Your privacy is very important to us – this is why we are committed to protecting your personal data (information that identifies you) and complying with both the General Data Protection Regulation 2016/679 (“GDPR”) and the Data Protection Act.
The Data Controller
For any personal data collected in relation to our services or directly through our website the Data Controller, that is, the company that determines the purposes and means of the processing of your personal data, is us – Gozo Fast Ferry Limited (C-98702).
We can be contacted on:
- By post – 143, Palazzo Marina, St. Christopher Street, Valletta, VLT1436, Malta or;
- By email – firstname.lastname@example.org
Personal Data we collect
We mainly collect Personal Data in 3 ways:
- When you subscribe to our newsletter and / or email notification service
- When you access and browse our website and social media sites.
- When you get in touch with us (by email, phone or post).
In the majority of the cases the information that we mainly collect about you is your name, surname, contact number and email address. These are collected for the reasons outlined below.
How we use your data and why
We normally require your personal data for the following reasons:
- To send information to you about our services and any events that may affect them. Based on first obtaining your permission, to send you marketing communication about our business or the business of third parties that we feel may be of interest to you. You may withdraw your permission any time either by sending us an email on email@example.com or by pressing the unsubscribe button / link outlined in every communication. As soon as we receive notice that you would like to unsubscribe, we will update your profile and stop sending you marketing communications.
- Provide you with customer service and support.
- To carry out research, test our IT systems, improve our website and social media channels, and develop new products and services. In such cases we will always anonymise your data.
- To provide other companies with statistical information about our users. In such cases we will always anonymise your data so as to ensure that you are never identifiable.
You are not obliged to give us personal data – in the absence of such data however, we will not be in a position to get in touch with you with any updates and details on our service that may be of interest to you.
Grounds for Processing
In order to process your personal data, we will normally rely on the following grounds:
- To comply with our legal and contractual obligations;
- Legitimate interests – both ours and those of third parties. A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests.
- Where you have given consent – Where we apply your consent as a basis to process personal data we acknowledge that you may withdraw such consent at any time. In such case and unless there is another lawful ground which permits us to continue to process your personal data, we shall cease to process that personal data.
We will never keep personal data for longer than is necessary.
As a guideline, and unless we need to keep the data for longer, we will keep your personal data whilst your subscription with us is active or until such time you ask us to stop communications with you. We may also keep certain personal data for longer so as to meet certain legal requirements or to resolve legal disputes.
If you are a child, please make sure that you obtain your parent/guardian’s permission before you provide any personal information to us.
Sharing your information
It is not our purpose or objective to sell any of your personal data to third parties. However, there may be instances where in order to provide you with our services we would need to share your data with certain entities. In such instances, your personal data is normally shared with:
- Companies related to us. This is done, amongst others, to improve the website and social media channels and their functionality, to better understand our customers and markets and to improve our products and services.
- Professional service providers, such as marketing agencies, website hosting companies, advertising partners who help us in the operation of our business.
Other companies that you may approve, such as social media sites.
- Law enforcement and fraud prevention agencies.
If we ever have to share data with entities that are outside of the EEA, we will be sure to do so in a manner that complies with the requirements established by the GDPR.
Different type of cookies exists. Some are needed to allow for the transmission of communication over an electronic communications network whilst others may be necessary to provide a service over the internet. There are also cookies which are used to improve your experience on the website. We will ask for your consent to use the latter.
Other information collected
When users navigate through our website, we collect information about, amongst others, which sections of the website they visit and how long they stayed on each page. This information is collected through various technologies and navigational data collection methods. Through this information we better understand which web browsers our visitors prefer.
This information helps us understand which web browsers our visitors prefer and the address from which they accessed our website. As a result we are able to improve and customise our website together with analysing the rends of our visitors.
Please rest assured however, that, unless you give us your consent, this technology does not identify the user personally.
Under data protection law, you have rights we need to make you aware of. These include:
- Right of access – You have the right to ask us for copies of personal information that we hold about you. Please send any such requests to firstname.lastname@example.org and we will be happy to assist. Your requests will be handled within a period of 1 month, or if complex, 2 months. Prior to sharing with you the requested information we will also ask you to send us proof of your identity so as to ensure that we only share a copy of the data that relates to you.
- Right to rectification – We strive to always make sure that the personal data we have is correct and up to date. Please contact us on email@example.com if any of the details we hold about you change.
- Right to erasure, the right to be forgotten – You have the right to ask us to erase your personal information. This is, however, not an absolute right and there might be instance where we would be justified in keeping your personal data.
- Right to restriction of processing – You have the right to ask us to stop processing your information.
- Right to object – You have a right to object to our use of your personal information You can do this by sending an email to firstname.lastname@example.org.
- Rights in relation to automated decision making and profiling.
- Right to data portability
- The right to complain to your data protection regulator — in Malta – the Information and Data Protection Commissioner (IDPC)
Security of your Personal Data
We have in place various security measures to prevent your personal data from being accidentally used, accessed in an unauthorised way, lost, disclosed or altered.
Some of the security measures we have implemented are:
- The use of secure servers;
- The use of firewalls;
- The use of encryption;
- Physical access controls at data centres;
- Information access controls;
- Use of back-up systems;
That said, please understand and be aware that data transmission over the internet is inherently insecure, and therefore, we cannot guarantee the security of data sent over the internet.
Changes to how we protect your privacy
Links to Other Websites