Introduction
Firstbridge Services Ltd is a company registered under the laws of Malta having its registered address at Canter Business Centre, Patri Felicjan Bilocca Street, Marsa, Malta (“We”/ “Us”/ “Our” or the “Company”)
We are committed to respecting the privacy and personal data collected about individuals. If you wish to contact Us about Our privacy practices please feel free to do so by post on the abovementioned address or by email at compliance@firstbridge.com. You may also wish to contact us by telephone on +356 21 32 2118.
Our Data Protection Officer is Brian Schembri who may be contacted by email at brian.schembri@firstbridge.com or by telephone on +356 21 32 2118.
Please read this Privacy Notice carefully to understand our practices with respect to your personal data. The purpose of this policy is to set out Our practices with respect to personal data in line with the relevant legislation and to describe the steps that the Company is taking to ensure that it complies with the law.
References to “data controller”, “data subject”, “personal data”, “process”, “processed”, “processing” and “Data Protection Officer” in this Privacy Notice have the meanings set out in, and will be interpreted in accordance with applicable laws, including but not limited to the Data Protection Regulation (EU) 2016/679 and the Data Protection Act, Chapter 586 of the Laws of Malta and subsidiary legislation thereto, as may be amended from time to time.
What Amounts to Personal Data?
The term “personal data” refers to all personally identifiable information about you, such as your name, surname and address, and includes all information which may arise that can be identified with you personally.
What Personal Data Do We Process?
In its everyday business operations the Company makes use of a variety of data about identifiable individuals, including data about:
In collecting and using this data, the organisation is subject to a variety of legislation controlling how such activities may be carried out and the safeguards that must be put in place to protect it.
This control applies to all systems, people and processes that constitute the organisation’s information systems, including board members, directors, employees, suppliers and other third parties who have access to Firstbridge Service systems.
The following policies and procedures should be read in conjunction with this document:
We can provide you with a hard copy if you contact us on compliance@firstbridge.com.
How do we collect and process Personal Data?
As a provider for corporate services provider, We regularly collect and process personal data as part of the provision of our goods and/or services as follows:
Generally, you would have provided your personal data to Us. However, in some instances, We may collect personal data about you from third party sources, such as online searches or from public registers.
Third parties such as Our clients and business partners may also have provided your personal data to Us.
Special categories of Personal Data may be processed in the provision of the goods and services to the client. Special categories of Personal Data collected about you may be health data and data related to your conviction and offences.
Irrespective of the manner that We have collected your Personal Data, We will only process such data for the purposes of rendering you with the goods or services or purposes which are inherently related thereto, including the fulfilment of any legal or regulatory obligation imposed on Us.
What Personal Data do we process?
The personal data that we typically collect and process about our data subjects are:
Cookies
We use cookies when you visit our website on www.firstbridge.com. Cookies are pieces of information that a website transfers to your computer’s hard disk or to your browser’s memory. There are four main types of cookies that we use. Here’s how and why we use them:
(1) Site functionality cookies – these cookies allow you to navigate the site and use our features, such as “save flight”.
(2) Site analytics cookies – these cookies allow us to measure and analyse how our customers use the site, to improve both its functionality and your online experience.
(3) Customer preference cookies – when you are browsing, these cookies will remember your preferences (like your language or location), so we can make your online experience as seamless as possible and more personal to you.
(4)0020Targeting or advertising cookies – these cookies are used to deliver ads that are relevant to you. They also limit the number of times that you see an ad and help us measure the effectiveness of our marketing campaigns.
Please note that the cookies used by us do not personally identify you but they simply identify your computer or other device.
Most browsers are initially set to accept cookies. However, if you prefer, you can set your browser to block all, or certain, cookies. You can also set your browser to prompt you each time a cookie is offered. If you wish to block cookies, here’s a guide on how to do so for the most common browsers, such as Microsoft Internet Explorer, Google Chrome, or Mozilla Firefox.
Data Analytics
If you read or download information from our site, we automatically collect and store the following information:
We use the information that we gather in order to evaluate the website’s usage, content, usability and composition. This statistical analysis allows us to better understand our users’ needs and to generally make your internet experience more enjoyable and to provide a value-added service to you as a visitor. In order to do so, we make use of third-party services such as Google Analytics.
Google Analytics is a web analytics service that analyses how you use our website based on cookies (see cookie policy above). Google will use this information for the purpose of evaluating your use of our website. Further information about Google’s privacy policy may be obtained from this link.
Be assured that Google will not use this information to identify individual users or to match it with further data on an individual user.
If you do not wish that your user behaviour is analysed, you can opt-out of both services respectively via the following links – Google Analytics Opt-Out.
Newsletter Subscription
When you subscribe to one of our newsletters, you provide us with personal information such as your name and email address. We use the personal information submitted in the form only to send you the newsletter you subscribed to.
We use a third-party service provider called Mailchimp to send newsletters to users who subscribe to receive them and Mailchimp provides us with support statistics to help us improve our services to you. For more information on how Mailchimp manages your data please visit their Privacy Policy. Mailchimp is a data processor for us and only processes personal information in line with our instructions.
You will need to provide us with your consent as a legal basis for us to process your personal data to receive the newsletter. Personal data is deleted upon withdrawal of such consent by you, or, at the point where the purpose for holding that data is no longer valid.
Links to other Websites
Our site has a number of links to other local and international organisations and agencies. In some cases, for the benefit of the visitor, it may be required that we link to websites of other organisations after permission is obtained from them respectively. It is important for you to note that upon entering a linked website, you are no longer on our site and you become subject to the privacy policy of the other site.
Contact or feedback
When you fill the “Contact Us” form on our website, you provide us with personal information such as your name, email address and your message to us. We have a legitimate interest to process any personal data submitted in the form as this information is necessary to process and address your complaint/feedback in the way you expect us to and to respond to your message.
Legal Bases of Processing Personal Data
The legal bases of processing your Personal Data are the following:
When we process your Personal Data on the basis of Our legitimate interests, we ensure that the legitimate interests pursued by Us are not overridden by your interests, rights and freedoms; and,
We will ensure that we have additional grounds for processing your Personal Data if processing of Special Categories of Personal Data is envisaged. We might also process your Personal Data on the basis of your explicit consent, in which case we will process your data for the purposes for which your explicit consent was requested.
Third Party Recipients of Personal Data
We may share your personal data with third party recipients who are:
Automated Decision-Making and Profiling
Your personal data will not be used for any decision solely taken on the basis of automated decision-making processes, including profiling, without human intervention.
In the interest of transparency, note that We use systems which could profile you. Such systems are used by Us exclusively to help Us in the due diligence process. As stated, no automated-decision will result from Our use of such systems.
Data Retention
We retain your personal data exclusively for the period which is lawfully permissible to retain your personal data. Thereafter, your personal data shall be immediately and irrevocably destroyed.
As a result of legal obligations imposed on Us, we typically retain your personal data relating to financial information for up to ten (10) years unless we have a statutory obligation imposed on Us to retain your data for a further period or a business need or require your personal data to exercise or defend legal claims.
If we have a contractual relationship with you, we typically retain your personal data for up to five (5) years from the end of Our contractual relationship on the basis of Our legitimate interests to protect ourselves from civil cases which you might institute against Us in relation to Our contractual relationship.
Invoices, credit notes and similar transactional documents or information will be kept by Us for up to ten (10) years from completion of the relevant transaction on the basis of legal obligations imposed on Us to retain such information.
We may have a legitimate interest to hold your data for longer periods such as when your data is required for exercising or defending legal claims. For more information on our retention periods, you can request a copy of our Retention Policy by contacting us on compliance@firstbridge.com.
Any personal data which We may hold on the basis of your consent shall be retained exclusively until when you withdraw your consent. As noted above, retention of data on the basis of your consent is only envisaged where there are special categories of personal data collected, or for Our direct marketing activities.
Your Rights
The data subject also has rights under the GDPR. These consist of:
You may exercise these rights as follows:
These timescales to exercise your rights are shown in Table 1.
Data Subject Request Timescale
The right to be informed When data is collected (if supplied by data subject) or within one month (if not supplied by data subject)
The right of access One month
The right to rectification One month
The right to erasure Without undue delay
The right to restrict processing Without undue delay
The right to data portability One month
The right to object On receipt of objection
Rights in relation to automated Not specified decision making and profiling.
Table 1 – Timescales for data subject requests
For direct marketing, you have a right to opt-out and to object to receiving any further such communications from Us at any time. Note that if We contact you about Our legal updates, newsletters and events on the basis of your consent, you have a right to withdraw your consent and no longer be contacted for such purposes at any time.
Please note that in terms of the applicable laws, your rights in relation to your personal data are not absolute.
You may exercise the rights indicated in this section by contacting Us or Our Data Protection Officer at the details indicated above.
Keeping your data secure
We shall keep your personal data secure and shall commit to take appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, including against accidental loss, destruction, storage or access. Your personal data may be stored in paper files or electronically on our technology systems or on technology systems of our IT service providers.
International Transfers of Personal Data
Transfers of personal data outside the European Union will be carefully reviewed prior to the transfer taking place to ensure that they fall within the limits imposed by the GDPR . This depends partly on the European Commission’s judgement as to the adequacy of the safeguards for personal data applicable in the receiving country and this may change over time. Where required, we shall implement additional security measures, such as the EU Model Clauses, to ensure that the data transferred to non EEA countries is secure.
Intra-group international data transfers will be subject to legally binding agreements referred to as Binding Corporate Rules (BCR) which provide enforceable rights for data subjects.
Complaints
If you have any complaints regarding Our processing of your personal data, please note that you may contact Us or Our Data Protection Officer at the details indicated above. You also have a right to lodge a complaint with the Office of the Information and data Protection Commissioner in Malta (www.idpc.gov.mt).
Where Your Provide Us with Personal Data Related to Third Party Data Subjects
If you are a trader, a company, an intermediary or other corporate entity, and you supply to Us Personal Data of third party Data Subjects such as your employees, affiliates, service providers, customers or any other individuals connected to your business, you shall be solely responsible to ensure that:
Updates
We may update this Privacy Notice in Our sole discretion including as result of a change in applicable law or processing activities. Any such changes will be communicated to you prior to the commencement of the relevant processing activity.