you want us to establish the personal data’s accuracy; (b) where our use of the personal data is unlawful, but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.
· Not be subject to automated decision making, including profiling
We do not make decisions based solely on automated processing, including profiling.
· Request receipt and/or transfer of your personal data to another party
We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
· Make a complaint to the local Data Protection Commissioner
Where you believe your data has been wrongfully processed, stored or handled, you have the right to raise a concern with the Office of the Information and Data Protection Commissioner (IDPC). You can submit your complaint through the form available on their website, following the link https://idpc.org.mt/en/Pages/contact/complaints.aspx for more details. Otherwise, you can send your complaint to them by email on email@example.com or by post on the below address:
Information and Data Protection Commissioner
Level 2, Airways House
Sliema SLM 1549
· Withdraw consent at any time
You have the right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you want to exercise your rights above, please contact our DPO on:
You will not have to pay a charge to access your personal data (or to exercise any of the other rights). However, we may make a reasonable charge if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
WHAT WE MAY NEED FROM YOU
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
YOUR DUTY TO INFORM US OF CHANGES
It is important that the personal date we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
SHARING YOUR PERSONAL DATA INTERNATIONALLY
We are subject to the provisions of the General Data Protection Regulations that protect your personal data. Where we transfer your data to third parties outside of the European Economic Area (EEA), we will ensure that certain safeguards are in place to ensure a similar degree of security for your personal data. As such:
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
As part of our recruitment process, or in case you send us a CV in connection to a job application through our website, we may collect and process personal data relating to job applicants. If your application is unsuccessful, we may keep this information on file for up to two years in case of any future employment opportunities for which you may be suited. We will ask for your consent before we keep your data for this purpose and you are free to withdraw your consent at any time.
UPDATES TO THIS POLICY
We will occasionally update this Policy to reflect changes in the applicable Regulation as well as both company and customer feedback.
MARKETING CHOICES REGARDING YOUR PERSONAL INFORMATION
Where we have your consent to do so, we may send you marketing communications by email about products and services that we feel may be of interest to you. You can ‘opt-out’ of such communications if you would prefer not to receive them in the future by sending a written request by email to our Data Protection Officer at the following email address:
NEWSLETTER SIGN UP
As part of the registration process for our periodic e-newsletter, we collect personal information such as your name and email address. We use a third-party provider, MailChimp to deliver our newsletter. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see MailChimp's privacy notice - https://mailchimp.com/legal/privacy/
We use that information for a couple of reasons: to tell you about stuff you’ve asked us to tell you about; to contact you if we need to obtain or provide additional information; to check our records are right and to check every now and then that you’re happy and satisfied. We don’t rent or trade email lists with other organisations and businesses. You will only receive communication from us, if you have explicitly opted in to do so.
You can unsubscribe to general mailings at any time of the day or night by clicking the unsubscribe link at the bottom of any of our emails or by emailing our data protection officer at the following email address:
Please note that once you unsubscribe from our email lists, we will delete your email address from our MailChimp account in a timely fashion soon thereafter.
COOKIES AND TRACKING TECHNOLOGIES
Strategic Supplies Ltd’s website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
DATA PROTECTION OFFICER
Strategic Supplies Ltd has appointed a Data Protection Officer, who is your main contact for any concerns you have regarding both the processing of your personal data and your rights and freedoms. Strategic Supplies Ltd Data Protection Officer address is:
Data Protection Officer
Strategic Supplies Ltd
21/22 Parish Square, Mellieha