Bank of Valletta p.l.c. Privacy Notice for Suppliers and Service Providers
1. Purpose of this document
In this notice “BOV”, “the Bank”, “we”, and “us” refers to Bank of Valletta p.l.c. and its subsidiaries; BOV Asset Management Ltd and BOV Valletta Fund Services Ltd, and “our” shall be construed accordingly.
“You” or “your”, refers to our suppliers and service providers who are individuals (such as self-employed persons), the representatives, employees, or contact persons of our contractors, suppliers and service providers who are legal entities.
BOV is committed to protecting the privacy and security of your personal data. This privacy notice describes how BOV processes your personal data. This notice applies to the processing of your personal data in the context of supplier and consultant relationships or when otherwise working with us as an external person.
This Notice can be updated at any time to reflect changes in requirements or relevant laws. If there are any substantial changes to the way we process data or changes that will affect you directly, we will notify you of these changes. The latest version can be accessed through BOV Website.
2. Who are we?
Bank of Valletta p.l.c is licensed as a credit institution in terms of the Banking Act (Cap. 371 of the Laws of Malta) and is also in possession of a licence under the Investment Services Act (Cap. 370 of the Laws of Malta). The registered address of the Bank is situated at 58, Triq San Żakkarija, Il-Belt Valletta, VLT 1130, Malta.
3. What information do we have about you?
We obtain your personal information either directly from you, through third party or any publicly available sources or through the supplier or service provider for whom you work.
We may collect various types of personal data about you, including:
Additionally, for our suppliers and service providers who are individuals (such as self-employed persons), we may collect the following types of personal data, including:
Additionally, for any person from our suppliers and service providers who have access to our Bank systems, we may collect the following types of personal data, including:
If you intend to provide us with personal data about other individuals (e.g., your colleagues), you must provide a copy of this Privacy Notice to them directly or through your employer.
4. For which purposes do we use your personal data and why is this justified?
4.1 Legal basis for the processing:
We will not process your personal data without a proper legal basis. Therefore, we will only process your personal data if:
4.2 Purpose for processing
We always process your personal data for a specific purpose and only process the personal data which is relevant to achieve that purpose. In particular, we process your personal data t
You are under no obligation to provide the Bank your personal data. However, if you fail to provide personal data when requested which is necessary for us to manage our relationship with you or your employer as a service provider or supplier (e.g., information necessary to evaluate your qualifications or meet our regulatory and legal obligations), we may not be able to retain your services.
5. Who has access to your personal data and to whom are they transferred?
We will never sell your personal data.
In the course of our activities and for the purposes listed in this Privacy Notice, your personal data may be processed by the following categories of recipients on a need-to-know basis to achieve such purposes:
Such recipients are obligated to protect the confidentiality and security of your personal data.
In certain limited circumstances, your personal data may be accessed by or transferred to law enforcement, regulatory bodies, or judicial authorities. This will occur only when legally required.
The personal data we collect from you may be processed, accessed, or stored by BOV Group in a different country than where you are located including outside of the European Economic Area.
We will not be sending personal data outside of the EEA. However, in case we transfer your personal data to another entity located in a country that do not offer adequate protections, we make use of the European Commission's standard contractual clauses. Standard contractual clauses are a set of contract terms approved by certain jurisdictions and deemed to provide adequate protection for cross-border transfers.
When we transfer your personal data to an external company in a country that does not offer adequate protections, we will make sure to protect your personal data by (i) requiring that the third party apply the level of protection required under the applicable local data protection laws, (ii) requiring that the third party act in accordance with our written instructions and our policies and standards and, (iii) unless otherwise specified, only transferring your personal data on the basis of an appropriate contractual mechanism (such as the standard contractual clauses approved by the European Commission).
6. How do we protect your personal data?
We implement appropriate technical and organizational measures to provide a level of security and confidentiality to your personal data. These measures take into account the state of the art of technology; the costs of its implementation; the nature of the personal data; and the risk of its processing.
The purpose of these measures is to protect your personal data against accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure, or access, and against other unlawful forms of processing.
While we take reasonable care to implement such measures, the internet is inherently unsafe and we cannot guarantee the security of your personal data when transmitted over the internet, email, or on our websites.
Moreover, when handling your personal data, we:
We may request that you confirm the personal data we hold about you. You are invited to inform us whenever there is a change in your personal circumstances so we can update your personal data.
7. How long do we store your personal data?
We will not retain your personal data for longer than it is required for the maintenance of your relationship with us, or for any legal or regulatory requirements. Your information will be processed and kept for as long as necessary for us to be in compliance with our legal obligations, industry practices and/or accepted standards (including where processing may be necessary for the establishment, exercise or defence of legal claims).
Data will be kept within the Bank according to the schedule set out in our internal data retention policy. Further information about retention periods for different aspects of your personal data can be requested by contacting us at [email protected].
8. What are your rights?
Your rights in connection with personal data under certain circumstances, by law you have the right t
9. Contact details
The Bank has appointed a Data Protection Officer as the main point of contact between individuals and itself in relation to queries about personal data and the processing involved thereof. The Data Protection Officer can be contacted on the hereunder details. Should you feel the need to escalate the matter further, you can make a complaint to the Supervisory Authority in Malta which is the Information and Data Protection Commissioner; contact details are below.
Bank’s Data Protection Officer Contact Details:
Land Line: (356) 2275 3700
Address: Bank of Valletta p.l.c.
Level 4, Centris Business Gateway,
Triq is-Salib tal-Imrieħel Zone 3,
Central Business District
Birkirkara CBD 3020 – Malta
Email: [email protected]
Supervisory Authority Contact Details:
Land Line: (356) 2328 7100
Address: Information and Data Protection Commissioner
Floor 2, Airways House
Tas-Sliema, SLM 1549