Your trust is important to us. Timberland Invest Ltd. (C 60291) having its registered office at 171 Old Bakery Street Valletta, VLT 1455 (hereinafter also referred to as the “Company”, “we” “us” or “our”) respects your privacy and is committed to protecting your personal data. The Company collects information from you in order to be able to receive, process and give effect to your subscription to bonds issued by Timberland Securities Investment plc (C 68856).
We take the protection of your personal data very seriously. The purpose of this Notice is to set out the basis on which we will process your personal data when you enter into a relationship with us, to inform you about how we will generally handle and look after your aforementioned personal data, and to tell you about (i) our obligations to process your personal data responsibly, (ii) your data protection rights as a data subject and also (iii) how the law protects you. For sake of clarity, please note that submission of this subscription order creates a contractual relationship between you and the Company.
We process your data in an appropriate and lawful manner, in accordance with the Data Protection Act (Chapter 586 of the Laws of Malta) (the “Act”) and the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), subsidiary legislation and regulations promulgated thereunder, as they may be updated from time to time.
Therefore, this Policy strictly provides an overview and outline of our processing activities and cannot be exhaustive due to the fluidity of your business relationship and the services you may request from us.
It is therefore important that you read this Policy carefully, together with any other privacy Policy or fair processing notice that we may issue on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data (namely, in the context of a service provision). This Policy supplements the other notices and is not intended to override them.
When accessing our website, we may automatically collect certain information, in particular your IP Address. Please refer to our IP and Cookie Policy available here: https://www1.timberland-malta.com/cookie-policy/ for more information about how the website https://www1.timberland-malta.com/ uses cookies.
Moreover, certain processing activities which we wish to carry to out require your express consent, as indicated below in this Policy. Your consent is kindly requested to enable these activities (as described in detail below). We shall request your consent for specific activities by means of separate Consent Forms which will explain the purposes for processing for which we are requesting consent should this be necessary.
The Company (as previously defined) is the controller and responsible for your personal data.
Timberland Invest Ltd. (C 60291)
with its registered office at
Old Bakery Street 171
Valetta, VLT 1455,
Malta
You can contact our data protection contact point at any time about any data protection issues at the above‐mentioned business address or email us on the following email address:
E-Mail: info@timberland-malta.com
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). In the interest of clarity, personal data does not include information relating to a legal person (for example, a company or other legal entity). In that regard, information such as a company name, its company number, registered address and VAT number does not amount to personal data in terms of both the Act and the GDPR. Therefore, the collection and use of information strictly pertaining to a legal person does not give rise to data controller obligations at law. Naturally, we will still treat any and all such information in a confidential and secure manner.
During the course of our relationship with you we may collect and process the following personal data: which we have grouped as follows:
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregate may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
As indicated, we do collect Special Categories of Personal Data about you, specifically as a result of the information that we collect and process in terms of Compliance Data. The collection and processing of this information is necessary in order to for us to (i) conduct and carry out our internal Know-Your-Customer (“KYC”) due diligence, (ii) comply with our various legal and regulatory obligations as a licensed financial institution, including in particular our Anti-Money Laundering (“AML”) obligations, (iii) fulfil any mandated external regulated reporting, such as the Financial Intelligence Analysis Unit (“FIAU”) and (iv) abide by Court orders.
Within the scope of our business relationship, you must provide personal data which is necessary for the initiation and execution of the business relationship. As a rule, we would not be able to enter into a business relationship, execute an order or continue an existing relationship without the data that we are mandated at law to collect and process. Specifically, provisions on anti-money laundering require that we verify the identity of a prospective customer before entering into a business relationship, for example by means of an identity card, utility bill and even references.
Accordingly, where we need to collect personal data by law, or under the terms of the contract we have with you (pursuant to your entry into a business relationship with us), or as otherwise part of our defined legitimate interests, and you fail to provide that data when requested, we may not be able to perform the contract that we have or which we are otherwise trying to enter into with you.
In most cases, by failing to provide us with the necessary information and documents, we will not be allowed to enter into or otherwise continue your requested business relationship. In the case of an existing relationship, we would have to exercise our prerogative to terminate the contract and relationship. We will notify you if this is the case at the time.
We use different methods to collect data from and about you including through:
We process your personal data in accordance with the General Data Protection Regulation (GDPR).
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances.
Generally we do not rely on consent as a legal basis for processing your personal data, other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to such marketing at any time by contacting us at info@timberland-malta.com
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Kindly note that we may process your personal data for more than one lawful ground, depending on the specific purpose for which we are using your data.
Accordingly, please contact us at info@timberland-malta.com if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
---|---|---|
To decide whether to accept your subscription and your relationship with us and, if positive, to enter into a business relationship with you. |
|
|
|
|
|
|
|
|
To manage our relationship with you which will include:
|
|
|
To administer and protect our business and our website, (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
|
|
To deliver advertisements to you and measure or understand the effectiveness of the advertising we serve to you |
|
Necessary for our legitimate interests (to study how existing customers use our services, to develop them, to grow our business and to inform our marketing strategy). |
To make suggestions and/or recommendations to you, as an existing customer, about our other services that we feel may be of interest to you. |
|
Necessary for our legitimate interests (to develop our services and grow our business) |
We strive to provide you with choices regarding certain personal data uses, particularly around advertising and marketing communications. Through your Identity, Contact, Technical and Usage Data, we would be able form a view on what we think you may want or need and what may be of interest to you. This would then enable us to determine which of our particular services may be most relevant for you (we call this marketing).
In that regard, will only send you advertising and marketing communications:
You can ask us to stop sending you advertising and marketing communications at any time by:
Where you opt out of receiving such communications, this will not apply to personal data collected by us as a result of your entry into a business relationship with us and our service provision, or which we otherwise process to ensure compliance with our legal obligations or to fulfil our defined legitimate interests.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at
info@timberland-malta.com.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Your personal data will not be forwarded to third parties for purposes other than those listed below. Those employees of our Company who come into contact with your data are subject to a strict duty of confidentiality, and we constantly monitor its compliance. We have also bound and will continue to bind to confidentiality in writing any other persons with whom we cooperate and who come or might come into contact with your data.
We may only forward information about you to third parties if required to do so by law, if you have given your consent or if we are authorised to provide information and the processors commissioned by us guarantee confidentiality and compliance with the requirements of the GDPR.
The recipients of personal data may be:
We may only forward information about you to third parties if required to do so by law, if you have given your consent or if we are authorised to provide information and the processors commissioned by us guarantee confidentiality and compliance with the requirements of GDPR. We require all third parties to respect the security and secrecy of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Additionally, in the case of transactions effected via SWIFT, we may be required to disclose your personal data to the United States authorities or any other authorities as required, in order to comply with legal requirements applicable in the United States or in any other country for the prevention of crime.
Data is only transmitted to countries outside the EU or the European Economic Area (EEA), referred to as third countries, if this is required to execute your orders (e.g. payment and securities orders), if required by law (e.g. tax reporting obligations or if you have given us your consent.
Whenever we transfer your personal data to third countries, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
As indicated, we may also be required to share your information with overseas government authorities and regulatory agencies, for the detection and prevention of crime.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
The personal data you provide will only be stored and processed as long and to the extent necessary to fulfill our contractual and statutory obligations. In this regard, it should be noted that our business relationship may last several years and your personal data shall be retained for the duration of such relationship.
To determine the retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable contractual and statutory obligations.
If the data is no longer required for the performance of our contractual and statutory obligations, then it shall be deleted unless the Company needs to process it further (for a limited time) for the following purposes:
By and large, in the latter case, our retention of your data shall not exceed the period of six (6) years from the date of the termination of your business relationship with us. This period of retention enables us to use the data in question for the defence of possible future legal claims (taking into account the timeframe of the applicable prescriptive period at law).
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us info@timberland-malta.com
When your personal data is processed, you are a data subject as defined by the GDPR and you have rights in relation to us as the data controller as described in this section.
Where that is the case, you have the right to access to the data and the following information:
Furthermore, you have the right to be informed if personal data is transferred to a country which is not a member state of the EU (“third country”) or to an international organisation. In this context, you can demand to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.
If the Company or the Portfolio in question has made the affected personal data public and is obliged pursuant to the above provisions to erase the personal data, then we are also obliged to inform other controllers who process the data that you, as data subject, have requested the erasure of any links to, or copies or replications of, that personal data.
In this regard, taking into account the available technology and the implementation costs, we take appropriate measures, including technical measures, to comply with these obligations, at least to the extent that processing is no longer necessary, i.e. that no legal provisions prescribe this and that no legitimate interests prevent deletion.
There are certain exceptions where we may refuse a requested erasure, e.g. if the personal data is required to comply with a legal obligation or for the assertion, exercise or defence of legal claims.
Where processing of your personal data has been restricted, such personal data shall – with the exception of storage – only be processed with your consent or for the enforcement, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. In such a case you shall be informed by us before the restriction is lifted.
Moreover, when exercising your right to data portability according to Art. 20(1) GDPR you can demand that the personal data be transferred directly from one controller to another controller to the extent that this is technically feasible and that this does not adversely affect any rights and freedoms of others.
If an objection is lodged, your personal data will no longer be processed unless there are demonstrably compelling reasons outweighing your interests, rights and freedoms. Continued processing is also possible if the processing serves to assert, exercise or defend legal claims.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which
is based on Art. 6(1)(e) or (f) GDPR. This also includes profiling based on those provisions.
We shall no longer process the personal data in the event of objection unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the enforcement, exercise or defence of legal claims.
Where your personal data is processed for direct marketing purposes, you shall have the right to object at any time to the processing
of your personal data for such marketing; this also includes profiling, to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
Should you wish to exercise your right to withdraw consent, please sent an e-mail addressed to info@timberland-malta.com.
We may amend this Privacy Policy from time to time. Please check this page frequently in order become familiar with the latest version of our Privacy Policy.
Be one step ahead with our latest news updates.
Timberland Finance,
CF Business Centre,
Gort Street,
St Julians STJ 9023
Malta