WHO WE ARE
We are P.N. Fenech Ltd. operating under the SMS Group. Our address is 65, Birkirkara Hill, St. Julians. You can contact us by post at the above address, by email on supplies@pnfenech.com
This Privacy Policy describes P.N. Fenech ltd. policies and procedures on collecting, using and disclosing personal information when using our services. This policy stipulates how P.N. Fenech Ltd. seeks to meet its obligations regarding data protection. It also covers the rights of P.N. Fenech Ltd. customers (by customers, we are refereeing to current, prospective, customer beneficiaries, family members, claimants and/or other interested persons) in respect of personal data throughout all processes executed. Personal data is treated in line with the General Data Protection Regulation (GDPR).
At the outset, we would like to inform you that we use your personal data to provide and improve our services. Using such services, you agree to the collection and use of information per this Privacy Policy.
Anonymization: Irreversibly de-identifying personal data such that the person cannot be identified by using reasonable time, cost, and technology either by the controller or by any other person to identify that individual. The personal data processing principles do not apply to anonymized data as it is no longer personal data. |
Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to P.N.Fenech. Ltd. |
Cookies are small files that are placed on your computer, mobile device or any other device by a website, containing the details of your browsing history on that website among its many uses. |
Country refers to: Malta |
Cross-border processing of personal data: Processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the European Union where the controller or processor is established in more than one Member State; or processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State; |
Data Controller: The natural or legal person, public authority, agency or any other body, which alone or jointly with others, determines the purposes and means of the processing of personal data. |
Data Processor: A natural or legal person, public authority, agency or any other body which processes personal data on behalf of a Data Controller. |
Device means any device that can access our web-services such as a computer, a cell phone or a digital tablet. |
Each “local supervisory authority” will still maintain in its own territory, and will monitor any local data processing that affects data subjects or that is carried out by an EU or non-EU controller or processor when their processing targets data subjects residing on its territory. Their tasks and powers include conducting investigations and applying administrative measures and fines, promoting public awareness of the risks, rules, security, and rights in relation to the processing of personal data, as well as obtaining access to any premises of the controller and the processor, including any data processing equipment and means. |
Group Undertaking: Any holding company together with its subsidiary. |
Lead supervisory authority: The supervisory authority with the primary responsibility for dealing with a cross-border data processing activity, for example when a data subject makes a complaint about the processing of his or her personal data; it is responsible, among others, for receiving the data breach notifications, to be notified on risky processing activity and will have full authority as regards to its duties to ensure compliance with the provisions of the EU GDPR; |
“Main establishment as regards a controller” with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the controller in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions is to be considered to be the main establishment; |
“Main establishment as regards a processor” with establishments in more than one Member State, the place of its central administration in the Union, or, if the processor has no central administration in the Union, the establishment of the processor in the Union where the main processing activities in the context of the activities of an establishment of the processor take place to the extent that the processor is subject to specific obligations under this Regulation; |
Personal Data Any information relating to an identified or identifiable natural person (“Data Subject“) who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. |
Processing: An operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of the data. |
Pseudonymization: The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. Pseudonymization reduces, but does not completely eliminate, the ability to link personal data to a data subject. Because pseudonymized data is still personal data, the processing of pseudonymized data should comply with the Personal Data Processing principles. |
Sensitive Personal Data: Personal data which are, by their nature, particularly sensitive in relation to fundamental rights and freedoms merit specific protection as the context of their processing could create significant risks to the fundamental rights and freedoms. Those personal data include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. |
Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used. |
Service refers to the Website. |
Supervisory Authority: An independent public authority which is established by a Member State pursuant to Article 51 of the EU GDPR; |
Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit). |
BASIC PRINCIPLES REGARDING PERSONAL DATA PROCESSING
The data protection principles outline the basic responsibilities for organisations handling personal data. Article 5(2) of the GDPR stipulates that “the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”
Lawfulness, Fairness and Transparency: Personal data is processed lawfully, fairly and in a transparent manner in relation to the data subject.
Purpose Limitation: Personal data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Data Minimization: Personal data is adequate, relevant, and limited to what is necessary in relation to the purposes for which processed. The Company must apply anonymization or pseudonymization to personal data when possible, to reduce the risks to the subjects concerned.
Accuracy: Personal data must be accurate and, where necessary, kept up to date; reasonable steps are taken to ensure that any inaccurate personal data received and processed is erased or rectified in a timely manner.
Storage Period Limitation: Personal data must be kept for no longer than is necessary for the purposes for which the personal data is processed.
Integrity and Confidentiality: Taking into account the state of technology and other available security measures, the implementation cost, and likelihood and severity of personal data risks, the Company uses appropriate technical or organizational measures to process Personal Data in a manner that ensures appropriate security of personal data, including protection against accidental or unlawful destruction, loss, alternation, unauthorized access to, or disclosure.
Accountability: Data controllers are responsible for and able to demonstrate compliance with the principles outlined above.
COLLECTING AND USING YOUR PERSONAL DATA
We would like to inform that P.N. Fenech Ltd. will only collect and process personal data for and to the extent necessary for the execution of specific tasks/process.
Data subjects will always be informed accordingly; moreover it is the data subject him/herself who would supply such data. Data may also be received from respective agents.
Other source of data which may be collected are the following: Usage Data: Usage Data may include information such as Your Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data. When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device’s unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data. We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.
Tracking Technologies and Cookies:
We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include:
Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.
Flash Cookies. Certain features of our Service may use local stored objects (or Flash Cookies) to collect and store information about Your preferences or Your activity on our Service. Flash Cookies are not managed by the same browser settings as those used for Browser Cookies. For more information on how You can delete Flash Cookies.
Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).
Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser.
RETENTION OF YOUR PERSONAL DATA
The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.
When you sign up to receive our newsletter
When you sign up to receive our newsletter, we ask for your email address. We will ask for your consent to use the email address to email you our newsletter which contains information about our products and other information which we feel might be of interest to you. You can withdraw your consent at any time and unsubscribe, and we will stop sending you the newsletter.
Your name and email address are shared with a third-party mailing system which is based in Malta. This company has contractually committed to providing appropriate safeguards for your personal data which means it will be protected in line with the legal requirements of the European Union. We do not use the information you provide to make any automated decisions that might affect you.
We keep your personal data for as long as we produce and distribute our newsletter. If you withdraw your consent, we will mark your details so that they are not used and delete them after two years.
Your rights as a data subject
By law, you can ask The Company what information it holds about you, and you can ask in return to correct it if it is inaccurate. If you were asked for your consent to process your personal data, you may withdraw that consent at any time.
If The Company is processing your personal data for reasons of consent or to fulfil a contract, you can ask for a copy of the information in a machine-readable format in return so that you can transfer it to another provider.
If The Company is processing your personal data for reasons of consent or legitimate interest, you can request that your data be erased. You have the right to ask The Company to stop using your information for a period of time if you believe it is not doing so lawfully.
Finally, in some circumstances you can ask the Company not to reach decisions affecting you using automated processing or profiling.
To submit a request regarding your personal data by email, post or telephone, please use the contact information provided above in the Who Are We section of this policy.
When you submit an enquiry via our website
When you submit an enquiry via the email link on our website, The Company will receive your email address.
The Company uses this information to respond to your query, including providing you with any requested information about our products. The Company may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered to your satisfaction. The Company will do this based on its legitimate interest in providing accurate information prior to a sale.
Your enquiry is stored and processed as an email which is hosted on The Company’s servers. It is also logged on a CRM system on a cloud server based in Malta hence having adequate data protection laws in place to protect your data in line with GDPR.
The Company does not use the information you provide to make any automated decisions that might affect you.
The Company keeps enquiry emails for two years, after which they are securely archived and kept for up to five years, after which they are deleted.
Our Privacy Policy does not apply to services offered by other companies or individuals, including other sites linked to our services. Our Privacy Policy does not cover the information practices of other companies and organizations who advertise our services, and who may use cookies, pixel tags, and other technologies to serve and offer relevant ads.