1. Purpose of this document
In this notice “BOV”, “the Bank”, “we”, and “us” refers to Bank of Valletta p.l.c. and its subsidiaries; BOV Asset Management Ltd and BOV Valletta Fund Services Ltd, and “our” shall be construed accordingly.
“You” or “your”, refers to you, any attorney duly appointed by means of a power of attorney/mandate, trustees, executors, curators, guardians or any other legitimate representatives. If you are an insurance customer it also means you, named insured parties or beneficiaries under your policy, dependants, claimants and other third parties involved in an insurance policy or claim (such as witnesses).
BOV is committed to protecting the privacy and security of your personal data.
BOV is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this Privacy Notice.
This Privacy Notice sets out the basis for which any of your personal data is collected and processed by us. It covers the types of information that we collect about you, why this is collected, with whom this will be shared and what measures we take to protect your data, in line with data protection legislation, including the General Data Protection Regulation and Data Protection Act (Chapter 586 of the Laws of Malta). Additionally, this Notice also details your rights in terms of data protection and how to approach the Bank on this subject matter.
This Notice can be updated at any time to reflect changes in requirements or relevant laws. If there are any substantial changes to the way we process data or changes that will affect you directly, we will notify you of these changes. The latest version can be accessed through https:www.bov.com/content/privacy.
2. Who are we?
Bank of Valletta p.l.c is licensed as a credit institution in terms of the Banking Act (Cap. 371 of the Laws of Malta) and is also in possession of a licence under the Investment Services Act (Cap. 370 of the Laws of Malta). The registered address of the Bank is situated at 58, Zachary Street, Valletta, VLT 1130, Malta.
3. General Data Protection Regulation Principles
In complying with the GDPR, we ensure that the personal information that we hold about you is:
4. The data we collect about you
We are data controllers of your personal data and shall process your personal data for the purposes of providing service/s and/or products and to improve the same and for the other reasons set out in this notice, including clause 7 below. If you are availing yourself of our investment services we shall also process your personal data for the purposes of providing the service/s set out in the Terms of Business provided to you.
The term “personal data” refers to all personally identifiable information about you and includes all information which may arise or may be derived or collected about you throughout the relationship with us and that can identify you personally.
There are other types of data known as ‘special category’ that include sensitive personal information which require additional levels of protection.
We collect and process your personal data mainly to provide you with access to our services and products, and to help us improve same. The following is the data that we collect:
5. How do we collect your personal information?
We may collect personal data about you from different sources, data including the following:
There can be rare occasions where it becomes necessary to use your personal information to protect your interests (or someone else's interests).
More specifically, the Bank will process personal data for the purposes mentioned hereunder only, namely:
We may use your data to protect you in the following ways:
Your data may be transferred to and stored in locations outside the European Economic Area (EEA), including countries that may not have the same level of protection for personal data.
In doing so we shall ensure that transfers to each of these countries will be protected by appropriate safeguards, namely that such third party recipients are either subject to an adequacy decision or to appropriate safeguards in accordance with the applicable privacy laws and/or any other applicable legislation. We shall also ensure that we have a justifiable ground for such a transfer, such as our legitimate interest.
7. Lawful basis for processing your personal data
Since we process your data for various reasons, the lawful basis behind each process varies but the hereunder is the exhaustive list of all bases for processing your data in line with the GDPR:
The Bank will only use your personal information for the purposes for which it was collected, unless it is reasonable to consider that we need to use it for another reason and that reason is compatible with the original purpose.
8. Other Products and Services
From time to time we would like to tell you about our other products and services, and those arranged by us with other suppliers such as insurance companies.
Any personal data you provide in the process of enquiring/ arranging any of our other products and services is provided in the strictest confidence. If you have already provided your consent, we will continue to rely on this permission until you request us to stop contacting you or to withdraw consent.
The Bank would like to send you information about BOV products and services which we think may be of interest to you and also products from our partners and relevant third parties. Processing for direct marketing will only be lawful if prior consent has been acquired. If you have previously agreed to us contacting you about marketing but have now changed your mind, we kindly ask you to contact us as advised below so that we can update your preferences.
You have the right to stop the Bank from using your contact details for marketing purposes at any time, as advised in Sections 13 and 16.
In case of social media marketing, you can control the delivery of certain advertising or social campaigns through the settings offered by the respective third-party platforms (e.g. Facebook).
In addition, if you download our mobile applications from the Apple AppStore or Google Play, the only way to prevent receipt of notifications is by changing the settings on the device itself.
9. Data we share and with whom
We do not share personal data with companies, organisations and individuals outside of the Bank unless one of the following circumstances applies:
We may share your information for the above mentioned purposes with others such as:
We may share non-personally identifiable data publicly. For example, we may share data publicly to show trends about the general use of our services.
If the Bank is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal data and give affected users notice before personal data is transferred or becomes subject to a different Privacy Notice.
10. Data Retention
We will not retain your personal data for longer than it is required for the maintenance of your relationship with us, or for any legal or regulatory requirements. Your information will be processed and kept for as long as necessary for us to be in compliance with our legal obligations, industry practices and/or accepted standards (including where processing may be necessary for the establishment, exercise or defence of legal claims).
Data will be kept within the Bank according to the schedule set out in our internal data retention policy. Further information about retention periods for different aspects of your personal data can be requested by contacting us at [email protected].
11. Data Security
We make sure to use reasonable measures to protect the personal data within the Bank. If you have reason to believe that your interaction with us is no longer secure, please advise us immediately.
When you visit any of BOV’s websites, we use (and authorised third parties to use) cookies and similar technologies (the “Cookies”).
The Cookies allow us to automatically collect information about you and your online behaviour, as well as your device (for example your computer or mobile device), for different purposes such as in order to enhance your navigation on our website, improve our websites’ performance and customize your experience on our websites, perform analytics, deliver content which is tailored to your interests and administer services to our users and customers.
13. Data Subject Rights
Your rights in connection with personal data under certain circumstances, by law you have the right to:
14. Withdrawal of consent
In the case where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.
To withdraw your consent, please contact the Bank via the available channels as detailed in Section 16. All requests will be responded to in a timely manner.
15. Use of data processors
As controllers of data, we make use of data processors who are third parties and provide services to us. To regulate our relationship, we have contractual agreements in place to safeguard our interests and your personal data. They are not authorised to do anything with your personal data unless specifically instructed by us. When we do this, we will make sure that it has an appropriate level of protection and that the transfer is lawful. We may need to transfer your data in this way to carry out our contract with you, to fulfil a legal obligation, to protect the public interest and/or for our legitimate interests.
16. Updates to this Privacy Notice
We reserve the right to update this privacy notice at any time. The updated privacy notice will be published on our website. If you have any questions about this Privacy Notice, please contact us at [email protected]
Should you have any queries or would like to update your data processing preferences, please contact us on the Data Protection Officer’s details hereunder. All requests and queries related to data protection should be directed to the DPO’s attention whilst queries in relation to other matters should be directed to the Bank’s contact details.
If you believe there are areas within which our service could be improved, please contact the Bank’s customer service as advised here.
17. Contact details
The Bank has appointed a Data Protection Officer as the main point of contact between individuals and itself in relation to queries about personal data and the processing involved thereof. The Data Protection Officer can be contacted on the hereunder details. Should you feel the need to escalate the matter further, you can make a complaint to the Supervisory Authority in Malta which is the Information and Data Protection Commissioner; contact details are below.
Bank’s Data Protection Officer Contact Details:
(356) 2275 3700
Bank of Valletta p.l.c.
Level 4, Centris Business Gateway,
Triq is-Salib tal-Imrieħel Zone 3,
Central Business District
Birkirkara CBD 3020 - Malta
Bank contact Details:
Supervisory Authority Contact Details:
(356) 2328 7100
Information and Data Protection Commissioner
Floor 2, Airways House
Central Business District
Sliema, SLM 1549