GVZH Advocates – Privacy and Cookie Policy

Last updated: September 2024

About us

Introduction

This privacy and cookie notice (‘the Privacy Notice’) sets out the ways in which GVZH Advocates (a civil partnership established in terms of Maltese law registered in Malta, Europe) (hereafter ‘GVZH’ or ‘We’ or ‘Us’) through your use of this website, collects and may use your personal data. GVZH is the controller and responsible for your personal data.

Our Contact Details

You can contact us by post, using the postal address below:

192, Old Bakery Street, Valletta, VLT 1455.

or by email, on dataprotection@gvzh.mt

About your data

Data We Process

GVZH processes personal data in accordance with Regulation (EU) 2016/679 General Data Protection Regulation (GDPR), the Maltese Data Protection Act (Chapter 586 of the Laws of Malta) and any other relevant data protection and privacy legislation which is applicable (the “Data Protection Laws”). The terms “personal data”, “data subject”, “controller”, “processor” and “process” shall have the same meanings given to them in the Data Protection Laws.

Legal Basis

The law requires Us to have a legal basis for collecting and using Your personal data. We rely on one or more of the following legal bases:

Performance of a contract with you: Where We need to perform the contract We are about to enter into or have entered into with You.
Legitimate interests: We may use Your personal data where it is necessary to conduct Our business and pursue our legitimate interests, for example to prevent fraud and enable Us to give you the best and most secure customer experience. We make sure We consider and balance any potential impact on You and Your rights (both positive and negative) before We process Your personal data for our legitimate interests. We do not use Your personal data for activities where Our interests are overridden by the impact on You (unless we have Your consent or are otherwise required or permitted to by law).
Legal obligation: We may use Your personal data where it is necessary for compliance with a legal obligation that We are subject to. We will identify the relevant legal obligation when We rely on this legal basis.
Consent: We rely on consent only where we have obtained Your active agreement to use your personal data for a specified purpose, for example if You subscribe to an email newsletter.

The personal data we collect/process in Your regard may be any of the following:

DATA CATEGORY	TYPE OF DATA	WHAT IT’S USED FOR	OUR LEGAL BASIS
Registration Data Data submitted upon registration to the website www.gvzh.mt (‘the Website’) or data submitted upon filling out any registration forms related to conferences, seminars and networking events.	Name and Surname, Username, Address, City, Post Code, Country, Email Address, Telephone Number, Identity Card Details, Passport Number. .	For identification purposes, to secure registration on the Website to safely provide the goods and services requested, for communication purposes, to process transactions or other Website features.	Performance of contract / legitimate interest
Tracking Data Data about Your use of the Website	IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, website navigation paths, and information about the timing, frequency and pattern of Your use.	For functionality, for security purposes, to analyze the use of the Website and to personalize, improve and optimize content available to You on the Website.	Legitimate interest We continually strive to improve our Website offerings and our services based on the manner in which the Website is used.Information about how the Website is used helps Us to better respond to individual needs and preferences.
Communications Data Data provided to Us when You complete a ‘‘Get in touch’ Form or otherwise communicate with Us in relation to our products and services.	Name and surname, email address, IP address, Phone number and other information You may enter into the form or otherwise provide. It also includes your browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access this website.	To reply to Your queries, to improve our products and services.	Legitimate interest Your information helps Us to more effectively respond to Your customer service requests and support needs.Your feedback about Our products and services helps Us to better respond to individual needs and preferences.We continually strive to improve Our Website offerings based on the feedback we receive from Our customers.
Subscription Data Information that You provide to us for the purpose of subscribing to our newsletter.	Name and surname, email address, IP address. It also includes Your preferences in receiving marketing material from Us and Your communication preferences.	To send You information about our products, services, offers, discounts and news.	Consent NOTE that you have the right to withdraw Your consent, at any time by clicking on the ‘unsubscribe’ link found in any marketing communications. You may also send an email to dataprotection@gvzh.mt.
End User Data Information that You have made available on social media websites.	Publicly available information from social media websites You have indicated. You can control how much of your information is available on third party social media websites.[JM1]	To personalize, improve and optimize content available to You on the Website.	Consent *NOTE that You can control how much of your information social media websites make public by visiting these websites and changing Your privacy settings.*
Onboarding Information from You during an onboarding process.	When You show interest in becoming a GVZH customer, we may request information in order to carry out our onboarding process, such as Name and Surname, Username, Address, City, Post Code, Country, Email Address, Telephone Number, Identity Card Details, Passport Number, source of wealth or similar details in relation to Yourself if You engage us in a personal capacity, or in relation to specific persons if You engage us on behalf of an entity (e.g. beneficial owners, directors, other officers).	To assess a potential customer’s suitability and integrity and to register You as a new customer.	Performance of contract / legitimate interest
Other Information from Third Parties Other information received from the third parties during an onboarding process.	When You show interest in becoming a GVZH customer, we may send and receive personal data related to you from a third party that provides automated Know- Your-Customer, fraud and anti-money laundering detection services.	For security and to asses a potential customer’s credit rating and integrity.	Legitimate Interest
Engagement Information Information relating to the matter for which You have engaged us as detailed in the Letter of Engagement.	All necessary details and ongoing information to provide You with the requested legal advice and/or services.	To provide the legal advice requested.	Performance of contract / legitimate interest
Financial Information Information which allows us to invoice You for our legal services subject to a Letter of Engagement.	All necessary invoicing details and VAT number as applicable. It may also include bank accounts and payment card details.	To send our invoice for the legal advice requested; to manage payments, fees and charges; to collect and recover money owed to US; and to issue the relevant receipt of payment.	Performance of contract/ Legitimate interest

We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals’ usage data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our website to help improve the website and our service offering.

Cookies & Other Tracking Mechanisms

A cookie is a small file of letters and numbers that are stored on your browser or the hard drive of your computer and contain information that is transferred to your computer’s hard drive. We use cookies on the Website to improve its functionality, and to allow Us to better the site. When You continue to browse the Website, You are agreeing to our use of cookies.

Please note that You can block cookies at any time by activating the setting on Your browser that allows You to refuse the setting of all or some cookies. Keep in mind, however, that blocking all cookies, or even some of them, will have a negative impact on the usability and possibly the rendering of many websites, including ours. If You block cookies You will not be able to use all the features on the Website and might not be able to view it correctly or in the way it was originally intended to be displayed. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them visit: www.allaboutcookies.org.

We use cookies as follows:

NAME	FUNCTION	INFORMATION COLLECTED
Google Analytics	We use this cookie to be able to optimize our website designs, gain insight on popular features, identify usage trends, track the delivery of our promotional content and, more generally, to know our market better. Google Privacy Policy: https://policies.google.com/privacy?hl=en	Geographic location, Product Interest, Gender, Age, Browser, Operating System, Website usage, Website spend
Facebook Pixel	We use this cookie to be able to optimize our website designs, gain insight on popular features, identify usage trends, track the delivery of our promotional content and, more generally, to know our market better, retarget adverts to you, track sales. Facebook Privacy Policy: https://www.facebook.com/policy.php	Geographic location, Product Interest, Gender, Age, Browser, Operating System, Website usage, Website spend
Google Tag Manager	We use this cookie to be able to optimize our website designs, gain insight on popular features, identify usage trends, track the delivery of our promotional content and, more generally, to know our market better. Google Privacy Policy: https://policies.google.com/privacy?hl=en	Geographic location, Product Interest, Gender, Age, Browser, Operating System, Website usage, Website spend
Google Ads	We use this cookie to be able to advertise to you, track our advertising, track return on ad spend, advertising effectiveness. Google Privacy Policy: https://policies.google.com/privacy?hl=en	Geographic location, Product Interest, Gender, Age, Browser, Operating System, Website usage, Website spend
MailChimp	We use this cookie to be able to track newsletter effectiveness, gain insight on email mailshot effectiveness, identify usage trends, track the delivery of our promotional content and, more generally, to know our market better, send abandoned cart emails, send you emails customized to your preferred products. Mailchimp Privacy Policy: https://mailchimp.com/legal/privacy/	Geographic location, Product Interest, Gender, Age, Browser, Operating System, Website usage, Website spend
Cookiebot/Usercentrics	Cookiebot is used on our website to ensure compliance with data privacy laws by managing user consent for cookies. It provides transparency by giving users control over the cookies used, helping to protect their privacy while improving their browsing experience.	Geographic location, Product Interest, Gender, Age, Browser, Operating System, Website usage, Website spend

Security of Data

We implement a variety of security measures to maintain the safety of Your personal information when You place an order or enter, submit, or access Your personal information. We offer the use of a secure server. The security measures We have implemented to ensure safe transmission and storage of personal data include:

Use of secure servers;
Use of firewalls;
Use of encryption;
Physical access controls at data centres;
Information access controls;
Use of back-up systems;

All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into Our payment gateway provider’s database only to be accessible by those authorized with special access rights to such systems, and required to keep the information confidential. After a transaction, Your private information (credit cards, social security numbers, financials, etc.) is never kept on file.

We also regularly review and, where practicable, improve upon these security measures. We have put in place procedures to deal with any suspected personal data breach and will notify You and any applicable regulator of a breach where We are legally required to do so.

While We do our utmost to safeguard your personal data, no data transmission over the internet can be totally secure and therefore We cannot guarantee or warrant that no unauthorised access will occur. We cannot, however, ensure or warrant the absolute security of any information You transmit to Us or guarantee that Your information may not be accessed, disclosed, altered, or destroyed by a breach of any of our physical, technical, or managerial safeguards. We have, however, put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Retention of Data

We retain Your personal data no longer than strictly necessary i) to realize the purpose for which your personal data was originally collected ii) as required by a specific law to which We may be subject and iii) to manage any legal claims in relation to which such data may be required in evidence. To determine the appropriate retention period for personal data, We consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of Your personal data, the purposes for which We process your personal data and whether We can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. Transactional records may be kept for up to 10 years from the performance of a contract for accounting and VAT record purposes. Should You need to know the complete list of the retention periods We adhere to with respect to the indicated categories of personal data, please contact Us on dataprotection@gvzh.mt.

Who has Access to Your Data

GVZH is a Malta-domiciled organisation whose primary offices are in Malta. The Website www.gvzh.mt is hosted in Malta and all data held by GVZH is backed up in the EU.

We may engage trusted third party service providers to perform functions and provide services to Us, such as hosting and maintaining of Our servers and the Website, database storage and management, e-mail management, data storage, marketing, customer service relationship management, online review service provider, email service provider, web developers, affiliates, payment gateway, Search Engine Optimisation agents, product suppliers, delivery and logistics, providers of professional advice (accounting and legal) and software providers. We will likely share Your personal information, and possibly some non-personal information, with these third parties to enable them to perform these services for Us and for You. We may share portions of our log file data, including IP addresses, for analytics purposes with third parties such as web analytics partners, application developers, and ad networks. If Your IP address is shared, it may be used to estimate general location and other technographics such as connection speed, whether You have visited the Website from a shared location, and type of the device used to visit the Website. They may aggregate information about our content and what You see on the Website and then provide auditing, research and reporting for Us and Our advertisers.

We may also disclose personal and non-personal information about you to government or law enforcement officials or private parties as We, in Our sole discretion, believe necessary or appropriate in order to respond to claims, legal process, to protect Our rights and interests or those of a third party, the safety of the public or any person, to prevent or stop any illegal, unethical, or legally actionable activity, or to otherwise comply with applicable court orders, laws, rules and regulations.

We reserve the right to transfer information to a third party in the event of a sale, merger or other transfer of assets of GVZH or any of its corporate, or that portion of GVZH or any of its corporate affiliates, or in the event that We discontinue Our business or file a petition or have filed against us a petition in bankruptcy, reorganization or similar proceeding. We may also share information with our current and future affiliated companies and business partners.

The majority of the service providers who are able to access the Website or any of the personal information collected from or relating thereto are located within the EEA, and where personal data may be shared, we have data processing agreements in place with these parties. If We need to send data outside the EEA, We will ensure that We have appropriate legal and security relationships with these parties and have taken steps to ensure that they are complying with the General Data Protection Regulation, including, as necessary, execution of contracts based on the European Union’s Standard Contractual Clauses for cross-border data transfers.

Automated Decision-Making

Other than ‘profiling’ activities carried out in order to display information, announcements and/or advertisements that will be relevant to You as explained in Paragraph 2.2 above, We do not engage in any automated decision-making.

Personal Data relating to Children

The Website should only be accessible by individuals over the age of 16. It is a parent or legal guardian’s responsibility to ensure that underage persons do not use Our Website.

Third-Party Services

We may display, include or make available third-party content (including data, information, applications and other products services) or provide links to third-party websites or services. This Privacy Notice applies only to the products and services provided by Us directly. Please remember that when you use a link to go from the Website to another website, this Privacy Notice is no longer in effect. Your browsing and interaction on any other website, including those that have a link on Our platform, is subject to that website’s own rules and policies. Such third parties may use their own cookies or other methods to collect information about You.

Controller or Processor

When acting exclusively as a data processor on Your behalf, GVZH shall:

Act only upon Your strict instructions and not process any personal data that may be transferred to Us by You except as may be necessary for the performance of any service or task provided by GVZH to/for You and, in particular, process the said personal data only on documented instructions from You, including with regard to transfers of personal data to a third country or an international organisation, unless required to do so by EU or Maltese law;
Ensure that persons authorised to process the personal data (including but not limited to GVZH employees) have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
Implement appropriate technical and organisational measures to protect any personal data that may be processed Your behalf to ensure a level of security appropriate to the risk relating to its processing of the personal data;
Not engage another data processor without Your specific or general written authorisation. In the case of general written authorisation, GVZH shall inform You of any intended changes concerning the addition or replacement of other processors, thereby giving You the opportunity to object to such changes. Where GVZH engages another processor for carrying out specific processing activities on Your behalf, the same data protection obligations as set out in this clause shall be imposed on that other processor or sub-processor by way of a contract or other legal act under EU or Maltese law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the GDPR. Where that other processor or sub-processor fails to fulfil its data protection obligations, GVZH shall remain fully liable to You for the performance of that other processor or sub-processor’s obligations;
To the extent that this is reasonable, provide You with assistance and cooperation in attending to data requests for exercising the data subject’s rights laid down in Chapter III of the GDPR, taking into account the nature of the processing;
To the extent required by the Data Protection Laws, assist You in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR (security obligations, notification of personal data breach to the supervisory authority obligation, communication of a personal data breach to the data subject obligation, data protection impact assessment obligation and prior consultation with the supervisory authority obligation) taking into account the nature of processing and the information available to GVZH;
Inform You without undue delay, and provide reasonable assistance, as soon as it becomes aware of a personal data breach relating to personal data in GVZH’s possession or control;
At Your reasonable request, delete or return all the personal data to You at the termination of the Engagement, save to the extent GVZH is legally required to retain any personal data in accordance with the Data Protection Laws;
At all times be permitted to store personal data included in routine backups in accordance with Our standard policy;
Make available to You all information necessary to demonstrate compliance with the obligations laid down in this clause and the Data Protection Laws, and allow for and contribute to audits, including inspections, conducted by You or another auditor mandated by You. In this regard, GVZH shall immediately inform You if, in its opinion, an instruction infringes the GDPR or other EU or Maltese data protection provisions; and
Take all such measures necessary to ensure that processing will meet the requirements of the GDPR and ensure the protection of the rights of data subjects.

About Your Rights

At any point in time during Our processing of Your data, You have the following rights. All requests in this regard may be made by sending an email to dataprotection@gvzh.mt. We will also forward Your request to the relevant 3^rd Parties mentioned above as required.

Right of access – You can request a copy of the information that We hold about You.
Right of rectification – You can ask Us to correct data that We hold about You if it is inaccurate or incomplete.
Right to be forgotten – in some situations, You may ask Us to delete certain data We hold about You and We will always comply to the extent allowed or required by any applicable law.
Right to restriction of processing – in some situations, You may ask Us to restrict the processing of Your data.
Right of portability – You may ask Us to transfer certain data We hold about You to another organization.
Right to object – You have the right to object to certain types of processing such as direct marketing.
Right to object to automated processing, including profiling – You also have the right to object to the legal effects of automated processing or profiling.
Right to complain about how your Personal Data is being processed by Us (or third parties), or about how Your complaint has been handled, – You can lodge a complaint directly with the Office of the Information and Data Protection Commissioner (https://idpc.org.mt/) and with Us on dataprotection@gvzh.mt

RIGHT TO WITHDRAW – you have the right to withdraw Your consent, where given, at any time. This applies in particular to receiving marketing communications, where You are able to opt-out of receiving further notifications by clicking on the ‘unsubscribe’ link found in all such communications. You may also send an email to dataprotection@gvzh.mt.

NOTE: YOU SHOULD BE AWARE THAT IT IS NOT TECHNOLOGICALLY POSSIBLE TO REMOVE EACH AND EVERY RECORD OF THE INFORMATION YOU HAVE PROVIDED TO US FROM OUR SYSTEM. THE NEED TO BACK UP OUR SYSTEMS TO PROTECT INFORMATION FROM INADVERTENT LOSS MEANS THAT A COPY OF YOUR INFORMATION MAY EXIST IN A NON-ERASABLE FORM THAT WILL BE DIFFICULT OR IMPOSSIBLE FOR US TO LOCATE. PROMPTLY AFTER RECEIVING YOUR REQUEST, ALL PERSONAL INFORMATION STORED IN DATABASES WE ACTIVELY USE, AND OTHER READILY SEARCHABLE MEDIA WILL BE UPDATED, CORRECTED, CHANGED OR DELETED, AS APPROPRIATE, AS SOON AS AND TO THE EXTENT REASONABLY AND TECHNICALLY PRACTICABLE.

_______________________________________________________________________________

The version of this Privacy & Cookies Policy is currently Version 2.1 and was last updated on 23rd July 2024. It is valid and applies to You until a new version uploaded on the Website and is accepted by You.

Pick an Entity