Privacy Policy
DETAILS OF WHAT DATA WE COLLECT FROM YOU, WHAT WE DO WITH IT AND WHO IT MIGHT BE SHARED WITH
The following information provides an overview of how we (the ‘Company’) process your personal data, and your rights as a data subject under the EU General Data Protection Regulation (the ‘GDPR’).
-
Who is responsible for data protection and how can I contact them?
Quazar is the Data Controller (the entity which determines the purposes and means of processing of personal data) whilst other related companies are the Data Processors (the entities which processes personal data on behalf of a controller).
The person responsible for data protection for both data controller and processor is:
Name: Quazar
Address: Centris Business Gateway, Level 1/I, Triq Is-Salib Tal-Imriehel, Central Business District, Birkirkara
Tel. Number: +356 2388 4600
Email Address: dpo@quazar.mt
-
What data do we process?
We process personal data that we obtain from our clients in the context of our business relationship.
We also process personal data obtained from publicly available sources such as commercial registers, press, media and internet searches which we lawfully obtain and are permitted to process. We process this personal data because processing is necessary for compliance with a legal obligation to which we are subject, that is our legal obligations under current Anti-Money Laundering Laws and Regulations. The personal data processed in this regard is data verifying your identity, media reports, and confirming your details provided to us by you. This data may need to be disclosed to the relevant supervisory authorities, legal advisors and compliance officers/consultants/advisors (see Section: Who do we share your data with?). This data will not be used for automated-decision making (see Section: How will we use this data).
-
Why do we collect this data?
We process client data in accordance with the GDPR and primarily for the following purposes:
PERSONAL DATA including title, name and surname, residential address, place and date of birth, passport details, identity reference number, identification document details, nationality/citizenship, and other data in this category | Processing is necessary for compliance with a legal obligation to which we are subject | Complying with our legal obligations under current Anti-Money Laundering Laws and Regulations
​
CONTACT DATA including contact numbers, mailing address, email address and other data in this category | Processing is necessary for the performance of the contract which you hold with us | Performance of our contractual obligations towards you in terms of the Service Agreement/Strategy and Management Agreement/Fiduciary Agreement signed between yourself and the Company
​
TAX RESIDENCY DATA including country of tax residence, tax identification number, US tax status and other data in this category | Processing is necessary for compliance with a legal obligation to which we are subject | Complying with our legal obligations under current local and international tax laws including the Common Reporting Standards and the Foreign Account Tax Compliance Act in relation to the exchange and automatic forwarding of tax-related information
​
FINANCIAL DATA including source of wealth and source of funds details and documents, origin, amount and currency of assets, employment/occupation data, CVs and business/professional experience details, annual income, total net worth and net worth details including relevant events and geographical spheres, transaction parties, agreements, account/business activity and other data in this category | Processing is necessary for compliance with a legal obligation to which we are subject | Complying with our legal obligations under current Anti-Money Laundering Laws and Regulations
​
PERSONAL BACKGROUND INFORMATION including a confirmation whether you are or have been politically exposed and other data in this category | Processing is necessary for compliance with a legal obligation to which we are subject | Complying with our legal obligations under current Anti-Money Laundering Laws and Regulations, the Company Service Providers Act
​
CRIMINAL OFFENCE DATA including a confirmation whether you have been convicted of an offence, adjudged bankrupt, or the subject of any investigation and other data in this category | Processing is necessary for compliance with a legal obligation to which we are subject | Complying with our legal obligations under current Anti-Money Laundering Laws and Regulations, the Rules for Company Service Providers and the Rules for Trustees and Other Fiduciaries
In certain instances, and where required by our legal obligations under Anti-Money Laundering Laws and Regulations in order to establish/maintain our client relationship, you may be requested to provide us with documentation which contain and verify the above personal data.
​
Kindly note that for such processing we are not required to obtain your consent as the basis for processing.
​
-
How will we use this data?
We will not collect personal data about you which we do not need in accordance with the above bases for processing, other than data collected on the basis of your consent.
We will process your data in order to establish a business relationship with you (including assessment of whether to establish such business relationship) and to perform the Service Agreement/ Strategy and Management Agreement/Fiduciary Agreement entered into between you and the Company including all related and ancillary matters.
We will further process your data in order to comply with our legal obligations in relation to the prevention of money laundering and financing of terrorism, detecting and preventing crime, and tax evasion, including due diligence, reporting obligations, and the response to queries by authorities.
We will further process your data in order to comply with legal requirements towards and requests by regulatory and tax authorities including the submission of returns and replying to request for information from such authorities.
We will further process your data in order to protect the rights of the Company in case of any legal claims or disputes, including forwarding data to legal advisors and courts, tribunals, mediators, adjudicators and similar bodies/persons.
The above will be done through the following processing operations on your data:
-
Recording
-
Organizing;
-
Structuring;
-
Storing;
-
Adapting or altering;
-
Retrieving;
-
Consulting;
-
Use;
-
Disclosing, disseminating or otherwise making available;
-
Aligning or combining;
-
Restricting;
-
Erasing;
-
Destructing.
The processing operations will be carried out by our staff internally, unless expressed otherwise in this Privacy Policy (refer to Section: Who might we share your data with?).
Your personal data will be checked against Google Checks and portals/databases of Politically Exposed Persons (PEP) and heightened risk individuals in order to help us to comply with our obligations under current Anti-Money Laundering Laws and Regulations and applicable UN and EU Sanctions. This will require the inputting of your details into such portal/database.
Your personal data will be processed automatically with the aim of evaluating certain personal aspects (profiling). We use profiling for the purposes of complying with our anti-money laundering and funding of terrorism obligations. As a rule, we do not make decisions based solely on automated processing as defined in Article 22 of the GDPR to establish and implement the business relationship. If we use these procedures in individual cases, we will inform you of this separately, provided this is allowed by law.
-
Who do we share your data with?
We will never sell your personal data to third parties. We will not share your data with third parties for marketing purposes.
We shall disclose your personal data to third parties where lawful to do so including where we:
-
Need to in order to comply with our contractual obligations towards you or with our legal obligations;
-
Need to in order to obtain services from such third parties in order to comply with our contractual obligations towards you or with our legal obligations;
-
Have a legal duty to do so, e.g. to assist with detecting and preventing fraud, tax evasion and financial crime;
-
Need to in connection with regulatory reporting, litigation or asserting and defending our legal rights and interests;
-
Have a legitimate business interest for doing to manage risk;
-
Need to in order to verify your identity in line with our anti-money laundering and funding of terrorism obligations;
-
Have been instructed to do so by you.
We shall share your information for these purposes with others including:
-
Accountants and auditors for accounting purposes;
-
Outsourced compliance officers, compliance consultants and advisors;
-
Notaries, lawyers and other such professionals;
-
Law enforcement, government, courts, dispute resolution bodies, regulators, and any party appointed or requested by regulators to carry out investigations or audits of our activities;
-
Anyone who provides instructions on your behalf e.g. attorneys appointed by you through a power of attorney, lawyers, intermediaries etc.;
-
Investment advisors and managers where you have approved such relationship;
-
Banks and financial institutions where you have approved such relationship;
-
Government authorities and/or agencies as required by such authorities/agencies in accordance with law;
-
Anyone we have been instructed to share your information with by you.
We shall obtain guarantees from such third parties to ensure that they process your data in line with the GDPR. The Company engages the following third parties as processors of your data on its behalf:
-
eMerge to provide it with a Customer Relationship Management platform for internal organization and compliance with anti-money laundering and financing of terrorism obligations;
Where third parties are acting as processors of your data on our behalf, we shall enter into contractual arrangements with such third parties which will require them to process your personal data in accordance with the GDPR, to keep your information secure, and not to use it for their own purposes.
We shall only disclose the personal data that is necessary for such third parties to deliver the required service.
We shall also disclose your personal data as required by law to regulatory and enforcement authorities such as tax authorities, courts, magistrates, boards, tribunals and other persons or authorities responsible for the combatting and prevention of crime, tax evasion, and anti-money laundering and funding of terrorism including through the submission of reports where required and/or permitted by law.
We shall also disclose your personal data to registers such as the Registry of Companies and the Beneficial Ownership Register for operational and compliance reasons.
We shall also disclose your personal data to local and international banks for the purposes of processing account opening applications and satisfying their anti-money laundering and funding of terrorism requirements. We shall also disclose your personal data to banks and payment services providers for the fulfilment of a transaction ordered or authorized by you or required as part of the Service Agreement/Strategy and Management Agreement/Fiduciary Agreement.
We shall also disclose your personal data in accordance with and to the extent allowed by the Professional Secrecy Act and Article 257 of the Criminal Code.
We are not required to obtain your consent for such disclosures highlighted in this section.
​
-
Where will your data be stored?
Your data will be stored on our physical files located at our premises and on our online servers. We have implemented measures of technology and operational security in order to protect your soft and hard copy personal data from loss, misuse or unauthorized alteration or destruction.
Your hard copy data is hosted on servers within the European Union.
-
Where will your data be transferred to?
We will not generally transfer your personal data outside the EU.
As an exception to the above, we may transfer your personal data to banks located outside of the EU, upon your instructions or as necessary for the performance of the Letter of Engagement between you and the Company.
We shall only transfer your personal data to banks located in third countries or international organizations in relation to which the European Commission has issued an adequacy decision, that is, a decision that such third country or organization ensures an adequate level of data protection.
-
How long shall we keep your data for?
We will hold your personal data for as long as is necessary:
-
To fulfill our contractual obligations towards you;
-
To comply with our legal obligations;
-
For our legitimate purposes including the establishment, exercise, or defence of legal claims, disputes, judicial investigations, tax and other investigations, to help us respond to complaints and requests from regulators.
The following personal data shall be retained in accordance with the below:
​
-
Accounting records | 10 years | As required by Company law
-
Tax records | 6 years | As required by income tax law
-
Records of income and expenditure | 9 years |As required by income tax law
-
Documents chargeable with duty | 4 years |As required by duty on documents law
-
Customer due diligence and transactions | 5 years, extended to 10 upon authorities’ request |As required by anti-money laundering law
-
Data which identifies ownership and beneficial ownership of entities | 5 years | As required by tax cooperation law
-
Books of accounts | 5 years | As required by tax cooperation law
-
Personal data which it needs to maintain for the establishment, exercise of defence of legal claims, disputes and judicial investigations including any agreements signed between you and the Company | 5 years | Legitimate interest of the Company to defend itself of legal claims, disputes and judicial investigations
​
We will review your personal data annually to establish whether we are still entitled to process it. If we decide that we are not entitled to do so, we will stop processing your personal data except for the retention of your personal data in an archived form in order to be able to comply with future legal obligations as identified above. We will securely and permanently destroy your personal data once we are no longer obliged to retain it to comply with our legal obligations identified above.
-
What are your rights?
Right to Transparent Information - you have the right to be informed in a clear manner on any personal data pertaining to you that may be processed by us. Such information is being provided to you in this Privacy Policy.
Right of Access to Information – you have the right to request confirmation from us whether personal data relating to you is being processed and if so to access such personal data.
Right to Rectification – you have the right to request from us the rectification, without delay, of any inaccurate personal data pertaining to you.
Right to Be Forgotten – you have the right to request from us the erasure of all personal data pertaining to you without delay, where the data has been processed with your consent as the basis for processing and/or where the processing is no longer lawful.
Right to Restrict Processing – you have the right to request from us the restriction of processing if: processing is unlawful; you are contesting the accuracy of data; the data is no longer required by the controller but you require us to keep it in order to establish, exercise, or defend a legal claim; or if you have previously objected to the processing. Once data is restricted, we cannot process it in any way other than to store it unless: we have your consent; or if it is required for the establishment, exercise, or defence of legal claims; or if it is for the protection of the rights of other persons; or if it is for reasons of important public interest.
Right to Data Portability – you have the right to receive from us personal data which you have provided to us and to transmit that data to another controller without hindrance from us. This right applies where the data is being processed with your consent, or for the performance of a contract, and when processing is carried out by automated means.
Right to Object – you have the right to object at any time to the processing of personal data pertaining to you where the processing is based: on our legitimate interest; or the performance of a task in the public interest/exercise of official authority; or on direct marketing (including profiling); or on processing for purposes of scientific/historical research and statistics.
You also have the right to object to profiling based on our legitimate interests or on the performance of a task in the public interest/exercise of official authority.
You also have the right to object to automated decision making, including profiling, and therefore to not be subject to a decision which is based solely on automated processing, including profiling, which produces legal effects or significantly affects you.
Any requests or objections are to be made in writing by mail or email to our Data Protection Representative. In case of email, the Company shall contact you in order to verify the authenticity of the request.
-
Are you obliged to provide us with your personal data?
Since we require your data for the purposes of accepting and carrying out a business relationship and fulfilling our contractual and legal obligations, should you choose not to provide us with such data, we might not be in a position to enter into a business relationship with you and fulfil the Services Agreement/ Strategy and Management Agreement/Fiduciary Agreement signed between us and our obligations thereunder. Anti-money laundering obligations require us to verify your identity before entering into the business relationship, for example, by means of your identity card and to record your personal details. In order for us to be able to comply with this statutory obligation, we will ask you to provide us with the necessary information and documents and notify us without undue delay of any changes that may arise during the course of the business relationship. Should you choose not to provide us with such data, we might not be in a position to enter into or continue our business relationship and fulfil the Services Agreement/ Strategy and Management Agreement/Fiduciary Agreement signed between us and our obligations thereunder.
Reference is made to the Service Agreement whereby you have undertaken to provide us with certain personal data, including documentation, and to inform us of any changes to such data. In these circumstances, the provision of personal data is a contractual requirement.
You are never obliged to provide us with any data which we request on the basis of your consent.
-
How can you voice your complaints
If you are unhappy with the way in which we have processed your personal data, you may contact us on the contact details provided above.
You also have the right to lodge a complaint with the Office of the Information and Data Protection Commissioner, or other supervisory authority of your habitual residence, place of work or place of alleged infringement, and the right to seek an effective judicial remedy before the courts.
-
Processing of data through consent
The processing of data highlighted above does not require your consent as it relies on another legal basis.
We may however also request to process personal data on the basis of your consent. You are not obliged to give us your consent. Once you have granted us consent to the processing of personal data for identified specific purposes, the processing becomes lawful on the basis of such consent. You can withdraw your consent at any time. If you would like to withdraw consent, please contact our Data Protection Representative on the contact details provided above. Please note that withdrawal of consent does not affect the legality of data processed prior to withdrawal.
At the time of your withdrawal of consent, we may determine that there is another legal ground allowing us to process your data and we shall inform you accordingly.
-
Keeping your data updated
We have an obligation to keep your data updated, and for this reason you may be asked about changes to your personal data at various intervals. You are entitled to ask us to modify your personal data if you ascertain that the personal data which we hold is not accurate or updated.