Fund Scouting & Advisory Ltd (“Company”; “we”; “us”; “our”) respects your privacy and values its importance and is wholly committed to protecting your personal data.
All personal data provided to us are processed in accordance with the Data Protection Act (Chapter 440 of the Laws of Malta – “the Act”), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – “the Regulation”) and any other European Union (“EU”) and national law in relation thereto.
In the course of its engagement and professional relationship with you, the Company will need to collect, use, and sometimes, disclose various items of personal data about you for various purposes associated with the scope of the Services that we provide, as requested and directed by you or by your organisation.
It is both impractical and almost impossible to exhaustively list all the items of personal data which we may need to collect, use or disclose about you. However, to ensure transparency, we have made an attempt to group and categorise below the different kinds of personal data about our clients that we may generally need to collect, process, use, share and store. The list below is not exhaustive:
Includes first name, maiden name, last name, title, identity document number, gender, nationality, employment status, organisation and occupation.
In the context of our corporate clients and the other legal entities that we assist, we may collect Identity and Contact Data about the following persons:
Includes billing address, mailing address, email address and contact numbers.
Anti-Money Laundering Data
Includes the following due diligence information and documentation relating to our clients, or their respective UBO, shareholders, founders, beneficiaries, directors, representatives and/or administrators (as applicable) where the client is a legal person: (i) copy of identity document, (ii) copy of a recently issued utility bill, (iii) professional references, (iv) ‘KYC’ (database) checks and (iv) any other documentation which may be mandated from time to time by the Prevention of Money Laundering Act (Chapter 373 of the Laws of Malta) (“PMLA”), the Prevention of Money Laundering and Funding of Terrorism Regulations (“PMLFTR”), the Financial Intelligence Analysis Unit (“FIAU”) and/or any other competent authority or related legislation.
Marketing and Communications Data
Includes your preferences in receiving marketing from us and our third parties or associated entities and your communication preferences. This may include information whether you have subscribed or unsubscribed from any of our mailing lists, attended any of our events or accepted any of our invitations.
We generally use different methods to collect data from and about you, including through:
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Therefore, we do not generally rely on consent as a legal basis for processing your personal data, other than in relation to sending direct marketing communications. We will only send you our marketing communications where you have expressly consented to receive them from us. You have the right to withdraw consent to such marketing at any time by contacting us.
We may have to grant access to, disclose or share your personal data with the parties set out below only for the purposes of providing you with your requested Services and complying with our legal obligations.
We will only retain your personal data for as long as necessary to fulfil our services to you and, thereafter, for the purpose of satisfying any legal, anti-money laundering and regulatory reporting requirements or obligations to which we may be subject and/or to the extent that we may also need to retain your personal data to be able to assert, exercise or defend possible future legal claims against or otherwise involving you.
By and large, our retention of your personal data shall not exceed the period of six years from the termination of your engagement with us. In certain cases, we may need to retain your personal data for a period of up to eleven years to comply with applicable Rules.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed (safeguard its integrity and confidentiality).
We also regularly review and, where practicable, improve upon these security measures.
In addition, we limit access to your personal data to those employees, agents, contractors and other professional third parties who strictly need to know this information. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
7.1 In this Section 7, we have summarised the rights that you have under the EU General Data Protection Regulation (GDPR).
7.2 Your principal rights under EU General Data Protection Regulation are:
7.3 You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
7.4 You have the right to have inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
7.5 In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
7.6 In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful, but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
7.7 You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
7.8 You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
7.9 To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
7.10 You have the right to lodge a complaint at any time to a competent supervisory authority on data protection matters, such as in particular the supervisory authority in the place of your habitual residence or your place of work. In the case of Malta, this is the Office of the Information and Data Protection Commissioner (the “IDPC”) (https://idpc.org.mt/en/Pages/contact/complaints.aspx). We would, however, appreciate the opportunity to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.
7.11 You may exercise any of your rights in relation to your personal data by email or written notice to us.
In the event of any data breaches discovered by us that involve the loss or unauthorised access or change to any personal information, we will notify you within 72 hours of the discovery. In the event any data breach is likely to result in a risk to personal rights and freedom, we will report to the Information and Data Protection Commissioner.
This version was last updated on February 2019.
Full name of legal entity: Fund Scouting & Advisory Limited
Postal address: 259 St. Paul Street, Valletta VLT1213