Customer Privacy and Data Protection
This policy applies to all Saint Menas Limited (herein after “SML”) staff, Customers, contractors, and suppliers. Any breach of data protection law or this policy will be dealt with under SML’s review procedure. SML data processors and any third parties working with or for SML, who have or may have access to personal information of SML’s staff and Customers, will be required to read, understand and comply with this policy. No third party may access personal data held by SML without having first entered into an agreement or a contract with it. The agreement or contract will include data protection obligations and will include a clause within the agreement or contract that gives SML the right to audit compliance.
1.2 SML’s Commitment to Article 5 General Data Protection Regulations Principles
SML applies the following data protection principles as established in Article 5 of the General Data Protection Regulations (GDPR):
SML collects Customers’ personal data, where applicable, from its websites, on third-party websites, on mobile applications and offline in connection with any inquiries, reservations, etc. you make in relation to our services. SML may collect your personal data directly or through our service providers, business partners, etc.
The following is a non-exhaustive list of examples of data that SML may collect:
|Personal data / Web / Mobile Data / Payment|
The Table below presents the legal basis for the key processing carried out with regard to a Customer by SML.
|Purpose of Data Processing|
|To verify authorised users||SML checking a driving licence against the customer dates to determine eligibility for renting/driving a vehicle according to the respective driving licence category.|
|Reserving a Vehicle||SML processes data to affect reservation for a Vehicle. Data requested may include such as the name, email address, time, date, type of service, or other user specific information.|
|To pay for a rental, booking or pre-paid Package||SML processes payment.|
|To pay a fine, penalty, processing and/or service Fee||SML processes payment.|
|Marketing and direct advertising||SML processes Customer data for purposes of promoting customer loyalty, implementing customer loyalty and bonus programmes, optimising customer offers, market or public opinion research as well as holding customer events.|
|Processing based on statutory provisions||SML processes Customer data to fulfil the legal obligations, commercial and tax law provisions, etc.|
|Cookies and App-tracking||The SMLL websites use “cookies”, the App uses equivalent tracking tools. The cookies used by SML neither contain personal data nor are they connected to any such data. Tracking tools store data about the use of the app either in the app itself or they transmit (anonymised) usage evaluations to SML.|
|Geo-Location Data and Images|
SML obtains and process geo-location data to a) monitor vehicle use and location b) provide Customer with better information about available scooters c) store date for the purposes of any claims by the Customer of third-party against SML, its sub-processors or third-parties. This data is is therefore retained for as long as is needed in order to provide effective managed services and recourse according to law.
In the event of a security incident SML will provide on request the relevant data to the competent authority.
In terms of a dispute, SML will retain data until such time the issue is resolved.
|To handle Customer enquiries and complaints||To confirm the identity of the caller and discuss the enquiry/complaint – including name, address, photographic evidence of the contravention.|
SML abides to the following governance requirements:
|(a) Documentation of data processing activities.|
Where SML is the:
(i) Controllerforpersonaldatadocumentationisheldasstipulatedin Article 30(1) – GDPR.
(ii) Processor for personal data documentation is held as stipulated in Article 30(1) – GDPR.
|(b) Lawful basis for processing||Article 6 of the GDPR sets the lawful basis for processing – which are (i) consent; (ii) contract; (iii) legal obligation; (iv) vital interest; (v) public task; and (vi) legitimate interests. The lawful basis for processing is documented.|
|(c) Security||SML has in place an IT security plan.|
|(d) Third Party Relationships|
Where SML is the
(i) Controller a written contract is in place with the processors.
A review of third-party relationships in order to assess risk following by appropriate action will be periodically carried out.
|(e) International transfers||Data transfer by SML to third countries or international organisations will be regulated by Articles 44 to 50 of the GDPR.|
|(f) Data Breaches||In the event of a breach SML will notify the Information and Data Protection Commissioner.|
|(g) Compliance and reporting||SML manages monitoring, reporting and compliance of this Policy.|
|(h) Training and Awareness||Training of SML staff on the GDPR and this Policy will be carried out as appropriate.|
The following are the Customer’s rights with regard to the use of their personal data and SML. As a Customer:
|Marketing – You have a right to object to direct marketing.||You have a right to object to processing of your personal information for direct marketing purposes.|
|Access – You have a right to request a copy of the personal information we hold about you.||You have the right to request access to a copy of your personal data. If SML is of the considered opinion that your request is manifestly excessive it may refuse your request. In such an event you have the right to complain to the Office of Information and Data Protection Commissioner.|
|Rectification – You have a right to rectification of inaccurate personal information and to update incomplete personal information.||If you believe that any of the information that SML holds about you is inaccurate, you have a right to request that SML restricts the processing of that information and rectifies the inaccurate personal information.|
|Erasure – You have a right to request that we delete your personal information.|
You may request that SML deletes your personal information if you believe that:
Note: as it is lawful for us to process your Rental Periods, SML will not delete such personal data prior to the limits of prescription applied by the Laws of Malta for various offences.
|Restriction – You have a right to request us to restrict the processing of your personal information.~|
You may request SML to restrict processing your personal information if you believe that:
|Objection – You have a right to object to the processing of your personal information.|
You have a right to object to SML processing your personal information, including the profiling of your information (and to request SML to restrict processing). SML may override this request where:
In such an event you have the right to complain to the Office of Information and Data Protection Commissioner.
|Portability – You have a right to data portability.|
You may request SML to transfer to a third-party your data in a machine-readable format where the:
|Withdraw consent – You have a right to withdraw your consent.|
SML understands ‘consent’ to mean that it has been explicitly and freely given, specific, informed and unambiguous indication of the your wishes by which by statement, or by a clear affirmative action, signifies agreement to the processing of personal data relating to you.
Where SML relies on your consent to process your personal information for a particular purpose, you have a right to withdraw your consent at any time for that purpose.
SML uses the following cookies:
|Performance cookies||These are cookies that collect information about how visitors use the SML website. These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies do not collect information that identifies a visitor. The information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.|
If you require more information about items raised in this notice please contact SML or you may wish to ask or complain to the Information and Data Protection Commissioner via the https://idpc.org.mt/raise-a-concern/, although please raise any concerns with SML first by emailing [email protected] or by calling +356 2779 9220.