Privacy Policy

    This is the website of Nexia BT Limited [Co. Reg. No C 46322] and registered address at The Penthouse, Suite 2, Capital Business Centre, Entrance C, Triq taz-Zwejt, San Gwann, SGN 3000 Malta (‘Company’, ‘we’, ‘us’, ‘our’). We are committed to safeguarding the privacy of our website users in the Site or Services (‘user’ or ‘you’ ‘your’).

    This Privacy Policy explains how we collect, use, disclose, and safeguard and treat your personal information when you visit our website https://www.nexiabt.com/ (the ‘Site’) and company services, including any software, mobile applications, products, devices or other services offered by the Company from time to time and other services offered through third parties integrating Company functionality (collectively, ‘Services’).

    By accessing or using any part of this Site, you agree with the terms of this Privacy Policy and agree that you comply with the company’s Terms of Use. By providing us with your personal information, you acknowledge and explicitly consent to the Company processing your personal data/personal information in accordance with this Policy and the applicable EU laws and regulations.

    Before you disclose to us the personal information of another person, you must obtain that person’s consent to both the disclosure and the processing of that personal information in accordance with this Privacy Policy.

    We may collect, store and use the following kinds of personal information:

    1. Information about your computer and about your visits to and use of this website, including but not limited to your IP address, geographical location, browser type and version, referral source, operating system, length of visit, page views and website navigation paths.
    2. Information that you provide to us if you register with our Site including but not limited to your e-mail address.
    3. Information that you provide if you are required to complete your profile on our website such as name, profile pictures, gender, date of birth, employment details.
    4. Information which you provide us if you subscribe to our e-mail notifications and/or newsletters.
    5. Information that you provide to us when using the services on our website, or that is generated in the course of the use of those services including the timing, frequency and pattern of service use.
    6. Information relating to any purchases you make of our services or any transactions that you enter into through our website including but not limited to your name, address, telephone number, e-mail address and card details.
    7. Information that you post to our website for publication on the internet.
    8. Information contained in or relating to any communication that you send to us or send through our website.
    9. Any other personal information that you choose to send us.

    Personal information submitted to us through our website will be used for the purposes specified in this policy. We may use personal information for the purpose for which it was provided, including without limitation the purposes described further below.

    1. Provision and Monitoring of the Services: We will use your personal data to provide you with access to and to support your use of the Services and to monitor your use of the Services. We will also give you the opportunity to store, review and edit personal data and other information on the Site.
    2. Surveys: From time to time, we may offer our users the opportunity to participate in surveys for analytics purposes, contests and other special offers, to improve the performance of the website, to measure the success of our advertising campaigns. If you elect to participate in these services, you will need to provide certain personal data.
    3. Questions and Requests: If you contact us by e-mail or otherwise, we will use the personal data you provide to answer your question or resolve your problem.
    4. Contacting You About Other Products, Services and Events: The Company and may use your Personal Information to contact you in the future to inform you about products, services and events that may be of interest to you.
    5. Research and Data Analysis: In an ongoing effort to better understand and serve the users of the Site and the Services, Company may conduct research on its customers’ and users’ demographics, interests and behaviour based on usage data and other information provided to us. This data may be compiled and analysed on an aggregate basis, and
    6. Order Fulfilment: We may use your Personal Information that you provide to fulfil any orders you may place for Services offered by Company.
    7. Service Improvement: We may use your Personal Information, aggregated Personal Information and other non-personally-identifiable information collected through the Site and Services to help us improve the content and functionality of the Site, to better understand our users and to improve the Services.

    We may disclose your personal information:

    1. To the extent that we are required to do so by law;
    2. In connection with any ongoing or prospective legal proceedings;
    3. In order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
    4. To any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
    5. To any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this policy.
    6. To any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes set out in this policy. If the Company is merged, acquired, or sold, or in the event of a transfer of some or all of our assets or equity, we may disclose or transfer Personal Information and usage data in connection with such transaction.
    7. We will not, without your express consent, supply your personal information to any third party for the purpose of their or any other third party’s direct marketing.

    We share information with the companies and entities which make up our group of companies (the ‘Nexia BT Group’). We may also share your personal information outside the Nexia BT Group. This may include:

    1. Third party agents, suppliers or contractors, bound by obligations of confidentiality in connection with the processing of your personal information for the purposes described in this Policy. This may include, but is not limited to, IT and communications service providers.
    2. Third parties relevant to the Services we provide. This may include, but is not limited to others professional service providers, regulators, authorities, governmental institutions.
    3. To the extent required by law, regulation or court order, if we are under a duty to disclose your personal information in order to comply with any legal obligation.
    4. In all other circumstances where you would have given your consent.

    Personal information that you publish on our website or submit for publication on our website may be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others.

    We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.

    We maintain physical, electronic, and procedural safeguards to protect the confidentiality and security of Personal Information and other information transmitted to us.

    You acknowledge that the transmission of information over the internet is inherently insecure and while we strive to protect information transmitted on or through the Site or Services, we cannot and do not guarantee the security of any information you transmit on or through the Site or Services, and you do so at your own risk.

    1. You can obtain information regarding the processing of your personal information and access to the personal information which we hold about you.
    2. You can request that any personal information be rectified by sending an e-mail notification.
    3. You have the right to request that we erase your personal information if it is inaccurate or incomplete. There may be circumstances where you ask us to erase your personal information, but we are legally obliged to retain it.
    4. You may object to and request the processing of your personal information in certain circumstances. There might be circumstances where you object to, or ask us to restrict, our processing of your personal information but we are legally entitled to refuse that request.
    5. You may instruct us at any time not to process your personal information for marketing purposes.
    6. You may withdraw your consent given under this Policy at any time by sending an e-mail notification. Our details are listed hereunder.
    7. Your personal information may only be stored unless further processing is brought about by: individual consent and the necessity for the establishment of legal claims for the protection of the rights of another natural/legal person or for the public interest.
    8. You have a right to lodge a complaint to the supervisory authority of the jurisdiction in which the personal information is being provided.

    From time to time, we may change this Privacy Policy. If we change this Privacy Policy, we will post the changed privacy policy on the Site, or by posting notice on our homepage stating that a change has occurred. By continuing to use the Site or Services, you consent to the revised Privacy Policy.

    This website is owned and operated by Nexia BT.

    We are registered in Malta under registration number C 46322, and our registered office is at Office 2, Suite 2, The Penthouse, Capital Business Centre, Entrance C, Triq taz-Zwejt San Gwann SGN 3000, Malta.

    You can contact us:

    1. by post, using the postal address given above;
    2. by telephone, using the telephone number published on our website;
    3. by e-mail, using the e-mail address published on our website from time to time.

    We may use Cookies (a small text file placed on your computer to identify your computer and browser) and Web Beacons (a file placed on a website that monitors usage) in order to improve the experience of the Site and Services. We do not use cookies or web beacons to collect personal information. If you refuse to accept cookies or blocking cookies, then this will have a negative impact upon the usability of the Site and you might be unable to use all the features on the Site.

    Our Site and Services may contain links or integrate with other websites and online services or allow others to send you such links. The Company is not responsible or liable for any damage or loss related to your use of any third-party website or online service. You should always read the terms and conditions and privacy policy of a third-party website or online service before using it, whether directly or in connection with your use of the Site or Services. Third parties may collect, but we do not authorize them to collect, personally identifiable information about your online activities over time and across different websites when you use the Sites or Services.

    This Privacy Policy shall not apply to any information which is given or supplied without being requested ‘Unsolicited Information’ you provide to the Company through the Site or Services or through any other means. Unsolicited information includes, but is not limited to, information posted to any public areas of the Site, any ideas for new products or modifications to existing products, and other unsolicited submissions. All Unsolicited Information shall be deemed to be non-confidential and the Company shall be free, and you hereby grant the Company the right, to reproduce, use, disclose, and distribute such Unsolicited Information to others without limitation or attribution.

    In the event that you fail to provide the required personal information, you may not be able to use some or all of the features of the Site or Service.

    This Privacy Policy is inconformity with applicable EU laws and regulations. The Company is liable only to the extent of the provisions set out under the applicable EU laws and regulations.

    Date: 4th April 2018.

    This Privacy Notice is related to companies within the Nexia BT Group of Companies all having their registered address at The Penthouse, Suite 2, Capital
    Business Centre, Entrance C, Triq taz-Zwejt, San Gwann, SGN 3000 Malta (‘Group’, ‘Company’, ‘we’, ‘us’, ‘our’). We are committed to safeguarding the
    privacy of our clients using our services (‘user’, or ‘you’, ‘your’). The Group has a separate Privacy Policy for the usage of its website, namely, www.nexiabt.com.

    This Privacy Notice explains how we collect, use, disclose, and safeguard and treat your personal information when you are seeking to become a client, and/or
    you are a client of Nexia BT Group, whether through an ongoing business relationship or an occasional transaction (collectively, ‘Services’).

    By utilising, or receiving, our services, you agree with the terms of this Privacy Notice. By providing us with your personal information, you acknowledge to the
    Company processing your personal data/personal information in accordance with this Notice and the applicable EU laws and regulations.

    We may collect, store and use the following kinds of personal information:

    1. Personal details as per our ‘Know Your Customer’ (KYC) forms and/or through our centralised KYC Portal system. Details will include your name, surname, address, identification details, date of birth, the service we are providing you, citizenship, nationality and similar information about you.
    2. We will keep a copy of your identification document(s) such as ID card, driving license, residency card, passport or any other identification document
      available to fulfil our obligations under the 4th AML Directive.
    3. We will keep a copy of information or documentation to proof residency of your address such as bank statement, bank reference, utility bill, fix telephone
      line bill or similar documentation. This is to fulfil our obligations in line with the 4th AML Directive.
    4. We will keep a copy of name checks, google searches and passport checks on you. Such ‘name screening’ is performed to prevent fraud, money laundering, funding of terrorism, financial crime or any other type of crime. This is also in line with the 4th AML Directive and/or internal risk-based policy of the Group. Such screening services are performed when the relationship with the client or prospect has initiated and on an ongoing basis apply a risk-based approach.
    5. We shall use your personal data to perform, in a manual or automated manner, a risk classification/profiling which would classify you as ‘low risk’, ‘medium risk’ or ‘high risk’ in order to fulfil our obligations under the 4th AML Directive. Such classification will affect the level of ongoing monitoring we perform on you and/or the level of documentation we request. You may request further information on how such risk classification is performed by contacting the Data Protection Officer on dpo@nexiabt.com or by calling us on +356 2163 7778.
    6. We will keep a copy of your communication with us, such as emails and letters, in line with our legal obligations under the 4th AML Directive.
    7. We shall use your personal data, especially one or more of your identification documents, to perform automated facial recognition. This is performed to
      avoid identity fraud and/or financial crime.
    8. We may request a video conference call through our centralised KYC Portal. Should you accept to provide us with such a call, we shall record and hold a
      video and sound recording of the video conference in line with our AML/CFT obligations and internal retention policy found in the Data Protection Policy of the Group. We may also take screen shots of such video conference in line to fulfil our obligations under the 4th AML Directive.
    9. We may also process and hold information about your wealth, such as the value of your assets; details of bank accounts inheritance information; and similar related information to your global net worth. We shall use such information in line with our AML/CFT obligations.
    10. We shall process and hold certain declarations that we may ask you to provide, mostly referred to as ‘personal declaration form’, in line with our legal
      obligations.
    11. We may hold and process any other information or documentation we provide to you to complete, whether in physical or digital format, in line with our legal obligations and/or internal risk-based approach policy.
    12. We may also ask for a copy of your employment contract as a supporting documentation on your source of wealth or funds, on a risk-sensitive basis.
    13. We may hold CCTV recordings of you should you have visited our offices. These are kept for the purpose of preventing crime and protecting our staff
      and clients.

    We shall need your consent in the following circumstances:
    a. When sending you marketing material or promotions regarding our services;
    b. When sharing your personal information outside the Group, unless we are required to do so by law such as providing information to police, court of
    law or a competent authority. Please see section 5 for more details; and
    c. When processing your personal information without having one of the other legal basis found in section 4 below.

    Please note that you can withdraw your consent at any time, unless there is another legal basis that allows us to process your data as per the below section.

    Apart from the ‘consent’ noted in section 3 above, we may also process your data if we have the following legal basis:

    1. Contractual obligation or necessity;
    2. Legal obligation;
    3. Member-state law;
    4. Vital interest of the data subject;
    5. When processing the data is in the best interest of the public; and
    6. Legitimate interest.

    It is the nature of our business to process your data due to a contractual or legal obligation. When neither of these apply, it is likely that we will process your data based upon your consent. That said, Nexia BT Group may process data according to regulations listed within the General Data Protection Regulation (“GDPR”).

    We may disclose your personal information:
    a. To the extent that we are required to do so by law;
    b. In connection with any ongoing or prospective legal proceedings;
    c. In order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
    d. To any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information;
    e. To any of our employees, officers, insurers, professional advisers, bankers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this notice;
    f. To any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes set out in this notice. If the Company is merged, acquired, or sold, or in the event of a transfer of some, or all, of our assets or equity, we may disclose or transfer Personal Information and usage data in connection with such transaction; and
    g. In all other circumstances where you would have given your consent.

    We will not, without your express consent, supply your personal information to any third party for the purpose of their, or any other third party’s, direct marketing.

    Personal information that you publish on our website /portal or submit for publication on our website may be available, via the internet, around the world.
    We cannot prevent the use or misuse of such information by others.

    Your data may be stored in one or more of the following locations:
    a. Physical files in our locked cabinets at our registered office;
    b. A server located at our registered office;
    c. A back-up server located at a secret location in Malta; and
    d. On Cloud (Microsoft), which is located within the European Union.

    How is your personal data protected?

    We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. We maintain physical,
    electronic, and procedural safeguards to protect the confidentiality and security of Personal Information and other information transmitted to us.

    You acknowledge that the transmission of information over the internet is inherently insecure and while we strive to protect information transmitted on or
    through the website/portal or services, we cannot, and do not, guarantee the security of any information you transmit on, or through, the website/portal or
    services, and you do so at your own risk.

    That said, when information reaches our company, we shall take the necessary steps to protect such information. This is done by one or more of the below:
    a. Ensuring the data is safeguarded by the use of firewalls, encryptions, access restrictions and/or passwords;
    b. In case of physical copies of your personal information or data, precaution shall be taken to ensure such data is accessible only to individuals within the Group that require to access your data to perform their duties and/or to provide you with a service;
    c. The Group shall ensure that proper backups are taken to prevent the data from being lost; and
    d. Without prejudice to section 6 above, your data saved in digital format on our servers, cloud or on our KYC Portal system shall be accessible by individuals that are required to access your data to perform their duties and/or to provide you with a service.

    This would depend on the service you are receiving from us. We may have a legal obligation to retain your data for a number of years. However, as a minimum, we shall keep your data for 5 years following the termination of your business relationship with us. In some cases, we may be legally obliged to keep your data for 10 years. We shall not retain your data for longer than is required, either by law or by our data retention policy.

    If you have visited our registered office, our CCTV recordings will be kept for up to 1 month before being overwritten automatically.

    How shall we destroy your data after the retention period is over?

    We shall destroy your data in a safe and reliable manner. Physical files shall be destroyed by means of shredding. Shredding services may be outsourced to third parties. Nexia BT shall ensure that if shredding is outsourced to third parties, the Group shall review their data privacy procedures and safeguard the interest of the data subjects through ways and means such as through a contractual agreement between Nexia BT as data controller and the shredding company as data processors in line with Article 28 of the General Data Protection Regulation. For the removal of any doubt, this would only apply if Nexia BT group provides nonshredded data to the shredding service provider. If shredding is done in-house, then the shredding service provider will not be considered as a data processor.

    In the case of data stored in digital format, such data shall be permanently deleted. This would include any backups held on servers and/or cloud.
    Communication between the client and the Group shall be deleted or destroyed.

    Should the Group be required to change one or more of its hard disks where data is, or was previously stored, the Group shall ensure that such hard disk is disposed of in a professional manner and in a way that data cannot be retrieved from it in the future.

    1. You can obtain information regarding the processing of your personal information and access to the personal information which we hold about you by
      contacting our Data Protection Officer.
    2. You may request that any personal information be rectified by sending an e-mail notification on dpo@nexiabt.com.
    3. You have the right to request that we erase your personal information if it is inaccurate or incomplete. There may be circumstances where you ask us to erase your personal information, but we are legally obliged to retain it.
    4. You may object to, and request the processing of, your personal information in certain circumstances. There might be circumstances where you object to, or ask us to restrict, our processing of your personal information but we are legally entitled to refuse that request.
    5. You may instruct us at any time not to process your personal information for marketing purposes.
    6. You may withdraw your consent given under this Policy at any time by sending an e-mail notification. Our details are listed hereunder.
    7. Your personal information may only be stored unless further processing is brought about by individual consent and the necessity for the establishment of legal claims for the protection of the rights of another natural/legal person or for the public interest.
    8. You have a right to lodge a complaint to the supervisory authority of the jurisdiction in which the personal information is being provided.
    9. You may request one printed copy of this Privacy Notice free of charge.

    We value our customers’ comments and we are committed to ensure that all our clients’ data is safeguarded and in line with regulation and our internal policies. Should you feel the need to complain about, or raise your objections, to how we are handling your personal data, then you may contact our Data Protection Officer using the following contact details:

     Contacting the Data Protection Officer

    Our Data Protection Officer (DPO) may be contacted by the following methods:

    1. By post, to Office 2, Suite 2, The Penthouse, Capital Business Centre, Entrance C, Triq taz-Zwejt San Gwann SGN 3000, Malta.
    2. By telephone on +356 21637778.
    3. By sending an email to dpo@nexiabt.com.

    The Group will do its utmost to ensure that complaints are handled and settled internally in an efficient and professional manner.

    Contacting the Maltese Data Commissioner

    You may also contact the Office of the Data Commissioner as follows:

    1. You may file a complaint with the Maltese Data Protection Commissioner through the following link: https://idpc.org.mt/en/pages/contact/complaints.aspx
    2. Alternatively, you may contact the office of the Maltese Data Commissioner by phone on +356 23287100 or by post using the below address:
      The Commissioner
      Mr Saviour Cachia
      Level 2, Airways House
      High Street
      Sliema, SLM 1549
      Malta

    From time to time, we may change this Privacy notice. If we change this Privacy notice, we will upload the updated privacy notice on our website, or by posting a notice on our homepage stating that a change has occurred. We shall write to you should there be a ‘material change’ in the Privacy notice which affects your rights.

     

    This Privacy Policy is inconformity with applicable EU laws and regulations. The Company is liable only to the extent of the provisions set out under the applicable EU laws and regulations. Last updated in May 2018.