This Privacy Policy describes practices of CCConsulting Ltd for collecting, using, maintaining, protecting and disclosinginformation in relation to visitors
This Privacy Policy describes practices of CCConsulting Ltd for collecting, using, maintaining, protecting and disclosinginformation in relation to visitors. This Policy has been drafted in line with Article 12 of the General Data Protection Regulation which states that thecontroller shall take appropriate measures to provide information wherepersonal data is to be collected1 andwhere personal data have been obtained but not from the data subject2.
CC Consulting Ltd (hereinafter referred to as “We” or “Us”) is the Maltese member firm of Andersen Global aSwiss verein comprised of legally separate, independent member firms locatedthroughout the world providing services under their own name or the brand"Andersen,” "Andersen Tax," or "Andersen Tax &Legal," or "Andersen Legal."
In terms of potential handling of data, ourwebsite includes the functionality of contacting Us to ask a question, inquireabout our services, make a complaint, or leave any feedback. We currently operate primarily from 120, St Ursula Street, Valletta, Malta, Europe. Personshaving interest in obtaining more information on our practices or otherwise cansend an email on datacontrol@ccmalta.com. We respect the privacy of individuals, and we are committed to protect the information of visitors.
This Policy applies mutatis mutandis to data collected from:
· Our website (hereinafter referred to as the “Website”)
· People who request to Receive Updates andInformation from Us
· People who send us a Request for Information
· People who use our Services
· Collaborators and Suppliers
Visitors and users of the Website, and any person falling in any of the categories mentioned above hereinafter shall be referred to as “You”.
In accordance with the General Data ProtectionRegulation 2016/679 (hereinafter referred to as “GDPR”), personal data is any information which is related to an identified or identifiable natural person, whether directly or indirectly, in particular by reference to an identifier such as a name and any location information, and to an online identifier, such as for instance, name, an identification number, and e-mailaddress (hereinafter referred to as “Personal Data”).
We collect the following Personal Data:
Personal Data that You might provide to Us when You:
· contact Us to ask a question or inquire aboutour services,
· send Us a request for information,
· are services by Us,
· engage Us for any service,
· make a complaint, or leave any feedback,
· agree to become a collaborator or supplier.
Personal Data We collect automatically:
· when making use of the Website
As you navigate through our website we may use cookies, which are small files placed on the hard drive of Your computer or mobile device, and web beacons, to collect information about your equipment, browsing patterns and actions. Data collected from cookies and web beacons might include information on a web browser, details of your visits to theWebsite, including inter alia, traffic data and logs, page views and aninternet protocol address.
Personal Data collected from third-party sources:
In order to provide the optimum service to You, We have contracted with third-party suppliers and service providers. We may obtain Personal Data about You from third parties, including but not limited to:
· Google Analytics: This is a third-party tool by Google Inc that helps gather data. Google Analytics offers an opt-out option (add-on required). This tool allows Us to understand more about our visitor; for example, information such as the website visitor’s location and device used, including information on the visitor’s demographic.
· Google Ads: This third-party tool carries out similar functionalities to Google Analytics however it is limited to the tracking of ads shown to the user.
· Unbounce: This is a third-party tool which gathers IP Addresses of visitors to the Website.
· Hotjar: This third-party tool allows us to gather helpful data such as location dataand information regarding the visitor’s specific attention to on-screen linksand choices.
· Our CRM System: The Request for Proposal system also collects the internet protocoladdress of each visitor to our website who send a Request for Proposal to us.
· Other Service Providers: In order to be ableto fulfil our contractual obligation with You, if any, we may engage third party companies to assist. In order to provide you with the best service possible, we might need to share data with our service providers.
We require that any third parties providing information has obtained such information lawfully and that the third party has obtained the appropriate consent to share the information. We work hard to ensure that data collected from third parties is lawfully obtained, stored and shared, however we are not in a position to ascertain this fully, and therefore, we shall not be deemed responsible for any breach carried out by ourthird parties, whether listed above or otherwise.
In line with the principle of data minimization and data economy, we only collect personal data and process it on the following legal basis:
· To contact You, to respond to your queries, complaints or questions, to troubleshoot and diagnose problems, complaints or questions.
· To operate the Website, ensuring security and integrity, to enforce our agreements and policies.
· To carry out our contractual obligations, if any, with You and provide You with the best service possible.
· For legitimate interest, primarily to protectus from legal action or claims from third parties, including you and/or to protectour legal rights and/or those of our employees, including to ensure aptperformance of the website for the desired end user experience.
We endeavour not to collect additional Personal Data or use the Personal Data we have collected for materially different, unrelated or incompatible purposes without asking for your consent.
We ensure the maximum level of safety and adopt high security measures to prevent unauthorized access, disclosure,modification or unauthorized distribution of data. The data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In some cases, the data may be accessible to certain types of persons in charge, involved with the operation of this Website (such as, but not limited to, administration, marketing, legal and system administration) as data processors by Us.
When processing your Personal Data, we rely solely on the following legal basis:
Consent – As per Article 6(1) (a) of the GDPR, processing of data is lawful when the data subject gives consent to the processing for a specific purpose. We will process your personal data when you consent. By ticking or choosing the ‘I accept’ or ‘I agree’ options when faced with the choice, You consent for us to process your Personal Data. Such consent can be easily withdrawn at any time.
Necessary – As per Article 6 (1) (b), we shall lawfully process personal data if it is necessary for the performance of a contract to which You are a party, or in order to conclude the required legal and customary steps to enter into a contract with You.
Moreover, We may legally process data if it is necessary for compliance and adherence to legal obligations to which We are subject3 or if required to protect Your vital interest or that of any other natural person4 or it is necessary for the performance of any task carried out in the public interest or in the exercise of an official authority vested to Us5.
Legitimate Interest – As per Article 6(1)(f) of the GDPR, We process certain data in order to improve the Website and to troubleshoot and eliminate certain technical problems and to develop new features.
We do not share your Personal Data with third parties for their marketing purposes. However, we might share anonymous or hashed data with third parties for our own marketing purposes. In line with the consent which you have provided we might share data in the following ways:
Our service providers – We may share your Personal Data with our service providers, such as inter alia, data storage company and other third parties who might be from time to time engaged to perform specific tasks for Us.
CC Consulting Ltd – Employees and owners of the Website may have access to your data should this be required. Moreover, owners might share your data during business enlargement, consolidation or bankruptcy. Your Personal Data, therefore, is accessible to all group entities and processed by any one or more of such group entities, albeit depending on (i) the services requested by you, and (ii) the extent to which we have a legal basis to process your Personal Data, in line with the GDPR. Financial-related Personal Data which relates to You is controlled by the group entity CC Consulting Ltd, a company duly incorporated under the laws of Malta, bearing registration number C 47375. All the entities of the Chetcuti Cauchi group follow and adhere to appropriate technical and organisational measures, in line with EU Data Protection law, for the processing of Personal Data.
Collaborators and suppliers – We may share your Personal Data with collaborators and suppliers who share our standards and commit to our level of privacy policies and practices where this would be necessary for the performance of an agreement entered into between You and Us, or any pertinent group entity thereof, which involves an area of specialisation which the pertinent collaborator or supplier is geared to service and which area. We would not necessarily match with the collaborator or supplier in terms of complete fulfilment of the performance duly necessary for such agreement. The sharing therefore of your Personal Data in such a circumstance would be necessary for the performance of such an agreement between You and Us, in terms of Article 6(1)(b) of the GDPR, as explained above.
Legal Requirements – We might be asked by law enforcement agencies to disclose your Personal Data for the establishing of any legal or litigious right by the competent authorities, in cases of evident prima facie mala fides from Your end.
Your request – As per the GDPR – in the event that You decide to access Your right to data portability as per below, we have no option but to transfer Your Personal Data accordingly.
We maintain sophisticated and top of the line data protection practices when it comes to securing Your Personal Data, in order to protect it. We use commercially available physical and technical safeguards which have been designed to secure Your Personal Data from loss, or unauthorized access or use. Additionally, we do not share Personal Data which We collect unless in line with this Policy. We have adopted a ‘need-to-know’ policy, and therefore Personal Data is only disclosed to only employees who strictly need to know Your Personal Data in order to provide You services.
This notwithstanding, We are aware that despite we take all the measures which are feasibly available to Us, there might be rare instances of data loss or damage due to accidents which are beyond our control. No method of transmitting data over the internet can be classified as without risk.
Any transmission of Personal Data is done at Your own risk and We cannot guarantee that such Personal Data may not be accessed, disclosed or altered by unauthorized persons.
Additionally, We herein outline programmes and systems We use in our collection, processing and storing of data:
• We use an online portal managed and operated by Us online to store and process information, data and details;
• We use reCAPTCHA to detect any improperly use of Our websites by automated mechanical processing. Certain personal data, which is necessary in relation to such processing, such as an IP address, is thus transmitted to “Google”. This is primarily done in order to comply with the necessary appropriate technical and organisation safeguards required to be implemented in terms of the GDPR;
• When someone visits our website/s and consents for the collection and processing of analytical and/or other non-necessary data, a third party service, Google Analytics, is utilised to collect data such as standard internet log information and details of visitor behaviour patterns. This information is processed in such a manner that it does not identify the user or render them identifiable. Such information is only collected as per our Cookie Policy;
• We use third party Human Resources systems for the collection, processing and storing of information on prospective employees and employees. All third party systems We use are GDPR compliant. Any such collection, processing or storing of information would therefore be undertaken depending on the extent of legal basis existent for such prospective employee or employee.
In light of the GDPR provisions6, We keep Personal Data as long as necessaryin order to keep up with our legal obligations. Therefore, unless youexplicitly request to have Your Personal Data deleted as per the below, We willretain your Personal Data in our secure database for as long as is needed torectify any concern or query for which the data was relayed to us.
Notwithstanding the previous provision,Personal Data collected might be kept for an additional period as may berequired for legal or tax reasons, or for legitimate and lawful businesspurposes.
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
The Right to Access Your Persona Data7 - You have the right to request for copies of Personal Data which has been collected concerning Yourself. You can access this right at reasonable intervals. This right should not adversely affect the rights or freedoms or others, including intellectual property rights, trade secrets or software copyright held by Us.
The Right to Rectification8 - You have the right to request that without unjust delay We correct any information You relayed to Us, which You believe is inaccurate. You also have the right to request to complete information which You have relayed to us which You believe is incomplete, by providing a supplementary statement.
The Right to Erasure9 - You have the right to request the erasure of Your Personal Data without undue delay and We shall erase such Personal Data as considerably soon as possible when one of the following grounds apply:
• The Personal Data is no longer necessary in relation to the purpose for which it was collected or processed
• You withdraw consent on which processing is based or there is no longer a legal ground for the processing;
• You object to the processing pursuant to Article 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing; or
• The processing was unlawful.
The above right shall not apply to the extent that processing is necessary for the establishment, exercise or defence of legal claims.
The Right to lodge a complaint with a supervisory authority – You have the right to lodge a complaint with the pertinent supervisory authority where You consider that the processing of Your Personal Data infringes any point contained in this Privacy Policy or any provision in the GDPR. In terms of Article 12(4) GDPR, further to a notification from Us, that We will not be taking action as per the request made by Yourself pursuant to one of the rights contained herein or to any other right which may be invoked by Yourself under the GDPR, You have the right to lodge a complaint with a supervisory authority for the possibility of seeking a judicial remedy thereto on the basis of such decision.
The Right to Restrict Processing10 - You have the right to request that We restrict the processing of Your personal data, under certain conditions:
• The accuracy of the Personal Data is contested by Yourself, for a period, to enable us to verify the accuracy of such Personal Data.
• The processing is unlawful and You oppose to the erasure of the Personal Data and restrict use instead.
• We no longer need to process Your Personal Data, but such Personal Data is required by Yourself for the establishment, exercise or defence of legal claims.
• You have objected to the processing in line with Article 21(1) of the GDPR, pending verification whether our legitimate grounds override those of the data subject.
When Personal Data is restricted in line with the above, such data may only be processed with Your consent.
The Right to withdrawal – You have the right to withdraw the consent You gave Us to process your Personal Data for the purposes herein mentioned, if either point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR have been utilized as a lawful basis to process the Personal Data.
Exception to Abovementioned Rights
In line with Article 12(2) of the GDPR, the effective exercise of Your rights under Articles 15 to 22 of the GDPR inter alia, may be refused to be effected, if We deem that We are unable to identify the data subject concerned.
Chetcuti Cauchi takes well into consideration the necessary cross-border nature of data utilisation across computer systems and the world wide web.
Intra-Group Transfers of Data Within the EU/EEA
The free exchange of personal data between Member States is a fundamental aspect of the EU’s basic principles. This principle is also reflected in the GDPR, which excludes the restriction or prohibition of the free movement of personal data within the EU or EEA.
The GDPR therefore allows for the transfer between EU/EEA companies subject to the existence and/or fulfilment of a legal basis as per section 4 of this privacy policy.
Transfers Outside the EU/EEA
Personal Data we collect from You is collected, stored or processed within the EU/EEA. We may work with providers which are located outside the EU/EEA. However, we endeavour to transfer data to such providers following adoption of the adequate safeguards. Such appropriate safeguards include contractual arrangements, particularly standard contractual clauses approved by the European Commission.
The Website does not use any Personal Data provided by Yourself for the purpose of automated decision-making, including profiling, which has a legal or similarly significant effect.
We keep this Privacy Policy under regular review and place any updates on this web page. This Privacy Policy was last updated on24th October 2024.
If you have any comments, concerns or questions about this Privacy Policy or our privacy practice, please send an email to datacontrol@ccmalta.com.
1 Article 13, General Data ProtectionRegulation.
2 Article 14, General Data ProtectionRegulation.
3 Article 6 (c), General Data ProtectionRegulation.
4 Article 6 (d), General Data ProtectionRegulation.
5 Article 6 (e), General Data ProtectionRegulation.
6 Article 5 (e), General Data ProtectionRegulation.
7 Recital 63 & Article 15, GeneralData Protection Regulation.
8 Article 16, General Data ProtectionRegulation.
9 Article 17, General Data ProtectionRegulation.
10 Article 18, General Data ProtectionRegulation.