INFORMATION PURSUANT TO ARTICLE 13 OF EU REGULATION 2016/679 ON THE PROTECTION OF PERSONAL DATA
Risparmio Casa Malta is aware of the importance of safeguarding personal data privacy and is committed to complying with current privacy directives and regulations that ensure safe and confidential internet browsing.
This document outlines the rules that Risparmio Casa Malta follows in collecting and processing your personal data. Specifically, it covers the methods and purposes of processing personal data provided by you through browsing the website www.risparmiocasa.mt (the “site”), using registration and contact forms, as well as accessing services and activities offered through the site.
This information is also provided in accordance with Article 13 of EU Regulation 2016/679 (GDPR) concerning the protection of personal data processed during the use of this website.
Please note that this disclosure applies to all sites and services under the current domain and not to other websites that may be accessible via links.
The disclosure also aligns with national and European regulations regarding requirements for online data processing within the European Union. It specifically addresses the methods, timing, and nature of information that data controllers must provide to users when they connect to web pages, regardless of the purpose of the connection.
Data Controller The data controller is Risparmio Casa Malta Limited, located at Zentrum Business Centre, Mdina Road, Qormi (Qrm) – 9010 Malta. VAT ID: MT 3087-2828.
Data Protection Officer (DPO): The owner has designated Dr. Pietro Avogadro as Data Protection Officer, who can be contacted at the following email address: dpo@risparmiocasa.mt
General Principles for Data Processing The processing of your personal data is based on principles of lawfulness, fairness, and transparency. Specifically, your data will be processed as follows:
- Exclusively for the purposes and in the manner described in this disclosure.
- For purposes requiring prior consent only when expressly authorized.
- With respect for anonymity, allowing anonymous browsing of areas on the website that do not require authentication, except for the automatic acquisition of navigation data.
- By third parties solely for instrumental purposes related to the requested service or other cases, where permitted by law, and only with the individual’s consent.
- In compliance with rights, responding to requests for deletion, modification, integration of provided data, and opposition to data processing for commercial and advertising purposes.
- Ensuring proper and lawful management of personal data, safeguarding the right to privacy, and applying appropriate security measures to protect the confidentiality, integrity, and availability of processed data.
- Providing maximum transparency by accompanying data collection actions with appropriate information.
Data Categories
REGISTRATION DATA
When registering on the website and creating an account, as well as subsequently through the completion of specific forms and registration masks, you will be asked to provide certain personal data, such as your name, surname, email address, physical address, age, and gender. The required registration data is highlighted, while other information is optional.
The information requested during registration will be used to allow access to services and activities promoted on the site and to ensure the proper execution of all activities related to or instrumental to the provision of these services. Additionally, since registration is a prerequisite for accessing and using various services, personal data, once the service choice is made and further information is provided, will be processed for purposes related and/or functional to the selected service.
In cases where the chosen services are managed by third parties (e.g., contests or promotional activities), the data, after appropriate notification, will be communicated to the individual managers. These third-party managers operate as independent data controllers for processing related to the provision of their respective services.
VOLUNTARILY PROVIDED DATA
The voluntary and explicit sending of email messages to the addresses indicated in different access channels of the site, as well as the completion of specifically prepared forms, results in the subsequent acquisition of personal data. The submission of this data is optional, explicit, and voluntary, and it involves the acquisition of the sender’s address (necessary for responding to requests) and any other personal data entered, such as the sender’s IP address and the content of the messages. The Data Controller will assume that these data refer to you or to third parties who have expressly authorized their submission. In such cases, you are the autonomous data controller for the transmitted data and assume all legal obligations and responsibilities, providing the broadest indemnity against any claims, demands, or requests for compensation arising from data processing violations by third parties whose personal data were processed through the use of the site.
The Data Controller invites users to avoid sending personal data unless strictly necessary. Some categories of personal data may only be processed with the explicit consent of the user and in compliance with applicable regulations. The Data Controller emphasizes the importance of explicitly expressing your consent to the processing of special categories of Personal Data if you choose to share such information. Concise information will be provided or displayed on the site pages specifically designed for particular requested services.
Navigation Data
The computer systems and software procedures used for the operation of the website acquire certain personal data during their normal operation. The transmission of this data is implicit in the use of Internet communication protocols. Although this information is not collected to be associated with identified interested users, its nature allows for identification through processing and association with data held by third parties. This category of data includes IP addresses or domain names of computers used by users connecting to the site, Uniform Resource Identifier (URI) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (success, error, etc.), and details related to the user’s operating system and computing environment.
These data are used solely for statistical purposes unrelated to any personal information and to verify the correct functioning of the site. They are deleted immediately after processing or at most within a few days. The data may also be used to ascertain responsibility in the event of hypothetical computer crimes against the site. The data is stored in the systems of the Data Controller or those of the Data Processors responsible for managing the website.
System Logs
Access to the site, consultation of its content, and use of the offered services allow the web server to automatically record “system logs.” These logs consist of information sent by the user’s browser during site navigation. Generally, this information includes the web pages requested by the user, the consulted, modified, or created documents, the IP address, browser type, browser language, and the date and time of the request.
Statistical Data
Statistical analysis services allow the Data Controller to monitor and analyze traffic data to measure the site’s performance for research, usability assessments, and interest evaluation. The data is processed in aggregated or anonymous form, ensuring that users cannot be identified.
This site uses Google Analytics, a statistical analysis service provided by Google Inc. The collected data pertains to cookies and site usage. Google Analytics on this site is configured for anonymous data detection.
Google Analytics uses user personal data, including data provided to Google during registration for other services, to track and examine the use of this site, compile reports, and share them with other Google-developed services.
The Data Processing Agreement (DPA) is available at this link: https://support.google.com/analytics/answer/3379636?hl=en
Google may use user personal data to contextualize and personalize advertisements within its advertising network.
Data processing occurs in the United States based on standard contractual clauses approved by the European Commission. Google’s privacy policy can be found here: Google Privacy Policy.
Google provides an additional component to disable Google Analytics data collection: Google Analytics Opt-out.
Commercial Communications and Newsletters
The processing of personal data collected through newsletter subscriptions aims to promote and advertise our products and services. This involves sending commercial communications and informative and advertising materials via email (or SMS, messaging applications, and social networks, as specified). This service allows the Data Controller to manage a database of email contacts, phone contacts, or other types of contacts used for communication management and delivery.
These services may also collect data related to the date and time of message viewing by the user, as well as the user’s interaction with them (e.g., information on link clicks within messages). If you have subscribed to the newsletter or authorized other commercial communication services, you can interrupt or limit the sending at any time using the cancellation tools available in the communications themselves, update your communication preferences on your user profile page, or contact us.
For newsletter services, the Data Controller uses a service called Brevo (provided by Brevo).
Data processing occurs in Italy.
Interactions with Social Networks
This site interacts with social networks (Facebook, Instagram) both through external links to social platforms and through interconnection technologies such as cookies or pixels. Below are the privacy policy links for the social networks used, for which they act as independent data controllers:
- Instagram: Instagram Privacy Policy
- Facebook: Facebook Privacy Policy
Interactions and transmitted information depend on and are subject to the privacy settings of each social network. If a service for interacting with social networks is installed, it may collect traffic and navigation data related to the pages visited and your activities on the site. For more information on permissions and acquired data, refer to the cookie policy and documentation of each social network platform.
Automated Profiling of Personal Data
The site uses automated user profiling systems aimed at analyzing or predicting aspects related to choices, habits, and purchasing preferences based on the type of purchases made.
For more information, please read the cookie policy and the following section related to profiling purposes.
Cookies
This website uses cookies to offer its users the best possible experience on the site and optimize their visit and usage.
Processing Purposes
The personal data you provide will be processed for the specified purposes. For some purposes, your consent to the processing may be required.
Processing Purposes
REQUEST MANAGEMENT AND SERVICE PROVISION | |
a) For creating a user account and related management purposes, in case of registration on the website; b) To verify your identity, including support for access restoration; c) To handle any type of technical, commercial, or administrative assistance requests and provide additional services requested by the user. | The processing is carried out within the scope of executing a contract in which the user is a party or in the execution of pre-contractual measures adopted at the user’s request (Article 6, paragraph 1, letter b) of the GDPR).Consent is not required.The provision of data (if marked as necessary in the forms) is necessary to achieve the stated purposes. Refusal to provide such data will result in the inability of the Data Controller to provide services or fulfill your requests, and therefore, you won’t be able to use the services available through the website.Furthermore, data processing for these purposes is necessary to comply with any legal obligations: personal data must be processed in accordance with applicable regulations, including their retention and communication to Authorities for accounting, tax, or other obligations |
d) To follow up on any requests directed to us, for example, through the spontaneous sending of messages, emails, or traditional mail to the contact details indicated on the website. This may involve subsequent acquisition of the sender’s address, including email, or their relevant telephone number necessary to respond to the requests, as well as any other personal data included in the corresponding communications. | The processing is carried out in the context of the execution of a contract of which the user is a party or the execution of pre-contractual measures adopted at the user’s request (Article 6, paragraph 1, letter b) of the GDPR).Consent is not required.The provision of data (if marked as necessary in the forms) is necessary for the pursuit of the indicated purposes, and any refusal to provide it will result in the impossibility for the Data Controller to provide services or meet your requests, and therefore, to use the services available through the website. |
e) For the execution of obligations provided by laws, regulations, and national and/or community legislation, as well as provisions issued by authorities authorized by law or supervisory bodies.f) To prevent or detect any misuse of the website or any fraudulent activity, thus allowing Risparmio Casa Malta Limited to defend itself in court. | The processing is necessary to fulfill a legal obligation to which the Data Controller is subject (Article 6, paragraph 1, letter c) of the GDPR).Consent is not required.The processing of data for these purposes is necessary in order to comply with any legal obligations |
2. MARKETING ACTIVITIES AND COMMERCIAL PROMOTION | |
For marketing purposes, including sending communications via postal mail, newsletters, emails, instant messaging services, commercial offers, advertising material, promotional and informational content, market research, and surveys related to the products and/or services offered by Risparmio Casa Malta Limited, and where applicable, by the Data Controller company for the specified area of preference during registration and subscription. | The consent is necessary to carry out the processing (Article 6, paragraph 1, letter a) of the GDPR).The consent is always optional. The lack of consent or its subsequent revocation will not have any consequences on the provision of services, except for the impossibility of receiving commercial communications and updates on products, services, and promotions. When receiving each communication, you will have the option to express your opposition to data processing by unsubscribing. |
3. PROFILING THROUGH AUTOMATED PROCESSING OF PERSONAL DATA | |
a) To analyze or predict aspects related to choices, habits, and purchasing preferences, including those related to the geographical area of reference. This also includes creating profiles (individual and/or aggregated) for the purpose of conducting market research, carrying out promotional activities, and offering personalized offers.b) For the analysis and study of user consumption habits and choices (so-called “profiling”), based on the type of purchases made, in order to conduct personalized market research and promotional activities.c) To create a user profile through the use of profiling cookies, provided that the user has accepted their use. This involves collecting and analyzing information about activities, selections, and choices made on the website, as well as analyzing the activities of registered users by gathering information on browsing activities. The profile will be used to provide information about other products and/or services that Risparmio Casa Malta Limited believes may be of interest to the user and to display personalized advertisements relevant to the user’s preferences | The consent is necessary to carry out the processing (Article 6, paragraph 1, letter a) of the GDPR).The consent is always optional. The lack of consent or its subsequent revocation will not have any consequences on the provision of services, except for the impossibility of receiving commercial communications in line with the user’s preferences and optimizing the services offered by the Data Controller. |
One or more consents given can be revoked at any time by contacting the Data Controller using the methods indicated for exercising rights, as specified in this privacy policy.
PURPOSE OF DATA PROCESSING FOR NAVIGATION DATA AND SYSTEM LOGS
Personal data transmitted implicitly through Internet communication protocols and system logs are processed solely to obtain anonymous statistical information about the use of the website, to monitor its correct functioning, and to protect the computer systems that enable its operation. Such data, including your IP address, may also be used to ascertain liability in the event of hypothetical computer crimes against the website.
OBLIGATION OR FREEDOM TO PROVIDE DATA
Apart from what is specified for navigation data, you are free to provide the personal data indicated in forms or registration procedures. Failure to provide this data may result in the impossibility of obtaining what is requested or carrying out certain services, as specified in relation to the aforementioned purposes.
DATA PROCESSING METHODS
Personal data is processed using automated tools, methods, and procedures for the time strictly necessary to achieve the purposes for which it was collected and for the pursuit of the purposes described in this notice. In particular, processing is carried out by specifically authorized personnel, mainly using electronic, computerized, or otherwise automated means, through the use of email or other remote communication techniques.
DATA RETENTION
Data is retained for the time strictly necessary to provide the requested service or for the duration established by current regulations. In general, your personal data no longer necessary for the purposes for which it was collected is immediately deleted or anonymized, except for the retention obligations indicated here, prescribed by law or contrary indication from the data subject. The Data Controller, to protect its interests, may also process personal data for as long as permitted by law, particularly as necessary to protect its interests from possible claims related to the services provided.
For marketing, commercial promotion, and profiling purposes, data retention will occur until consent is revoked, after which the Data Controller will no longer use the user’s personal data for these purposes. In any case, every two years, we will ask you to renew your consent.
DATA SECURITY
The Data Controller adopts specific security measures, suitable and preventive, in order to safeguard the confidentiality, integrity, completeness, and availability of your personal data, as well as to prevent data loss, illicit or incorrect use, and unauthorized access. Specifically, the website uses an SSL (Secure Sockets Layer) encryption system, which ensures protection through encryption of information both on the login page and in other sections where you can submit, view, or modify your personal data. The service providers used for data processing (e.g., for managing newsletters) are carefully selected based on adopted security requirements. However, the Data Controller does not consider itself responsible for untrue or incomplete information directly provided by the user (e.g., correctness of email address, age-related data, or address), as well as information related to the Data Controller that has been provided by a third party, even fraudulently.
RECIPIENTS OF PERSONAL DATA
Your personal data may be communicated to subjects who can access the data by virtue of legal provisions, regulations, or community norms, within the limits provided by such rules. For the provision and management of services, your personal data may be communicated to other entities, acting as data processors and/or independent data controllers (such as web service providers, email services, or technical services instrumental to the website services, image and communication agencies, entities providing administrative, legal, and tax assistance related to service provision, authorized internal personnel bound by confidentiality obligations). These communications are limited to what is necessary to perform their duties on behalf of the Data Controller, and they act as data processors or sub-processors, committed to confidentiality, including through appropriate legal obligations. Your data may also be communicated to subjects, entities, or authorities due to legal obligations, protection against abuse or fraud, or orders from authorities. The complete list of these subjects can be requested directly from the Data Controller. The collected personal data is not publicly disclosed.
LOCATION AND DATA PROCESSING
The processing related to the website’s web services takes place at the aforementioned headquarters of the Data Controller. The Data Controller uses external providers for website hosting services, which are managed only by authorized technical personnel and occasionally by maintenance staff. Your personal data will be processed by the company responsible for the website’s design and maintenance, appointed as the data processor at its own headquarters. Your personal data will be stored on servers/databases of the Data Controller or its providers located within the European Union. Except as further indicated, the data will not be transferred outside the European Union.
TRANSFER TO THIRD COUNTRIES
Some of your personal data may be transferred to recipients located outside the European Union (e.g., service providers for managing newsletters, social networks, or performance and usage analysis services for the website), as indicated in the various processing purposes and in the cookie policy. The Data Controller ensures that the processing of personal data by these recipients complies with the requirements of current regulations, either based on an adequacy decision or, alternatively, on standard contractual clauses approved by the European Commission.
RIGHTS OF DATA SUBJECTS
As a data subject and within the limits of current regulations, you can exercise the rights provided by Articles 15 to 22 of EU Regulation 2016/679 against the Data Controller and, as indicated in the respective information notices, against the data controllers. In summary, you have the right to request at any time:
- Access to your personal data and additional information about their processing.
- Rectification or updating of your data.
- Deletion of your data. You can also:
- Object to processing.
- Request limitation of processing.
- Obtain, in a structured, commonly used, and machine-readable format, the data you provided during registration.
- Revoke consent for processing purposes that require it (e.g., marketing and newsletter purposes). In accordance with current regulations, you have the right to lodge a complaint with the competent supervisory authority (Information and Data Protection Commissioner, Floor 2, Airways House, Triq Il-Kbira, Tas-Sliema SLM 1549, +356 2328 7100, idpc.info@idpc.org.mt) if you believe that the processing of personal data is in violation of the law or your rights. These rights can be exercised at any time by contacting the Data Controller via email at privacy@risparmiocasa.mt. You can also view and modify your personal data at any time by accessing the data modification section within your personal account and granting or revoking any previously provided consent for receiving commercial communications.
CHANGES AND UPDATES
This privacy policy has been in effect since 19/07/2024. The Data Controller reserves the right to modify or update its content in relation to changes in applicable regulations. All changes and updates will be binding as soon as they are published on the website.