Privacy Notice

Privacy Notice

 

Updated: December 2020

 

LET’S TALK PRIVACY.

 

Excel Homes Real Estate Limited is committed to protecting your Personal Data in accordance with the European Union’s General Data Protection Regulation [EU] 2016/679 (the “GDPR”) and the Data Protection Act (Chapter 586 of the Laws of Malta) (the “Act”).

 

We are aware of the discomfort brought about by having to read endless pages of complicated text. For this reason, our privacy policy – which can be accessed directly below – has been drafted in a manner that is simple and easy-to-read.

 

This Privacy Notice was updated in March 2020. We may update it from time to time. If we believe that any changes will significantly affect you, we will let you know before they are made.

 

 

 

WELCOME TO OUR PRIVACY NOTICE.

 

This Privacy Notice applies to the operations of Excel Homes Real Estate Limited (C61909) (https://www.excel.com.mt), a Malta-based company providing real estate agency services to its clientele, inclusive of assistance in the sale, purchase or rental of real estate. It is important that you read this Privacy Notice together with any other privacy or fair processing notice/s we may provide when we collect your Personal Data so that you are fully aware of the manners in which we use and safeguard your Personal Data.

 

1.             Who we are.

 

Throughout this Privacy Notice, the terms ‘we’, ‘us’ and ‘our’ refer to Excel Homes Real Estate Limited. As explained further below, Excel Homes Real Estate Limited collects and handles Personal Data in the course of its business. While the Personal Data we collect relates primarily to our clients, we may also collect Personal Data pertaining to other individuals, as explained further below in this Privacy Policy.

 

In the context of this Privacy Notice, the Controller – as defined in terms of the GDPR – is Excel Homes Real Estate Limited.

 

[NOTE: The GDPR distinguishes between two main players which utilise Personal Data, namely Controllers and Processors. A Controller is a party who holds your Personal Data and has the decision-making power in relation to how and for what purpose your Personal Data is being Processed. A Processor is a third party who is Processing Personal Data on behalf of a Controller, e.g. an IT services provider who provides data storage services to an accountancy firm would probably be that accountancy firm’s Processor.]

 

 

OUR CONTACT DETAILS.

                                                                                                   

Full name of Controller:                                      Excel Homes Real Estate Limited

 

Postal address:                                                    Triq il-Linja, Attard, Malta

 

Email address:                                                     [email protected]   

 

Telephone number:                                             (+356) 2141 3355

 

 

2.            What is the GDPR?

 

The GDPR is aimed at strengthening the protection of the Personal Data of individuals. You are the owner of your Personal Data and this law strives to enhance the rights that you have in relation to your Personal Data. This Privacy Notice details the manner in which we handle your Personal Data in accordance with the GDPR and the Act.

 

 

3.             What is Personal Data, Special Categories of Data and Processing?

 

Personal Data is information that relates to an individual and is able to identify that person as a unique being. This would include information such as names and surnames, photographs, contact details, identity card and passport details and other similar information. Purely statistical or anonymised data is not Personal Data since it cannot uniquely identify an individual.

 

Special Categories of Data includes Personal Data which is intrinsically more sensitive in nature. This would consist of data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, the processing of genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation. 

 

Processing essentially means the use of your Personal Data. Activities such as our collection of your Personal Data, its storage, disclosure or alteration are all deemed to constitute ‘Processing’ of your Personal Data.

 

 

4.             Whose Personal Data we collect

 

We collect Personal Data in relation to the below individuals:

 

         i.            Clients – Individuals who have engaged us to provide them with our services.

 

        ii.            Prospective Clients – Individuals who express an interest in engaging us to provide them with our services.

 

       iii.            Job Applicants – Any person submitting a job application (this also includes internship applications).

 

      iv.            Third Parties generally, including service providers, suppliers, contractors and any of their individual employees, as well as agents who we may deal with – When we deal with third parties, we would inevitably collect some of their Personal Data or the Personal Data of their personnel or representatives.

 

        v.            Visitors at our Offices generally – Personal Data of individuals visiting our Office situated at Triq il-Linja, Attard, Malta.

 

      vi.            Visitors of our website – Individuals visiting our website.

 

[NOTE: If you provide us with Personal Data about someone else, it is your responsibility to ensure that you are entitled to disclose that Personal Data to us. You must ascertain that these persons comprehend how their details will be used, and that they have allowed you to disclose that information to us, as well as allowed us, and our outsourced service providers, to process it.]

 

5.            Data we collect about you.  

 

We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:

 

Identity Data includes name, surname, title, identity card and/or passport details, IP address and location information.

Contact Data includes home address, email address and telephone and/or mobile numbers.

Job Applicant Data includes Identity Data, Contact Data, as well as your CV, data relating to your qualifications and work experience and references.

Marketing/Communications Data includes data which we may collect for marketing and communications purposes, including data relating to an individual’s preferences in receiving marketing/communications from us.

Transaction/Financial Data includes payment data, data required for the processing of payments and the prevention of fraud, bank details and billing information.

 

Although it is unusual for us to collect and process any Special Categories of Data and/or Personal Data concerning criminal records, should it become necessary for us to process any such kinds of Data in order for us to successfully run our operation, we guarantee that any such processing shall comply with all the relevant principles, requirements and security measures mandated by the GDPR and the Act in relation to the processing of such Data.

 

In terms of the Prevention of Money Laundering Act (Chapter 373 of the Laws of Malta) and the relevant regulations as may be enacted thereunder from time to time, we are considered as a “subject person” when providing real estate agency services to our Clients. As a consequence, we may be required to collect and process AML Documentation consisting in data that may be classified as Personal Data such as copies of national identification documents, copies of utility bills and other documentation revealing additional Personal Data as may become necessary for the purpose of complying with our obligations at law.

 

[NOTE: We acknowledge that in most instances, you will be free to provide us with your Personal Data and consent to our further use of such Personal Data. We draw to your attention that, however, if you opt not to provide the relevant Personal Data we need, or are not in a position to provide it, then this may negatively impact our ability to provide our services to you or contract with you in any manner.]

 

 

6.            How do we collect your data? 

 

We use different methods to collect your Personal Data. Any Personal Data collected is a result of, and relates to, your relationship with us:

 

         i.            Clients – We collect your Personal Data when you engage us and/or make contact with any one of our agents, and, moreover, if you request information from us and/or from any one of our agents in the course of our relationship.

 

        ii.            Prospective Clients – We collect your Personal Data when you express an interest in engaging us and disclose your Personal Data to us in order to enable us to understand what real estate services you require, and, moreover, if you request information from and engage with us and/or with any one of our agents before formalising our relationship.

 

       iii.            Job Applicants – We collect your Personal Data when you apply for a job by submitting your CV, as well as any supporting information we may request, and, moreover, if you request information from and engage with us during the recruitment process.

 

      iv.            Third Parties generally, including service providers, suppliers, contractors and any of their individual employees, or agents who may assist us in the provision of our services – Personal Data we collect in this regard includes information relating to any binding contract that we may enter into, or information about staff members, if such is applicable, that we may require or that would inevitably be provided to us throughout our relationship with you.

 

        v.            Visitors at our Offices generally – Personal Data of individuals visiting our Offices may be collected at our front desk and, or by the agent at the Office that is handling your file, or by means of video surveillance installed at our premises for security purposes.

 

      vi.            Visitors of our website – It is possible to visit our website and view properties displayed thereon without submitting any Personal Data. We may, in order to provide you with the best experience when using our website, need to process certain data which can identify you and can, consequently, be deemed Personal Data.

 

 

[NOTE: We may also need to collect Personal Data from third party sources, such as: (a) publicly accessible sources, including the websites of the Malta Business Registry and the Ministry for Justice, Culture and Local Government; (b) third party organisations you may be dealing with; and (c) credit reference agencies.]

 

 

7.            How we use your Personal Data.

 

We will only process your Personal Data on the basis of legally permissible grounds. We will mainly process your Personal Data for the following reasons:

 

  • When we need to comply with a legal or regulatory obligation;
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and, or
  • In order to satisfy our contractual obligations towards you.

 

For more detail, please read the section directly below entitled, ‘GROUNDS FOR PROCESSING’.

 

[NOTE: We acknowledge that in most instances, you will be free to provide us with your Personal Data and consent to our further use of such Personal Data. We draw to your attention that, however, if you opt not to provide the relevant Personal Data we need, or are not in a position to provide it, then this may negatively impact our ability to provide our services to you or contract with you in any manner.]

 

GROUNDS FOR PROCESSING

 

The table below provides a description of the ways we generally process your Personal Data, and which of the legal bases under the GDPR we rely on to do so. We may process your Personal Data on the basis of more than one lawful ground depending on the specific purpose for which we are using your Data.

 

Who are you? Data Lawful basis for processing in terms of the General Data Protection Regulation
Client

Identity Data

Contact Data

Marketing/Communications Data

Transaction/Financial Data

AML Documentation

(a) performance of a contractual obligation.

(b) protection of our legitimate interests (or those of a third party), such that we may require this information: to enhance our efficiency in delivering top quality services; to customise our services; to protect valuable information and intellectual property; to assist with criminal investigations; for the security of our systems; and to enhance client communication streams.

(c) adherence to our legal obligations.

Prospective Client

Identity Data

Contact Data

Marketing/Communications Data

Transaction/Financial Data

AML Documentation

(a) protection of our legitimate interests (or those of a third party), such that we may require this information: to enhance our efficiency in delivering top quality services; to customise our services; to protect valuable information and intellectual property; to assist with criminal investigations; for the security of our systems; and to enhance prospective client communication streams.

(b) adherence to our legal obligations.

Job Applicant

Identity Data

Contact Data

Job Applicant Data

(a) protection of our legitimate interests (or those of a third party), such that we may require this information: to understand and vet a candidate’s job application and qualifications; for administrative and logistical purposes in our recruitment activities; and for security reasons.
Third Party, including service provider, supplier, contractor and any of their individual employees, or agents who may assist us in the provision of our services

Identity Data

Contact Data

Transaction/Financial Data

(a) performance of a contractual obligation.

(b) protection of our legitimate interests (or those of a third party), such that we may require this information for administrative and logistical purposes in the general course of our business.

(c) adherence to our legal obligations.

[NOTE: When providing goods and services to us, we will collect Personal Data about you and any third party or employee engaged by you.]

Visitor at our Offices

Identity Data

Contact Data

(a) protection of our legitimate interests (or those of a third party), such that we may require this information for administrative and logistical purposes in the general course of our business.

(b) for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued.

Visitor of our website

Identity Data

Contact Data

(a) protection of our legitimate interests (or those of a third party), such that we may require this information: to enhance our efficiency in delivering top quality services; to customise our services; to protect valuable information and intellectual property; to assist with criminal investigations; for the security of our systems; and to enhance prospective client communication streams.


 

In some cases, your Personal Data may also be processed by one of our entrusted third-party processors in terms of current data protection laws, which entity will assist us in fulfilling our service standard. For more information on third party processors, please refer to section 8 of this Privacy Notice. 

 

 

MARKETING AND COMMUNICATIONS

 

We may also process your Personal Data for marketing and communications purposes. Any such Data shall be collected and processed in line with the requirements and safeguards mandated by the GDPR and the table above outlining the lawful grounds for processing.

 

Our marketing operations mainly consist in promotional material and, or communications that we may think that you may want, need or be interested in receiving as a result of your relationship with us. Any such material and, or communications will be sent to you if you have engaged with us and/or with any one of our agents for the provision of our services, or if you have given us your specific consent for marketing purposes when any such consent is required for marketing purposes in terms of the GDPR.

 

You can request us to stop sending you promotional material and, or communications for marketing purposes at any time should you no longer want us to keep you updated with our services and, or property listings, or should you wish to withdraw the consent which you would have given us whenever such would have been required by the GDPR, by contacting us. You may also opt to unsubscribe from our mailing list simply by clicking on the ‘Unsubscribe’ button at the very end of the promotional material and, or communication sent to you via electronic mail.

 

SOFT OPT-IN

 

You, as an existing Client, may also receive promotional material and, or communications about any services and, or property listings offered by us that may be similar to or compatible with the services and, or property listings for the purpose of which you would have engaged with us and/or with any one of our agents and which we would think might be of interest to you. However, should you wish to stop receiving any such promotional material and, or communications from us, you may either contact us or choose to unsubscribe to our mailing list by clicking on the ‘Unsubscribe’ button at the very end of the promotional material and, or communication sent to you via electronic mail. On the contrary, should we need to process your personal data for any purpose which is unrelated to those services which you would have engaged us for, we will notify you and explain the lawful ground on which we are relying for processing such data.

 

HYPERLINKS

 

Our website may contain hyperlinks to other websites not owned or managed by us who have their own data protection polices which we have no control over. It shall be your responsibility to check their privacy policies and we shall not be liable for how your Personal Data is dealt with in such external websites.

 

COOKIES

 

Our website uses cookies. Cookies are text files placed on your computer or portable device when using our website, and which in effect work to collect standard internet log information and visitor information on our website. Our website creates cookies every time you visit it. Cookies are used to analyse and record the traffic on and visits to our website to ultimately help us provide you with added functionality within the site and with an overall improved experience when browsing our website.

 

Please be aware that third parties (including advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical and performance cookies or targeting cookies.

 

You can set up your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. However, please be aware that, should you choose to disable or refuse cookies, our website or some parts of our website may become inaccessible or not function properly, therefore affecting your online experience and preventing you from taking full advantage of our website.

 

8.             Disclosures.

 

We may, in the course of our business, have to share your Personal Data with the third parties, or Processors, set out below, for the purposes set out in the section directly above entitled, ‘GROUNDS FOR PROCESSING’.

IT security / software support Service providers who help us in ensuring that your Personal Data remains secure
IT backups Service providers who assist us in relation to backups for business continuity purposes so that your Personal Data is not lost
Administration Service providers who provide software and administrative assistance in order to enable us to better organise our internal administrative processes
Agents Individuals who assist us in the provision of our services to you
Third party consultants and professional advisors Service providers who assist us in various matters, including accountants, insurers and brokers
Payment services providers Service providers that facilitate payment transactions
Marketing and Communications Service providers who assist us in relation to marketing and communications
Regulators, courts and other authorities Entities that may require the disclosure of processing activities in certain circumstances


We will in usual circumstances not disclose Personal Data to others without your consent. There may however be times where we may need to do so, such as when abiding by a court order, for the proper administration of justice, in complying with a legal request or a legal requirement, to report actual or suspected fraud, money laundering or other criminal activity, to protect your vital interests, and, or to fulfil your requests.

We require all third parties with whom we share Personal Data to respect the security of such Personal Data and to treat it in accordance with the law. We do not allow our Processors to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.

 

9.             International Transfers.

 

Generally, we do not transfer your Personal Data to persons or entities outside the jurisdiction of Malta. However, should this become necessary:

 

  • for the performance of contractual or pre-contractual obligations between you and Excel Homes Real Estate Limited;
  • for the purpose of IT security / software support;
  • for adherence with our legal and, or regulatory obligations;
  • for the establishment, exercise or defence of legal claims; or
  • for any other reason where any such transfer would be permitted in terms of law,

 

we shall endeavor to only transfer Personal Data to countries in the European Economic Area (the “EEA”) or to third countries outside the EEA which ensure an adequate standard of protection for such Data in terms of the GDPR. Should a transfer to countries which are outside the EEA be required, we shall ensure that appropriate safeguards (such as the procurement of your consent) are implemented for the protection of your Personal Data.

 

 

10.          Data security. 

 

We have implemented appropriate security measures to prevent your Personal Data from being accidentally lost, altered or disclosed in an unauthorised manner. These include appropriate firewalls, security software and data segregation mechanisms. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and are subject to a duty of confidentiality.

 

We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

 

 

11.          Data retention.

 

We retain your Personal Data only as long as we have a valid legal reason to do so, which includes satisfying any legal, accounting or reporting requirements.  

 

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we Process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

 

As a rule of thumb, we will keep Personal Data while our engagement is active or until such time as you ask us to stop communications with you, and for some years thereafter, unless we need to keep the data for a longer period. Indeed, we may retain different types of Personal Data for different lengths of time in line with legal requirements.

 

In some circumstances we may anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

 

 

12.          Your rights.

 

As a data subject, you have certain data protection rights at law:

 

  1. ACCESS: you have the right to access your Personal Data and request a copy thereof.

 

  1. RECTIFICATION: you have the right to rectify any incorrect Personal Data that we may hold about you.

 

  1. ERASURE: you have the right to be forgotten, which enables you to ask us to delete your Personal Data where there is no good reason for us continuing to process it. On this point, note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. We may not be able to provide you with some of our services if we do not hold your Personal Data.

 

  1. RESTRICTIONS ON PROCESSING: you have the right to request the restriction of our processing. This can be done in the following cases: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
     

[NOTE: We may not be able to provide you with some of our services if you opt to restrict processing.]

 

  1. PORTABILITY: you have the right to data protability. Your data may be requested in a machine-readable format and you may also ask that your data be transfered directly to another person or service provider.

 

  1. OBJECTIONS TO PROCESSING: you may object to the processing of your data where we are relying on legitimate interests (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

 

  1. AUTOMATED DECISION MAKING AND PROFILING: we do not utilise automated decision making and profiling.

 

  1. WITHDRAWAL OF CONSENT: if you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.

 

[NOTE: We may not be able to provide you with some of our services if you opt to withdraw your consent.]

 

If you wish to exercise any of the rights set out above, please contact us. We will try to respond to all legitimate requests within one month and may require that you send over specific information to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights as outlined directly above). This is a security measure.

 

You will not have to pay to access your Personal Data (or to exercise any of the other rights mentioned above). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may, in such circumstances, refrain from complying with your request.

 

 

 

COMPLAINTS.

 

Should you feel wronged by our data protection practices, you may file a complaint with the data protection supervisory authority of your country of residence. In Malta, this would be the Office for the Information and Data Protection Commissioner, the contact details of which are as follows:

 

OFFICE OF THE INFORMATION AND DATA PROTECTION COMMISSIONER [MALTA]

Email: [email protected]
Phone: +356 2328 7100

 

However, we strive to be receptive to your concerns and would appreciate it if you would contact us in the first instance should you believe that we have breached any privacy rules.