1. IAL takes Data protection very seriously and works to ensure that personal data is protected. The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR).
What data do we collect and why do we store and process your Personal Data?
2. IAL collects a set of personal information when a data subject becomes a client (either through our physical sales channels or through our Internet channels). This data is stored on our server. This does not include credit card information. When a data subject becomes a client we might require to collect the following: Name & Surname, Address, Telephone and Mobile numbers and email addresses. When using our website we may collect the above personal details as well upon registration.
3. The information collected is needed to help us deliver the level of service that we feel our clients deserve. We use this data to be able to contact our clients and also to offer them new services and offers from time to time. Subscription to these offers and services will require separate consent from our clients. Offers may be sent to data subjects through various channels such as: Email Marketing and printed material by post.
What amounts to Personal Data?
4. The term “personal data” refers to all information through which you can be personally identified, such as you name, surname, address and billing information and includes all information which may arise.
How is personal data collected?
5. Data is collected:
- By our employees through walk-ins at our retail establishment.
- Through our website and social media pages.
- Through emails opened and actioned by our employees.
- Through phone calls and other messaging services.
- Through having our Account Application Form filled in by the data subject who wishes to become a client of IAL.
6. We usually retain the personal data of our clients for the period during which they are considered as clients. As a policy, IAL retains all personal data for 36 months from the date of the last contact with the client.
7. In the case of marketing communications we ask for specific permission from the data subject to retain their email address indefinitely. The data subject is reminded continuously in every mail shot that they may opt out whenever they like.
Who we share your data with
8. IAL will not share your data with third parties. We may share data with our ICT service providers, mailing service providers, accounts, auditors or for logistics purposes. We are assured that these partner companies handle personal data under the strictest controls and in accordance with this policy.
Lawfulness of processing
9. We process your personal data on the following bases:
- Entering into and performing a contract – in particular to provide you with the goods and/or services you have requested from us. The consequence for not doing such processing would be that we would be unable to perform our contract.
- Our legitimate interests in terms of security and safety purposes, safeguarding of our rights through arbitration/legal proceedings and any other legitimate interests which we may have in relation to the goods and/or services provided. When we process your personal data on the basis of legitimate interests, we ensure that the legitimate interests pursued are not overridden by your interests, rights, and freedoms.
- Compliance with legal obligations imposed on us.
- Consent when you have provided your explicit consent to specific processing of your personal data.
- On the basis of our legitimate interests or compliance with legal obligations, as applicable, we may also process your personal data for the purposes of establishing, exercising or defending legal proceedings.
- We will ensure that we have additional grounds for processing your personal data if processing of special categories becomes envisaged. Note that special categories of personal data include data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic, biometric or health data, sexual orientation and data related to your conviction and offences. Processing special categories of your personal data is not envisaged unless we have reason to institute proceedings or investigations with respect to theft of our goods and/or services.
Subscription to our newsletter
10. On our website, users may be given the opportunity to subscribe to our newsletter. IAL may use this newsletter to inform its customers about its offers. The newsletter may only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject registers for the newsletter and (3) if the data subject is a client and gives IAL consent (opts in).
Routine erasure and blocking of personal data
12. The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.
13. If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data is erased in accordance with legal requirements.
Your rights as a data subject
14. As a data subject GDPR provides you with extensive rights as follows:
- Right of confirmation
- Right of access
- Right to rectification
- Right to erasure (Right to be forgotten)
- Right of restriction of processing
- Right to data portability
- Right to object
- Automated individual decision-making, including profiling
- Right to withdraw data protection consent
- Data protection for applications and the application procedures
Your rights in relation to your personal data are not absolute.
If you intend to exercise one or more of your rights, you should contact IAL.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights specified above). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Keeping your data secure
16. We take pride in keeping your data secure and will take appropriate technical and organisational measures to protect your data against unauthorised or unlawful processing, including against accidental loss, destruction, storage, or access. Your personal data will be stored in paper files or electronically on our technology systems or on technology systems of our IT providers.
17. If you have any complains regarding our processing of your personal data, please note that you may contact us or our Data Protection Officer at the details indicated below. You also have a right to lodge a complaint with the Office of the Information and Data Protection Commissioner in Malta (idpc.gov.mt)