Privacy Policy

Last updated: 21 May 2018

Welcome to www.ipoint.com.mt

Ipoint International Ltd. take the privacy of their clients seriously into account. This Privacy Notice is to let you know how ipoint protects the privacy of your communications and collects, processes, uses and stores your personal data through our Website as well as the rights you have with regard to the foregoing collection and processing of your personal data. By visiting our Website and using our services you acknowledge of having read and fully taken into account this Privacy Notice.

This Privacy Notice applies only to our Website under the domain www.ipoint.com.mt. Users should be aware that our Website may also contain links to other websites, yet our Company cannot be held responsible for the data processing practices or the content of such websites.

1. INTRODUCTION

By:

you provide us with your personal data.

Personal data, due its sensitive nature, shall be processed within the terms of Law.

The aim of this policy is to inform you about:

  • The Controller and Processor of your personal data;
  • The purposes and legal basis for the collection of such data;
  • The recipients of your such data;
  • The retention period of such data;
  • Your rights in relation to personal data.

We have tried to keep this policy as simple and plain as possible. However, if any part is unclear to you, contact us at [email protected] and we will respond to your query in due time and clarify any doubt you may have.

2. DEFINITIONS

For the purposes of this Privacy Notice the following definitions shall apply:

2.1. “Consent” – Any explicit, specific and freely given indication by which the User, after having been fully informed, signifies her agreement to personal data relating to her being processed.

2.2. “Cookie” – short text of software code, which is transmitted from the web server of our Company and stored at your device each time that you enter the Website. “Personal Data” – Any information relating to an identified or identifiable user of www.ipoint.com.mt

2.3. “GDPR” – the General Data Protection Regulation (EU) 2016/679, of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, as amended, replaced or superseded and in force from time to time and as transposed into member-state legislation.

2.4. “Personal Data” – any information which relates to a User, who can be identified directly or indirectly.

2.5. “Processing” – Any operation or set of operations which is performed by bit8 upon the personal data of the users of www.ipoint.com.mt, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;

2.6. “User” – Any internet user who accesses and browses at www.ipoint.com.mt

2.7. “Website” – The worldwide web website which is accessible through the domain name www.ipoint.com.mt including all of its webpages.

3. DATA CONTROLLER AND PROCESSOR

The Data Controller (“ the Controller ”), i.e. the entity who determines the purposes and means of data processing and The Data Processor (“ the processor ”), is Ipoint International LTD, company incorporated in Malta with offices at Flt 4, Sylvienne’s Crt, Triq ic-Cirasa, Malta. The Controller as well as The Processor is reachable at: [email protected] or +356 2147 2790.

The Controller is also the owner and registrant of the Website.

4. TYPES OF DATA COLLECTED

4.1 At the point of your access and during your use of our Website, you provide to ipoint the following types of personal data:

  • (i) Your IP Address;
  • (ii) Cookies (please refer to our Cookie Policy for more information);
  • (iii) Browser information (including language settings) and device used;
  • (iv) Your location (as per your IP address);
  • (v) Your screen resolution;
  • (vi) Average time you spend on each webpage part of the Website;
  • (vii) You age and gender (if you visit the Website while logged into you Google account).

The Website visitor data is anonymised.

4.2 When you apply for a job through the Careers section of the Website, we collect the following information about you (“job applicant data”):

  • (i) Your name and surname;
  • (ii) The name of your company (if provided);
  • (iii) Your contact number;
  • (iv) Your email address;
  • (v) Your CV;
  • (vi) The items of personal data that you may include in the free-text box.

4.3 When you send us a message through the Contact Us form, we collect the following information (“information enquirer data”):

  • (i) Your name;
  • (ii) The name of your company (if provided);
  • (iii) Your contact number;
  • (iv) Your email address;
  • (v) The items of personal data that you may include in the free-text box.

5. PURPOSES AND LEGAL BASIS FOR COLLECTING DATA

Personal data, as described in Clause 3 above is only collected for specific, explicitly stated and legitimate purposes. and is processed according to the legal basis identified below

Categories of personal data Purpose(s) Legal basis
Website visitor data –  Improve the content and functionality of our website;–  Better understand the categories of visitors to our Website,

–  Improve our products and services.

Legitimate interest
Purpose – is there a legitimate interest behind the processing?

YES, Ipoint has a legitimate interest to understand the category of visitors to the Website and the visitors/users have interest in having the best possible experience by visiting the Website.

Necessity – is the processing necessary for that purpose?

YES, Ipoint could not achieve the same purposes without collecting such data.

Balancing – is the legitimate interest overridden by the individual’s interests, rights or freedoms?

NO, individual’s interests, rights or freedoms are not overridden by collecting personal data of the subject.

Job applicant data Recruitment and selection of candidates Legitimate interest
Purpose – is there a legitimate interest behind the processing?

YES, Ipoint has legitimate interest to collect personal data to find suitable candidates for the vacant positions advertised on the Website, and the applicants/jobseekers have interest in their applications being considered and examined by Ipoint.

Necessity – is the processing necessary for that purpose?

YES, Ipoint need some items of personal data of the applicants in the recruitment process. The same purpose, being recruitment and selection of suitable candidates, cannot be achieved without the collection of personal data of the applicant.

Balancing – is the legitimate interest overridden by the individual’s interests, rights or freedoms?

NO, individual’s interests, rights or freedoms are not overridden by collecting personal data of the subject

Information enquirer data Respond to information requests Legitimate interest
Purpose – is there a legitimate interest behind the processing?

YES, we have a legitimate interest to create and maintain professional relationship with any member of the public enquiring information from us.

Necessity – is the processing necessary for that purpose?

YES, personal data is necessary to respond to the enquirer

Balancing – is the legitimate interest overridden by the individual’s interests, rights or freedoms?

NO, individual’s interests, rights or freedoms are not overridden by collecting personal data of the subject.

6. RECIPIENTS OF PERSONAL DATA

6.1  Your personal data may be shared between the undertakings forming part of the Ipoint, as foreseen by Recital 48 of GDPR.

6.2  Your personal data may be also shared between the Controller and the Processor.

6.3  Your personal data is never transferred outside of the European Economic Area (EEA) or to international organizations.

6.4  We do not sell, trade or otherwise transfer any personal information to third parties.

6.5  We will release your data if we are obliged to do so to comply with any law, regulation or court order.

7. RETENTION OF PERSONAL DATA

7.1. We keep your personal data for as long as it is each time necessary for the relevant purposes of their processing, in alignment with the Data Minimisation and Storage Limitation principles as defined the GDPR.

7.2. Ipoint may retain your personal data after the expiration of their relevant processing purposes in the following limited cases:

  • In case that there is a legal obligation under a relevant statutory provision.
  • For research or statistical purposes of for the proper organization and operation of our business provided that anonymity or pseudonymization of your data takes place.
  • In case of any claims against ipoint, for as long as necessary to defend our rights and legitimate interests before any competent court and any other public authority.

7.3. After the period of retention, your personal data is erased from our databases and systems in accordance with our data protection policies and provided that their retention is no longer required for the fulfillment of the purposes we have described above.

7.4. For more information about data retention terms in relation to specific personal data, please contact us at [email protected]

Categories of personal data Retention period
Website visitor data Data is retained for 25 months from the date of collection.
Job applicant data Data is retained for 3 months from the date of the application, which is the maximum duration of the recruitment process.An email acknowledging receipt of the application is send to the applicant with a link to this Policy.

Once the recruitment process is over, we may ask you if you would like us to retain your application for further three months. We will do so only if you positively opt-in.

Information enquirer data Data is retained only for the time necessary to process a response to the enquiry.Once this is completed, the enquirer data is deleted.

8. YOUR RIGHTS

8.1 As a website visitor, job applicant or information enquirer, you have extensive rights when it comes to the processing of your personal data.

Your rights, listed below, may be enforced by contacting the Controller or the Processor by email, by post or by phone using the contact details provided above.

You are guaranteed a response within 30 days month from the date of receipt of your enquiry.

If your request is particularly complex or we need to process an extraordinary number of simultaneous requests, our reply may take longer but will be provided no later than 2 months from the date of receipt of your enquiry. This reply will also include details explaining the reason for the delay in our response.

We will provide the information in digital format or if preferred in hard copy format.

Such requests will not incur any fee, except when:

  • (i)  Your requests are manifestly unfounded or excessive, in particular because of their repetitive character. In this case we will charge a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the action requested. In this case, we may also refuse to act on the request after having explained our position;
  • (ii) You request the information on paper and posted. In that case, we will charge you the postage fees.

Should we have reasonable doubts concerning your identity when making the request above, we may require additional information, necessary to confirm your identity.

Your rights are:

8.2  Access

You may obtain confirmation from us as to whether or not your personal data is being processed including:

  • (i)  the purposes of the processing;
  • (ii)  the categories of personal data concerned;
  • (iii)  the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  • (iv)  where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • (v)  the existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  • (vi)  the right to lodge a complaint with the supervisory authority;
  • (vii)  the existence of automated decision-making, including profiling.

8.3  Rectification

In case your date is inaccurate, incomplete or out-of-date, you have the right to rectify it.

8.4  Deletion (“the right to be forgotten”)

You have the right to have your personal data erased in case:

  • (i)  the data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
  • (ii)  You have withdrawn consent to process your data and there is no other legal basis legitimating its processing;
  • (iii) You have objected to processing your data and there is no other legal basis legitimating its processing;
  • (iv) Your personal data has been unlawfully processed;
  • (v)  Your personal data has to be erased in order to ensure compliance with any  legal obligations arising from any legislation enacted within the EU or any member states.

8.5 Restriction

You have the right to request a restriction on the processing of your data in case:

  • (i)  You contest the accuracy of your personal data, for a period enabling us to verify the accuracy of such data;
  • (ii)  The processing of your data is unlawful, and you oppose the erasure of your personal data and request the restriction of their use instead;
  • (iii)  We no longer need the personal data for the purposes of the processing;
  • (iv)  We no longer need your data, but we are required by you to retain the data for the establishment, exercise or defence of legal claims;
  • (v)  You have objected to processing (as specified in detail below), pending the verification whether our legitimate grounds override yours.

When you restrict processing, your personal data will, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

In case you have obtained restriction of processing as per above, we will inform you before the restriction of processing is lifted.

8.6 Complaint

In addition to the above, and without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the competent supervisory authority if you consider that your personal data has been processed unlawfully.

8.7 Data Portability

You enjoy a right to data portability with respect to your Personal Data held by Ipoint and Ipoint hereby binds itself to provide you with the Personal Data concerning yourself which you have provided to the Ipoint, in a structured, commonly used and machine-readable format. In addition, you enjoy the right to transmit that data to another data controller without hindrance from Ipoint.

9. APPLICABLE LAW

The law applicable to the processing activities, and to this policy, shall be:

  • Until 25 May 2018, the Data Protection Act, Chapter 440 of the Laws of Malta and other subsidiary legislation
  • After 25 May 2018, Regulation EU 2016/679 (“GDPR”).

10. AMENDMENTS

This Privacy Policy is subject to changes. You are invited to familiarize with its content and visit this URL frequently to familiarize with the changes.