Regulation (EU) 2016/679 better known as the European General Data Protection Regulation (GDPR) entered into force on 25 May 2018. The GDPR is a new EU privacy law intended to give you, as a data subject, more control about your personal data, as well as greater security and transparency about how your data is used.
This Privacy Notice explains how we, Cherubino Ltd, will use and store the information you disclose to us as a client.
In this policy, "the company", "we", "us" and "our" refers to Cherubino Ltd.
Who we are
Cherubino Ltd (working name: Cherubino) is a limited liability company registered in 1977 under Maltese law bearing registration number C3677 and operating at "Delf Building", Sliema Road, Gzira, Malta.
What is personal data?
What information do we collect?
Cherubino processes personal data pertaining to its clients mainly to be able to perform its contractual obligations. In other cases, Cherubino processes such data because it has a legitimate interest to do so within the context of the contractual relationship with the client. By "processing" we mean a set of activities that is carried out in relation to your data such as the collection, recording, storage, use and erasure of such data which includes:
How do we collect your personal data?
We may collect your personal data in one or more of the following ways:
Where do we keep your data?
Your personal data is stored in a range of different places including:
Why do we need your data and what is the legal basis for its processing?
Cherubino needs to process your personal data for one or more of the following purposes:
The legal basis for the processing of such data is one or more of the following:
As our client we automatically put your email address in our mailing list. We use this information for a number of reasons: to give you information about anything you've asked us to tell you about; to contact you if we need to obtain or provide additional information including information which we think may be relevant to a subject in which you have previously demonstrated an interest; to check our records are right and to check every now and then that you're happy and satisfied. We don't rent or trade email lists with other organisations and businesses. We also invite you separately to give us your consent to use your information for direct marketing purposes. In all cases you may unsubscribe at any point using the unsubscribe link on any of our emails.
How do we keep your personal information secure?
Cherubino takes the security of your data extremely seriously. The company has internal policies and controls in place to try to prevent your data from being lost, accidentally destroyed, misused or disclosed.
Where we engage third parties to process personal data on our behalf, such third parties do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data. Such third parties would also be bound to us by virtue of a written contract.
We do not, however, have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information. We accept no liability in respect of breaches that occur beyond our sphere of control.
Who has access to your data and will the data be shared with third parties?
Your personal data is not accessed except by employees in the performance of their duties and IT staff if access to the data is necessary for performance of their roles.
We may share your data with third parties in order to obtain credit background checks from certified bodies or to disclose certain details to such bodies in case of late payment of bills.
In line with the GDPR, our company will only transfer your personal data to a country outside the European Union or the European Economic Area when the European Commission has decided that such country ensures an adequate level of protection or else if otherwise compelled by law
Cherubino Ltd is the controlling undertaking within a group of companies identified as "The Cherubino Group of Companies" hereinafter in this part referred to as "the Group". The Group consists of the following companies: Cherubino Ltd, Labomed Ltd, Harley Distributers Ltd and Bay Media Ltd.
Cherubino Ltd controls the processing of personal data in all the undertakings within the Group including the processing of clients' personal data, strictly for internal administrative purposes. Therefore should you be a client of any of the companies within the Group except Cherubino Ltd, Cherubino Ltd shall be processing your personal data in the same manner and using the same diligence as if you were its own client.
How long will the information be stored for?
We will hold your personal data for a period of ten (10) years following the termination of our business relationship, unless we are compelled to retain such data in exceptional circumstances such as to defend or pursue legal claims.
Upon the expiry of the retention period your personal data will be deleted permanently from our system, cloud and IT systems and any documents containing such data will be shredded in-house and safely destroyed in line with established industrial standards.
What are your rights in relation to your personal data that is in our possession?
Under the GDPR, you have a number of rights that we'd like to make you aware of:
You may access and obtain a copy of your data on request which data will be given to you in a structured, commonly used and machine-readable format;
You may require us to change or amend incorrect or incomplete data;
You may require us to delete or stop processing your data in certain specific circumstances. These are: (i) when you wish to contest the accuracy of your personal data, in which case processing will be restricted for a period enabling us to verify the accuracy of your data, (ii) when processing is unlawful and you oppose the erasure of such data but instead requests us to restrict its use instead, (iv) when we no longer need the personal data for the purposes of the processing but you require such data for the establishment, exercise or defence of legal claims, (v) when you object to processing pending the verification whether the company's legitimate grounds override those pertaining to you (i.e. where we rely on our legitimate interests as the legal ground for processing)
When processing is restricted as aforestated, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
You shall have the right to request us to erase your personal data and we shall have the obligation to erase such data without undue delay when: (i) personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (ii) we rely on our legitimate interests as the legal ground for processing and following your objection to such processing it is established that there are no overriding legitimate grounds for the company to process your data, (iii) personal data has been processed unlawfully, (iv) personal data has to be erased for compliance with a legal obligation under EU or Maltese law to which we are subject. Provided in all cases that we may object to your request to erase your personal data in order to comply with a legal obligation which requires processing by EU or Maltese law to which we are subject, or in order to establish, exercise or defend legal claims.
Where the legal basis for our processing of your personal information is your prior consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
It is important to note that where we rely solely on your consent to be able to process your personal data, withdrawing such consent might hinder Cherubino's ability to administer some of the rights and obligations arising as a result of the contractual/business/sale/ any other relationship efficiently.
If you would like to exercise any of your rights, you are urged to contact us at our official address or on our email address firstname.lastname@example.org or phone +356 21343270 and ask to speak to one of our Directors.
If you believe that we have not complied with your data protection rights, you may file a complaint to the Office of the Information and Data Protection Commissioner (address: Floor 2, Airways House, Triq Il-Kbira, Sliema, Malta, phone: +356 2328 7100, website: https://idpc.org.mt/en/Pages/contact/complaints.aspx ).