At 1 st Step Solution Ltd we are committed to protecting and respecting your privacy.
This Privacy Notice (“Notice”) relates to the services provided by 1 st Step Solution Ltd (“us”, “we”, “our”), a limited liability company registered in the Republic of Malta, bearing company registration number C-28388 and having its registered office at Block 19, Office 18, Vincenti Buildings, Strait Street, Valletta, VLT 1432, Malta.
This Notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed. Please read the following carefully to understand you rights and our obligations in relation to the processing of your personal data.
Any changes we may make to our Privacy Notice in the future will be posted on this page. We continually review and update this Privacy Notice to reflect changes in our services as well as to comply with changes in Data Protection and Privacy Laws. We would, therefore, encourage you to review this Notice on a regular basis.
2. Who are we?
For legal purposes, 1 st Step Solutions Ltd is the Data Controller. We are responsible for deciding how to hold and use the personal information collected from you.
Our contact Details are as follows:
i. E-mail Address: email@example.com
ii. Telephone Number: +356 21224847
3. Who does this Privacy Notice apply to?
This Notice relates to the collection and use of the personal data of individuals. It does not apply to information we collect or use in relation to companies or other organizations.
It is intended that this Privacy Notice applies to the following data subjects:
- Visitors to, or users of, the website;
- Existing, potential and previous customers and those acting on their behalf.
4. How do we collect personal data?
We collect personal data when:
- You visit and make use of our website;
- You choose to engage us as your Service Provider to provide you with one or more of our various services (the “Services”) and complete our letter of engagement. By engaging us to provide you with our Services, you enter into a contractual relationship with 1 st Step Solutions Ltd;
- You fill in any of the online forms or questionnaires available on our website;
- You create an account on our website;
- When you communicate with us by post, phone, email or otherwise or during face-to-face meetings;
5. Applicable Laws
Since we are established in Malta, the privacy laws that we must abide by are the following:
- The Data Protection Act, Chapter 586 of the Laws of Malta;
- The General Data Protection Regulation (the “GDPR”), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC.
6. What personal data do we process?
We may collect and process the following data about you:
I. Identification and contact data
This would include your title, name, surname, date of birth, and contact details such as your email address, your home address and your mobile number.
II. Compliance Data
This would include, apart from the identification and contact data, your passport, identity card, proof of address such as a utility bill, reference letters from the bank, and financial status information such as source of wealth and bank statements and other related documentation.
III. Payment Information
This would include transaction records of payments made in connection with your customer account and details of your bank account or credit or debit card in order to process payments
IV. Website Tracking Information
This means details of transactions you carry out through our website and details of your visits to our website. We may automatically collect technical data about your equipment, browsing actions and patterns. We may collect this personal data by using cookies, server logs and other similar technologies. Further details are in the section entitled “Website and Cookies Privacy Notice”.
V. Publicly available sources
We may receive personal data about you from third parties and/or publicly available sources.
7. How we use your personal data
Irrespective of the manner in which we have collected your personal data, we will only process such data for the purposes of the provision of services to you and purposes which are inherently related thereto, including the fulfillment of any legal obligation imposed upon us.
8. We process your personal data on the following legal bases:
- Performance of a contract – in particular to provide you with the services you have requested from us.
- Our legitimate interests – legitimate interests which may arise directly or indirectly in relation to the services provided. When we process your personal data based on our or a third party’s legitimate interests, we ensure that the legitimate interests pursued are not overridden by your interests, rights and freedoms;
- Compliance with legal obligations imposed on us – in particular obligations imposed upon us with respect to anti-money laundering legislation and financial services legislation (this includes our obligations to regulators);
- Consent when you have provided your explicit consent to specific processing of your personal data; and
- When it is necessary to manage our relationship with you or your company, including for billing and debt collection purposes;
- To keep you with news and events organised by 1 st Step Solution Ltd where it is in our legitimate interests to do so;
- When you visit our offices, for the purposes of securing access to our offices.
- Your personal data might also be processed by us on the basis of your explicit consent.
- In such a case, we will process your personal data for the purposes for which your explicit consent was requested.
We will ensure that we have additional grounds for processing your personal data if processing of special categories becomes envisaged. Note that special categories of personal data include data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic, biometric or health data, sexual orientation and data related criminal convictions and offenses.
9. Who will see your data?
The recipients of your personal data may be any of the following:
- Our employees or selected individuals within 1 st Step Solution Ltd, on a need-to-know basis or as a result of their duties within 1 st Step Solution Ltd;
- Any service providers that may have access to your personal data in rendering us with their support services, including IT and/or auditing service providers;
- Authorized processors who process your data on behalf of 1 st Step Solution Ltd for the purposes indicated;
- Third parties to whom disclosure may be required as a result of legal obligations imposed upon us.
In accordance with the GDPR, we shall retain your personal data for as long as necessary to fulfil the purposes for which we collected it and may retain it thereafter for the purpose of abiding by any legal, auditing, tax and/or other regulatory obligations to which we may be subject.
Our retention of your personal data shall however not exceed the period of ten (10) years from when you cease to be our client and your file is closed, in order to comply with various reporting and/or anti-money laundering obligations. Thereafter, your personal data shall be immediately and irrevocably destroyed.
There may be circumstances where 1 st Step Solution Ltd has a legitimate interest to retain your data for longer periods. This includes circumstances where your data and file is required for existing/ongoing legal proceedings.
11. Data security
At 1 st Step Solution Ltd we are committed to keeping your data secure and we shall adopt appropriate technical and organizational measures to protect against any unauthorized or unlawful processing, including accidental loss, destruction, storage or access.
If a personal data breach occurs, we will inform affected data subjects of the occurrence of the breach in accordance with the law.
12. Your Rights under the GDPR
You have certain rights in relation to your personal data including:
- Right of access: you have the right to request us to inform you of all the personal data we hold about you and to receive a copy of such personal data;
- Right to Erasure: in certain instances, you may request that we delete the personal data being held by us An example would be where we are relying on your consent as the lawful basis to process your personal data and you decide to withdraw this consent;
- Right to Object: you have a right to object and request that we cease the processing of your personal data where we rely on our, or a third party’s, legitimate interests for processing your personal data or a task carried out in the public interest;
- Right to Portability – you may request that we provide you with certain personal data which you have provided to us in a structured, commonly used and machine-readable format. Where technically feasible, you may also request that we transmit such personal data to a third party controller indicated by you;
- Right to Restriction – you have the right to request that we stop using your personal data in certain circumstances including if you believe that we are unlawfully processing your personal data or the personal data that We hold about you is inaccurate;
- Right to Rectification – you have the right to update or correct any inaccurate personal data which we hold about you;
- Right to withdraw your consent – where our processing is based on your consent, you have the right to withdraw your consent. Withdrawal of your consent shall not affect the lawfulness of the processing based on your consent prior to the withdrawal of your consent;
- Right to be informed of the source – where the personal data we hold about you was not provided to us directly by you, you may also have the right to be informed of the source from which your personal data originates;
- Without prejudice to any available remedy at law, including the right to lodge a complaint with the relevant supervisory authority, you also have the right to an effective judicial remedy where you consider that your rights under the GDPR have been violated as a result of the processing of your personal data in contravention of the GDPR.
13. Subject Access Requests
Individuals can make a formal written request for information we hold about them by sending an e-mail with the subject ‘Data Subject Access Request’ on firstname.lastname@example.org.
You can also contact us simply if you wish to discuss our handling of your personal data.