Privacy Policy

1. Data Controller

2. What is GDPR?

3. What is Personal Data?

4. What are Special Categories of Personal Data?

5. What are Controllers and Processors?

6. Data we collect, Legal Basis for Processing your Personal Data and Retention periods

This section shall outline the various ways we collect Personal Data from you from different situations. In this regard, all Personal Data collected must have a proper legal ground justifying collection and such is stated in each situation were Personal Data is Collected. Finally, the retention period for each set of Personal Data Collected is also listed herein.
- I. Employees
- II. Third party individuals who are engaged by the companies (subcontractors)
- III. Suppliers

BROWSING
Description	Data Collected	Legal Basis	Retention Period
When you browse this website, we may collect data through some tracking cookies as explained in the cookie section of this Policy. Otherwise, we do not collect Personal Data unless you voluntarily and knowingly provide it to us, for example by signing up to our mailing list.	Kindly refer to cookie section.	i) Consent, when dealing with non-essential cookies.	Kindly refer to cookie section.

SUBMITTING A QUERY ON A SERVICE THROUGH OUR WEBSITE
Description	Data Collected	Legal Basis	Retention Period
When contacting us through our website, we would need some personal data to be able to reply to your query.	i) Name and Surname ii) Email ii) Contact Number	i) Consent	1 year unless the party is engaged.

CALLING OUR OFFICES
Description	Data Collected	Legal Basis	Retention Period
When you call our offices, our telephone equipment will record the conversation for the protection of our legal interest.	i) Telephone Recording	i) Legitimate Interest	30 days

BECOMING A CLIENT OF CLEVERBIT
Description	Data Collected	Legal Basis	Retention Period
When you engage us to provide services, we would require significant amounts of personal data	i) Name and Surname ii) Contact Details iii) Email iv) Names and surnames of employees and their contact details v) Bank Details	i) Contract ii) Legitimate Interest iii) Compliance with laws and regulations	5 years from when we stop providing you with our services.

THIRD PARTY SERVICE PROVIDERS
Description	Data Collected	Legal Basis	Retention Period
When we engage with you for the provision of goods and services to us, we collect personal data	i) Name and Surname ii) Contact Details iii) Email iv) Names and surnames of employees and their contact details v) Bank Details	i) Contract ii) Legitimate Interest iii) Compliance with laws and regulations	5 years from when we stop providing you with our services.

CONTACTING OUR CUSTOMER CARE TEAM OR SOCIAL MEDIA TEAMS
Description	Data Collected	Legal Basis	Retention Period
Should you contact our customer care or social media teams, we shall collect some Personal Data to be able to process your request.	i) Name and Surname ii) Email iii) Contact Number	i) To protect our legitimate interest	3 months

WHEN YOU APPLY FOR A POSITION WITH CLEVERBIT
Description	Data Collected	Legal Basis	Retention Period
When you apply for a position with us, we would need to process your Personal Data to be able to verify your suitability for the role you have applied to.	i) Name and Surname ii) Your CV and Personal Data contained within iii) Residential Address iv) Contact Number v) Email vi) Date of Birth	i) To protect our legitimate interest ii) Consent	4 months minimum. One year of consent is obtained.

WHEN YOU VISIT OUR PREMESIS
Description	Data Collected	Legal Basis	Retention Period
When you visit our premises, we collect CCTV data for security purposes.	i) CCTV Footage	i) To protect our legitimate interest	7 days

Should in any event, we are required to keep your Personal Data for any longer period as allowed by law, your Personal Data shall be kept secure and shall be deleted when we are allowed by law to delete such Personal Data.

7. How we store and transmit Personal Data

In addition to the required information sharing described above, we use the services of third party agents, such as e-mail service providers, hosting services providers, data centers and mail houses for the purpose of providing our services or mailing materials to our clients. These parties are contractually prohibited from using Personal Data for any purpose other than for the purpose specified in their respective contracts. We do provide non-personally identifiable information to certain service providers for their use on an aggregated basis for the purpose of performing their contractual obligations to us. We do not permit the sale of Personal Data to third parties for any use unrelated to our operations or use of Personal Data by third party for their own purposes.
Below is a list of sub processors:

Name of Processor	Address	Task to be performed and Personal Data to be Processed	Location of Processing
Avepoint		Systems Data Backups
Microsoft	Microsoft Ireland Operations, Ltd. Attn: Data Protection, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland	Systems Data	EU
Freshdesk	EU	Helpdesk software used by our support team	EU
Sub-contractors	Malta	Individual Sub-Contractor - Software Developer	Malta
Intercomp	Malta	Systems Consultants	Malta

8. Cookie Policy

9. Your Rights

You have certain rights under law to your Personal Data.
- You have the right to access your data. You have the right to ask for a copy of your Personal Data.
- You have the right of rectification of incorrect data. If any data we have is incorrect, you have a right to ask for correction of such data.
- You have the right to be forgotten and that your data is erased after the passage of time. You may file a request, so that any data that we have on you is deleted. As stated above, due to legal requirements, your data will be held by us for the periods stated in the data retention section and then deleted.
- You have the right to restriction of procession. This can be done in the following cases:
  1. Where you are contesting the accuracy of the data, while such a claim is being checked;
  2. If we process your data unlawfully;
  3. If we no longer need your data but are keeping the data because we need it for a legal claim;
  Kindly note however the if you exercise this right, it will hinder our ability to provide you with the required services, since we may need your Personal Data to be able to provide you with our services.
- You have the right to data portability. Your data may be requested in a machine-readable format and you may also request that your data is transferred directly to another person or service provider directly.
- You may object to the processing of your data. You may at any time inform us that you are objecting to the use of your data for direct marketing and after which we shall stop using your data for such purposes.
- If you have provided consent for the processing of your data you have the right to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
In making your request in relation to the above, please not that:
- We will analyse your request and provide you with a reply within 1 month, except in extreme situations as allowed under law. In such a case we will provide information as to why your request was not acceded to within the 1 month period.
- We have the right to refuse your request, if your request is not justified. In this case we shall inform you as to the reasons of why your request was refused.
- We have the right to charge a fee or refuse your request in extreme situations where your requests are manifestly repetitive or excessive.
- When you are making a request, we may request documentation to identify the person making the request.
You have the right to lodge a complaint to the data protection authority of your habitual residence if you believe that we have not complied with the requirements of the law.
In order to protect your Personal Data, we will require that you prove your identity to us in relation to your request to access your Personal Data, which may consist of a copy of a government-issued identification, your signature and correspondence address so we can check them against our records and satisfy ourselves as to your identity. The above information is required to create an audit trail of how the request has been handled. Where a request is made, any correspondence or application may be kept and added to your Personal Data.

BUSINESS
INTELLIGENCE

BUSINESS
AUTOMATION

TECH-FOR-BUSINESS
CONSULTANCY

MANAGED SOFTWARE
DEVELOPMENT

PROVEN SOLUTIONS

1. Data Controller

2. What is GDPR?

3. What is Personal Data?

4. What are Special Categories of Personal Data?

5. What are Controllers and Processors?

6. Data we collect, Legal Basis for Processing your Personal Data and Retention periods

7. How we store and transmit Personal Data

8. Cookie Policy

9. Your Rights

10. Transfers to Third Countries

11. Security of Data

12. Breach

13. Updates to this Policy

14. Hyperlinks

15. Contacting Us

BUSINESSINTELLIGENCE

BUSINESSAUTOMATION

TECH-FOR-BUSINESSCONSULTANCY

MANAGED SOFTWAREDEVELOPMENT

Privacy Policy

1. Data Controller

2. What is GDPR?

3. What is Personal Data?

4. What are Special Categories of Personal Data?

5. What are Controllers and Processors?

6. Data we collect, Legal Basis for Processing your Personal Data and Retention periods

7. How we store and transmit Personal Data

8. Cookie Policy

9. Your Rights

10. Transfers to Third Countries

11. Security of Data

12. Breach

13. Updates to this Policy

14. Hyperlinks

15. Contacting Us

BUSINESS
INTELLIGENCE

BUSINESS
AUTOMATION

TECH-FOR-BUSINESS
CONSULTANCY

MANAGED SOFTWARE
DEVELOPMENT