PRIVACY POLICY
MOORE MALTA – EXTERNAL PRIVACY POLICY 

Purpose 

This privacy notice describes how Moore Malta (“Moore”, “we”, “us” or “our”) collects and uses Personal Data, in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act and any other applicable data protection law in Malta (collectively “data protection law”).

It applies to Personal Data provided to us, both by individuals or by others. Personal Data is any information relating to an identified or identifiable living person. Words used with first letter capitalisation (e.g. Personal Data), unless otherwise defined in this policy, have the same definition and meaning as under data protection law. If you do not agree to this privacy notice, you must not use or submit information to us through or in connection with your use of our mobile application and/or our website www.moore.mt (collectively the “Website”).

This privacy notice specifically covers the information we may gather about you via email, data sharing platforms and other network systems and how this data may be used (collectively the “Systems”). If you do not agree to this privacy notice, you must not use or submit information to us through or in connection with your use of the Systems.

About us

Moore Malta is registered as a civil partnership in terms of the Accountancy Profession Act (Cap. 281 Laws of Malta) with registered number AB/2/22/95. Moore Malta is an accountancy and consultancy firm and an independent member firm of Moore Global Network Limited (“the Network”).  Personal interactions are at the core of our business, so we have implemented this policy for reasons of lawfulness, fairness and transparency in relation to our use of Personal Data.

Our role

Where we decide how and why Personal Data is processed, we are a Controller. This is generally the role under which we process Personal Data. 

Scope

This privacy policy applies to Moore and its related entities, being members of the Moore Global Network, and this policy sets out how we will collect, handle, store and protect information about you when providing services to you, when you use our website, and when performing any other activities that are part of our business.

We are committed to protecting your privacy and handling your information in an open and transparent manner, and at all times in compliance with the provisions of the General Data Protection Regulation and the Data Protection Act (Chapter 586, Laws of Malta) and any other applicable data protection law in Malta.

This privacy statement also contains information about when we share your personal data with other members of the Moore Global Network and other third parties (for example, our service providers).

In this privacy statement, your information is sometimes called “personal data”. We may also sometimes collectively refer to handling, collecting, protecting and storing your personal information as “processing” such personal information.

When we refer to our Website in this statement we mean the specific webpages of www.moore.mt.

www.moore-global.com is comprised of various global, country, regional and practice specific websites, each of which is provided by Moore Global Network Limited (“MGNL”) or one of its independent member firms or their related entities (collectively, the “Moore Global Network”). Such websites, as well as other websites that may be linked to this Website, are not governed by this privacy statement. We encourage visitors to review the privacy statements on each of these other websites before disclosing any personal information. 

Types of Personal Data we may collect

You do not need to share personal data to access the Website. You may be asked to provide some personal information to receive information or services offered by Moore.
 
The categories of information we may collect from you are:

• Contact and personal details (including name, address, date of birth, employer name, copy of CV, contact title, phone, email and other business contact details) which you may give to us as part of a request for further information on our offering or as part of a job application;
• Communication and marketing preferences which you may give to us when you sign up to receive a newsletter, insight publication or other media alert on our Website;
• Information you share with us such as details of your requests for information on our offering or other general queries;
• Photographs you may give to us if you are attending a conference or event and chose to upload a photograph onto our event platform;
• any information you may provide as part of a contribution to an event, conference or webinar;
• Dietary requirements or mobility information you may give to us as part of the registration for an event, conference or webinar; and
• When you visit our website, we may automatically collect the following information:

– technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
– information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.

We may collect special category Personal Data is if you provide dietary requirements by reference to religion and/or health conditions or if you provide accessibility requirements by reference to health conditions.  We will only process such data where we have your consent to do so.
 

How we will use your Personal Data
 

We will only process your Personal Data, in accordance with applicable law, for the following purposes:

• internal record keeping;
• personalising your interaction with us;
• creating and making available recordings of events. webinars and conferences to individuals who have signed up for events, webinars and conferences;
• enabling our consultants, suppliers and service providers to carry out certain functions on our behalf, including payments processing, verification, technical, logistical or other functions;
• ensuring the security of our organisation, including the preventing or detecting fraud or abuses of our Website;
• resolving any disputes, if you lawfully exercise your rights or if you wish to dispute the use of a video recording, for example, or any other part of our offering;
• carrying out marketing campaigns and sending you personalised marketing communications, where you have agreed that we may do so, in order to keep you informed of our offering, which we consider may be of interest to you;
• developing and improving our offering, for example, by reviewing visits to our website and its various subpages; and
• to comply with applicable law, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law.
   

Grounds for Processing

Here we set out the basis upon which we process Personal Data.  Please note that we may process Personal Data for more than one lawful basis, depending on the specific purpose for which we are using that information.

Legitimate interests
 
We may process Personal Data for the purposes of our own legitimate interests in the effective and lawful operation of our business, provided that those interests do not override the interests, rights and freedoms of a Data Subject which require the protection of that Personal Data.
 
Examples of such processing activities are set out above.
 
Compliance with a legal obligation 
 
We are subject to legal, regulatory and professional obligations. We will process Personal Data as necessary to comply with those obligations.
 
We also keep certain records to demonstrate that our services are provided in compliance with our legal, regulatory and professional obligations. 
 
Consent
 
In certain limited circumstances, such as where a Data Subject has agreed to receive marketing communications from us, we may process Personal Data by consent. Where consent is the only basis upon which Personal Data is processed the relevant Data Subject shall always have the right to withdraw their consent to processing for such specific purposes.
 
It is our policy to only process Personal Data by consent where there is no other lawful basis for processing.
 

Data retention

Your Personal Data will be retained for as long as it is necessary to carry out the purposes set out in this Policy (unless longer retention is required by the applicable law). However, we will not retain any of your Personal Data beyond this period and the retention of your Personal Data will be subject to periodic review. We may keep an anonymised form of your Personal Data, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.

Data Security

We take the security of all the data we hold very seriously.  We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
 
We have put in place appropriate security measures to prevent Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
 
We limit access to Personal Data to those employees, agents, contractors and other third parties who have a business need to know, and our IT systems operate on a ‘least privileged’ basis by default. Third parties will only process Personal Data on our instructions and they are subject to a duty of confidentiality.
 
We have put in place procedures to deal with any suspected data security breach and will notify any affected Data Subject and any applicable regulator of a suspected breach where we are legally required to do so.
 

Data transfers

We will share Personal Data with third parties where we are required by law, where it is necessary to administer our relationships between clients and Data Subjects, or where we have another legitimate interest in doing so.
 
As part of a Network that is global, Personal Data may be transferred to member firms outside Malta and European Union (EU) and to countries that do not have laws that provide specific protection for Personal Data.  All Personal Data will be provided with adequate protection and all transfers of Personal Data outside Malta and EU are done lawfully. Where we transfer Personal Data outside of Malta or the EU to a country not determined by the European Commission as providing an adequate level of protection for Personal Data, the transfers will be under an agreement which covers Malta and/or EU requirements for the transfer of personal data outside Malta and the EU, such as the European Commission approved standard contractual clauses.

We may pass your data, where appropriate contractual arrangements and security mechanisms are in place, to:

• Our employees and consultants;
• Member firms of the Network where needed to provide services or respond to your request for further information on our offering;
• Third party service providers that support us and help provide services:

– our IT and cloud services, and to operate and manage these services;
– professional advisory services;
– administration services;
– marketing services;
– banking services.
– Event services

• to another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, merger, sale, reorganisation, change of legal form, dissolution or similar event. In the case of a merger or sale, your Personal Data will be permanently transferred to a successor;
• to legal advisors who may need to advise us or manage or litigate a claim;
• To any other third party (including our third party event sponsors) if we have your consent to do so.

All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect Personal Data. We only permit our third-party service providers to process Personal Data for specified purposes and only in accordance with our instructions.

Rights and responsibilities
 

A Data Subject’s duty to inform us of changes
 
It is important that the Personal Data we hold about is accurate and current.  On an annual basis we will use reasonable endeavours to contact Data Subjects to verify whether the information we hold about them is correct. However, at any time, please notify us of any changes in your personal information of which we need to be made aware by contacting us, either through your usual contact or by using one of the means set out at the end of this privacy notice. 
 
A Data Subject’s rights in connection with Personal Data

Data Subjects may have certain rights under Maltese or EU law in relation to the Personal Data held by us about them. In particular, they may have a right to:

• request access to their Personal Data. This enables a Data Subject to receive details of the Personal Data we hold about them and to check that we are processing it lawfully;
• ask that we update the Personal Data we hold about them, or correct such Personal Data that they think is incorrect or incomplete;
• request erasure of their Personal Data. This enables a Data Subject to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. Data Subjects also have the right to ask us to delete or remove Personal Data where they have exercised their right to object to processing (see below). Please note that we may not always be able to comply with a request for deletion of Personal Data for legal reasons which will be notified, if applicable, after receiving such a request;
• object to processing of their Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about their particular situation which makes them want to object to processing on this basis. They also have the right to object where we are processing their personal information for direct marketing purposes;
• request the restriction of processing of their Personal Data. This enables a Data Subject to ask us to suspend the processing of Personal Data about them, for example if they want us to establish its accuracy or the reason for processing it;
• request the transfer of their Personal Data to them or another Controller if the processing is based on consent, carried out by automated means and this is technically feasible. Please note that, at the time of the drafting of this notice, we do not undertake any processing relevant to the exercise of this right; and
• lodge a complaint with the supervisory authority. We suggest that you contact us about any questions or if you have a complaint in relation to how we process your Personal Data. However, you do have the right to contact the relevant supervisory authority directly. To contact The Office of the Information and Data Protection Commissioner, please visit the IDPC website.

Withdrawal of consent
 
Where we process Personal Data based on consent, individuals have a right to withdraw consent at any time. However, as noted above, we do not generally process Personal Data based on consent.
 
To withdraw consent to our processing of your Personal Data please email us at [email protected] or, to stop receiving an email from a marketing list, please click on the unsubscribe link in the relevant email received from us.
 
Contacting us to exercise a right
 
If any individual would like to exercise the above rights please contact us by sending an email or by one of the means set out at the end of this privacy notice. We may charge for a request to access details of Personal Data, if permitted by law. If a request is clearly unfounded, repetitive or excessive we may refuse to comply with that request.
 
Please note that it our policy not to provide copy documents if we are contacted by Data Subject seeking access to their Personal Data. We will comply with this request in another way, usually by providing a newly created document listing the information we are required to provide under data protection law.

 
We may need to request specific information from those individuals who contact us to help us confirm their identity and ensure their right to access their personal data (or to exercise any of their other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact an individual to ask them for further information in relation to their request to speed up our response.
 
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if a request is particularly complex. In this case, we will notify the individual concerned and keep them updated.
 
Data Subjects also have the right to make a complaint to the IDPC, the Maltese supervisory authority for data protection issues. For further information on individual rights and how to complain to the IDPC, please refer to the IDPC website.  

Changes to this notice
 
We recognise that transparency is an ongoing responsibility so we will keep this privacy notice under regular review.
 
This privacy notice was last updated on 14 May 2024.

Contacts
 
If there are any questions regarding this notice, you would like to exercise one of your rights or contact us about the manner in which we process their Personal Data please contact: [email protected]