Introduction
The purpose of this Privacy Policy is to inform users of the website of MCB about the data that is collected and how this data is processed. The need for this Privacy Policy stems from the Regulation (EU) 2016/679 of the European Parliament and of the Council (commonly referred to as the General Data Protection Regulation or GDPR). This is a regulation in EU law on data protection and privacy in the EU and the European Economic Area.
One of your rights, as a user of this website, is that you should be informed how your personal data, namely information which may be used to identify you, is collected, used, stored, protected and shared. We will also explain your rights in relation to your personal data, how you may exercise those rights, what “cookies” we use and how we use such cookies. In particular, we will explain how we process the personal data of data subjects, acting in their own capacity, whose personal data we use to calculate creditworthiness and similar reports, which reports are then made available to creditors who make use of our services to be notified on such matters.
Data Controller of Your Personal Data
MCB is the data controller of, and is responsible for, your personal data. This means that it is MCB who determines what data is collected, how that data will be used and protected.
The registered office address of Malta Credit Bureau Ltd is:
Mdina Bastions Apartments
Block D, Office 1
New Street off Triq Mikielang Sapiano
Zebbug ZBG 1870
Malta
Our team at MCB strongly commits to respect the privacy, and the protection of the personal data of users and visitors to our website. It further commits to only use and disclose any personal data in accordance to this policy, as explained further hereunder.
Should you have any queries about how we process your personal data or if you would like to exercise your legal rights as a data subject, kindly contact us by sending your request to our registered office, or by email at [email protected].
Third-party links
This Privacy Policy is limited to the MCB website. Our website contains links to other websites which belong to third parties. Clicking on those links may allow third parties to collect or share data about you. These third-party websites have their own privacy policies, which users are encouraged to read.
However, MCB has no control over such third-party websites and thus, is not in any way responsible for the privacy and processing of any information that you may give or make available or is collected by these third-party websites.
Minors
Our services are not intended to be used by or directed towards minors, and we only collect collect information related to adults. Any parent, or guardian, who discovers that a minor forwarded his/her personal data to us, unbeknown to us, is encouraged to immediately contact us. We will remove from our servers any information, on a minor, that is knowingly made available to us, unless accompanied by parental/guardian consent.
Collection and Processing of Personal Data
We may collect and process certain information which relates to users of our site such as the pages and resources that are accessed, traffic data, location data, weblogs and other communication data which enables us to better understand which pages our visitors commonly land on and how they navigate through the site.
We may process personal information from users of the site for a number of reasons, including:
We will only provide your personal information to third parties with your explicit consent. For example, your consent would enable third parties to receive a credit worthiness or similar report on you.
In relation to personal information required to generate credit scores, creditworthiness reports, and other similar reports, the Central Bank of Malta allow us access to the information held on the Central Credit Registry, where authorised representatives of MCB have been granted privileged access to this register, and which information is accessible by means of a two-way factor authentication method.
We may also collect information on you, as well as your device (mobile phone or personal computer) used to access our website, from the use of cookies and other similar technologies. This collected personal data may include your IP address or online activity. In a section hereunder, you will find a detailed explanation on our use of cookies.
Throughout our website, you will find pages where you may request to receive further information from us. You would thus be requested to send us additional personal information, such as your name, contact details including telephone number and email address, your residential address, your comments and/or your questions. We would use the personal information provided to communicate with you and furnish you with the requested information. We may also keep a record of such correspondence, in soft or hard copy, to recall your queries should you require any further information at a later stage.
Should you wish to report a problem with our website, or should we wish to perform a survey on customer satisfaction on the products and services that we offer, we may also ask you for personal information details to identify you. However, we would anonymize such data immediately.
Our Legal Basis to Process Personal Data
Data Processing legislation permits us to process personal data, as long as we have legal grounds to do so. We are required to inform you what this legal basis consists of. The legal grounds, afforded to us to process your personal data, are the following:
Your consent: In some cases, as already indicated hereabove, we will ask you for permission to process some of your personal information, and we will only process your personal information after we receive your consent to allow us to do so.
To perform a contract: this relates to when we need to process your personal data so as to perform our obligations under a contract.
A Legal obligation: this is when we would have to process your personal information to comply with a legal obligation, such as, for example, having to obtain your consent prior to generating a credit scoring report on your goodself, at the request of a third party, in accordance with Central Bank Directive No. 15, Regulation 6(1).
Legitimate interests: we will process your personal information due to our legitimate interests in running a lawful business, as long as this would not outweigh your interests. Examples of such legitimate interests include:
MCB is an entity domiciled in Malta and our office is in Malta. Our website and web applications are hosted in the EU and are accessed only by our EU-based staff. We work closely with the IT Department of Infocredit Group Ltd, being one of the principal shareholders of our company.
Infocredit applies throughout the data processing procedure, the appropriate technical, physical, and administrative security measures for the protection and security of the personal data from loss, misuse, damage or modification, unauthorised access and disclosure, in compliance with article 32 of the GDPR 679/2016, in order to ensure the appropriate security level against those risks.
The Key security measures, applied by Infocredit, as listed hereunder:
MCB uses Cloud Service Providers (CSPs) to process and host our data on the cloud. We are the data controller of these CSPs and the CSPs, which we had use of, utilize processing facilities based in Cyprus or other EU member states.
We take all reasonably necessary steps to treat your data securely, respecting confidentiality and in accordance with the GDPR. Once we have received your information, we make use of strict procedures and modern technical security features to prevent unauthorized access to our systems and to the data stored therein, so as to prevent any loss of, damage to, or disclosure of, your personal information. We accept no liability were a breach to occur in circumstances beyond our control.
Third Party Links
Our website may contain links to third party websites. Such third-party sites have their own privacy policies, which are independent from ours. We are therefore not responsible for the content of these linked sites. It would be appropriate were you to carefully read the privacy policies of these sites prior to submitting any personal data to them.
We will hold on to your personal information for no longer than is necessary, keeping in mind the reason for which we had collected your data, including to meet legal or regulatory requirements, prevent fraud and abuse, or to enforce our terms and conditions.
In accordance with Central Bank Directive No. 15, Regulation 9(1), we will retain information – used to issue a credit score and sourced through the Central Credit Register, held at the Central Bank of Malta – for a period of not more than one year from the date of issuance of the credit score. Following this date, your data will be anonymized, to be used for statistical purposes and will no longer be personal data.
However, we may need to keep different types of personal data for different time periods, as required by law. For example, local tax legislation may require us to retain certain personal data, relating to items purchased, for a period of ten years.
You enjoy several rights, under data protection law, as a data subject, in relation to your personal information that we hold. Were you to wish to exercise any of these rights, kindly email us at [email protected]. Hereunder is a list of your rights:
Access to your personal data
You may request a copy, free of charge, of the personal data that we hold about you. To process your request, we will first verify your identity. We will carry out our best efforts to process your request within one month. We can provide you with a copy of your personal data in electronic format or hard copy.
Request a correction (rectification) of your personal data
Please let us know were your data to be incomplete or incorrect, so that we would amend it accordingly.
The right to erasure
Were there to be no legal basis for us to continue to hold your data, you may request that we delete it. This also holds were your data to have been unlawfully processed.
The right to be informed
You have the right to be informed about how we use, and process, your personal information is being used. This is provided through this privacy policy, which we will update when necessary, and any other related communications that we may send you.
The right to object
You have the right to object to us processing your personal data were we to rely on a legitimate interest or those of a third party. You may wish to object to our processing of your data since you feel that this impacts on your fundamental rights and freedoms. You also have the right to object in situations where we process your data for direct marketing purposes, or for scientific or historic research or if our processing involves automated decision-making and profiling.
The right to restrict processing
In certain circumstances, you have the right to ask us to stop processing your data, even though we could still hold onto it. These circumstances include:
a) Were you to contest the accuracy of your personal data
b) Were you to contest that we are processing your personal data unlawfully
c) We no longer need to process your personal data but hold it as part of a legal process
d) You exercise your right to object and ask us to restrict processing until a decision is taken on your request
The right to data portability
You may request your set of personal data be transferred to another controller or processor, provided that this is carried out in a commonly used and machine-readable format. This right only applies to processing carried out by automated means, which you had originally consented for us to use, and if the processing is based on us using that information to perform a contract with you.
The right to withdraw your consent
You may withdraw your consent at any time and we will no longer process your personal data for the reason/s originally agreed to, unless we have another legitimate basis at law to continue to process your data. In this case, we would communicate with you, to let you know the reasoning behind our decision.
Cookies
A cookie is a small file of letters and numbers that is downloaded onto your computer when you visit a website. We have activated cookies on our website to distinguish you from other users. We also use cookies to personalize content and to analyse our traffic. In particular, cookies remember your preferences, providing you with a better experience when browsing through our website pages.
A cookie would contain information about your device, browser and IP address. A cookie allows our website to remember users that have already viewed our site. Were cookies not to be enabled, every time you would open a new web page, the server where that page is stored will treat you like a completely new visitor, and this would cause a slight delay in the loading of the webpage, diminishing your user experience.
We may share cookies with third parties, who may be interested to understand how you use our websites and the type of devices you use, when browsing our website. In turn, these third parties may deliver to you advertisements which they would think would be of interest to you.
You consent to our cookies if you visit our homepage and decide to continue to use our website. We do not require to obtain your consent in cases where cookies are necessary to operate our website, including those cookies which allow you to log into its members area. For all other cookies, such as performance, functionality, targeting and social media cookies, we need your permission to place them on your device. Some cookies are placed by third party services that appear on our pages.
You may, at any time, change or withdraw your consent from the Cookie Declaration found on our website.
Contact Us
Should you wish to make a suggestion, or to comment, or to file a complaint on any matter relating to this privacy policy or the handling of your personal date, feel free to contact us. You may either send us a letter, addressed to our office address, or email us at [email protected], or alternatively, contact us by phone on +356 79404800.
Filing a Complaint
Should you feel the need to file a complaint, kindly contact us. Details about filing a complaint are listed here.
All complaints will be treated in a strictly confidential manner.
Should you remain unsatisfied on our handling of your personal information, following your communication with us, you may wish to escalate your complaint further by communicating with the supervisory authority in your place of residence or work. In Malta, the supervisory authority is the Office of the Information and Data Protection Commissioner. The contact details of this Office are found by clicking here.
This policy was first created on 23 February 2023. It may be updated periodically. The owner of this policy is Malta Credit Bureau Limited.