General Privacy Notice – DZ Advisory Ltd
This Privacy Notice is related to DZ Advisory Ltd. having its registered address at Quad Central, Q3 Level 10, Central Business District, CBD 1040, Malta, ( ‘Company’, ‘we’, ‘us’, ‘our’). We are committed to safeguarding the privacy of our clients using our services (‘user’, or ‘you’, ‘your’).
This Privacy Notice explains how we collect, use, disclose, and safeguard and treat your personal information when you are seeking to become a client, and/or you are a client of the Company, whether through an ongoing business relationship or an occasional transaction (each and collectively, the ”Services”).
By utilising, or receiving, the Services, you agree with the terms of this Privacy Notice. By providing us with your personal information, you acknowledge the Company processing your personal information in accordance with this Privacy Notice and applicable EU laws and regulations.
2. Personal Information
Each and all of the following strands of information and documentation as we may collate and process shall, for the purposes of this Privacy Notice, each and collectively are referred to as the “Information”.
We may collect, store, process and use the following kinds of Information:
i. Personal Details
Personal details as per our ‘Know Your Customer’ (KYC) forms and/or through our centralised KYC Portal system. Details will include your name, surname, address, identification details, date of birth, and nationality; the Services for which you have or will engage the Company to provide you with and similar or related information.
We will keep a copy of the Information and corresponding documentation, including your identification documents and proof of address to honour our statutory obligations under the 4th and 5th AML Directives.
ii. Searches and Checks
We will carry out name checks, google searches and passport checks on you, and we shall retain documentation generated pursuant to such checks and searches, which you understand we are required to perform to ensure that in our practices we prevent fraud, money laundering, funding of terrorism, financial crime or any other type of crime, in line with the 4th and 5th AML Directives and the internal risk-based policy of the Company. You acknowledge that the Company carries out the aforementioned screening practices when the relationship with the client (even when prospective) has initiated and additionally on an ongoing basis at such intervals as the Company at its discretion decides, so as to adhere to the said risk-based approach.
iii. Political Exposure
The Company additionally keeps records as to your political exposure including by the recording of declarations submitted by you, confirming or otherwise that you are a “Politically Exposed Person”, and documented searches via open sources and through our name screening platforms as the Company shall perform.
iv. Risk Classification
We shall use your Information to perform, in a manual or automated manner, a risk classification/profiling which would classify you as ‘low risk’, ‘medium risk’ or ‘high risk’ in order to honour our obligations under the 4th and 5th AML Directives. Such classification will affect the level of ongoing monitoring we perform on you and/or the level of documentation we request. You may request further information on how such risk classification is performed by contacting the Data Protection Officer on firstname.lastname@example.org or by calling us on +356 2144 0099.
We will retain a copy of your communication with us, such as emails and letters, in line with our legal obligations under the 4th and 5th AML Directives or pursuant to a legitimate interest.
vi. Video and Imagery
We may request a video conference call through our centralised KYC Portal. Should you accept to provide us with such a call, we shall record and hold a video and sound recording of the video conference in line with our AML/CFT obligations and internal retention policy found in the Data Protection Policy of the Company. We may also take screen shots of such video conference to fulfil our obligations under the 4th and 5th AML Directives. The video call will examine your facial features and perform a facial recognition test on you. Such facial recognition test will then compare your features through the video conference to those on your identification document.
We may also process and hold information about your wealth, such as the value of your assets, details of bank accounts, inheritance information, employment-related information and documentation and other information as relates to your global net worth. We shall collate and use such Information in line with our AML/CFT obligations, on a risk-sensitive basis, depending on the Service for which you seek to engage the Company to provide you with and proportionate to the value the Company seeks to achieve from a ML/FT risk-mitigation perspective.
We shall process and retain certain declarations that we may ask you to provide, including the ‘Client Onboarding Questionnaire’ or an equivalent document, in line with our legal obligations.
We may hold and process any other information or documentation we request from you whether in physical or digital format, in line with our legal obligations and our internal risk-based approach policy.
3. Consent-based processing
We shall require your consent in the following circumstances:
- When sending you direct marketing material or promotions regarding our services, unless there is a clear and tested legitimate interest for you to receive such material;
- When sharing your Information outside the Company, unless we are required to do so by law such as providing information to police, court of law or a competent authority. Provided that we share your Information outside the Company without your consent limitedly to when we are sharing it with our processors to help us provide you with the Services; and
- When processing your Information without having one of the other legal basis found in Section 4.
Please note that you can withdraw your consent at any time, unless there is another legal basis that allows us to process your Information as per the below section.
Non-marketing material such as general information about matters that may concern you is not considered as direct marketing and promotional material and, without prejudice to your right to elect to not receive the same or to unsubscribe, we shall not require your consent. The sending of such non-marketing material is effected only after we have ensured that our legitimate interest to send you such non-marketing material would not affect your privacy.
Such material is usually sent by email and you have the right to unsubscribe at any time, and should you elect to unsubscribe, we shall not send you further non-marketing material. The same would apply if you have requested or shall request that no material whatsoever is sent to you.
Examples of such non-marketing material are:
Information about tax incentives published by a Government;
Information about new regulations;
Information about your rights under any regulation or legislation;
Information about an investment aid issued by a Government;
Information about any other topic which may be of personal interest for you.
4. Legal Basis for Processing
In addition to processing by consent in terms of Section 3, we may process your Information if we have the following legal basis:
- Contractual obligation or necessity;
- Legal obligation;
- Member-state law;
- Vital interest of the data subject;
- When processing the Information is in the best interest of the public; and
- Legitimate interest.
It is the nature of our business to process your Information mostly due to a contractual necessity, legal obligation or due to a legitimate interest. When neither of these apply, it is likely that we will process your Information based upon your consent. That said, DZ Advisory may process Information according to regulations listed within the General Data Protection Regulation (“GDPR”).
5. Disclosure to Third Parties
We may disclose your Information:
- To the extent that we are required to do so by law;
- In connection with any ongoing or prospective legal proceedings;
- In order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
- To any person who we reasonably believe may apply to a court or other competent authority for disclosure of that Information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that Information;
- To any of our employees, officers, insurers, professional advisers, bankers, agents, suppliers, IT service providers or subcontractors insofar as reasonably necessary for the purposes set out in this notice (also known as Processors and sub-processors);
- To any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries from time to time) insofar as reasonably necessary for the purposes set out in this notice. If the Company is merged, acquired, or sold, or in the event of a transfer of some, or all, of our assets or equity, we may disclose or transfer Information and usage data in connection with such transaction;
- In all other circumstances where you would have given your consent.
Specifically and without limitation, your Information may be disclosed to individuals who are required to access your Information to perform their duties and/or to provide you with a service. Relevant authorities may request to access your Information at any time. This includes, but not limited, to the following Authorities or Entities:
- The Police;
- Court of Law, Magistrates and Court experts;
- Malta Financial Services Authority (MFSA);
- The Financial Intelligence Analysis Unit (FIAU) and/or
- The Commissioner for Data Protection.
We will not, without your express consent, supply your Information to any third party for the purpose of their, or any other third party's direct marketing.
Information that you publish on our website or submit for publication on our website, such as testimonials featuring your Information, may be available, via the internet, around the world. We cannot prevent the use or misuse of such Information by others.
Storage and Protection of Information
Information shall be stored in one or more of the following locations:
- Physical files which may be held under lock and key in our office;
- On servers and back-up servers hosted with PC Gen [www.pcgen.mt] – which are the Group’s outsourced IT support; and
- On cloud facilities located within the European Union.
We employ and take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your Information. We maintain physical, electronic, and procedural safeguards to protect the confidentiality and security of Information and other information transmitted to us.
You acknowledge that the transmission of Information over the internet is inherently insecure and while we strive to protect Information transmitted through the website or otherwise electronically, we cannot, and do not, guarantee the security of any Information you transmit and you do so at your own risk. Provided that once the Information reaches the Company, we shall take the necessary steps to protect such Information, by employing one or more of the following measures:
- Ensuring that the Information is safeguarded by the use of firewalls, encryptions, access restrictions and/or passwords;
- Ensuring that the Information is accessible only to individuals within the Company who require to access to the Information in order to perform their duties related to the provision of the Services;
- Ensuring that appropriate backups are taken to prevent the Information from being lost; and
Retention & Destruction
Personal Information will be retained by DZ Advisory for as long as it is necessary for the purposes of processing such Information. Thus, the Company will keep Information for as long as it is obliged to by law, or need to keep a record of, a relationship with a client. We shall not keep your Information for more than 10 years following completion of Service or termination of our business relationship with you. As a minimum, we shall keep your Information for 5 years following the completion of service or termination of our business relationship with you.
Should the Company be required to change one or more of its hard disks where Information is, or was previously stored, the Company shall ensure that such hard disk is disposed of in a professional manner and in a way that Information cannot be retrieved from it in the future.
We shall destroy your Information in a safe and reliable manner.
- Physical files shall be destroyed by means of shredding. Shredding services may be outsourced to third parties and in such cases the Company shall review their data privacy procedures and safeguard the interest of the data subjects through ways and means such as through a contractual agreement between DZ Advisory as data controller and the shredding company as data processors in line with Article 28 of the General Data Protection Regulation. For the removal of any doubt, this would only apply if DZ Advisory provides non-shredded Information to the shredding service provider. If shredding is done in-house, then the shredding service provider will not be considered as a data processor.
- In the case of Information stored in digital format, such Information shall be permanently deleted. This would include any backups held on servers and/or cloud.
- Communication between the client and the Company shall be deleted or destroyed.
You can obtain information regarding the processing of your Information and access to the Information which we hold about you by contacting our Data Protection Officer.
You may request that any Information be rectified by sending an e-mail notification on email@example.com.
You have the right to request that we erase your Information if it is inaccurate or incomplete. There may be circumstances where you ask us to erase your Information, but we are legally obliged to retain it.
You may object to, and request the processing of, your Information in certain circumstances. There might be circumstances where you object to, or ask us to restrict, our processing of your Information but we are legally entitled to refuse that request.
You may instruct us at any time not to process your Information for marketing purposes.
You may withdraw your consent given under this Privacy Notice at any time by means of either of our contact details provided in the forthcoming section.
Your Information may only be stored unless further processing is brought about by individual consent and the necessity for the establishment of legal claims for the protection of the rights of another natural/legal person or for the public interest.
You have a right to lodge a complaint to the supervisory authority of the jurisdiction in which the Information is being provided.
You may request a printed copy of this Privacy Notice free of charge.
We value our customers’ comments and we are committed to ensure that all our clients’ Information is safeguarded and in line with regulation and our internal policies. Should you feel the need to complain about, or raise your objections, to how we are handling your Information, then you may contact our Data Protection Officer using the following contact details:
By post: The DPO, DZ Advisory Ltd, Quad Central, Q3 Level 10, Central Business District, CBD 1040, Malta.
By phone: +356 21332100
By email: firstname.lastname@example.org
The Company will do its utmost to ensure that complaints are handled and settled internally in an efficient and professional manner.
You may also contact the Office of the Data Commissioner as follows:
By post: The Commissioner, Office of the Data Commissioner, Level 2, Airways House, High Street, Sliema, SLM 1549, Malta
By phone: +356 23287100
You may also file a complaint with the Maltese Data Protection Commissioner through the following link:
Can we modify this Privacy Notice?
From time to time, we may change this Privacy Notice. If we change this Privacy Notice, we will upload the updated Notice on our website, or by posting a notice on our homepage stating that a change has occurred. We shall write to you should there be a material change in the Privacy Notice which affects your rights.
This Privacy Notice is in conformity with applicable EU laws and regulations. The Company is liable only to the extent of the provisions set out under the applicable EU laws and regulations.