1. Terms and abbreviations used in the Privacy Policy:
1.1. Processing – is any action or set of operations performed with or without automated means on Personal Data or on sets of Personal Data, such as collection, registration, organization, structuring, storage, adaptation or modification, recovery, viewing, use, disclosure by dispatching, distributing or otherwise making available, coordination, combination, restriction, erasure or destruction.
1.2. Data Processor – is a natural or legal person, public authority, agency or another body that processes Personal Data on behalf of the Data Controller.
1.3. Data Controller – Company that processes Personal Data of the Data Subject in accordance with the specified purposes and means of Personal Data Processing;
1.4. Data Subject – ETM potential, current, former client – natural person, employment candidate, visitor, websites visitor and user, participant of events organized by ETM, employee of legal entities, official, contact person, authorized person, beneficial owner and any other identified or identifiable natural person, whose Personal Data is Processed by ETM;
2.5. ETM – Company, registered with Malta Business Register, reg. No. C84077, legal address: 4, Cresta Court, Triq Abate Rigord, Ta’ Xbiex, Malta;
2.6. Personal Data – any information relating to an identified or identifiable natural person (Data Subject).
2.7. General Data Protection Regulation – Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the Processing of Personal Data and on the free movement of such data and repealing Directive 95/46 / EC.
2. General provisions
2.1. The purpose of this “Privacy Policy” (hereinafter – Privacy Policy) is to provide a Data Subject with information on purpose, legal basis, scope, terms of processing, protection measures performed by ETM, as well as on the Data Subject’s rights in relation to Personal Data processing. Additional information on processing of Personal Data may be included in agreements, confidentiality notices and other documents.
2.2. ETM takes care of the privacy of Data Subjects and protection of Personal Data, observing the Data Subjects’ right to the lawfulness of Personal Data Processing in accordance with the General Data Protection Regulation and applicable national and other regulatory enactments in the field of privacy and Personal Data Processing.
2.3. ETM has implemented appropriate technical and organizational measures to protect Personal Data from unauthorized access, unlawful disclosure, accidental loss, alteration, destruction or any other unlawful processing.
2.4. Personal Data is obtained directly from the Data Subject and from services used by Data Subject, as well as from external sources (e.g. public registers or databases) or other persons (e.g. legal entity represented by the Data Subject, or whose employee, official, beneficial owner he/she is). ETM may record telephone conversations, video and / or audio, save e-mail communication or otherwise document the Data Subject’s interaction and communication with ETM.3. Information about Data Controller.
3. Information about Data Controller
3.1. ETM may be a Data Controller, Data Processor or Joint Controller when processing Personal Data of the Data Subject.
4. Purposes of Personal Data Processing
4.1. ETM processes Personal Data mainly for the following purposes:
4.1.1. compliance with legal requirements;
4.1.2. conclusion and execution of contracts;
4.1.3. for placing orders, delivery of goods, fulfillment of product warranty obligations;
4.1.4. for preparation of invoices, settlements;
4.1.5. for identification of client / Data Subject;
4.1.6. to ensure communication;
4.1.7. to ensure the course of ETM personnel selection process;
4.1.8. for implementation of rights of ETM;
4.1.9. for ETM marketing activities;
4.1.10. for video surveillance in premises, warehouses and territories;
4.1.11. for prevention and detection of criminal offenses;
4.1.12. for obtaining and preservation of evidence in civil disputes;
4.1.13. for reviewing applications / complaints and other documents;
4.1.14. for other purposes in legally justified cases.
4.2. In any of cases referred to in Clause 4.1 of the Privacy Policy, ETM Processes Personal Data to the extent permitted by the specific purpose of Personal Data Processing and in accordance with the procedures required and permitted by applicable laws and regulations.
5. Legal basis for Personal Data processing
5.1. ETM processes Personal Data on the basis of the following legal grounds:
5.1.1. For conclusion and execution of an agreement;
5.1.2. In order to fulfill legal obligation;
5.1.3. In order to implement or defend legitimate interests;
5.1.4. Consent;
5.1.5. Public interests.
6. Categories of personal data and their types
6.1. The amount and categories of Personal Data to be processed depend on the purpose of the Processing, which may differ in different situations. ETM mainly processes the following categories and types of Personal Data:
6.1.1. Identification data, such as personal identification code, date of birth, data of identity documents, incl. photo;
6.1.2. Contact information, such as address, phone number, email address;
6.1.3. Financial data, for example, information on execution of customer payments in connection with the goods sold by ETM;
6.1.4. Account details, such as bank account number;
6.1.5. Reliability and research data, such as data on counterparty payment discipline, data enabling ETM to conduct customer research activities related to prevention of money laundering and terrorist financing and to verify compliance with international sanctions, including the purpose of cooperation and whether a business partner, its representative, real beneficiary is a politically significant person;
6.1.6. Data obtained and / or created in the course of performing duties provided for in regulatory enactments, for example, data that ETM is obliged to provide to such institutions as tax authorities, courts, law enforcement authorities;
6.1.7. Communication and device data, such as data contained in messages, e-mails, videos, photographs and / or audio recordings, as well as other types of communication and interaction data collected when the Data Subject visits ETM premises and organized events or contacted a Data Subject, and data related to the Data Subject’s ETM website.
6.1.8. Professional data, such as data on education or professional career;
6.1.9. Special category Personal Data, such as data on suitability of a job vacancy candidate for the position to be held.
7. Personal Data Protection Measures
7.1. For the protection of Personal Data, ETM uses various technical and organizational security measures to protect Personal Data from unauthorized disclosure, access, loss, erasure, destruction (e.g. data encryption, anti-burglary equipment, firewalls, security passwords, etc.).
7.2. Personal Data is available to a limited number of employees of ETM and involved Data Processors, who need it for performance of the respective official functions / tasks, and who have binding confidentiality requirements.
8. Transfer / Disclosure of Personal Data
8.1. ETM may transfer Personal Data to persons to whom ETM has the right to disclose them (for example, Data Processors, legal service providers, etc.) or has an obligation in accordance with regulatory enactments or concluded agreements, or if the Data Subject’s consent has been obtained.
8.2. ETM may transfer Personal Data mainly to the following recipients:
8.2.1. institutions and officials, such as supervisory authorities, tax authorities, law enforcement authorities, sworn bailiffs, sworn notaries, courts, out-of-court dispute resolution institutions;
8.2.2. credit and financial institutions, insurance service providers, third parties involved in the execution of transactions, settlements and reporting;
8.2.3. financial and legal consultants, auditors;
8.2.4. providers of information systems and databases;
8.2.5. debt collection service providers, assignees, insolvency administrators;
8.2.6. other persons and suppliers related to the provision of services to ETM, incl. video surveillance, IT, telecommunications, archiving, postal service providers, etc.
8.3. ETM does not regularly or systematically transfer Personal Data to third countries (countries outside the European Union and the European Economic Area), however, Personal Data may be processed by Data Processors located in third countries (for example, technical solution developers or service providers). In this case, when transferring Personal Data, ETM ensures the procedures provided for in regulatory enactments to ensure a level of Personal Data Processing and protection equivalent to the General Data Protection Regulation.
9. Duration of storage of Personal Data
9.1. ETM does not store Personal Data for longer than it is necessary for the respective purpose of Personal Data Processing, or longer than specified in the binding regulatory enactments.
10. Profiling and automated decision making
10.1. ETM does not perform profiling and automated decision-making in relation to the Data Subject.
11. Cookies
11.1. ETM use cookies on their website. The cookies used and information about them are available in the Cookie for use section, which is available on the website of ETM.
12. Video surveillance
12.1. If ETM performs video surveillance, then as the Controller of the Personal Data obtained as a result of video surveillance, information signs on video surveillance are indicated, which are located at the entrances to the relevant premises / territory where video surveillance is performed. Information signs also indicate specific purpose of video surveillance.
12.2. ETM video surveillance can be performed mainly for the following purposes:
12.2.1. prevention and detection of criminal offenses relating to the protection of property;
12.2.2. for obtaining and preservation of evidence in civil disputes.
12.3. Video surveillance is performed without audio recording. In certain cases, the ETM may perform video surveillance with audio recording, indicating this in the information signs.
12.4. The following conditions are met to achieve the purpose of video surveillance:
12.4.1. video surveillance shall be performed in such a perimeter that no larger part of the territory is observed than is necessary to achieve the purpose of video surveillance;
12.4.2. video surveillance is not performed in places with increased privacy (facilities, shower rooms, dressing room, kitchen);
12.4.3. Personal Data obtained during video surveillance are obtained from the Data Subjects located in the video surveillance area.
12.5. Personal Data processed in connection with video surveillance (video recordings) performed by ETM will be stored for no longer than necessary, setting a maximum retention period of 90 (ninety) days from the moment of recording, unless another purpose of Processing arises (e.g. in connection with a criminal investigation). Usually, the storage time of video recordings is much shorter than the above.
12.6. Categories of Personal Data to be processed during video surveillance – visual (video) data – video recordings, photo fixation, date, place, time of their recording.
12.7. Personal Data obtained during video surveillance may be transferred to the following recipients:
12.7.1. law enforcement / supervisory authorities, in cases provided for in regulatory enactments upon receipt of a reasoned request;
12.7.2. ETM and their authorized persons involved in ensuring administration of video surveillance system or achieving the respective Processing purpose, external service providers performing video surveillance system, security service providers providing security services, insurance service providers for investigating insurance cases, ETM business partners ( for example, producers of goods, suppliers, buyers) – as evidence in an event of a dispute over the proper packaging, receipt, transfer, etc. of the goods, as well as other persons, upon an appropriate legal basis;
12.7.3. For the Data Subject – on the basis of a motivated written application.
12.8. When issuing video recordings, ETM ensures that no more data is issued than is necessary to achieve the respective purpose of Personal Data processing.
13. Rights of the Data Subject
13.1. In accordance with the General Data Protection Regulation, the Data Subject has the following rights with regard to the processing of his / her Personal Data:
13.1.1. To receive confirmation whether ETM processes Personal Data of the Data Subject and, if it processes, also to access them.
13.2. To request correction of the Data Subject’s Personal Data if they are inappropriate, incomplete or incorrect (Data Subject has no right to request correction or supplementation of video recordings, as this would be considered as falsification or distortion of information);
13.2.1. To request deletion of Personal Data of the Data Subject;
13.2.2. To restrict Processing of Personal Data of the Data Subject;
13.2.3. To object to the Processing of Personal Data of the Data Subject, if Processing takes place on the basis of legitimate interests of ETM;
13.2.4. to receive Personal Data submitted by a Data Subject to ETM and processed on the basis of consent or performance of the contract in a structured form in one of the most frequently used electronic formats and, if possible, transfer such Personal Data to another service provider (rights to data portability);
13.2.5. To revoke consent of the Data Subject to Processing of Personal Data.
13.3. The rights of the Data Subject referred to in Clause 13.1 of the Privacy Policy shall be exercised insofar as the Processing of Personal Data does not arise from obligations of ETM imposed on it by regulatory enactments.
13.4. In order to prevent unjustified disclosure of a Data Subject’s Personal Data to third parties, ETM exercises rights of a Data Subject on the basis of a written application, having previously identified the Data Subject.
13.5. Application can be submitted in one of the following ways (contact information of ETM is available on its website):
13.5.1. by signing with a qualified secure electronic signature and sending it to the e-mail address of ETM;
13.5.2. upon personal arrival at the office of ETM during its working hours and after verification of identity of the Data Subject performed by an employee of the ETM, to submit the relevant application;
13.5.3. by sending a written application to the legal address of ETM, indicating in the application postal address to which a reply must be provided. The answer to such application will be provided only by registered mail, to the postal address indicated in application.
13.6. Response to the Data Subject’s request will be prepared no later than within one month after receipt of application; if necessary, for objective reasons, this period may be extended by further two months.
13.7. Data Subject may submit a complaint regarding Personal Data Processing performed by ETM to the Personal Data Protection Supervisory Authority of Malta, if the Data Subject considers that the Data Subject’s Personal Data Processing violates the Data Subject’s rights and interests in accordance with Personal Data Protection Acts.
13.8. Contact information of Personal Data Protection supervisory authorities is available on their website: https://idpc.org.mt/.
14. Contact information
14.1. In case of doubt or for additional information regarding processing of Personal Data by ETM, please contact ETM by sending an e-mail to: info@etm.mt.
15. Privacy Policy Availability and Amendments
15.1. ETM is entitled to unilaterally make changes and additions to the Privacy Policy at any time by publishing the current version of the Privacy Policy on the ETM website.