Casamont is a real estate agency based in Malta. It promotes real estate to clients all over the world through its localized web platform (“Casamont”). Details about Casamont can be found here www.casamont.com. Casamont is part of the Henley & Partners Group, details of which can be found here www.henleyglobal.com.
This Policy is issued on behalf of Casamont so when we mention “Casamont”, “we”, “us”, “our” in this Policy, we are referring to the relevant entity in Casamont responsible for processing your data. We will let you know which entity will be the data controller for your data when you obtain any of our services.
Casamont is the Data Controller and responsible for this Website.
Our full details are:
Casamont Malta Ltd
Level 4, Aragon House,
St. Julian’s STJ 3140
Phone: + 356 2137 0088
Data Protection Officer
We have appointed a Casamont Data Protection Officer (the “DPO”) who can be contacted using the details set out below:
Group Data Protection Officer
Henley & Partners Middle East DMCC
Reef Tower, Suite 1301
P.O. Box 213757
Email: [email protected]
You can address any comments, queries or complaints regarding your rights or duties to this email address with words ‘Data Protection Matter’ in the subject line.
We have structured our Website so that you can visit us on the Internet without identifying yourself or revealing any personal information.
Once you choose to provideus with personal information, we will protect such information and use it only in the ways as described below.
Purpose of this Policy
We are committed to respecting and protecting your privacy at all times. Casamont will not sell, rent, transfer, or otherwise make available to others any information about any person visiting our Website except as expressly providedfor in this Policy.
The purpose of this Policy is to:
- set out the type of personal data Casamont will collect from you and how we will use your personal information – in particular see section A “Personal Data we collect form you”;
- the basis on which any personal data is processed by Casamont– see sections B “How we use your information” and C “Legal basis for processing” ;
- make you aware of how Casamontwill handle your personal data;
- clarify Casamont obligations under the data protection regulations with regards to processing your personal data lawfully and responsibly; and
- inform you of your data protection rights – see section K “Your rights as a data subject”.
We process your personal data in an appropriate and lawful manner, in accordance with applicable data protection regulations and the General Data Protection Regulation EU 2016/679 (the “GDPR”) which is in force as of 25 May 2018.
We will comply with local data protection laws in jurisdictions we operate in and to do so the personal information we hold about you must be:
- used by us lawfully, fairly and in a transparent way;
- collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
- relevant to the purposes we have told you about and limited only to those purposes;
- accurate and kept up to date;
- kept only as long as necessary for the purposes we have told you about; and
- kept securely.
This Policy was last updated in May 2018.
A. PERSONAL DATA WE COLLECT FROM YOU
By means of this Website, you may contact our representatives and obtain information relating to renting/leasing and/or buying/selling real estate properties in Malta and Cyprus and start the process of obtaining any of the services in which you may be interested. You may also contact us if you wish us to provide you with further information to support your press/media work. You may also contact us for general enquiries or if you are planning to be a supplier to us.
We will collect and process the following personal data about you:
1. Information You Give Us
These are personal details and include your first name, last name, email address and phone number. They will also include information on which services you are interested in or details about your enquiry.The information you give us may also include data about any marketing preference.
Such information may be provided by you in the following circumstances: (i) by filling in an enquiry form on the Website; (ii) by corresponding with us by post, phone email or otherwise when you apply for our services; (iii) subscribe to our services or publications; (iv) request marketing to be sent to you; (v) give us some feedback or (vi) to start negotiations for or entering into a contract to supply services to us.
To the extent you engage our services you may be required to provide further information. Where you are a business user, we may also require further information before we enter into a commercial relationship with you.
Such further information may include payment details such as banking information, VAT number in order for us to process payments in relation to our services. We may also require you to provide us with information that might be needed to establish and serve as proof of your identification such as copies of your passport or national ID.
Where we are collecting or processing further information we will provide you with separate Privacy Notices which further describe how and why we are using your personal data.
Where we are required to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the services as agreed or we may not be able to enter into a contract with you but we will notify you if this is the case at the time. We may have to terminate that contract with you as a result.
2. Information We Collect About You From Our Website
Whenever you visit our Website we will automatically collect the following:
a. Technical information: including the IP address used to connect your computer to the Internet, your login information, browser type and version, the full Uniform Resource Locators (URL), clickstream to, through and from our Website (including date and time) as well as other information regarding your experience on our Website such as page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.
b. Location Information: We may receive information about your location. We may determine your location through your IP address and, when accessing the Website through a mobile device, by using the data that we collect from this device. This includes information about the wireless networks or cell towers near your mobile device at the time of access.
3. Information we receive from other sources
We may receive personal data about you from various third parties and publicly available sources as set out below:
a. Technical Data from Google Analytics Advertising Features, including Google AdWords, Facebook Pixel’s, Google Tag Manager, Amiando, Microsoft Dynamics, LinkedIn, Gmail and other Adhoc paid media partnerships.
b. Identity, Contact and Background Data from publicly available sources, compliance databases and/or compliance and due diligence service providers within and outside the EU so we can confirm you are a suitable client of or supplier to us.
B. HOW WE USE YOUR INFORMATION
1. Information you give to us
We shall use this information:
a. to facilitate the provision of services which you request and where we need to perform the contract we are about to enter into or have entered into with you;
b. where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
c. where we need to comply with a legal or regulatory obligation;
d. to resolve any issues which you have reported and provide support related services; or
e. manage the supplier relationship you have with us.
2. Information we collect about you from our Website.
We shall use this information:
a. to administer our Website and for internal operations, including troubleshooting and in order to keep our Website safe and secure;
b. to improve our Website to ensure that content is presented in the most effective manner for you; and
c. to ensure that content displayed on the Website is presented in a user-friendly manner.-
3. Information we receive from other sources-
We will combine information we receive from other sources with information you provide to us and information which we collect from you. We will use your information only for purposes as described in the paragraphs above.
C. LEGAL BASIS FOR PROCESSING
We shall only process your personal data insofar as this is necessary for us to be able to provide the services we offer and/or for the purposes indicated in this Policy.
We may also process your personal data on the basis of any legitimate interest or in order to comply with any legal obligations at law. This may include the exercise or defense of legal claims or in order to comply with an order of any court, tribunal or authority or disclosure to a government or regulatory entity.
Generally we do not rely on consent as a legal basis for processing your personal data. However, where your consent is required we will provide you with a consent form requesting explicit consent to do so.
You will receive marketing communication if you have requested such marketing information from us by providing us with your details through this Website and have consented and opted-in to receiving such information. Where we have entered into a contract or other business relationship with you we may further inform you about our activities, offers or other information which we believe would be useful to you in accordance with our legitimate interest.
We will not share your personal data with any third party for marketing purposes without your explicit consent.
You have the right to withdraw consent or to object to receive marketing information at any time by contacting [email protected] If you choose not to consent or to object to any one of the purposes listed herein or withdraw your consent at any time, we will still be able to provide our services, however, we would not be able to provide you with the full range of services which we offer and it may affect the efficiency with which we provide the services you request.
E. DISCLOSURE OF YOUR INFORMATION
We may disclose your personal data to any of our international offices/companies forming part of Henley & Partners Group who may act as joint data controllers or data processors to Casamont which will be the data controller for your data when you obtain our services and/or may provide administration, controls and reporting services. For a full list of the Henley & Partners Group companies who may receive this information, please click here. All Casamont and Henley & Partners companies respect and protect the security of your personal data in accordance with the applicable law (including the GDPR) and apply the security measures and safeguards as described below.
We may require to share your data with service providersin their capacity as data processors, which is necessary for us to provide the services you request, who will store and process your data on the basis of strict confidentiality and subject to the appropriate security measures and safeguards in place as described below.
We may share your data with other third parties in their capacity as data controllers such as notaries, auditors and other advisors and service providers or third parties providing services or goods to you such as real estate agencies/owners/developers who you might wish to engage with under separate terms and conditions between you and such third parties. These third parties will be processing your data in their own right as data controllers and their data protection policies and processes shall be become applicable.
F. TRANSFERS OF DATA TO THIRD COUNTRIES
Where we share your personal data with internal or external third parties, this may involve transferring your data outside the EEA. We will transfer your personal data in accordance with standard contractual clauses (European Commission: Model contracts for the transfer of personal data to third countries) to ensure your personal data is protected and transferred securely in compliance with applicable law, including the GDPR.
G. THIRD PARTY ACCESS TO YOUR PERSONAL DATA
We work closely with third parties in order to provide you the services you request on our Website. These third parties include cloud storage providers, analytics providers and search engine information providers. We will only work with third party providers that comply with applicable laws in the jurisdictions which we operate and abide by the GDPR and, if applicable, agree to be bound by the standard contractual clauses to adequately protect and safeguard your personal data.
H. DATA SECURITY
We will ensure that appropriate security measures are taken against unlawful or unauthorized processing of personal data, and against the accidental loss of, or damage to, personal data.
The transfer of information between our Website and your device is protected with TLS (Transport Layer Security) certificates. When the Website is accessed using compatible browsers, that technology protects personal information using both server authentication and data encryption to ensure that personal information is safe and secure while in transit. The mainstream browser versions compatible with that technology are the Internet Explorer from version 11, the Mozilla Firefox from version 27, the Google Chrome from version 32 and the Apple Safari from version 7.
All personal data is stored in a secure server environment that uses a firewall and other advanced technology to protect against interference or unauthorized access. Servers are located in Malta and in Switzerland. Usernames and passwords are issued to persons authorized to access the personal data, such as our employees, who are bound by confidentiality not to disclose any personal data.
No method of transmission of data is one hundred percent (100%) secure and absolute security cannot be guaranteed.
I. DATA STORAGE
We shall only store your data as long as is strictly necessary for the purposes for which it was collected i.e. to provide you our services or for the purposes of satisfying any legal, accounting or reporting requirements. In any case, retention of data shall not exceed 10 years from the date of termination or completion of the services. This period of retention enables us to use the data for defending potential legal claims, taking into account the applicable limitation periods under relevant laws, as well as, if applicable, to comply with Anti-Money Laundering/KYC laws and regulations, Anti-Bribery/Corruption Laws and regulations, accounting and tax laws, applicable to certain jurisdictions which we operate in.
J. DATA MINIMIZATION
Whenever and to the extent possible, we anonymize the data which we hold about you when it is no longer necessary to identify you from the data which we hold about you.
K. YOUR RIGHTS AS A DATA SUBJECT
You are entitled to exercise the following rights under the GDPR:
a. Right to Access Information
You have the right to request information as to whether or not your personal data is being processed by Casamont as well as information as to how and why it is processed. You may send an email to [email protected] requesting information as to the personal data which is undergoing processing. You shall receive one (1) electronic copy free of charge via email. We may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive in which case we may also refuse to comply with your request in these circumstances.
b. Right to object
You may contact us at any time at [email protected] to ask us not to process your personal data for marketing purposes e.g. receiving information from us about upcoming events, newsletters and publications and your data will no longer be processed for such purposes.
c. Right to correction
You have the right to obtain correction of any inaccurate personal data about you that we have processed, update any data which is out-of-date and the right to have incomplete personal data completed, including by means of a supplementary statement.
d. Right to erasure
You have the right to obtain the erasure of personal data we have concerning you when your personal data is no longer required where:
- you withdraw your consent to us processing your personal data;
- your personal data no longer needs to be processed; or
- your personal data has been unlawfully processed.
e. Right to Restriction of Processing
You have the right to restrict our processing activities where:
- you contest the accuracy of this personal data, for a period enabling Henley & Partners to verify the accuracy of the same personal data;
- our processing is deemed unlawful, and you oppose the erasure of your personal data and request restriction of its use instead;
- we no longer need your personal data for the purposes stated in this Policy, but you require it for the establishment, exercising or defending of legal claims; or
- you have objected to our processing pending the verification whether the legitimate grounds of our processing activities overrode those pertaining to you.
f. Right of Data Portability
As from 25 May 2018, you shall have the right to receive your personal data in a structured and machine-readable format and transmit this data to another Date Controller (as defined in the GDPR).
L. RIGHT TO WITHDRAW CONSENT
Where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose e.g. marketing, you have the right to withdraw your consent for that specific processing at any time or you may withdraw your consent to this Policy. To withdraw your consent, please contact [email protected] This will not affect the lawfulness of processing which we carried out on the basis of such consent before its withdrawal. Once we have received notification that you have withdrawn your consent, we will no longer process your information for that purpose unless we have another legitimate basis for doing so in law. Withdrawal of consent to this Policy will result in us having to terminate our services immediately.
M. QUALITY OF WEBSITE AND OVERALL EXPERIENCE
So as to improve the quality and overall user experience of the Website as well as facilitate event bookings and client event registrations, we are using Google Analytics Advertising Features, including Amiando and Microsoft Dynamics.
If you would like to opt-out of Google Analytics for display advertising, you may do so by using the Ads Preference Manager.
In addition, there is also a Google Analytics Opt-Out browser add-on that you can download at https://tools.google.com/dlpage/gaoptout.
You may withdraw your consent given for any of the purposes listed above at any time. This does not affect the lawfulness of your personal data for these purposes prior to your withdrawal. You may send us an email at [email protected] indicating your withdrawal of consent and specify which processing activities such withdrawal relates to.
We welcome any comments, complaints and queries in relation to data protection. As indicated above you may contact our Data Protection Officer at [email protected] and we shall try our best to deal with any issue or concern you may have.
If we fail to address your concerns you have the right to lodge a complaint with the Information and Data Protection Commissioner (“IDPC”) at www.dataprotection.gov.mt as the relevant national supervisory authority on all data protection matters.
Any changes we make to this Policy in the future will be posted on this page, and where appropriate, notified to you via email.
If you have any questions regarding thisPolicy,or if you would like to send us your comments, please contact us today or alternatively write to us using the details below:
Casamont Malta Ltd
Level 4, Aragon House,
St. Julian’s STJ 3140
Phone: + 356 21 370 088
Please check back frequently to see any updates or changes to this Policy.