Privacy Policy Privacy Policy

Privacy Policy

Customer Privacy and Data Protection

GENERAL DATA PROTECTION REGULATIONS COMPLIANT

1.1 Scope

This policy applies to all Saint Menas Limited (herein after “SML”) staff, Customers, contractors, and suppliers. Any breach of data protection law or this policy will be dealt with under SML’s review procedure. SML data processors and any third parties working with or for SML, who have or may have access to personal information of SML’s staff and Customers, will be required to read, understand and comply with this policy. No third party may access personal data held by SML without having first entered into an agreement or a contract with it. The agreement or contract will include data protection obligations and will include a clause within the agreement or contract that gives SML the right to audit compliance.

1.2 SML’s Commitment to Article 5 General Data Protection Regulations Principles

SML applies the following data protection principles as established in Article 5 of the General Data Protection Regulations (GDPR):

      1. Personal data is processed lawfully, fairly and transparently.
      2. Personal data is collected for specified, explicit and legitimate purposes.
      3. Personal data is accurate and kept up to date.
      4. Personal data is kept in a form such that the individual can be identified only as long as is necessary for processing.
      5. Personal data is processed in a manner that ensures its security.
      6. Appropriate technical measures are taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
      7. Personal data is transferred only to a country that the European Commission deems to have an adequate level of protection for personal data (approved countries). Otherwise, personal data can only be transferred to a country outside the EU where the Information and Data Protection Commissioner confirms that adequate safeguards are in place or approved model contract clauses are used or exemptions apply.

1.3 Information Collected

SML collects Customers’ personal data, where applicable, from its websites, on third-party websites, on mobile applications and offline in connection with any inquiries, reservations, etc. you make in relation to our services. SML may collect your personal data directly or through our service providers, business partners, etc.

The following is a non-exhaustive list of examples of data that SML may collect:

Personal data / Web / Mobile Data / Payment
  • Name
  • Date of Birth
  • Gender
  • Address
  • E-mail address
  • Phone number
  • Mobile number
  • Driving Licence or other ID photograph
  • Payment Card information (not stored by SML)
  • Rentals and Routes
  • Purchase prices and details
  • Photo Images
  • Charges incurred
  • IP address
  • Device ID
  • Device Type
  • Operating system
  • Mobile device identifiers
  • Geo-location data
  • Country from which you accessed our websites
  • Specific webpages visited
  • Date and time of a visit
  • Websites you visited immediately before and after visiting our websites
  • Number of links and specific links you click within our websites
  • Functions you use on our websites / mobile app
  • Any bookings you make for SML services through our websites / mobile app data you view or download from our websites / mobile app

1.4 SML Legal Basis for using Customers’ Personal Data

The Table below presents the legal basis for the key processing carried out with regard to a Customer by SML.

Purpose of Data Processing
To verify authorised usersSML checking a driving licence against the customer dates to determine eligibility for renting/driving a vehicle according to the respective driving licence category.
Reserving a VehicleSML processes data to affect reservation for a Vehicle. Data requested may include such as the name, email address, time, date, type of service, or other user specific information.
To pay for a rental, booking or pre-paid PackageSML processes payment.
To pay a fine, penalty, processing and/or service FeeSML processes payment.
Marketing and direct advertisingSML processes Customer data for purposes of promoting customer loyalty, implementing customer loyalty and bonus programmes, optimising customer offers, market or public opinion research as well as holding customer events.
Processing based on statutory provisionsSML processes Customer data to fulfil the legal obligations, commercial and tax law provisions, etc.
Cookies and App-trackingThe SMLL websites use “cookies”, the App uses equivalent tracking tools. The cookies used by SML neither contain personal data nor are they connected to any such data. Tracking tools store data about the use of the app either in the app itself or they transmit (anonymised) usage evaluations to SML.
Geo-Location Data and Images

SML obtains and process geo-location data to a) monitor vehicle use and location b) provide Customer with better information about available scooters c) store date for the purposes of any claims by the Customer of third-party against SML, its sub-processors or third-parties. This data is is therefore retained for as long as is needed in order to provide effective managed services and recourse according to law.

In the event of a security incident SML will provide on request the relevant data to the competent authority.

In terms of a dispute, SML will retain data until such time the issue is resolved.

To handle Customer enquiries and complaintsTo confirm the identity of the caller and discuss the enquiry/complaint – including name, address, photographic evidence of the contravention.

1.5 Governance

SML abides to the following governance requirements:

(a) Documentation of data processing activities.

Where SML is the:

(i) Controllerforpersonaldatadocumentationisheldasstipulatedin Article 30(1) – GDPR.

(ii) Processor for personal data documentation is held as stipulated in Article 30(1) – GDPR.

(b) Lawful basis for processingArticle 6 of the GDPR sets the lawful basis for processing – which are (i) consent; (ii) contract; (iii) legal obligation; (iv) vital interest; (v) public task; and (vi) legitimate interests. The lawful basis for processing is documented.
(c) SecuritySML has in place an IT security plan.
(d) Third Party Relationships

Where SML is the

(i) Controller a written contract is in place with the processors.
(ii) Processor it acts on the documented instructions of the controller.

A review of third-party relationships in order to assess risk following by appropriate action will be periodically carried out.

(e) International transfersData transfer by SML to third countries or international organisations will be regulated by Articles 44 to 50 of the GDPR.
(f) Data BreachesIn the event of a breach SML will notify the Information and Data Protection Commissioner.
(g) Compliance and reportingSML manages monitoring, reporting and compliance of this Policy.
(h) Training and AwarenessTraining of SML staff on the GDPR and this Policy will be carried out as appropriate.

1.6 Customer’s Rights

The following are the Customer’s rights with regard to the use of their personal data and SML. As a Customer:

Marketing – You have a right to object to direct marketing.You have a right to object to processing of your personal information for direct marketing purposes.
Access – You have a right to request a copy of the personal information we hold about you.You have the right to request access to a copy of your personal data. If SML is of the considered opinion that your request is manifestly excessive it may refuse your request. In such an event you have the right to complain to the Office of Information and Data Protection Commissioner.
Rectification – You have a right to rectification of inaccurate personal information and to update incomplete personal information.If you believe that any of the information that SML holds about you is inaccurate, you have a right to request that SML restricts the processing of that information and rectifies the inaccurate personal information.
Erasure – You have a right to request that we delete your personal information.

You may request that SML deletes your personal information if you believe that:

  • SML no longer needs to process your information for the purposes for which it was provided;
  • SML requested your permission to process your personal information and you wish to withdraw your consent;
  • SML is not using your information in a lawful manner; or o You have objected to your data being processed.

Note: as it is lawful for us to process your Rental Periods, SML will not delete such personal data prior to the limits of prescription applied by the Laws of Malta for various offences.

Restriction – You have a right to request us to restrict the processing of your personal information.~

You may request SML to restrict processing your personal information if you believe that:

  • Any of the information that held about you by SML is inaccurate;
  • SML no longer need to process your information for the purposes for which it was provided, but you require the information to establish, exercise or defend legal claims; or
  • SML is not using your information in a lawful manner.
Objection – You have a right to object to the processing of your personal information.

You have a right to object to SML processing your personal information, including the profiling of your information (and to request SML to restrict processing). SML may override this request where:

  • It determines that there is compelling and legitimate grounds for the processing;
  • It needs to process your information to investigate and protect us or others from legal claims.

In such an event you have the right to complain to the Office of Information and Data Protection Commissioner.

Portability – You have a right to data portability.

You may request SML to transfer to a third-party your data in a machine-readable format where the:

  • Personal information was provided on the basis of consent;
  • Processing is by automated means; and
  • Processing is based on the fulfilment of a contractual obligation.
Withdraw consent – You have a right to withdraw your consent.

SML understands ‘consent’ to mean that it has been explicitly and freely given, specific, informed and unambiguous indication of the your wishes by which by statement, or by a clear affirmative action, signifies agreement to the processing of personal data relating to you.

Where SML relies on your consent to process your personal information for a particular purpose, you have a right to withdraw your consent at any time for that purpose.

1.7 Cookies

Cookies are text files that are stored in a computer system via an internet browser. A cookie is a small file of letters and numbers that is stored on a Customer’s browser or computer hard drive, if the Customer agrees. The SML website uses cookies. The website uses cookies to distinguish a Customer from other users of the websites and portals. This helps SML to provide you with a good experience when a Customer use the website and web-based booking system. By continuing to use this website or the SML web-based booking system, a Customer agrees to the use of the SML cookies.

SML uses the following cookies:

Strictly necessary cookiesThese are cookies that are required for the operation of the SML websites and web-based systems. You block cookies by rejecting the cookie information screen. It is important to note that if browser settings are set to block all cookies (including essential cookies) one may not be able to access all or parts of the web-based booking system. Through the use of cookies, SML provides the users of its websites and web-based booking system with access to its system.
Performance cookiesThese are cookies that collect information about how visitors use the SML website. These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies do not collect information that identifies a visitor. The information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.

1.7 Presenting a Complaint

If you require more information about items raised in this notice please contact SML or you may wish to ask or complain to the Information and Data Protection Commissioner via the https://idpc.org.mt/raise-a-concern/, although please raise any concerns with SML first by emailing [email protected] or by calling +356 2779 9220.

1.8 Changes to SML Privacy Policy

From time-to-time SML may amend the way in which it processes personal data. This may lead to changes in how SML collects and/or use Customer personal information. SML may amend the terms of this Privacy Policy at any time. The latest version is always found at www.whizascoot.mt.

This privacy policy was last updated on 31st May 2021.