Privacy Notice

IT IS IMPORTANT THAT YOU READ THIS PRIVACY NOTICE SO THAT YOU ARE AWARE OF HOW AND WHY WE ARE USING YOUR INFORMATION.

Any references to “you” or “your” shall be interpreted as references to you as a customer, whereas any references to “us”, “we” or “our” “Company” shall be interpreted as references to Vifto.

Vifto Ltd, Company Number: C 92215, registered at Centris Business Gateway, Level 2M, Triq is-Salib tal- Imriehel, Central Business District, Zone 3, Birkirkara (hereinafter referred to as ‘Vifto’, ‘Company’) is the Data Controller for the purposes of applicable data protection law.

The Company respects your privacy and is committed to protecting your personal data which it processes.

This Privacy Notice explains how the Company will comply with the applicable data protection legislation, including, the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as the ‘GDPR’), the Data Protection Act (Chapter 586 of the Laws of Malta, any subsidiary legislation and any other applicable laws relating to privacy and electronic communications, as may be amended from time to time.

1. DATA CONTROLLER

As the Data Controller, Vifto is responsible for deciding how it holds and uses the personal information collected from you. The Company may, in certain circumstances, deliver services in partnership with another entity whereby the Company will be a Joint Controller with that entity.

Our contact details:

Address: Centris Business Gateway, Level 2M, Triq is-Salib tal- Imriehel, Central Business District, Zone 3, Birkirkara

For general contact, please send us an email on info@vifto.com.

2. DATA PROTECTION PRINCIPLES

The Company is committed towards compliance. If we need to collect, use or store your Personal Data, we will abide by the following data protection principles:

Lawfulness, fairness and transparency – the processing of personal data shall take place in a lawful, fair and transparent manner;

Purpose limitation – the collection of personal data shall only be performed for specified, explicit and legitimate purposes and shall not be further processed in a manner which renders it incompatible with those purposes;

Data minimisation – the collection of personal data shall be adequate, relevant and limited to what is necessary in relation to the purpose(s) for which they are processed;

Accuracy – the personal data shall be accurate and where necessary kept up to date. Having regard to the purpose(s) for which personal data is processed, the Company shall take every reasonable step to ensure that inaccurate personal data are erased or rectified without undue delay;

Storage limitation – personal data shall be kept in a form which permits identification of the data subject, for no longer than is necessary for the purpose(s) for which the personal data is processed;

Integrity & Confidentiality – personal data shall be kept confidential and stored in a manner which ensures appropriate security. Personal data shall not be shared with third parties except when necessary and with a justifiable legal basis.

3. PERSONAL DATA

Personal Data is any information relating to an identified or identifiable natural living person, also known as a ‘data subject’. A data subject can be described as an individual who can be directly or indirectly identified through the information collected and processed by the Company. Such information may include name, surname, identification number, location data, online identifier or any other data relating to their physical, physiological, genetic, mental, economic, cultural or social identity.

The definition of Personal Data excludes any data which has been rendered anonymous in such a manner that the data subject is no longer identifiable (‘anonymous data’).

Special category data includes data on racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, health data, data concerning a natural person’s sex life or sexual orientation. The Company will only process special category data, also known as ‘sensitive data’, under strict conditions and with an appropriate legal basis.

We process personal data about the following categories of data subjects:

4. THE PERSONAL DATA WE COLLECT & HOW WE USE IT

How we collect your data

We collect and process personal data relating to you in connection with your use of this website and our relationship with you. This personal data may include:

When you visit our website or use our services, we collect personal data. The ways we collect it can be broadly categorized into the following:

Information you provide to us directly: When you visit or use some parts of our websites and/or services we might ask you to provide personal data to us. For example, we ask for your contact information when you sign up, or an email offer, , join us on social media, take part in training and events, contact us with questions or request support. If you do not wish to provide us with your personal data, you don’t have to, but you might be restricted to use parts of our website.

Information we collect automatically: We collect some information about you automatically when you visit our website or use our services, like your IP address and device type. We also collect information when you navigate through our website and services, including what pages you looked at and what links you clicked on. This information is useful for us as it helps us get a better understanding of how you’re using our websites and services so that we can continue to provide the best experience possible.

Some of this information is collected using cookies and similar tracking technologies. If you want to find out more about the types of cookies we use, why, and how you can control them, take a look at our Cookie Policy. https://vifto.com/cookiepolicy

Information we get from third parties: The majority of information we collect, we collect directly from you. Sometimes we might collect personal data about you from other sources, such as publicly available materials or trusted third parties like our marketing and research partners. We use this information to supplement the personal data we already hold about you, in order to better inform, personalize and improve our services, and to validate the personal data you provide.

Where we collect personal data, we shall only process it:

· to perform a contract with you, or

· where we have legitimate interests to process the personal data and they are not overridden by your rights, or

· in accordance with a legal obligation, or

· where we have your specific consent.

If we do not collect your personal data, we may be unable to provide you with all our services, and some functions and features on our website may not be available to you.

If you’re someone who doesn’t have a relationship with us, but believe that a Vifto subscriber has entered your personal data into our website, you will need to contact that subscriber for any questions you have about your personal data (including where you want to access, correct, amend, or request that the user delete, your personal data).

How we use your data

We use your personal data to operate our website and provide you with any services that you have requested, and to manage our relationship with you. We also use your personal data for other purposes, which may include the following:

To communicate with you. This may include:

providing you with information you have requested from us or information we are required to send to you;

operational communications, like changes to our websites and services, security updates, or assistance with using our website and services;

marketing communications in accordance with your marketing preferences

asking you for feedback or to take part in any research we are conducting (which we may engage a third party to assist with).

To support you: This may include assisting with the resolution of technical support issues or other issues relating to the website or services, whether by email, or otherwise.

To enhance our websites and services and develop new ones: For example, by tracking and monitoring your use of websites and services so we can keep improving, or by carrying out technical analysis of our websites and services so that we can optimize your user experience and provide you with more efficient tools.

To protect: So that we can detect and prevent any fraudulent or malicious activity, and make sure that everyone is using our websites and services fairly and in accordance with our terms of use.

To market to you: In addition to sending you marketing communications, we may also use your personal data to display targeted advertising to you online – through our own website and services or through third party websites and their platforms.

To analyze, aggregate and report: We may use the personal data we collect about you and other users of our websites and services (whether obtained directly or from third parties) to produce aggregated and anonymised analytics and reports, which we may share publicly or with third parties.

5. CHANGES TO YOUR PERSONAL DATA

It is important that the personal information we hold about you is current and accurate. Therefore, it is your responsibility to keep us informed should any of your personal information change.

Due to our obligations at law, you bind yourself to furnish us with recent suitable documentation for confirmation, on a regular basis, upon a mere verbal request to this effect from us. These may be required to allow us to correctly perform the terms of our engagement.

6. FAILURE TO PROVIDE THE INFORMATION

In most cases, the provision of personal data arises either from statutory requirements or contractual provisions. Where applicable, failure of the provision of personal data will prevent the Company from complying with its legal or regulatory obligation, concluding contracts, and delivering the services requested.

7. DISCLOSURE OF YOUR PERSONAL DATA

Except as described in this Privacy Notice, we will not intentionally disclose the personal data we collect or store to the third parties unless it is an imposed legal obligation on us to do so.

We will not share your information with any third parties for the purposes of direct marketing.

We use data processors who are third parties who provide elements of services for us. We have agreements in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will hold it securely and retain it for the period we instruct.

In some circumstances we are legally obliged to share information. For instance, under a court order or where we cooperate with other authorities. We might also share information with other regulatory bodies in order to further their, or our, objectives. In any case, we will ensure that we have a lawful basis on which to share the information.

All our third-party service providers are required to take appropriate security measures to protect your personal data in line with our policies. Moreover, we only permit third parties to process your personal data for specified purposes and in accordance with our legally binding agreements.

8. COOKIES

Cookies are small text files placed on your computer by the websites you visit. They are widely used to make websites work more efficiently, as well as to provide information to the owners of the website.

For more information about how we use cookies and to change your cookie preferences kindly read our Cookie Policy. https://vifto.com/cookiepolicy

9. RETENTION OF PERSONAL DATA

The personal data that we process shall not be kept longer than is necessary. We retain your personal data for as long as we need it to comply with our obligations under applicable law, to enforce our contractual agreements, and if relevant, for the establishment, exercise and defence of legal claims.

We will actively review the personal data we handle, process and store, and will delete or anonymise it in a secure manner where there is no longer a legal, business or customer need for it to be retained.

For more information on the retention of your personal data, kindly contact us on info@vifto.com.

In circumstances where it is impossible for us to specify in advance the periods for which your personal data will be retained, we will determine the retention period on the following criteria:

- the purpose(s) was for which your personal data was collected;

- whether there are any statutory obligations, obliging us to continue to process your information;

- whether we have a legal basis in place to continue to process your information, including but not limited to consent;

- the value attached to your information;

- whether there are any industry practices stipulating how long the information should be retained;

- the risk, cost and liability attached to such retention; and

- any other relevant circumstances.

10. DATA SUBJECT RIGHTS

As a data subject you have a number of rights in relation to your personal data. The Company respects your privacy rights and will endeavour to uphold such rights to the extent that they apply to the way in which we process your personal data.

Your principal rights are:

the right to be informed;

the right to access;

the right to rectification;

the right to erasure;

the right to restrict processing;

the right to object to processing;

the right to data portability;

the right to know of the existence of automated decision-making;

the right to lodge a complaint with the supervisory authority (IDPC) and/or seek judicial remedy in those cases where you believe that your data protection rights have been infringed following the processing of your personal data by a data controller; and

the right to withdraw consent.

If you wish to exercise any of the above-mentioned rights, please send your request on info@vifto.com.

Any request made will be given appropriate consideration within the timescales required by data protection legislation. Generally, the Company will respond to such requests within one (1) month, with the possibility to extend this period to three (3) months for particularly complex requests, in accordance with applicable law. In any such event, we will inform you accordingly.

Prior to processing your request and where deemed reasonably necessary, you will be required to provide us with proof of your identity. This is intended to ensure that the personal data is not disclosed to unauthorised third parties. The Company may require additional information in relation to such requests in order to speed up our response procedure. We reserve the right to withhold your personal data if disclosing it would adversely affect the rights and freedoms of others.

Generally, when exercising your rights, no fees are applicable. However, if your request is clearly unfounded, repetitive or excessive, we may charge a reasonable fee.

11. INTERNATIONAL TRANSFERS

The information provided to us may be shared with third parties situated in other European Economic Area (‘EEA’) Member States or in countries outside the EEA.

The Company will only transfer personal data outside the EEA after taking the necessary steps to ensure that your privacy rights continue to be protected, as outlined in this Privacy Notice and in accordance with applicable data protection laws.

For instance, we will transfer your personal data outside the EEA with your consent, to fulfil a legal obligation or to fulfil our contractual obligations.

12. SECURITY

The Company take appropriate security measures to protect your personal data against loss, misuse, unauthorised access, alteration, disclosure or destruction of your information.

We have taken steps to ensure the ongoing confidentiality, integrity, availability and resilience of systems and services processing personal information and will restore the availability and access to information in a timely manner in the event of a physical or technical incident.

Unfortunately, no method of electronic storage and no method of transmission over the internet, is 100% secure. The Company cannot warrant or ensure the security of any information transmitted to us, but this is done at your own risk. Moreover, we cannot guarantee that such information will not be accessed, disclosed, altered or destroyed by any breach of our physical, technical and/or organisational safeguards.

The Company has put in place procedures to deal with any suspected personal data security breach and will notify the Regulator of any such breach where we are required to do so. We will also inform you, as the data subject, of the occurrence of a breach and the steps to take to safeguard your rights.

If you feel that your personal data has been compromised, please contact our Data Protection Officer on info@vifto.com

13. PRIVACY BY DESIGN & BY DEFAULT

When introducing new technologies, policies or processes, we will ensure that your privacy is considered at the ‘design’ stage. Where applicable and in line with the GDPR, we will carry out a Data Protection Impact Assessment (‘DPIA’).

A DPIA will also be carried out where new technologies are used or where we consider there is a high risk to your rights and freedoms. Where an assessment identifies risks, which cannot be satisfactorily reduced, avoided or eliminated, we will seek advice from the Supervisory Authority (i.e. the Office of the Information and Data Protection Commissioner) prior to initiating the processing.

14. LINKS TO OTHER WEBSITES

Where the Company provides links to websites belonging to other entities, this Privacy Notice does not in any way cover how that entity processes your personal data.

We encourage you to read the Privacy Notices on the other websites you visit.

15. CHANGES TO THIS PRIVACY NOTICE

This Privacy Notice may change from time to time. If this Notice is changed in ways which affect how we use your personal information, we will advise you of the choices you may have as a result of such changes.

We will also post a notice that this Notice has changed.