Privacy Notice

Privacy Notice

Privacy Notice

Last updated on the 25th May 2018.

The controller of your personal data is Virtu Ferries Limited, a company registered in Malta, bearing company registration number C11553 and having its registered address at Virtu, Ta’Xbiex Terrace, Ta’Xbiex, Malta (“We”/”Us”/”Our”).

We are committed to respecting your privacy. If you wish to contact Us about Our privacy practices please feel free to do so by post on the abovementioned address or by email at [email protected]. You may also wish to contact us by telephone on (+356) 22069022.

Please read this Privacy Notice carefully to understand our practices with respect to your personal data.

References to “data controller”, “data subject”, “personal data”, “process”, “processed”, “processing” and “Data Protection Officer” in this Privacy Notice have the meanings set out in, and will be interpreted in accordance with applicable laws, including but not limited to the Data Protection Regulation (EU) 2016/679 and the Data Protection Act, Chapter 440 of the Laws of Malta and subsidiary legislation thereto, as may be amended from time to time.

  1. Updates

We may update this Privacy Notice in Our sole discretion including as a result of a change in applicable law or processing activities. Any such changes will be communicated to you prior to the commencement of the relevant processing activity.

  1. What amounts to personal data?

The term “personal data” refers to all personally identifiable information about you, such as your name, surname and address, and includes all information which may arise that can be identified with you personally.

  1. How do we collect personal data?

As a ferry operator, We regularly collect personal data as part of our professional services and obligations. We typically collect personal data:

Generally, you would have provided your personal data to Us. However, in some instances, We may collect personal data about you from third party sources, such as online searches or from public registers.

Third parties such as Our clients and business partners may also have provided your personal data to Us.

  1. What personal data do we process?

The personal data we typically collect and process are:

  1. How do we use your personal data?

Irrespective of the manner that We have collected your personal data, We will only process such data for the purposes of Our ferry services or purposes which are inherently related thereto, including the fulfilment of any legal or regulatory obligation imposed on Us.

Typically, your personal data will be processed for:

We might also process your personal data on the basis of your explicit consent, in which case we will process your data for the purposes for which your explicit consent was requested. Processing your data on the basis of consent is not envisaged, except with respect communications related to Our updates, newsletters and events in cases where we do not have a legitimate interest to send you such communications.

  1. Legal Bases of Processing Personal Data

We process your personal data on the basis of the following legal bases:

On the basis of Our legitimate interests or compliance with legal obligations, as applicable, We may also process your personal data for the purposes of establishing, exercising or defending legal proceedings.

Note that special categories of personal data include data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic, biometric or health data, sexual orientation and data related to your conviction and offences. Typically, We do not envisage any processing of special categories of personal data and generally, We would only require to process such data if We are involved in the establishment, exercise or defence of legal claims.

When special categories of personal data become envisaged on another basis, We will ensure that We have additional grounds for processing your personal data and will communicate to you any relevant information which may be required under applicable laws.

  1. Recipients

We may share your personal data with third party recipients who are:

Unless specifically instructed and consented by you, we do not share your personal data with any entity located outside of the EU or EEA.

  1. Automated Decision-Making and Profiling

Your personal data will not be used for any decision solely taken on the basis of automated decision-making processes, including profiling, without human intervention.

In the interest of transparency, note that We use systems which could profile you. Such systems are used by Us exclusively to help Us comply with legal obligations imposed on Us as a result of anti-money laundering and combating the funding of terrorism legislation. As stated, no automated-decision will result from Our use of such systems.

  1. Data Retention

We retain your personal data exclusively for the period which is lawfully permissible to retain your personal data. Thereafter, your personal data shall be immediately and irrevocably destroyed, unless we have a statutory obligation imposed on Us to retain your data for a further period or a business need or require your personal data to exercise or defend legal claims.

We may have a legitimate interest to hold your data for longer periods such as when your data is required for exercising or defending legal claims.

Any personal data which We may hold on the basis of your consent shall be retained exclusively until when you withdraw your consent. As noted above, retention of data on the basis of your consent is only envisaged if you wish to be contacted with respect to communications related to updates, newsletters and events in cases where We do not have a legitimate interest to send you such communications.

  1. Your Rights

For as long as We retain your personal data, you have certain rights in relation to your personal data including:

Note that We may contact you about Our updates, newsletters and events on the basis of Our legitimate interests to keep you informed of such legal matters if you are a client of Our services.  In this respect, you have a right to opt-out and to object to receiving any further such communications from Us.

Note that if We contact you about Our updates, newsletters and events on the basis of your consent, you have a right to withdraw your consent and no longer be contacted for such purposes at any time.

Please note that in terms of the applicable laws, your rights in relation to your personal data are not absolute.

You may exercise the rights indicated in this section by contacting Us at the details indicated above.

  1. Keeping you data secure

We shall keep your personal data secure and shall commit to take appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, including against accidental loss, destruction, storage or access. Your personal data may be stored in paper files or electronically on our technology systems or on technology systems of our IT service providers.

  1. Complaints

If you have any complaints regarding Our processing of your personal data, please note that you may contact Us or Our Data Protection Officer at the details indicated above. You also have a right to lodge a complaint with the Office of the Information and data Protection Commissioner in Malta (www.idpc.gov.mt).