Protecting your privacy is important to us at Salvo Grima Group and its subsidiaries. We are committed to protecting all Personal Data provided to SGG, whether by individuals with whom we do business, visitors to and users of our websites or otherwise. Personal Data is information which relates to an identified or identifiable individual person.
This Policy explains what Personal Data we collect, how we may use and manage it and the rights you have in relation to your Personal Data. Before you provide us with any Personal Data, we recommend that you read through this Policy in full and make sure that you agree with our privacy practices.
Note that our website may contain links to other websites operated by third parties and over which we have no control or responsibility. In this case, these third party websites are not subject to our Policy and we recommend that you check their separate privacy and security policies accordingly.
Whose Personal Data do we collect?
Salvo Grima Group collects Personal Data from individuals in the course of its business activities, including:
- Representatives of our suppliers, customers and business contacts;
- Consultants and contractors;
- Website users;
- Individuals who contact us by any means;
- Job applicants.
How we collect your Personal Data
We obtain Personal Data which you knowingly and voluntarily disclose to us, both in an online and offline context. We collect Personal Data when you:
- Visit our websites and / or complete one of our webforms
- Communicate with us in any way
- Complete surveys issued by us
- Visit our premises or meet our sales representatives and staff;
- Submit an order to us;
- Report issues to us.
What Personal Data we collect
Salvo Grima Group may collect a range of Personal Data from you in a business context, such as your name, gender, job title, nationality, photographic identification, email, home address or other contact details, details of your business and other interests, communications with you (including meeting notes) and financial and payment information.
When you use our website, we collect certain standard information that is sent by your browser to our websites. This includes technical information, such as your IIP address, browser type, operating system, language, time-zone setting, access times and any referring website addresses.
We do not process any Sensitive Personal Information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or medical conditions, genetic or biometric information, sexual orientation or criminal convictions unless such processing is necessary to comply with laws and regulations or where you consent for us to do so.
The purposes for which we process your Personal Data
We process your personal data for the following purposes:
- To provide you with information, products and services ordered by you
- To improve our products and services or events;
- To administer our websites and help improve our communications;
- To carry out website analytics;
- To manage our internal recruitment processes;
- To comply with applicable laws and regulations
- To carry out business-related processes, including negotiating, concluding and performing contracts, including licence agreements, administering payments made to us, managing accounts and records, supporting corporate social responsibility activities, legal, regulatory and internal investigations and debt administration.
When you apply for a job via our website or otherwise, we will collect additional more specific Personal Data about you, such as your qualifications, career history, third party references and interview notes. We may also ask you for further information, such as your interests and the jobs you are interested in. Note that any Personal Data you provide to Salvo Grima Group will be processed in line with the General Data Protection Regulation and will not be retained longer than six months from the date of submission, unless further processing is necessary to comply with laws and regulations or where you consent for us to do so.
Who we share your Personal Data with
Salvo Grima Group may share your Personal Data with people within the Group who have a ‘need to know’ that data for business or legal reasons, such as to carry out an administrative function such as processing an invoice or to direct a query you have submitted to the relevant subsidiary or team within SGG.
We may disclose your Personal Data to third parties, including the authorities, SGG advisors, suppliers of IT services and third parties engaged by SGG in order to provide the services requested by you; for the purposes of seeking legal or other professional advice; to respond to a legal request or to comply with a legal obligation.
We may disclose your Personal Data in the event that we sell, buy or merge any business or assets, including to the prospective seller or buyer of such business or assets.
We may share the Personal Data you submit to us with any entity within the Salvo Grima Group. All subsidiaries or associates of SGG are required to maintain the confidentiality of your data and are restricted from using it for any purpose other than the purposes set out in this Policy.
We may decide to allow users to share comments, postings, testimonials or other information. If you choose to submit such information to us, the information you submit may be available generally to the public. Information that you provide in these areas may be read, collected and used by others who access them.
Finally, we may share non-Personal Data with other third parties who are not described above. When we do so, we may aggregate or de-identify the information so that a third party would not be likely to link data to you, your computer or your device. Aggregation means that we combine the non-personal information of numerous individual people together so that the data does not relate to any one person. De-identify means that we attempt to remove or change certain pieces of information that might be used to link data to a particular individual person.
Transfers of Personal Data across borders
SGG operates across several EU and non-EU countries. Please note that any person to whom SGG may disclose your Personal Data under this policy may be situated in a country other than your own and that such country may provide a lower level of data protection requirements than your country. By agreeing to this policy, you consent to the transfer of your Personal Data to a country other than your own.
Whenever we transfer Personal Data across borders, we take legally-required steps to ensure that adequate safeguards are in place to protect your Personal Data and to make sure it is treated in line with this Policy. If you are located in the EU, you can request a copy of the safeguards which we have put in place by emailing our Data Protection Officer at firstname.lastname@example.org
SGG takes all reasonable technical and organisational security measures to protect Personal Data from accidental or unlawful destruction, accidental loss and unauthorised access, destruction, misuse, modification or disclosure. We do our best to protect your Personal Data but unfortunately, the transmission of information over the internet is not completely secure. We cannot guarantee the security of your Personal Data and any transmission of Personal Data to SGG is at your own risk.
Your Personal Data is not kept for longer than is necessary for the purposes for which it is collected. This means that data and records (including Personal Data) are destroyed or erased from our systems when no longer required. The amount of time that records are kept for varies depending on the type of Personal Data they retain.
Applicable data privacy laws give rights to individuals in respect of the personal Data that organisations hold about them. If you wish to:
- Request a copy of the Personal Data that we hold about you;
- Request that we rectify, delete or limit the processing of your Personal Data,
Please submit your written request to our Data Protection Officer via email@example.com. We ask that you always inform us of changes to your Personal Data so that we can keep it up to date.
If you decide that you do not wish to receive commercial communications from us, whether by email, telephone or post, please ‘opt out’ from receiving such communications by clicking on the ‘unsubscribe’ link at the bottom of each commercial email and updating your preferences or by contacting us at firstname.lastname@example.org
Questions and complaints
If you have a concern or complaint about this Policy or how SGG has used your Personal Data, please contact the SGG Group Data Protection Officer via email@example.com or in writing to:
Head of Corporate Affairs & Human Resources
Salvo Grima Group
Marina Milling Complex
Marsa Industrial Estate
Marsa, MRS 3000
If you are not satisfied with the handling of your concern or complaint by SGG, you can escalate this to your national Data Protection Authority.
Controller = a party that determines the purposes and means of data processing
Data Protection Authority: The relevant supervisory authority with responsibility for privacy or data protection matters in the jurisdiction of Salvo Grima Group and/or its subsidiary companies
European Economic Area (EEA): the EEA includes all EU members states and Iceland, Liechtenstein and Norway;
Personal Data: Information which relates to an identified or identifiable individual (ie. information about all SGG employees, contractors, applicants, employees of vendors and suppliers, contractors, customers and individuals who use our website). It includes names, addresses, email addresses, job applications, user account information and correspondence. Personal Data can also include web browsing information (eg. data associated with a particular cookie) and IP addresses when such information can be linked to an individual.
Processing: Means doing anything with Personal Data: this includes collecting it, storing it, accessing it, combining it with other data, sharing it with a third party or even deleting it.
Further information can be obtained from the website of the Office of the Information and Data Protection Commissioner, Malta: https://idpc.org.mt
Last updated on: 05.02.2019