At CCLEX, we are committed to the privacy of every person. We recognise that our clients, employees and people we work with, entrust important non-public personal data (as defined in the General Data Protect Regulation – GDPR, regulation 2016/679 of the European Parliament and Council of the 27 April 2016), to us, and we take seriously our responsibility to protect and safeguard this data. Our long-standing privacy policies and practices covering non-public personal data (herein also referred to as personal data or personal information) are described below.
CCLEX is a group of entities constituted and operating internationally and providing legal, tax, personal and business consultancy. Persons having a legal interest may obtain a list of the group entities by sending us an email on [email protected].
Your non-public personal information is controlled by the group entity CCLEX, a company duly incorporated under the laws of Malta, having registration number C-47375. Your information is accessible to all group entities and processed by any one or more of such group entities depending on the services requested by you. All the entities of the CCLEX group follow and adhere to appropriate safeguards in line with EU law for the processing of non-public personal data.
The non-public personal data that we collect and the processing of such information will vary on the basis of the purpose and scope of the particular use or engagement.
This information is processed to improve website use, for our internal purposes including the administration of our website, market research, data analytics and compliance with our legal obligations, policies and procedures.
CCLEX frequently shares updates on legal developments and solutions that might affect you or your business through various means including mail, email and social media. If you consent to receive such updates, we will collect your name contact details and keep a record of the information we have sent you as well as any interactions related to such information sent to you. If you do not provide such information, we will not be able to provide you with updates.
The information so collected is used and processed to:
Our websites provide for functions that allow users to request information about our services. The information collected through the request for information function on our websites is the following:
You can also contact us through email, phone, or social media to request information. We will, therefore, be collecting any information you provide to us or available on the relative media used. We will also collect any correspondence in furtherance of the request. This information is necessary for us to be able to respond to your request. General and preliminary information will be provided to you without the requirement of any other additional personal information. An identification document and other personal information will be requested in order to comply with anti-money laundering rules and to be able to provide you detailed and specific information to your request. If you are not able or unwilling to provide us such information, we will not be able to provide any additional information.
Any personal information that you provide to us through these processes will be used and processed to:
When a client is being provided a service, we collect information as required by statutory obligations, principally information required by anti-money laundering rules and regulations, and information required to be able to provide the services. If you are not able or unwilling to provide us such information, we may not be able to provide the service/s.
The information collected varies depending on the service/s being provided. By way of example, for succession planning, we will typically collect all relevant data, including information about our client’s personal assets, goals and preferences. Any personal information so collected will be used:
If you apply with us for a post we will collect the following information on you:
You are not obliged to provide this information although your application may be affected. We work with various recruitment agency and such information may be obtained from agencies you would have applied with. The information we collect will be used:
We may request you to allow us to process your personal information to contact you for any other vacancy that may arise. Should you consent, we will contact you whenever a suitable vacancy will arise.
On acceptance of an employment offer of an employee, we may collect the following information:
This additional information collected is processed to undertake pre-employment checks. This information is necessary to finalize you employment and onboarding process.
In addition to the information provided during the recruitment process, on employment, we will require you to provide the following details:
This information is required and will affect your employment if not provided. During your employment with us, other information will be collected:
The information collected will be held in the systems we use and:
Our systems may prompt you to provide your marital status, number of children and other general interest questions. This information is not required and may not be provided. This information, if provided, will be used to improve your experience with us in furtherance of the social and family friendly initiatives that we may undertake from time to time.
We pride in choosing collaborators and suppliers that share our standards and commit to our level of privacy policies and practices.
On collaborators we work with and suppliers that provide us a service, we collect information as required by statutory obligations, principally information required by anti-money laundering rules and regulations and information required for the collaboration or the provision of the service by the supplier to us. If you as a collaborator or supplier are not able or unwilling to provide us such information, we will not be able to collaborate with you or use your services.
Any personal non-public information so collected will be used:
In line with the principle of data minimization and data economy, we only collect personal data and processes it on the following legal basis:
We may disclose personal information legally in the following scenarios:
The free exchange of personal data between Member States is a fundamental aspect of the EU’s basic principles. This principle is also reflected in the GDPR, which excludes the restriction or prohibition of the free movement of personal data within the EU or EEA.
GDPR therefore allows for the transfer between EU/EEA companies subject to the legal basis as provided above in section 3 of this policy.
The personal non-public data we collect from you may be collected stored or processed by or transferred between group entities, including our entities established outside the EU/EEA. To date, the European Commission has not determined the non-EU countries we are established in to have an adequate level of protection of personal data within the terms of article 45 of the GDPR.
In the absence of an Adequacy Decision, the GDPR provides that a transfer can take place through the provision of appropriate safeguards and on condition that enforceable rights and effective legal remedies are available for individuals. Such appropriate safeguards include contractual arrangements with the recipient of the personal data, using, the standard contractual clauses approved by the European Commission.
For this purpose, contractual arrangements based on contractual provisions as approved by the European Commission are in place to ensure effective legal remedies to you in relation to the processing of personal non-public data by our group entities outside the EU/EEA.
We retain the personal information that we collect from you only for as long as required for statutory, business, tax or legitimate interest purposes. Your information is retained in electronic or paper format or both. When it is no longer required, it will be deleted or destroyed.
Should you wish to obtain information on the specific retention period of any personal information we hold on you, please contact us on [email protected].
We do not undertake fully automated individual decision-making, including profiling, that has a legal or similarly significant effect.
We maintain physical, electronic and procedural safeguards to protect personal non-public data.
Data transmitted to us through the contact forms on websites are transmitted in an encrypted form. Transmission of personal data via the internet is made at your own risk. We attempt to protect your personal data from unauthorized access by third parties by means of precautions such as pseudonymization, data minimization and observing deletion periods. Despite these protective measures, however, we cannot completely rule out unlawful processing by third parties.
Additionally, we herein outline programmes and systems we use in our collection, processing and storing of data:
Please contact [email protected] should you require more information on the GDPR compliance of such systems.
Your principal rights under data protection law are:
For any requests in furtherance to the above, please contact us on [email protected]. We shall endeavor to reply at the very earliest and deal with your request by not later than 30 days from receipt by us of your request.
Our contact details are the following: