DW&P Dr. Werner & Partner (hereinafter referred to as ‘DW&P’ and/or ‘Service Provider’) is the brand under which the member firms of company DW&P Services LTD operate and provide professional services.
These include:
- Joerg Werner - Advocate & Legal Practitioner
- DW&P Services LTD
Together, these firms form the DW&P network.
Kindly note that for other services, such as Audit and Bookkeeping, DW&P works collaboratively with:
- Borg Galea Audit Ltd
- Servox Ltd
DW&P is the Data Controller for the purposes of applicable data protection law.
The Company respects your privacy and is committed to protecting your personal data which it processes.
This Privacy Notice explains how the Company will comply with the applicable data protection legislation, including, the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as the ‘GDPR’), the Data Protection Act (Chapter 586 of the Laws of Malta, any subsidiary legislation and any other applicable laws relating to privacy and electronic communications, as may be amended from time to time.
It is important that you read this Privacy Notice so that you are aware of how and why we are using your information.
1. Data Controller
As the Data Controller, DW&P is responsible for deciding how it holds and uses the personal information collected from you.
Address: Phoenix Business Centre, The Penthouse, Old Railway Track, Santa Venera, SVR9022, Malta
Tel: +356 21377700 from 09:00 to 17:00
Email: info@drwerner.com
GDPR Compliance Team: gdprcompliance@drwerner.com
2. Data Protection Principles
We will comply with data protection law. This says that the personal information we hold about you must be:
- Lawfulness, fairness and transparency - processed lawfully, fairly and in a transparent manner in relation to the data subject.
- Purpose limitation - collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Data minimisation - adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
- Accuracy - accurate and, where necessary, kept up to date.
- Storage limitation - kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
- Integrity & Confidentiality - processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
3. Personal Data
Personal Data is any information relating to an identified or identifiable natural living person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Special category data includes information about a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for uniquely identifying a person, data concerning health and data concerning a natural person’s sex life or sexual orientation.
4. The Personal Data We Collect & How We Use It
DW&P processes the following categories of personal data for the purposes indicated below:
| Personal Data | Purpose for Processing | Lawfulness |
|---|---|---|
| First Name, Last Name, Contact Number, E-mail Address | Response of Queries, Provision of Feedback, Commentary & Newsletter Subscriptions, LiveChat, Consultation Purposes, Invoicing | Legitimate Interest |
| Passport, ID Card, Bank Reference Letter, Professional Reference Letter, Proof of Address, CV, Shareholder’s List, Screenshots | Compliance Purposes, Bookkeeping Purposes, Auditing Purposes, Banking Purposes | Legal Obligation, Contractual Obligation |
| Proof of Authorisation (Power of Attorney) | Identification Purposes | Legal Obligation, Contractual Obligation |
| Job Applicants Details | Recruitment Purposes | Contractual Obligation |
| Employee Details | Employment, Payroll, Performance Reviews, Compliance | Contractual Obligation, Legal Obligation |
| Social Security Number, Tax ID Number | Payroll Purposes | Legal Obligation |
| Passport, ID Card, Bank Reference Letter, Professional Reference Letter, Proof of Address, CV, Police Conduct, Previous Employer Reference, Copies of Qualifications | VFA Agent Services, Fit & Proper Assessment | Contractual Obligation, Legal Obligation |
5. Failure to Provide the Information
Failure to provide personal data may prevent the Company from complying with its legal obligations, concluding contracts and delivering the requested services. While the provision of your personal information is voluntary, the Company will be unable to provide its services should the information be refused.
6. Changes to Your Personal Data
It is your responsibility to keep us informed of any changes to your personal data. DW&P may request documentation for KYC (Know Your Customer) and due diligence purposes on a periodic basis.
7. Cookies
Cookies are small text files placed on your computer by websites or sometimes by emails. They provide useful information to companies, which helps in all sorts of ways. For you, it means you can use the site more efficiently and save time by not having to re-enter your details each time you visit. They also make sure you see content relevant to you. For us, cookies help us to analyse how our customers interact with our sites so we can keep improving them. For more information, please refer to our Cookie Policy.
8. Disclosure of Your Personal Data
We will not intentionally disclose your personal data to any third parties, unless legally obliged by national or European legislation. However, for operational purposes, we may share personal data with the following entities:
| Third Party | Purpose |
|---|---|
| Malta Business Registry | Company Service Provider |
| Banks / EMIs | Bank Account Openings |
| FIAU | AML/CFT Regulations |
| Identity Malta | Working Permits |
| PayPal | Subscription and Payment |
| Calendly | Consultation Booking |
9. International Transfers
Personal data may be shared within or outside the European Economic Area (EEA). In the event that personal data is transferred outside the EEA, appropriate safeguards will be put in place to ensure compliance with data protection legislation.
10. Retention of Personal Data
Personal data shall be retained only as long as necessary for the purposes for which it was collected. If you have any queries regarding our retention periods, please contact us at gdprcompliance@drwerner.com.
11. Data Subject Rights
Under the GDPR, data subjects have the following rights in relation to their personal data:
- Right to be informed - the right to be informed about the collection and use of personal data.
- Right of access - the right to request access to and receive a copy of the personal data held about you.
- Right to rectification - the right to have inaccurate personal data corrected or completed if it is incomplete.
- Right to erasure - the right to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
- Right to restrict processing - the right to request the restriction of processing of personal data.
- Right to object - the right to object to the processing of personal data.
- Right to data portability - the right to request the transfer of personal data to another party.
- Rights related to automated decision-making - the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affecting you.
- Right to lodge a complaint - the right to lodge a complaint with the Information and Data Protection Commissioner (IDPC), Malta.
- Right to withdraw consent - the right to withdraw consent at any time where the processing of personal data is based on consent.
To exercise any of the above rights, please contact us at gdprcompliance@drwerner.com. We will respond to your request within one month, extendable to three months where necessary.
12. Security
The Company has put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. Regular staff training is provided to ensure awareness of data protection obligations. Breach notification procedures are in place to deal with any suspected data security breach, and we will notify you and any applicable regulator of a breach where we are legally required to do so.
If you have any concerns, please contact us at gdprcompliance@drwerner.com or call us at +356 21377700.
13. Privacy by Design & by Default
Privacy is considered at the design stage of all our systems and processes. Data Protection Impact Assessments (DPIAs) are conducted in accordance with Articles 35 and 36 of the GDPR where processing is likely to result in a high risk to the rights and freedoms of natural persons.
14. Links to Other Websites
This Privacy Notice does not cover the processing of personal data by other entities. We encourage you to read the privacy notices of any third-party websites you visit.
15. Changes to This Privacy Notice
This Privacy Notice may be updated from time to time. Material changes will be communicated to you via email or through a prominent notice on our website.
