What does GDPR stand for?
GDPR stands for General Data Protection Regulation [EU Regulation 2016/679]. It's the core of Europe's digital privacy legislation.
How did it come about?
The GDPR was enacted in 2016 and came into force in May 2018 following years of reform by the European Commission that have brought the European Union 'fit for the digital age'. This new EU framework applies to organisations in all member-states and has implications for businesses and individuals across Europe, and beyond.
What is GDPR?
At its core, the GDPR is a new set of rules primarily designed to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy.
The reforms are designed to reflect the world we're living in now, and brings laws and obligations - including those around personal data, privacy and consent - across Europe up to speed for the internet-connected age.
Fundamentally, almost every aspect of our lives revolves around data. From social media companies, to banks, retailers, and governments - almost every service we use involves the collection and analysis of our personal data. Your name, address, credit card number and more all collected, analysed and, perhaps most importantly, stored by organisations.
What is GDPR compliance?
Data breaches inevitably happen. Information gets lost, stolen or otherwise released into the hands of people who were never intended to see it - and those people often have malicious intent.
Under the terms of GDPR, not only do organisations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it are obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners - or face penalties for not doing so.
Who does GDPR apply to?
GDPR applies to any organisation operating within the EU, as well as any organisations outside of the EU which offer goods or services to customers or businesses in the EU. That ultimately means that almost every major corporation in the world needs a GDPR compliance strategy.
There are two different types of data-handlers the legislation applies to: 'processors' and 'controllers'. The definitions of each are laid out in Article 4 of the General Data Protection Regulation.
What are your rights with respect to GDPR?
The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
How do we protect your privacy at the ROCS Group?
What personal data do we process?
Our site is designed in such a manner that makes it possible for users to visit and use our site without disclosing or revealing any information about themselves. However, you may choose to provide us with personal information when you contact us via the http://rocsgrp.com/en/contact-us page of our site. Should this occur we oblige ourselves to process any such data that you may provide in full accordance with all applicable data privacy laws, and in such a manner that is necessary for us to be able to respond to and administer any request that you may make.
From time to time, and after we have obtained your permission, we may further process your personal data to provide you with information about commercial or promotional offers on our products and services, and which we feel may be of interest to you. Please inform us by sending an e-mail to email@example.com if you do not wish to receive any such information from us. In some cases where it is technically possible to do so, you will also be offered the opportunity to unsubscribe your email address using a direct link provided in the emails themselves. In some instances, we may require you to identify yourself using a recognised identity document in order for us to process your request.
We must remind you that the Company’s operations range across varied spheres of activity, so it is possible that the communications we send to you may not relate solely to the business area in which you have interacted with us.
Our website uses “cookies”. A “cookie” is a piece of software, which may be sent to and stored on your computer, and which enables us to collect information about how our website is being used and to manage our site more efficiently. Our cookies will only track general usage patterns and technical information about your computer type and will not be used to identify you individually.
More specifically, the information gathered through cookies may include:
- the date and time when you access our website, the duration of each visit, and the number and times of visits;
- the website pages that you view and any download that you may make through such pages;
- whether or not such viewing or download is successful;
- the internet address of the website or the domain name of the computer from which you access our website;
- your language preferences;
- the operating system of the machine running your web browser; and the type and version of your web browser.
Should you wish to reject all or certain cookies used by our website, you may modify your web browser preferences to do so. If however you reject all cookies then you might be unable to use and/or access some of the pages or facilities available on our website. Moreover, you may set your browser to notify you when you receive a cookie, giving you the opportunity to choose whether or not you wish to accept it. In this regard, you should note that if you do so, this may materially distort the quality of service and data you receive. You therefore do this at your own risk.
Providing personal data to third parties
We do not pass on your details collected from you as a visitor to this site to any third party, or as a user of our products and services unless you give us your consent to do so, or in the instances indicated below.
You will be aware that data sent via the Internet may be transmitted across international borders even where sender and receiver of information are located in the same country. Consequently, data relating to you may be transmitted via a country having a lower level of data protection than that existing in your country of residence.
- for the purpose of preventing, detecting or suppressing fraud or any other criminal activity;
- where it is a matter of national or public security.
- in the interest of national budgetary, monetary or taxation matters that can arise.
- to protect and defend our rights and property or that of users of our website;
- to protect against abuse, misuse or unauthorised use of our website;
- to protect the personal safety or property of users of our website (e.g. if you provide false or deceptive information about yourself or attempt to pose as someone else, we shall disclose any information we may have about you in our possession so as to assist any type of investigation into your actions);
- for any purpose that may be necessary for the performance of any agreement you may have entered into with us; or
- as may be allowed or required by or under any law.
We do not transfer your personal information to any third parties for marketing purposes.
Retention of personal data
No personal data that we process will be kept longer than necessary for the purposes for which it is processed. The Company has a policy of deleting personal data that is older than ten (10) years, so unless there is a valid legal reason for retaining your data for longer than that (for instance if you have given us your permission to do so, or if you remain an active customer of the Company), your data will typically be deleted after this ten-year period.
We remind you that by its very nature the internet may not always be a secure medium and data sent via the internet can potentially be subject to unauthorised acts by third parties. We cannot guarantee the privacy or confidentiality of any information passing over our website, nor shall we accept any responsibility or liability whatsoever for the security of your data while in transit through the internet.
No third party is permitted to link any other website to our website without obtaining our prior consent in writing.
Right of Access
Provided you fall within the legal definition of a ‘data subject’ in terms of Chapter 586 of the Laws of Malta and EU Regulation 2016/679, you have a right to request access to and/or rectification of your personal data processed by us. Any such request must be made in writing to us at the mailing address indicated here of the website and must be signed by yourself as the data subject to whom the particular data relates. You will also asked to provide verification of your identity before any access request will be considered. Should we process any data on you, you will be informed of the time period that will be necessary for us to collate this data, and you will be provided with a copy of this within that timeframe at no charge. Additional or repeated copies may attract an administrative charge of which you will be informed beforehand.
Right to enter a complaint
You are reminded that the law grants you a right to lodge a complaint with your local or national data protection authority, provided you are based in an EEA territory. In Malta, this is the Office of the Information and Data Protection Commissioner, which may be accessed by clicking this link.
Data Protection Officer
The Data Protection Officer for the ROCS Group of Companies is Mr Colin Aquilina who may be contacted using the following contact information:
The Data Protection Officer
Charichelon Company Limited
21 ROCS House
Tel: (+356)2015 1311
Governing Law & Jurisdiction
These terms and conditions are governed by and will be interpreted and construed in accordance with the laws of Malta, and any claim or dispute arising therefrom or connected thereto will be referred exclusively to the Courts of Malta.
Date last updated: 20th January 2020