DWP Dr. Wern­er and Part­ner

Pri­va­cy Notice

Last Updat­ed: 14/02/2020

DWP Dr. Wern­er & Part­ner (here­inafter referred to as ‘DWP’ and/or ‘Ser­vice Provider’) is the brand under which the mem­ber firms of com­pa­ny DWP Mal­ta Ltd. oper­ate and pro­vide pro­fes­sion­al ser­vices.

These include:

  • Joerg Wern­er — Advo­cate & Legal Prac­ti­tion­er
  • DWP Mal­ta Ltd

Togeth­er, these firms form the DWP net­work. ‘DWP’ is often used to refer either to indi­vid­ual firms with­in the ‘DWP’ net­work or to sev­er­al or all of them col­lec­tive­ly.

Kind­ly note that for oth­er ser­vices, such as VFA relat­ed ser­vices, Audit and Book Keep­ing, DWP works col­lab­o­ra­tive­ly with the fol­low­ing com­pa­nies:

  • DWP VFA Agent Ltd;
  • Borg Galea Audit Ltd;
  • Ser­vox Ltd.

Kind­ly note that mem­ber firms of the Com­pa­ny have a data shar­ing agree­ment in place and data will be processed in line with your engage­ment depend­ing on the scope of the engage­ment let­ter.

DWP is the Data Con­troller for the pur­pos­es of applic­a­ble data pro­tec­tion law.

The Com­pa­ny respects your pri­va­cy and is com­mit­ted to pro­tect­ing your per­son­al data which it process­es.

This Pri­va­cy Notice explains how the Com­pa­ny will com­ply with the applic­a­ble data pro­tec­tion leg­is­la­tion, includ­ing, the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (EU) 2016/679 (here­inafter referred to as the ‘GDPR’), the Data Pro­tec­tion Act (Chap­ter 586 of the Laws of Mal­ta, any sub­sidiary leg­is­la­tion and any oth­er applic­a­ble laws relat­ing to pri­va­cy and elec­tron­ic com­mu­ni­ca­tions, as may be amend­ed from time to time.

It is impor­tant that you read this Pri­va­cy Notice so that you are aware of how and why we are using your infor­ma­tion.


As the Data Con­troller, DWP is respon­si­ble for decid­ing how it holds and uses the per­son­al infor­ma­tion col­lect­ed from you. The Com­pa­ny may, in cer­tain cir­cum­stances, deliv­er ser­vices in part­ner­ship with anoth­er enti­ty where­by the Com­pa­ny will be a Joint Con­troller with that enti­ty.

DWP’s con­tact details:

Address:        Phoenix Busi­ness Cen­tre

The Pent­house

Old Rail­way Track

San­ta Ven­era, SVR9022


Tel:                 +356 21377700 from 09:00 to 17:00

For gen­er­al con­tact, please send us an email on info@drwerner.com.

The Com­pa­ny has a GDPR Com­pli­ance Team (here­inafter referred to as ‘the Team’) who is respon­si­ble for mat­ters relat­ing to pri­va­cy and data pro­tec­tion. The Team may be reached on gdprcompliance@drwerner.com or by call­ing on +356 21377700.


The Com­pa­ny is com­mit­ted towards com­pli­ance. If we need to col­lect, use or store your Per­son­al Data, we will abide by the fol­low­ing data pro­tec­tion prin­ci­ples:

  • Law­ful­ness, fair­ness and trans­paren­cy – the pro­cess­ing of per­son­al data shall take place in a law­ful, fair and trans­par­ent man­ner;
  • Pur­pose lim­i­ta­tion – the col­lec­tion of per­son­al data shall only be per­formed for spec­i­fied, explic­it and legit­i­mate pur­pos­es and shall not be fur­ther processed in a man­ner which ren­ders it incom­pat­i­ble with those pur­pos­es;
  • Data min­imi­sa­tion – the col­lec­tion of per­son­al data shall be ade­quate, rel­e­vant and lim­it­ed to what is nec­es­sary in rela­tion to the purpose(s) for which they are processed;
  • Accu­ra­cy – the per­son­al data shall be accu­rate and where nec­es­sary kept up to date. Hav­ing regard to the purpose(s) for which per­son­al data is processed, the Com­pa­ny shall take every rea­son­able step to ensure that inac­cu­rate per­son­al data are erased or rec­ti­fied with­out undue delay;
  • Stor­age lim­i­ta­tion – per­son­al data shall be kept in a form which per­mits iden­ti­fi­ca­tion of the data sub­ject, for no longer than is nec­es­sary for the purpose(s) for which the per­son­al data is processed;
  • Integri­ty & Con­fi­den­tial­i­ty - per­son­al data shall be kept con­fi­den­tial and stored in a man­ner which ensures appro­pri­ate secu­ri­ty. Per­son­al data shall not be shared with third par­ties except when nec­es­sary and with a jus­ti­fi­able legal basis.

Per­son­al Data is any infor­ma­tion relat­ing to an iden­ti­fied or iden­ti­fi­able nat­ur­al liv­ing per­son, also known as a ‘data sub­ject’. A data sub­ject can be described as an indi­vid­ual who can be direct­ly or indi­rect­ly iden­ti­fied through the infor­ma­tion col­lect­ed and processed by the Com­pa­ny. Such infor­ma­tion may include name, sur­name, iden­ti­fi­ca­tion num­ber, loca­tion data, online iden­ti­fi­er or any oth­er data relat­ing to their phys­i­cal, phys­i­o­log­i­cal, genet­ic, men­tal, eco­nom­ic, cul­tur­al or social iden­ti­ty.

The def­i­n­i­tion of Per­son­al Data excludes any data which has been ren­dered anony­mous in such a man­ner that the data sub­ject is no longer iden­ti­fi­able (‘anony­mous data’).

Spe­cial cat­e­go­ry data includes data on racial or eth­nic ori­gin, polit­i­cal opin­ions, reli­gious or philo­soph­i­cal beliefs, trade union mem­ber­ship, genet­ic data, bio­met­ric data for the pur­pose of unique­ly iden­ti­fy­ing a nat­ur­al per­son, health data, data con­cern­ing a nat­ur­al person’s sex life or sex­u­al ori­en­ta­tion. The Com­pa­ny will only process spe­cial cat­e­go­ry data, also known as ‘sen­si­tive data’, under strict con­di­tions and with an appro­pri­ate legal basis.

We process per­son­al data about the fol­low­ing cat­e­gories of data sub­jects:


We col­lect and process per­son­al data relat­ing to you in con­nec­tion with your use of this web­site and our rela­tion­ship with you. This per­son­al data may include:

Per­son­al DataPur­pose for Pro­cess­ingLaw­ful­ness
First Name

Last Name

Con­tact Num­ber

E‑mail Address


Response of Queries Pro­vi­sion of Feed­back

Com­men­tary & Newslet­ter Sub­scrip­tions

Con­sul­ta­tion Pur­pos­es


To Take part in online dis­cus­sions, sur­veys or pro­mo­tions.

Legit­i­mate Inter­est

ID Card

Bank Ref­er­ence Let­ter

Pro­fes­sion­al Ref­er­ence Let­ter

Proof of Address


Shareholder’s List

Screen­shots of a Per­son


Com­pli­ance Pur­pos­es

Book­keep­ing Pur­pos­es

Audit­ing Pur­pos­es

Bank­ing Pur­pos­es

Legal Oblig­a­tion Con­trac­tu­al Oblig­a­tion
Proof of Autho­ri­sa­tion to act on someone’s behalf such as Pow­er of Attor­neyIden­ti­fi­ca­tion Pur­pos­esLegal Oblig­a­tion Con­trac­tu­al Oblig­a­tion
Job Appli­cants DetailsRecruit­ment Pur­pos­es

For more infor­ma­tion please refer to our Can­di­date Pri­va­cy Notice)

Con­trac­tu­al Oblig­a­tion
Employ­ee DetailsEmploy­ment Pur­pos­es Pay­roll Pur­pos­es Per­for­mance Reviews

Com­pli­ance with the applic­a­ble employ­ment leg­is­la­tion


(For more infor­ma­tion please refer to our Employ­ee Pri­va­cy Notice which is pro­vid­ed to all employ­ees at com­mence­ment of employ­ment)

Con­trac­tu­al Oblig­a­tion Legal Oblig­a­tion
Social Secu­ri­ty Num­ber

Tax Iden­ti­fi­ca­tion Num­ber


Pay­roll Pur­pos­esLegal Oblig­a­tion

ID Card

Bank Ref­er­ence Let­ter, Pro­fes­sion­al Ref­er­ence Let­ter,

Proof of Address


Police Con­duct

Pre­vi­ous Employ­er Ref­er­ence

Copies of Qual­i­fi­ca­tions


VFA Agent Ser­vices

Con­duct of Fit & Prop­er Assess­ment

Con­trac­tu­al Oblig­a­tion Legal Oblig­a­tion
Per­son­al Data relat­ing to exter­nal con­sul­tantsTo take steps to enter into a con­tract of Ser­viceCon­trac­tu­al Oblig­a­tion
Serv­er Log­filesSta­tis­ti­cal Eval­u­a­tion

(for more infor­ma­tion please refer to our Cook­ie Pol­i­cy)

Legit­i­mate Inter­est



In most cas­es, the pro­vi­sion of per­son­al data aris­es either from statu­to­ry require­ments or con­trac­tu­al pro­vi­sions. Where applic­a­ble, fail­ure of the pro­vi­sion of per­son­al data will pre­vent the Com­pa­ny from com­ply­ing with its legal or reg­u­la­to­ry oblig­a­tion, con­clud­ing con­tracts, and deliv­er­ing the ser­vices request­ed.


It is impor­tant that the per­son­al infor­ma­tion we hold about you is cur­rent and accu­rate. There­fore, it is your respon­si­bil­i­ty to keep us informed should any of your per­son­al infor­ma­tion change.

Due to DWP’s oblig­a­tions at law, you bind your­self to fur­nish us with recent suit­able doc­u­men­ta­tion for con­fir­ma­tion, on a reg­u­lar basis, upon a mere ver­bal request to this effect from us. These may be required for KYC and due dili­gence pur­pos­es as well as to allow us to cor­rect­ly per­form the terms of our engage­ment, as per the inter­nal oper­at­ing pro­ce­dures cur­rent­ly in force at the time.


Cook­ies are small text files placed on your com­put­er by the web­sites you vis­it. They are wide­ly used to make web­sites work more effi­cient­ly, as well as to pro­vide infor­ma­tion to the own­ers of the web­site.

For more infor­ma­tion about how we use cook­ies and to change your cook­ie pref­er­ences kind­ly read our Cook­ie Pol­i­cy.


Except as described in this Pri­va­cy Notice, we will not inten­tion­al­ly dis­close the per­son­al data we col­lect or store to the third par­ties unless it is an imposed legal oblig­a­tion on us to do so.

We will not share your infor­ma­tion with any third par­ties for the pur­pos­es of direct mar­ket­ing.

We use data proces­sors who are third par­ties who pro­vide ele­ments of ser­vices for us. We have agree­ments in place with our data proces­sors. This means that they can­not do any­thing with your per­son­al infor­ma­tion unless we have instruct­ed them to do it. They will hold it secure­ly and retain it for the peri­od we instruct.

In some cir­cum­stances we are legal­ly oblig­ed to share infor­ma­tion. For exam­ple, under a court order or where we coop­er­ate with oth­er author­i­ties. We might also share infor­ma­tion with oth­er reg­u­la­to­ry bod­ies in order to fur­ther their, or our, objec­tives. In any sce­nario, we will ensure that we have a law­ful basis on which to share the infor­ma­tion.

We may dis­close infor­ma­tion to third par­ties in con­nec­tion with the above-men­tioned pur­pos­es, in the fol­low­ing cir­cum­stances:

Recip­i­ents of Per­son­al DataPur­poseLegal Basis for Dis­clo­sure
Mal­ta Busi­ness Reg­istryCom­pa­ny Ser­vice ProviderCon­trac­tu­al Oblig­a­tions
Banks/ EMIsBank Account Open­ingsCon­trac­tu­al Oblig­a­tions
FIAUAML/CFT Reg­u­la­tionsAML/CFT Reg­u­la­tions
Iden­ti­ty Mal­taWork­ing Per­mitsCon­trac­tu­al Oblig­a­tions
Pay­PalSub­scrip­tion and Pay­ment Pur­pos­esCon­trac­tu­al Oblig­a­tions
Cal­end­lyCon­sul­ta­tion Book­ingCon­trac­tu­al Oblig­a­tions


All our third-par­ty ser­vice providers are required to take appro­pri­ate secu­ri­ty mea­sures to pro­tect your per­son­al data in line with our poli­cies. More­over, we only per­mit third par­ties to process your per­son­al data for spec­i­fied pur­pos­es and in accor­dance with our legal­ly bind­ing agree­ments.


The infor­ma­tion pro­vid­ed to us may be shared with third par­ties sit­u­at­ed in oth­er Euro­pean Eco­nom­ic Area (‘EEA’) Mem­ber States or in coun­tries out­side the EEA.

The Com­pa­ny will only trans­fer per­son­al data out­side the EEA after tak­ing the nec­es­sary steps to ensure that your pri­va­cy rights con­tin­ue to be pro­tect­ed, as out­lined in this Pri­va­cy Notice and in accor­dance with applic­a­ble data pro­tec­tion laws.

For instance, we will trans­fer your per­son­al data out­side the EEA with your con­sent, to ful­fil a legal oblig­a­tion or to ful­fil our con­trac­tu­al oblig­a­tions.


The per­son­al data that we process shall not be kept longer than is nec­es­sary. We retain your per­son­al data for as long as we need it to com­ply with our oblig­a­tions under applic­a­ble law, to enforce our con­trac­tu­al agree­ments, and if rel­e­vant, for the estab­lish­ment, exer­cise and defence of legal claims.

We will active­ly review the per­son­al data we han­dle, process and store, and will delete or anonymise it in a secure man­ner where there is no longer a legal, busi­ness or cus­tomer need for it to be retained.

For more infor­ma­tion on the reten­tion of your per­son­al data, kind­ly con­tact us on gdprcompliance@drwerner.com or on +356 21377700.

In cir­cum­stances where it is impos­si­ble for us to spec­i­fy in advance the peri­ods for which your per­son­al data will be retained, we will deter­mine the reten­tion peri­od on the fol­low­ing cri­te­ria:

  • the purpose(s) was for which your per­son­al data was col­lect­ed;
  • whether there are any statu­to­ry oblig­a­tions, oblig­ing us to con­tin­ue to process your infor­ma­tion;
  • whether we have a legal basis in place to con­tin­ue to process your infor­ma­tion, includ­ing but not lim­it­ed to con­sent;
  • the val­ue attached to your infor­ma­tion;
  • whether there are any indus­try prac­tices stip­u­lat­ing how long the infor­ma­tion should be retained;
  • the risk, cost and lia­bil­i­ty attached to such reten­tion; and
  • any oth­er rel­e­vant cir­cum­stances.

As a data sub­ject you have a num­ber of rights in rela­tion to your per­son­al data. The Com­pa­ny respects your pri­va­cy rights and will endeav­our to uphold such rights to the extent that they apply to the way in which we process your per­son­al data.

Your prin­ci­pal rights are:

  • the right to be informed;
  • the right to access;
  • the right to rec­ti­fi­ca­tion;
  • the right to era­sure;
  • the right to restrict pro­cess­ing;
  • the right to object to pro­cess­ing;
  • the right to data porta­bil­i­ty;
  • the right to know of the exis­tence of auto­mat­ed deci­sion-mak­ing;
  • the right to lodge a com­plaint with the super­vi­so­ry author­i­ty (IDPC) and/or seek judi­cial rem­e­dy in those cas­es where you believe that your data pro­tec­tion rights have been infringed fol­low­ing the pro­cess­ing of your per­son­al data by a data con­troller; and
  • the right to with­draw con­sent.

If you wish to exer­cise any of the above-men­tioned rights, please send your request on gdprcompliance@drwerner.com.

Any request made will be giv­en appro­pri­ate con­sid­er­a­tion with­in the timescales required by data pro­tec­tion leg­is­la­tion. Gen­er­al­ly, the Com­pa­ny will respond to such requests with­in one (1) month, with the pos­si­bil­i­ty to extend this peri­od to three (3) months for par­tic­u­lar­ly com­plex requests, in accor­dance with applic­a­ble law. In any such event, we will inform you accord­ing­ly.

Pri­or to pro­cess­ing your request and where deemed rea­son­ably nec­es­sary, you will be required to pro­vide us with proof of your iden­ti­ty. This is intend­ed to ensure that the per­son­al data is not dis­closed to unau­tho­rised third par­ties. The Com­pa­ny may require addi­tion­al infor­ma­tion in rela­tion to such requests in order to speed up our response pro­ce­dure. We reserve the right to with­hold your per­son­al data if dis­clos­ing it would adverse­ly affect the rights and free­doms of oth­ers.

Gen­er­al­ly, when exer­cis­ing your rights, no fees are applic­a­ble. How­ev­er, if your request is clear­ly unfound­ed, repet­i­tive or exces­sive, we may charge a rea­son­able fee.


The Com­pa­ny take appro­pri­ate secu­ri­ty mea­sures to pro­tect your per­son­al data against loss, mis­use, unau­tho­rised access, alter­ation, dis­clo­sure or destruc­tion of your infor­ma­tion.

We have tak­en steps to ensure the ongo­ing con­fi­den­tial­i­ty, integri­ty, avail­abil­i­ty and resilience of sys­tems and ser­vices pro­cess­ing per­son­al infor­ma­tion and will restore the avail­abil­i­ty and access to infor­ma­tion in a time­ly man­ner in the event of a phys­i­cal or tech­ni­cal inci­dent.

No method of elec­tron­ic stor­age and no method of trans­mis­sion over the inter­net, is 100% secure. The Com­pa­ny can­not war­rant or ensure the secu­ri­ty of any infor­ma­tion trans­mit­ted to us, but this is done at your own risk. More­over, we can­not guar­an­tee that such infor­ma­tion will not be accessed, dis­closed, altered or destroyed by any breach of our phys­i­cal, tech­ni­cal and/or organ­i­sa­tion­al safe­guards.

Reg­u­lar train­ing on infor­ma­tion secu­ri­ty prac­tices is pro­vid­ed to all mem­bers of staff who process per­son­al data.

The Com­pa­ny has put in place pro­ce­dures to deal with any sus­pect­ed per­son­al data secu­ri­ty breach and will noti­fy the Reg­u­la­tor of any such breach where we are required to do so. We will also inform you, as the data sub­ject, of the occur­rence of a breach and the steps to take to safe­guard your rights.

If you feel that your per­son­al data has been com­pro­mised, please con­tact our Data Pro­tec­tion Offi­cer on gdprcompliance@drwerner.com or on +356 21377700.


When intro­duc­ing new tech­nolo­gies, poli­cies or process­es, we will ensure that your pri­va­cy is con­sid­ered at the ‘design’ stage. Where applic­a­ble and in line with Arti­cles 35–36 of the GDPR, we will car­ry out a Data Pro­tec­tion Impact Assess­ment (‘DPIA’).

A DPIA will also be car­ried out where new tech­nolo­gies are used or where we con­sid­er there is a high risk to your rights and free­doms. Where an assess­ment iden­ti­fies risks, which can­not be sat­is­fac­to­ri­ly reduced, avoid­ed or elim­i­nat­ed, we will seek advice from the Super­vi­so­ry Author­i­ty (i.e. the Office of the Infor­ma­tion and Data Pro­tec­tion Com­mis­sion­er) pri­or to ini­ti­at­ing the pro­cess­ing.


Where the Com­pa­ny pro­vides links to web­sites belong­ing to oth­er enti­ties, this Pri­va­cy Notice does not in any way cov­er how that enti­ty process­es your per­son­al data.

We encour­age you to read the Pri­va­cy Notices on the oth­er web­sites you vis­it.


This Pri­va­cy Notice may change from time to time. If this Notice is changed in ways which affect how we use your per­son­al infor­ma­tion, we will advise you of the choic­es you may have as a result of such changes.

We will also post a notice that this Notice has changed.