DEFINITIONS
Anonymization: Irreversibly de-identifying personal data such that the person cannot be identified by using reasonable time, cost, and technology either by the controller or by any other person to identify that individual. The personal data processing principles do not apply to anonymized data as it is no longer personal data. |
Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to SMS Group Ltd. |
Cookies are small files that are placed on your computer, mobile device or any other device by a website, containing the details of your browsing history on that website among its many uses. |
Country refers to: Malta |
Cross-border processing of personal data: Processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the European Union where the controller or processor is established in more than one Member State; or processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State; |
Data Controller: The natural or legal person, public authority, agency or any other body, which alone or jointly with others, determines the purposes and means of the processing of personal data. |
Data Processor: A natural or legal person, public authority, agency or any other body which processes personal data on behalf of a Data Controller. |
Device means any device that can access the our web-services such as a computer, a cellphone or a digital tablet.
EU refers to the European Union HR refers to Human Resources |
Each “local supervisory authority” will still maintain in its own territory, and will monitor any local data processing that affects data subjects or that is carried out by an EU or non-EU controller or processor when their processing targets data subjects residing on its territory. Their tasks and powers includes conducting investigations and applying administrative measures and fines, promoting public awareness of the risks, rules, security, and rights in relation to the processing of personal data, as well as obtaining access to any premises of the controller and the processor, including any data processing equipment and means. |
Group Undertaking: Any holding company together with its subsidiary. |
Lead supervisory authority: The supervisory authority with the primary responsibility for dealing with a cross-border data processing activity, for example when a data subject makes a complaint about the processing of his or her personal data; it is responsible, among others, for receiving the data breach notifications, to be notified on risky processing activity and will have full authority as regards to its duties to ensure compliance with the provisions of the EU GDPR; |
“Main establishment as regards a controller” with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the controller in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions is to be considered to be the main establishment; |
“Main establishment as regards a processor” with establishments in more than one Member State, the place of its central administration in the Union, or, if the processor has no central administration in the Union, the establishment of the processor in the Union where the main processing activities in the context of the activities of an establishment of the processor take place to the extent that the processor is subject to specific obligations under this Regulation; |
Personal Data Any information relating to an identified or identifiable natural person (“Data Subject“) who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. |
Processing: An operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of the data. |
Pseudonymization: The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. Pseudonymization reduces, but does not completely eliminate, the ability to link personal data to a data subject. Because pseudonymized data is still personal data, the processing of pseudonymized data should comply with the Personal Data Processing principles. |
Sensitive Personal Data: Personal data which are, by their nature, particularly sensitive in relation to fundamental rights and freedoms merit specific protection as the context of their processing could create significant risks to the fundamental rights and freedoms. Those personal data include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. |
Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used. |
Service refers to the Website. |
Supervisory Authority: An independent public authority which is established by a Member State pursuant to Article 51 of the EU GDPR; |
Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit). |
Website refers to SMS Group Ltd., accessible from sms.com.mt |
This Privacy Policy describes SMS Group Ltd’s policies and procedures on collecting, using and disclosing personal information when using our services. This policy stipulates how SMS Group seeks to meet its obligations regarding data protection. It also covers the rights of SMS Group’s customers (by customers, we are refereeing to current, prospective, customer beneficiaries, family members, claimants and/or other interested persons) in respect of personal data throughout all processes executed. Personal data is treated in line with the General Data Protection Regulation (GDPR).
At the outset, we would like to inform you that we use your personal data to provide and improve our services. Using such services, you agree to the collection and use of information per this Privacy Policy.
COLLECTING AND USING YOUR PERSONAL DATA
We would like to inform that SMS Group Ltd. will only collect and process personal data for and to the extent necessary for the execution of specific tasks/process.
Data subjects will always be informed accordingly; moreover it is the data subject him/herself together with their appointed agent and/or representative who would supply such data. Data may also be received from insurers and their agents; open source data, third party data processors and via background verification searches we may conduct in relation to compliance and AML requirements. Data may also be obtained via the Electoral Register, Transport Malta and/or other sources which are not limited to the insurance sphere.
Other source of data which may be collected are the following:
A. USAGE DATA
Usage Data may include information such as Your Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data. When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device’s unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data. We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.
B. TRACKING TECHNOLOGIES AND COOKIES
We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service.
The technologies We use may include:
Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.
Flash Cookies. Certain features of our Service may use local stored objects (or Flash Cookies) to collect and store information about Your preferences or Your activity on our Service. Flash Cookies are not managed by the same browser settings as those used for Browser Cookies. For more information on how You can delete Flash Cookies, please read “Where can I change the settings for disabling, or deleting local shared objects?” available at https://allaboutcookies.org/how-to-clear-flash-cookies
Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).
Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser.
How can you control cookies? : You can control how cookies are used on your computer or mobile device by adjusting your browser settings. You can choose to accept all cookies, block all cookies, or receive a notification when a cookie is set. You can also delete cookies that have been set in the past.
Please note that blocking cookies may affect your ability to use some of the features on our website.
Changes to This Cookie Policy: We may update this Cookie Policy from time to time. We will notify you of any changes by posting the updated Cookie Policy on our website.
RETENTION OF YOUR PERSONAL DATA
The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.
DISCLOSURE OF YOUR PERSONAL DATA
Your information, including Personal Data, is processed within SMS Corporate’s operating offices. Information is retained on servers located within the Maltese jurisdiction which fall under the rules and regulations established by GDPR. SMS Corporate takes all necessary steps to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your personal data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.
Relevant Personal data may only be shared with third parties including insurers, loss adjusters and loss assessors, advisors, agents and service providers/processors. Internal auditors and regulatory bodies and law enforcement authorities may under certain specific circumstance require to disclose personal data if required to do so by law or in response to valid requests by public authorities.
How long we retain your data for?: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Security of Your Personal Data
The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.
THE RIGHTS OF A DATA SUBJECT
SMS Group shall ensure that data subjects shall be able to:
- View the Personal Data held by the Company on the particular user;
- Request that any Personal Data that is inaccurate, irrelevant or out of date be amended or deleted;
- Choose to stop using the services and have his or her Personal Data deleted, if such deletion is permissible by law and/or will not prejudice SMS Group’s position at Law.
- We will store the personal data of data subjects until your consent is explicitly withdrawn in writing. In the event that a data subject, please proceed to contact us so that we will proceed to remove your details from our records and systems.
SECURITY
Company employees who have access either to the databases that store data subject-related information shall comply with internal Personal Data Protection Policies.