GVZH Advocates – Privacy and Cookie Policy

Last updated: January 2022


The EU General Data Protection Regulation (“GDPR”), which came into force on 25 May 2018, provides new rights to individuals and requires organisations to provide information about their processing in a clear and transparent way. We have published Privacy Policy to take into account new requirements and to explain how GVZH Advocates (“GVZH”, “we” or “us”) collects, stores and uses personal data we obtain through this website.

Any personal data provided by you voluntarily through our website <https://www.gvzh.mt/>  or through your communications via email with us will be processed in accordance with the Data Protection Act (Chapter 586 of the Laws of Malta), the GDPR and any other relevant data protection legislation, as may be amended from time to time.


  • ‘Personal Data’ is a reference to any information relating to an identified or identifiable natural person. This includes any identifiable material relating to their physical, physiological, mental, economic, cultural or social identity and includes but are not limited to physical files, identification numbers, location data and images or records of individuals.
  • ‘Processing’ is used to refer to any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • ‘Controller’ refers to the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • ‘Processor’ refers to a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • ‘Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
  • ‘Personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed; and

Data Controller

GVZH Advocates is a civil partnership established in terms of Maltese law.

For the purposes of the GDPR, GVZH Advocates is the Data Controller. If you have any questions about how we process your personal data, please email our data protection representative at dpo@gvzh.mt Our postal address is: 192, Old Bakery Street Valletta, VLT 1455.

Information We Collect

The data that we may collect about you usually includes:

  • Your name and surname
  • Your email address
  • Your IP address
  • Any personal data that you may provide to us through our website
  • Any personal data that you may provide to us through your communication with us (through meetings, calls and emails)

Basis of Processing

We will process personal data on the basis of:

  • Our legal obligations (for example, to comply with fraud and money laundering regulations);
  • Necessity in order to take steps at the request of prospective clients prior to entering into a contract (for example to provide you with a quote and in order to undertake the necessary due diligence in certain instances);
  • Necessity for the performance of a contract which we have agreed to enter into at your request (for example to provide you with legal services in our capacity as legal professionals/consultants);
  • Our legitimate interests (for example, to ensure we are providing you with the best possible legal service, to manage our customer database efficiently and for debt collection).

Sharing your Information

We will not share any of your personal data with third parties without your permission, except where this is strictly required for us to provide you with a service you have engaged us to provide or where we are obliged to do so in terms of our legal or regulatory obligations.

We may share your personal data with the following categories of entities as necessary:

  • Internal staff and associated companies such as GVZH Trustees or GVZH Services;
  • Hosting and website maintenance (kindly refer to our Cookie Policy section below); and
  • Upon your request to do so, we may divulge your information to other third parties and Authorities in Malta.

If we ever have to share your personal data with an entity outside the EU, we will do so in accordance with the requirements of the GDPR and any other applicable law.

Data Security

We take the security of your personal data very seriously and have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed, so as to safeguard its integrity and confidentiality.

The security measures we have implemented to ensure safe transmission and storage of personal data include:

  • Use of secure servers;
  • Use of firewalls;
  • Use of encryption;
  • Physical access controls at data centres;
  • Information access controls;
  • Use of back-up systems;

We also regularly review and, where practicable, improve upon these security measures.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

While we do our utmost to safeguard your personal data, no data transmission over the internet can be totally secure and therefore we cannot guarantee or warrant that no unauthorised access will occur.

Your Rights

Right of Access

You have the right to access all the personal data held and processed by the Company. To exercise this right, you can contact us at the email or postal address at the top of this page.

In order to process this request, we will require proof of your identity. We will do our best to process the request as soon as possible, and in no event not longer than sixty days from hearing from you.

Right to Rectification

You have the right to request modification of all the personal data held and processed by the Company. If you think we may hold details about you that are inaccurate or out of date, please contact us at the email or postal address at the top of this page.

Right to Erasure (‘right to be forgotten’)

You have the right to request that we delete the personal data held and processed by the Company by contacting us at the email or postal address at the top of this page.

This right is not absolute, and we may be justified in keeping certain personal data, for instance when we are legally obliged to do so or if such data may be necessary for us to defend a legal claim.

Right to Object

You have the right to object to the processing of your personal data, including where such processing takes place for the Company’s legitimate interests, and you may request to withdraw from all future activities and the removal of all personal data held and processed by us by contacting us at the email or postal address at the top of this page.

Right to Data Portability

You have the right to move, copy or transfer your personal data from one organisation to another, and you have the right to request from us a copy of your personal data in a structured, commonly used and machine-readable format, which we may provide to you or another organisation at your request. If you would like us to assist you with this please contact us at the email or postal address at the top of this page.

Right to Lodge a Complaint

All Data Protection enquiries/complaints should be sent to dpo@gvzh.mt

You also have the right to lodge a complaint with the Information and Data Protection Commissioner in Malta as the data protection supervisory authority:

Information and Data Protection Commissioner

Level 2, Airways House
High Street
Sliema SLM 1549
Tel: (+356) 2328 7100
Email: idpc.info@idpc.org.mt

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.


We will not store personal data for longer than is necessary keeping in mind the purpose/s (or compatible purposes) for which we first collected that data. We may also need to keep some of your personal data where we are obliged to do so in terms of legal, regulatory, tax or accounting requirements, or in order to protect ourselves against legal claims usually for a specified amount of time as set out in the relevant law.

As a general rule we will retain your personal data as long as you remain a client of ours, or until you ask us to stop communicating with you, unless we have a valid reason to keep the information for a longer time.

For more information about our retention policy, please contact us at the postal or email addresses at the top of this page.

Links to Third Party Websites

We may post links to other web sites which are operated by companies that are outside of our control, and your activities at those sites will be governed by the policies, practices and laws of those third party operators. We encourage you to review the privacy practices of these third parties as we are not responsible for the privacy practices of those sites.

Changes to this Privacy Policy

We may update this Policy from time to time and we will replace this policy with an updated version. It is your responsibility to access the ‘Privacy Policy’ page frequently so that you will be aware of any changes that may be implemented by us from time to time.

Law and Jurisdiction

This Policy shall be governed by Maltese Law. Any dispute arising from, or related to, such Policy shall be subject to the exclusive jurisdiction of the courts of Malta.


As is common practice with almost all professional websites this site uses cookies, which are tiny files that are downloaded to your computer, to improve your experience. This page describes what information they gather, how we use it and why we sometimes need to store these cookies. We will also share how you can prevent these cookies from being stored however this may downgrade or ‘break’ certain elements of the sites functionality.

You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of this site. Therefore, it is recommended that you do not disable cookies.

You can find more information about the individual cookies we use and the purposes for which we use them below:

Cookie TitlePurposeMore Information
Google AnalyticsThese cookies help us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.https://analytics.google.com 
Hotjar Cookies (_hjid)This cookie is set when a user first lands on the page with the Hotjar script. It is used to persist the Hotjar User ID which is unique to that site on the browser and ensure that behaviours in subsequent visits to the same site will be attributed to the same user ID.https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookies
Hotjar Cookies (_hjIncludedInSample)This session cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate funnels.https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookies

Version 2022.01