Last updated on 08 February 2022.
My Golden Visa is an international group of companies that provides residence and citizenship planning services to clients.
This Policy outlines the manner in which My Golden Visa handles the information and personal data which You have provided to Us and which enables Us to be able to effectively manage the relationship which You have with Us.
Set out the type of personal data My Golden Visa will collect from you and how We will use your personal information
Set out the basis on which any personal data is processed by My Golden Visa
Make you aware of how My Golden Visa will handle your personal data
Clarify My Golden Visa obligations under the data protection regulations with regard to processing your personal data lawfully and responsibly
Inform you of your data protection rights
2. The legal basis by which We process your personal data
The Maltese Data Protection Act (hereafter referred to as the “DPA” — Chapter 586 of the Laws of Malta) as well as any other subsidiary legislation issued under the DPA as may be amended from time to time;
Regulation (EU) 2016/679 of The European Parliament And of The Council of 27 April 2016 On The Protection of Natural Persons With Regard to The Processing of Personal Data And On The Free Movement of Such Data, And Repealing Directive 95/46/EC (General Data Protection Regulation — hereafter referred to as “the Regulation” or “GDPR”).
We will comply with local data protection laws in the jurisdictions We operate in.
We are also the data controller of any personal data which We collect or receive and which We process in connection with the Services and/or the Website. Our associated corporate entities may be data controllers of your personal data in their own right, whether jointly or as entirely separate data controllers.
4. The personal data We collect from you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We have structured Our Website so that you can visit Us on the internet without identifying yourself or revealing any personal information. Once you choose to provide Us with personal information, We will protect such information and use it only in the ways described below.
We will collect and process the following personal data about you:
a) Identity Data including first name, maiden name, last name, title, identity document number, gender, nationality, employment status, organisation, occupation, e-mail address, and phone number.
To the extent you engage Our services or where you might apply for a job opportunity, you may be required to provide further information. Where you are a business user, We may also require further information before We enter into a commercial relationship with you.
We may also require you to provide Us with information that might be needed to establish and serve as proof of your identification, such as copies of your passport or national ID card. Where you are a job applicant, you will be required to provide a copy of your up-to-date CV.
Where We are required to collect personal data by law, or under the terms of a contract We have with you and you fail to provide that data when requested, We may not be able to perform the services as agreed or We may not be able to enter into a contract with you, but We will notify you if this is the case at the time. We may have to terminate that contract with you as a result.
b) Contact Data includes billing address, mailing address, email address and contact numbers.
c) Compliance Data (AML and KYC) includes the following due diligence information and documentation relating to Our clients, or their respective UBO, shareholders, founders, beneficiaries, directors, where the client is a legal person: copy of identity document, ‘KYC’ (database) checks and any other documentation which may be mandated from time to time by the Prevention of Money Laundering Act (Chapter 373 of the Laws of Malta) (“PMLA”), the Prevention of Money Laundering and Funding of Terrorism Regulations (“PMLFTR”), the Financial Intelligence Analysis Unit (“FIAU”) and/or any other competent authority or related legislation.
d) Assistance Data includes the following information about Our clients:
the client’s situation, plans, interests and targets or objectives;
the Services requested by, and provided to, the client.
e) Financial Data includes the bank account details of the client together with details about any payment methods used by the client to settle Our invoices and, as may be necessary under the particular circumstances, the financial status and creditworthiness of the client.
f) Transaction Data includes details about invoices issued to the client (including date of settlement and means of settlement), payments made to and from the client and any outstanding invoices due by the client.
g) Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, as well as other information regarding your experience on Our Website such as page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
Location information: We may receive information about your location and may determine your location through your IP address and, when accessing the Website through a mobile device, by using the data that We collect from that device. This includes information about the wireless networks or cell towers near your mobile device at the time of access.
h) Marketing and Communications Data includes your preferences in receiving marketing from Us and Our third parties or associated entities and your communication preferences. This may include information whether you have subscribed or unsubscribed from any of Our mailing lists, attended any of Our events or accepted any of Our invitations.
We will also collect, use and process any other personal information that you voluntarily choose to provide or disclose to Us where relevant and necessary in order to provide the Services that you have requested from us.
5. How is your personal data collected
Such information may be provided by you in the following circumstances:
Filling in an enquiry form on the Website,
Corresponding with Us by post, phone, e-mail, or otherwise when you apply for Our services,
Subscribing to Our services or publications,
Requesting marketing to be sent to you,
Giving Us some feedback,
Starting negotiations for or entering into a contract to supply goods and/or services to us.
Whenever you visit Our Website, We will automatically collect Technical data.
We may receive personal data about you from various third parties and publicly available sources (Google Analytics advertising features, including Google Analytics, Google AdWords, Facebook Pixel’s, Google Tag Manager, LinkedIn, and other ad hoc paid media partnerships).
Identity, contact, and background data from publicly available sources, compliance databases, and/or compliance and due diligence service providers within and outside the EU so We can confirm that you are a suitable client of or supplier to us.
6. How We use your personal data
We shall use this information:
To facilitate the provision of the services that you request and where We need to perform the contract We are about to enter into or have entered into with you,
Where it is necessary for Our legitimate interests (or those of a third party), and where your interests and fundamental rights do not override those interests,
Where We need to comply with a legal or regulatory obligation,
To resolve any issues that you have reported and to provide support-related services,
To manage the supplier relationship you have with us,
To administer Our Website and for internal operations, including troubleshooting, and in order to keep Our Website safe and secure,
To improve Our Website to ensure that content is presented most effectively for you,
To ensure that content displayed on the Website is presented in a user-friendly manner.
7. Legal Basis for processing
We may also process your personal data based on any legitimate interest or in order to comply with any legal obligations. These interests and obligations may include the exercise or defense of legal claims or in order to comply with an order of any court, tribunal, or authority, or disclosure to a government or regulatory entity.
Generally, We do not rely on consent as a legal basis for processing your personal data. However, where your consent is required, We will provide you with a form requesting explicit consent to do so.
You will receive marketing communication if you have requested such information from Us by providing Us with your details through this Website and have consented and opted-in to receiving such information. Where We have entered a business relationship (namely a contract) with you, We may inform you about Our activities, offers, or other information that We believe would be useful to you in accordance with Our legitimate interest.
We will not share your personal data with any third party for marketing purposes without your explicit consent.
You have the right to withdraw consent or to object to receiving marketing information at any time by contacting [email protected] or clicking the unsubscribe button. Once you have withdrawn your consent or object to any one of the purposes listed herein, We will stop sending you any marketing communications. If you choose not to consent or to object to any one of the purposes listed herein or withdraw your consent at any time, We will still be able to provide Our services; however, We would not be able to provide you with the full range of services that We offer, and it may affect the efficiency with which We provide the services you request.
9. Disclosure of your personal data
We may disclose your personal data to any of Our international offices or the companies that form part of My Golden Visa that may act as joint data controllers or data processors to the company. These offices or companies will be the data controller for your data when you obtain Our services and/or they may provide administration, controls, and reporting services. All My Golden Visa companies respect and protect the security of your personal data in accordance with the applicable law (including the GDPR) and apply the security measures and safeguards.
We may need to share personal data with government agencies and authorities in the country where you seek to obtain residence or citizenship. We shall only provide the necessary information in order to perform services under Our contract with you.
We may be required to share your data with local agents or other service suppliers (in their capacity as data processors), which is necessary for Us to provide the services you request. These local agents and suppliers store and process your data based on strict confidentiality and subject to the appropriate security measures and safeguards.
We may also share your data with other third parties in their capacity as data controllers such as legal, tax, real estate, immigration or other advisors and consultants, (international) banks for payment details, or third parties providing other or additional services or goods to you such as real estate agencies, owners, or developers who you might wish to engage with under separate terms and conditions between you and such third parties. These third parties will process your data in their own right as data controllers and their data protection policies and processes shall become applicable.
10. Transfers of data to third countries
Where We share your personal data with internal or external third parties, this may involve transferring your data outside the EEA. We will transfer your personal data in accordance with standard contractual clauses to ensure that your personal data is protected and transferred securely in compliance with applicable law, including the GDPR.
11. Third party access to your personal data
We work closely with third parties to provide you with the services you request on Our Website. These third parties include cloud storage providers, analytics providers, and search engine information providers. We will only work with third-party providers that comply with applicable laws in the jurisdictions in which We operate and that abide by the GDPR to adequately protect and safeguard your personal data.
12. Data security
We will ensure that appropriate security measures are taken against unlawful or unauthorized processing of personal data, and against the accidental loss of or damage to personal data. In addition, We limit access to your personal data to those employees, agents, contractors and other professional third parties who strictly need to know this information. They will only process your personal data on Our instructions and they are subject to a duty of confidentiality. All Our employees and agents have received appropriate training on data protection.
The transfer of information between Our Website and your device is protected with transport layer security (TLS) certificates. When the Website is accessed using compatible browsers, that technology protects personal information using both server authentication and data encryption to ensure that personal information is safe and secure while in transit.
All personal data is stored in a secure server environment that uses a firewall and other advanced technology to protect against interference or unauthorized access. Use ames and passwords are issued to persons authorized to access the personal data, such as Our employees, who are bound by confidentiality not to disclose any personal data.
No method of transmission of data is 100% secure, and absolute security cannot be guaranteed.
13. Data retention
We shall only store your data as long as is strictly necessary for the purposes for which it was collected (that is, to provide you with Our services or to satisfy any legal, accounting, or reporting requirements).
We will only retain your personal data for as long as necessary to fulfil the purposes for which We collected it (the provision of the Services and the ongoing performance of Our professional relationship with you) and, thereafter, for the purpose of satisfying any legal, accounting, tax, anti-money laundering and regulatory reporting requirements or obligations to which We may be subject and/or to the extent that We may also need to retain your personal data to be able to assert, exercise or defend possible future legal claims against or otherwise involving you.
By and large, Our retention of your personal data shall not exceed the period of six (6) years from the termination of your engagement with My Golden Visa. This retention period enables Us to make use of your personal data for potential AML reporting obligations to the FIAU (a legal obligation) and/or for the assertion, filing or defence of possible legal claims by or against you.
14. Data minimization
Whenever and to the extent possible, We anonymize the data that We hold about you when it is no longer necessary to identify you from that data.
15. Your rights as a data subject
You are entitled to exercise the following rights under the GDPR:
1. The right to access information
You have the right to request information as to whether or not your personal data is being processed by My Golden Visa as well as information as to how and why it is processed by sending an e-mail to [email protected]. You shall receive one electronic copy of the information free of charge via e-mail. We may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive, in which case We may also refuse to comply with your request in these circumstances.
2. The right to object
You may contact Us at any time by emailing [email protected] to ask Us not to process your personal data, if Our legal grounds for processing is that it is necessary for a legitimate interest pursued by Us or a third party or for marketing purposes (for example, receiving information from Us about upcoming events, newsletters, and publications). In the case of your written objection, your data will no longer be processed for such purposes.
3. The right to correction
You have the right to obtain correction of any inaccurate personal data about you that We have processed, update any data that is out-of-date, and complete any incomplete personal data including by means of a supplementary statement.
4. The right to erasure
You have the right to obtain the erasure of personal data We have concerning you when it is no longer required, for cases where:
You withdraw your consent to Us processing your personal data on which the processing is originally based or where no other legal grounds for processing exists,
Your personal data is no longer necessary in relation to the purpose for which it was originally collected,
You object to the processing and there are no overriding legitimate grounds for the processing for marketing communication,
Your personal data has been unlawfully processed,
Your personal data must be erased to comply with a legal obligation to which We are subject.
Note, however, that We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. These may include instances where the retention of your personal data is necessary to comply with a legal or regulatory obligation to which We are subject; or establish, exercise or defend a legal claim.
5. The right to restriction of processing
You have the right to restrict Our processing activities where:
You contest the accuracy of this personal data, for a period enabling My Golden Visa to verify the accuracy of the same personal data,
Our processing is deemed unlawful, and you oppose the erasure of your personal data and request restriction of its use instead,
You have objected to Our processing pending the verification of whether the legitimate grounds of Our processing activities overrode those pertaining to you.
6. The right to data portability
We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
7. Right to withdraw consent
16. Law applicable to disputes
18. How to contact us