At CMG Consulta, we are committed to the privacy of every person. We recognise that our clients, employees and people we work with, entrust important non-public personal data (as defined in the General Data Protect Regulation – GDPR, regulation 2016/679 of the European Parliament and Council of the 27 April 2016), to us, and we take seriously our responsibility to protect and safeguard this data. Our privacy policies and practices covering non-public personal data (herein also referred to as personal data or personal information) are described below.
1. Who we are?
CMG Consulta is a brand operated by Colin German and Christopher Meli and providing business consultancy services. Your non-public personal information is controlled by the operators under the laws of Malta. Your information is accessible to the operators who adhere to appropriate safeguards in line with EU law for the processing of non-public personal data.
2. What Data We Collect and How do we Use it
The non-public personal data that we collect and the processing of such information will vary on the basis of the purpose and scope of the particular use or engagement.
2.1 Visitors to our Websites
This information is processed to improve website use, for our internal purposes including the administration of our website, market research, data analytics and compliance with our legal obligations, policies and procedures.
2.2 People who Request to Receive Updates and Information from Us
CMG Consulta frequently shares updates on various issues that might affect you or your business through various means including mail, email and social media. If you consent to receive such updates, we will collect your name contact details and keep a record of the information we have sent you as well as any interactions related to such information sent to you. If you do not provide such information, we will not be able to provide you with updates.
The information so collected is used and processed to:
- enter into, or perform, a contract with you;
- remember your preferences or specific interests; and
- for our internal purposes including the administration of the flow of such information, market research and data analytics, internal record keeping and/or to improve our services.
2.3 People who Send us a Request for Information
Our website and social media provide for functions that allow users to request information about our services. The information collected through the request for information function on our websites is the following:
- information you provide in the fields of the online form;
- IP address;
- date, time and data of our website/s access; and
- identification data of the used browser.
You can also contact us through email, phone, or social media to request information. We will, therefore, be collecting any information you provide to us or available on the relative media used. We will also collect any correspondence in furtherance of the request. This information is necessary for us to be able to respond to your request. General and preliminary information will be provided to you without the requirement of any other additional personal information. An identification document and other personal information may be requested to be able to provide you detailed and specific information to your request.
Any personal information that you provide to us through these processes will be used and processed to:
- provide you with the information you requested;
- follow up with you on such request;
- comply with any legal or regulatory requirement including compliance with anti-money laundering rules; and
- for our internal purposes including the administration of the flow of such information, market research and data analytics, internal record keeping and/or to improve our products.
2.4 People who Use our Services
When a client is being provided a service, we collect information as required by statutory obligations and information required to be able to provide the services. If you are not able or unwilling to provide us such information, we may not be able to provide the service/s.
2.5 Collaborators and Suppliers
We pride in choosing collaborators and suppliers that share our standards and commit to our level of privacy policies and practices.
On collaborators we work with and suppliers that provide us a service, we collect information as required by statutory obligations, principally information required by anti-money laundering rules and regulations and information required for the collaboration or the provision of the service by the supplier to us. If you, as a collaborator or supplier, are not able or unwilling to provide us such information, we will not be able to collaborate with you or use your services.
Any personal non-public information so collected will be used:
- to contact you in furtherance of the collaboration or supply of service;
- for our internal purposes including the administration of the flow of such information, data analytics, internal record keeping, financial and market research; and
- to comply with any legal duty.
3. Legal basis for Processing
In line with the principle of data minimization and data economy, we only collect personal data and process it on the following legal basis:
- when you request our services or you are an employee, a collaborator or a supplier, our legal basis for collecting and processing information is based on the requirements for the performance of a contract or to take steps to enter into a contract and/or legal regulations, mainly anti-money laundering regulations;
- our legal basis for collecting and processing your personal data when you opt-in to receive information for us, or to participate in a conference, workshop is based on your consent;
- we may collect and process information for legitimate interest, primarily to protect us from legal action or claims from third parties, including you and/or to protect our legal rights and/or those of our employees.
4. Recipients of Personal Data
We may disclose personal information legally in the following scenarios:
- for the performance of a contract or to take steps to enter into a contract;
- to collaborating entities/persons that are required for the provision of services to you or with your consent;
- when there is a legal requirement to do so;
- if we are requested to do so by a governmental or regulatory authority or by a court of competent jurisdiction;
- to enforce our contractual terms;
- in cases or merger or acquisition of our business or parts of it to the new owners;
- to protect us and our employees from legal action or claims from third parties, including you.
5. How Long do we Retain the Data
We retain the personal information that we collect from you only for as long as required for statutory, business, tax or legitimate interest purposes. Your information is retained in electronic or paper format or both. When it is no longer required, it will be deleted or destroyed.
Should you wish to obtain information on the specific retention period of any personal information we hold on you, please contact us on firstname.lastname@example.org.
6. Automated Individual Decision Making, Including Profiling
We do not undertake fully automated individual decision-making, including profiling, that has a legal or similarly significant effect.
7. Links to Other Websites
8. Your Rights
Your principal rights under data protection law are:
- right to be informed about the personal non-public data we collect and how we process it – this policy aims at providing you with this information;
- right to access – you have the right to obtain confirmation that your personal non-public data is being processed and have the ability to access it;
- right to modification – you have the right to request the modification of any personal non-public data we hold on you if it is incorrect or incomplete;
- right of portability – you may ask us to forward to you the personal data we hold on you and which is portable at law in a structured, commonly used and machine-readable format or to transmit that data to another data controller, where it is technically feasible to do so
- right to erasure – you have the right to request the removal of your personal data, which shall be deleted, unless there is a legal requirement or reason for us to continue processing or storing it;
- right to restrict processing – you have a right to restrict or withdraw consent to the processing of your personal data. In such cases we are permitted to store your data, but not to process it further unless there is a legal requirement or reason for us to continue processing it;
- right to object to processing for specific reasons at law, being the following:
- processing based on legitimate interests or the performance of a task in the public interest or in the exercise of official authority,
- direct marketing, including profiling to the extent that it is related to such marketing activities,
- processing for scientific or historical research purposes or for the purpose of statistics; and
- you have the right to file a complaint with supervisory authorities if your information has not been processed in compliance with GDPR.
For any requests in furtherance to the above, please contact us on email@example.com. We shall endeavour to reply at the very earliest and deal with your request by not later than 30 days from receipt by us of your request.
10. How to Contact Us