Privacy Policy

Privacy Policy

BCOMPLIANT SOLUTIONS LIMITED (hereinafter the Company, we, us, our), having company registration number C.83236 and its registered office at 27, Triq L-Innu Malti, Zebbug ZBG 3503, Malta, will act as the data controller in processing your personal data and/or personal data relating to anyone who deals with us for you, in accordance with the Data Protection Act (Chapter 568), as enacted in Malta, which implements and further specifies the relevant provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, better known as the General Data Protection Regulation (GDPR).

The Company is committed to protecting and respecting your privacy. We take the privacy of all of our clients and individuals working with us in a commercial capacity as a service provider and/or subcontractor, seriously and take great care to protect their personal information.

General principles

Our Privacy Policy governs any kind of processing where we are acting as a data controller, including collection, use, transfer, storage and deletion of personally identifiable information about natural persons which includes any information that may be used to identify a physical person, and any other information associated therewith.

Please read the following policy carefully to understand what information we may collect from you, how we may use it, and your rights in respect of our use.

We will be guided by the following principles when processing your data:

• We will only collect data for specific and specified purposes. We will make it clear at the point when we request your information, what we are collecting it for and how we are going to use it.
• We will not collect data beyond what is necessary to accomplish those purposes. We will minimise the amount of information we collect from you to what we need to deliver the services required.
• We will collect and use your personal information only if we have sensible business reasons for doing so, such as managing a request for our services, entering into an agreement with you or gathering necessary information about an individual connected to our clients or service providers.
• We will not use data for purposes other than that for which the data was collected, except as stated herein, or with your prior consent.
• We will seek to verify and/or update data periodically, and we will accept requests for amendments of personal data.
• We will apply high technical standards to make our processing of data secure.
• Except when stated herein, we will not store data for longer than is necessary to accomplish its purpose, or as is required by law.

 

 

 

Information collected by the Company

The information collected by the Company includes information that you provide to us when you:

• contact us to request or enquire on our services, via our website, by email, by phone, through social media or in person;
• sign up for events or a newsletter through our website;
• enter into an agreement with us to provide you with a service;
• use our website;
• post on our social media channels or on our website or blog;
• work with us in a commercial capacity (for example as a service provider and/or subcontractor).

We require participants for our events and/or courses to provide us with their ‘identity data’, including name and identification card number and ‘contact data’ such as address, email address, landline and mobile numbers.

We require our clients to provide us with their identity and contact details or that of individuals connected to their business.

When attendees or clients affect a payment for our services, we process ‘financial data’ which includes their account details including full beneficiary name, bank account number and sort code.  When attendees affect online card payments, we do not store their card details.  Card details are processed and stored by our card processor, PayPal which is PCI DSS Compliant.

Our website and services are not intended for children and we do not knowingly collect data relating to children.

When you work with us in a commercial capacity, we require you to provide us with your identity, contact and financial data.  Additionally, where applicable, we may request copies of any permits, licences and authorisations of our service providers and/or sub-contractors.

When you access our website we also collect ‘technical data’ which includes your internet protocol (IP) address and other technology details on the devices you use to access our website (please refer to the Cookies section).

How we use your personal data

We will only use your personal data for specific purposes and in accordance with applicable laws.

Most commonly, we will use your personal data in the following circumstances:

• In order to perform the contract we are about to enter into or have entered into with you;
• Where it is for our legitimate business interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
• In order to comply with a legal or regulatory obligation.

Any processing of personal data for direct marketing purposes or the signing up for newsletters on our website will be processed with your Consent upon collection.

 

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Purpose/Activity	Type of data	Lawful basis for processing including basis of legitimate interest
To address your requests for or enquiries about our services.	a)     Identity b)     Contact c)      Technical	Necessary to take steps at the request of the data subject prior to entering into a contract.
To register you as a new customer or supplier.	a)     Identity b)     Contact	Necessary for the performance of a contract to which the data subject is party.
To manage our relationship with you, which will include: (i)               providing our services to you, receiving payment from you or paying you; and (ii)             notifying you about changes to our terms or letter of engagement and our privacy policy.	a)     Identity b)     Contact c)      Financial d)     Technical	a)     Necessary for the performance of a contract to which the data subject is party. b)     Necessary to comply with a legal obligation. c)      Necessary for our legitimate interests such as KYC and credit risk management.
To administer and protect our business and website (including troubleshooting, system maintenance, support and hosting of data).	a)     Identity b)     Contact c)      Technical	a)     Necessary for our legitimate interests for running our business, provision of administration and IT services, network security and to prevent fraud. b)     Necessary to comply with a legal obligation.
Direct marketing or the signing up for newsletters on our website.	a)     Identity b)     Contact	Data subject has given consent to the processing of his or her personal data for one or more specific purposes.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

 

Sharing of your personal data

The Company will share your information with others where it is lawful to do so including where the Company or any third party:

• needs it in order to provide you with the service;
• has a public or legal obligation to do so;
• in connection with any regulatory reporting obligations,
• in litigation or asserting or defending its legal rights and interests; or
• has obtained your consent to share it.

Specifically, the Company may share your information for the above purposes with others including:

1. processors and their respective sub-processors who work for the Company or provide services to the Company (including their employees, directors and officers) such as the software and hosting providers, IT managed service providers, payment processing providers and other service providers (including sub-contractors).

If you would like to receive more details on our processors and sub-processors please send us an email to enquiries@bcompliantsolutions.com and we would provide you with the requested information.

1. Third parties where you have a relationship with that third party and you have consented to us sending information (for example other professional advisers).
2. Regulatory bodies, law enforcement, government, tax authorities, courts, dispute resolution bodies, and our statutory auditors.

Transfer of personal data to third countries

The Company shall not cause or permit any personal data to be transferred outside of the EEA unless such transfer takes place under one of the following conditions:

1. Transfers are based on adequacy decisions, that is, processing of the personal data carried out in a country that the European Commission has considered as offering an adequate level of protection;
2. Transfers are subject to adequate safeguards on the basis of an agreement between the Company and a data processor, designed to protect your information, in the appropriate form approved for this purpose by the European Commission;
3. You have consented to such transfer and acknowledge and accept that certain data processors engaged by the Company in the provision of the services are located in a country that the European Commission has not formally declared to have an adequate level of protection and are not able to demonstrate appropriate safeguards;
4. the transfer is necessary for the performance of a contract between the Company and the Client;
5. the transfer is necessary for the conclusion or performance of a contract concluded in your interest between the Company and the data processor;
6. the transfer is necessary for important reasons of public interest; or
7. the transfer is necessary for the establishment, exercise or defence of legal claims.

 

 

Security, storage and retention of personal data

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those sub-contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We will retain your personal data for the duration of our business relationship and afterwards for as long as is necessary and relevant for our legitimate business purposes or as otherwise for the purposes of satisfying any legal, accounting, or reporting requirements.

Where we no longer need your personal information, we will dispose of it in a secure manner and erase it from our system.

Where you have consented us to process your personal data for direct marketing purposes, we will retain your data until you would have withdrawn your consent or objected to such processes.

Your rights

You have a number of rights in relation to the personal data that the Company holds about you. These rights include:

1. the right to access information which the Company holds about you and to obtain information about how the Company process it;
2. the right to withdraw at any time any consent you have provided to the Company, without affecting the lawfulness of processing based on such consent before its withdrawal or to object at any time to processing of your personal data for direct marketing purposes;
3. the right to request the Company to rectify your information if it is inaccurate or incomplete;
4. the right to request, in certain circumstances, the Company to erase your personal data unless the data is necessary for compliance with a legal obligation to which the Company is subject to or for the establishment, exercise or defence of a legal claim;
5. in certain circumstances the right to obtain from the Company restriction to your personal data.

You can exercise your rights at any time by contacting directly the Company by email to enquiries@bcompliantsolutions.com.

Likewise, if you have any questions about this Privacy Policy or our data protection practices, please contact directly by email to enquiries@bcompliantsolutions.com.

 

Complaints

You have also the right to raise complaints or concerns about the Company’s use or processing of your personal information with the body regulating data protection in your country, if you are residing in another EU member State or the Office of Information and Data Protection Commissioner in Malta (details are available at https://idpc.gov.mt/en/Pages/Home.aspx ).

 

COOKIES

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. Cookies may collect information (including Personal Information), such as user preferences, general usage information and unique identifiers.

We use a single cookie, “sessionid”, to identify you when you visit our website, keep you logged in as you navigate our website, and store temporary information. This functional cookie does not identify any individual, and is required for the correct operation of our website.

Our service providers use cookies and those cookies may be stored on your computer when you visit our website. These cookies do not contain any information that is personally identifiable to you. Our service providers are listed below:

• Google Analytics – used to analyse the usage of our website.
• Google Translate – provides a translation service to our website visitors.
• Facebook – used to offer “like” and “share” buttons to like/share pages from our website on Facebook.
• Twitter – used to offer “follow” buttons on Twitter.
• LinkedIn – used to offer “follow” buttons on LinkedIn.
• AddThis – used to offer “share” buttons for various social networks.
• YouTube – used to embed videos on our website.

Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:

• https://support.google.com/chrome/answer/95647?hl=en (Chrome);
• https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
• http://www.opera.com/help/tutorials/security/cookies/ (Opera);
• https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies(Internet Explorer);
• https://support.apple.com/kb/PH21411 (Safari); and
• https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).

Blocking all cookies will have a negative impact upon the usability of many websites. If you block cookies, you will not be able to use all the features on our website.

 

Links from our website

Our website contains links to and from websites operated by individuals and companies over which we have no direct control. If you follow a link to any of these websites, please note that these websites have their own privacy and terms of use policies and that we do not accept any responsibility or liability for these policies. We advise you to check these policies before you submit any personal data to these websites.

Changes to this privacy policy

We may revise this Privacy Policy from time to time. If there are any changes to this Privacy Policy, we will replace this page with an updated version. It is therefore important that you check the “Privacy Policy” page when you access our Website so as to be aware of any changes which may occur from time to time.

We will inform you through electronic mail of any substantive changes to our Privacy Policy.

Latest updated version:  25 May 2018.