Mainstreet Privacy Notice
Last updated on the 26/07/2018
The Company is established under the laws of Malta with registered address at Main Street Complex, Antoine De Paule Square, Paola, Malta (“We”/”Us”/”Our”).
We are committed to respecting your privacy. If you wish to contact Us about Our privacy practices, please feel free to do so by post at the above registered address or by email at [email protected]. You may also wish to contact us by telephone on21227436.
Our Data Protection Officer may be contacted by email at [email protected] or by telephone on 21227436.
Please read this Privacy Notice carefully to understand our practices with respect to your Personal Data.
References to “Data Controller”, “Data Subject”, “Personal Data”, “Process”, “Processed”, “Processing”, “Data Protection Officer” and “Data Processor” in this policy have the meanings set out in, and will be interpreted in accordance with the applicable laws. “Applicable Laws” shall mean the relevant data protection and privacy laws, including but not limited to, the Data Protection Regulation (EU) 2016/679, and the Data Protection Act, Chapter 440 of the Laws of Malta and subsidiary legislation thereto, as may be amended from time to time.
We may update this Privacy Notice in Our sole discretion including as result of a change in Applicable Law or processing activities. Any such changes will be communicated to you prior to the commencement of the relevant processing activity
What amounts to Personal Data?
The term “Personal Data” refers to all personally identifiable information about you, such as your name, surname and address, and includes all personal information which may be processed and that can be identified with you personally
How do we collect Personal Data?
Generally, you would have provided your Personal Data to Us. However, in some instances, We may collect Personal Data about you from third party sources or our business partners, such as our Wi-Fi service provider.
We collect the following personal data about you:
- Name and surname;
- Email address;
- Telephone/Mobile number.
We typically collect Personal Data and process it for the following purposes:
- for direct marketing, and to benefit from exclusive offers, receive latest news and offers which marketing shall be conducted by email and mobile (the “Direct Marketing”);
- to manage our relationship with you and provide you with information related to your registration, purchases or other information;
- to comply with legal obligations imposed on Us;
- to provide you with statements and to provide you with products and services;
- for the detection and prevention of fraud and other criminal activity which we are legally bound to report;
- any Personal Data lawfully generated by Us in the course of executing your instructions; and
- any Personal Data which you may voluntarily provide to Us;
- for purposes of a legitimate interest pursued by Us or by a third party, provided such interest is not overridden by your interests, fundamental rights and freedoms; and
- the purposes you would have requested when providing your Personal Data to Us.
Irrespective of the manner that We have collected your Personal Data, We will only process such data for the purposes indicated in this Notice, including the fulfilment of any legal or regulatory obligation imposed on Us.
Legal Bases of Processing Personal Data
The legal bases of processing your Personal Data are the following:
- Our legitimate interests – When we process your Personal Data on the basis of Our legitimate interests, we ensure that the legitimate interests pursued by Us are not overridden by your interests, rights and freedoms;
- Your explicit consent – with regard to the processing of Your personal data for Direct Marketing; and
- We might also have to process Your personal data to comply with legal obligations imposed on Us, such as transferring personal data to relevant authorities
On the basis of Our legitimate interests or compliance with legal obligations, as applicable, We may also process your Personal Data for the purposes of establishing, exercising or defending legal proceedings.
We will ensure that we have additional grounds for processing your Personal Data if processing of Data is envisaged. We might also process your Personal Data on the basis of your explicit consent, in which case we will process your data for the purposes for which your explicit consent was requested.
Recipients of Your Personal Data
We may share your Personal Data with third party recipients who are:
- selected individuals within Our Company, on a need-to-know basis;
- any service providers that may have access to your Personal Data in rendering Us with their support services, including IT and accounting service providers;
- any business partners to whom you may have requested that we transfer your Personal Data;
- third parties to whom disclosure may be required as a result of legal obligations imposed on Us;
Unless specifically instructed and consented by you, we do not share your Personal Data with any entity located outside of the EU or EEA.
Automated Decision-Making and Profiling
We’ll normally retain your Personal Data for the duration of our relationship with you as our customer.
Thereafter, your Personal Data shall be immediately and irrevocably destroyed, unless we have a statutory obligation imposed on Us, a business need to retain the Personal Data, and/or require the Personal Data to exercise or defend legal claims.
Any Personal Data which We may hold on the basis of your consent shall be retained exclusively until when you withdraw your consent.
For as long as We retain your Personal Data, you have certain rights in relation to your Personal Data including:
- Right of access – you have the right to ascertain the Personal Data We hold about you and to receive a copy of such Personal Data;
- Right to complain – you have the right to lodge a complaint regarding the processing of your Personal Data with the supervisory authority for data protection matters. In Malta this is the Information and Data Protection Commissioner (contact details provided below);
- Right to Erasure – in certain circumstances you may request that We delete the Personal Data that we hold about you;
- Right to Object – you have a right to object and request that We cease the processing of your Personal Data where We rely on Our, or a third party’s legitimate interest for processing your Personal Data;
- Right to Portability – you may request that We provide you with certain Personal Data which you have provided to Us in a structured, commonly used and machine-readable format (except where such personal data is provided to us in hand-written format, in which case such personal data will be provided to you, upon your request, in such hand-written form). Where technically feasible, you may also request that we transmit such Personal Data to a third party controller indicated by you;
- Right to Rectification – you have the right to update or correct any inaccurate Personal Data which We hold about you;
- Right to Restriction – you have the right to request that We stop using your Personal Data in certain circumstances, including if you believe that We are unlawfully processing your Personal Data or the Personal Data that We hold about you is inaccurate;
- Right to withdraw your consent – where Our processing is based on your consent. Withdrawal of your consent shall not affect the lawfulness of the processing based on your consent prior to the withdrawal of your consent; and,
- Right to be informed of the source – where the Personal Data We hold about you was not provided to Us directly by you, you may also have the right to be informed of the source from which your Personal Data originates.
Please note that your rights in relation to your Personal Data are not absolute and we may not be able to entertain such a request if we are prevented from doing so in term of an applicable law.
You may exercise the rights indicated in this section by contacting Us or Our Data Protection Officer at the details indicated above.
Keeping your data secure
We shall implement and maintain appropriate and sufficient technical and organisational security measures, taking into account the nature, scope, context and purposes of the processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, to protect your personal data against any unauthorised accidental or unlawful destruction or loss, damage, alteration, disclosure or access to personal data transmitted, stored or otherwise processed and shall be solely responsible to implement such measures.
We shall ensure that our staff who process your data are aware of such technical and organisational security measures and we shall ensure that such staff are bound by a duty to keep your personal data confidential.
The technical and organisational security measures in this clause shall mean the particular security measures intended to protect your personal data in accordance with any privacy and data protection laws.
If you have any complaints regarding Our processing of your Personal Data, please note that you may contact Us or Our Data Protection Officer on any of the details indicated above. You also have a right to lodge a complaint with the Office of the Information and data Protection Commissioner in Malta (www.idpc.gov.mt).
Where You Provide Us with Personal Data Related to Third Party Data Subjects
If you are a trader, a company, or other corporate entity, and you supply to Us Personal Data of third party Data Subjects such as your employees, affiliates, service providers, customers or any other individuals connected to your business, you shall be solely responsible to ensure that:
- you immediately bring this Privacy Notice to the attention of such Data Subjects and direct them to it;
- the collection, transfer, provision and any Processing of such Personal Data by You fully complies any applicable laws;
- as Data Controller You remain fully liable towards such Data Subjects and shall adhere to the Applicable Law;
- you collect any information notices, approval, consents or other requirements that may be required from such Data Subject before providing Us with their Personal Data;
- you remain responsible for making sure the information you give us is accurate and up to date, and you must tell us if anything changes as soon as possible.
You hereby fully indemnify Us and shall render Us completely harmless against all costs, damages or liability of whatsoever nature resulting from any claims or litigation (instituted or threatened) against Us as a result of your provision of said Personal Data to Us.
From time to time we would like to contact you about latest information, events, quality-related surveys, new products, services, as well as updates and offers related to new products and services. We would also like to inform you about other products and services supplied by any member of our Group, any associates, agents and by other carefully selected third parties, and for research purposes.
We may use the following methods to inform you about such offers by mail, telephone, or electronically.
You can change your mind at any time and may withdraw your consent to the processing of your personal data as outlined below at any time by email [email protected] by letter addressed to Main Street Complex, Antoine De Paule Square, Paola or by phone at 21227436.
A cookie consists of information sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
We may use both “session” cookies and “persistent” cookies on the website. We will use the session cookies to: keep track of you whilst you navigate the website. We will use the persistent cookies to enable our website to recognise you when you visit.
Session cookies will be deleted from your computer when you close your browser whilst persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.
Links to other Web Sites