Octet Europe Ltd.
This document sets out our policy on the management of personal information which we have about individuals. Those individuals include buyers to whom we may provide or may have provided a service and individuals who may sell goods or services to a buyer with the help of our service.
Throughout this notice:
Please read this Privacy Notice carefully and kindly do not use our services if you disagree with it.
Any changes we make to this Privacy Notice will be posted on our website.
1. Our privacy assurance to you
The privacy of your data is important to us. We respect your right to be aware of who has your data, what they are doing with it and why, and who else they are sharing it with. We are committed to protect the privacy of the data in accordance with the General Data Protection Regulation EU Regulation 2016/679 (hereinafter “GDPR”) and the Data Protection Act (Chapter 586 of the Laws of Malta) (hereinafter “the Act”) as may be amended from time to time.
By browsing our website and using our services including the services set out in the service agreement, you agree to and accept that we collect and process your data in accordance with this Policy.
You may at any time withdraw your consent and acceptance of our services by notifying us thereof by the contact details in section 7 below and, where applicable, in line with the service agreement. We will then delete or anonymize data that is referable to you, however, excluding such data that we are required to retain by law, if any.
We have a right to, at any time, change this Policy. We shall notify upcoming changes to the Policy via our website with reasonable advance notice. If you do not accept the changed terms, you have a right to notify us that you are not permitting any further processing of your data prior to the changed policy enters into force.
The legal bases for processing your data are:
3. The kinds of personal information we collect and hold
We collect and process data about you and your use of our services. This information includes:
If you opt not to provide us with any of your data included above, this may delay or prevent us from adhering to our obligations or from providing our services to you. In this event our service provided to you may be cancelled or terminated.
The data we collect and hold varies depending on the data subject we are dealing with and the reason why we are dealing with them. Under various laws and regulations in force in Malta, we will be (or may be) authorized or required to collect data about a particular data subject or individual. These laws and regulations include, but are not limited to, the Prevention of Money Laundering Act (Chapter 373) and Prevention of Money Laundering and Financing of Terrorism Regulation issued there under , Companies Act (Chapter 386), National Interest (Enabling Powers) Act (Chapter 365), Income Tax Act (Chapeter 123), Income Tax Management Act (Chapter 372) and any regulations, guidances, rules or otherwise issued thereunder.
4. How we collect personal information
We collect data in a variety of ways. For example, we may obtain the data from you or from persons acting on your behalf. When it is possible and practical we will collect data directly from the data subject or from a third party. The third party could be your authorised representative (such as a broker, agent, accountant or lawyer), an other financial institution, a referee, an employer or a government body. When you are the seller or an associate we may obtain the information from the buyer.
This is all done in order that we comply with our legal obligations to prevent fraud, money laundering or terrorist financing.
5. How we hold information
We have implemented appropriate technical and organisational measures to ensure that data which we hold is protected from misuse, interference or loss and from authorised access, modification or disclosure.
We do this by having physical, electronic and procedural safeguards which protect the data we hold. For example, the data is stored in secure office premises, secure cloud based storage applications (such as AWS cloud) or in secure archiving facilities and logins and passwords are required to access electronic databases. Our staff are required to maintain the confidentiality of data and access to data is restricted to persons who require access to perform their duties.
6. The purposes for which we collect, hold, use and disclose personal information
We collect, hold, use and disclose your data for purposes permitted by law which are reasonably necessary for our services. Those purposes include:
To provide our services in the most cost effective and efficient way we may decide to disclose your data to partners or companies that we collaborate with that will process data on our behalf. For example, we may use a mailing house to send monthly statements. In such event we shall always be responsible for the correct processing of your data.
We may also disclose data as part of our obligations arising out of and the performance of the service agreement, amongst others:
In such event, we shall only act on instructions received and take the necessary measures to ensure a level of security is in place to allow for the disclosure of your data freely and protect the data that is processed against any unlawful form of processing in terms of GDPR.
Moreover, we may also be required to disclose your data under applicable law or a decision of a competent authority, to protect our legal interests or to detect, prevent or observe fraudulent behaviour.
We may use automated systems to make decisions about you based on an assessment of data we hold about you. This is carried out in line with our Anti-Money Laundering Obligations with to detect, prevent or observe fraudulent behaviour and in line with our licence obligations. The effect of the use of automated systems will be that:
In this event, you have the right to contact us to challenge the automated processing of your data.
In the event that your consent has been obtained for such purpose, your data may also be used or disclosed for direct marketing purposes to tell you about products or services that may be of interest to you . You have a right to withdraw your consent at any time by sending an e-mail to email@example.com or by writing to us at:
Data Protection Representative
Octet Europe Ltd
Regional Business Centre Level 2
Msida MSD 1751
7. How an individual may access personal information
A data subject may access his or her data which we hold by contacting our Data Protection Representative as follows:
Mail: Privacy Contact Officer
Octet Europe Ltd
Regional Business Centre Level 2
Msida MSD 1751
We will need to verify the identity of the data subject before giving access to any information. We will usually provide a copy of your requested data without undue delay and in any event within 30 days of receiving the request. In line with GDPR this period may be extended by two further months, where necessary, depending on the complexity and number of requests made. We shall inform you of any such extension within one month of receipt of the request, together with the reasons for the delay. There is no charge to make a request, but we may levy an administration fee for providing access.
If there is a reason why we do not make the requested personal information available we will provide our reason in writing.
8. How an individual may seek the correction of personal information
If a data subject considers that any personal information which we hold is incorrect in any way the data subject may ask us to correct that personal information. To seek the correction please contact our Data Protection Representative at the e-mail or postal address above.
In certain situations we may decide not to agree to a request to correct your data. We will tell you in writing why we have not agreed to the correction request.
9. How long do we keep your data?
We shall keep your data for such period as may be required in accordance with laws and regulations applicable to us. In no case shall we retain your data for a period exceeding ten years from the termination of our business relationship or the service contract whichever is the later.
10. Who are the recipients of your data?
We may share your data with the following recipients:
We shall ensure that the persons with whom we share your data apply the appropriate safeguards to protect your data from any unlawful use, processing or disclosure.
11. How do we protect your data?
We have adopted appropriate technical and organisational measures to collect and process your data. Such measures include, among others, the restriction of access to your data by unauthorised personnel and strong technological security systems, e.g. anti-virus programs and firewalls.
We also shall contractually ensure that appropriate measures are adopted by any third party to whom we shall, if required, transfer your data.
However, please keep in mind that the transfer of data over the internet, despite all the necessary safeguards being applied, involves some degree of risk and is never fully secure. By way of example, we will never send you an email asking you for your card details, username and password. If you receive such mail, you shall immediately forward this email to us.
12. What other rights do you have?
Under GDPR you may also exercise the following additional rights:
13. How an individual may complain and how we will deal with the complaint?
14. Disclosure of personal information to overseas recipients
We will only transfer data to non-EU recipients in line with the standard contractual clauses and processing agreements we have agreed to with such non-EU recipients. Otherwise, we will transfer data to non-EU recipients when this is necessary for the performance of our contractual obligations arising out of the service agreement with you; or for the implementation of pre-contractual measures taken at your request prior to signing the service agreement in line with the derogations set forth in Article 49 GDPR.
For example, (i) if the seller or the Octet financial institution which has an agreement with the buyer is located in a non-EU country, we may need to send the buyer’s data to such non-EU country so that we can confirm that a bona fide contract has been entered into between the buyer and the seller or to make a payment to the Octet financial institution [the same is said where the buyer is located in a non-EU country] ; (ii) if there is a dispute between the buyer and the seller we may need to provide information to a person located in a non-EU country to assist in the resolution of that dispute; (iii) we may use service providers, such as the platform provider, located in Non-EU countries.
It is not practicable to specify the countries other than Malta in which the recipient could be located as this will largely depend on the sellers with whom the buyer decides to contract or vice-versa.
Furthermore, you are required to ensure that you obtain the consent of the data subjects associated with you and who’s data will be involved in such transfer. We shall not be held liable or responsible in any way for any transfer of data to a non-EU country should it result that the appropriate consent was not obtained by yourself from the data subject. We shall endeavour to document and implement necessary safeguards to provide as much protection possible within our control to the data subject with respect to such transfer and to ensure that the rights available to the data subject are enforceable and effective legal remedies are available to the data subject. However we cannot guarantee these safeguards and we will not be responsible for the way that non- EU entity, to whom the data has been transferred, handles the data it receives from us.
15. Contact us