Privacy Notice - Entities Exchanging Info with ERL

Privacy Notice for Entities exchanging Information with Engineering Resources Limited

Engineering Resources Limited (“ERL” or “We” or “Us” or “Our”) is a public company registered under the laws of Malta and bearing registration number C 65835 and having its registered address at Triq Durumblat, Attard MST 4818, Malta.

This Privacy Notice applies to ERL’s processing of personal data relating to entities (natural persons and/or companies) (hereinafter referred to as Entity or Entities) which:

i)    May prospectively enter into a contract for the provision of works and/or goods and/or property     and/or ​​services and/or lease (hereinafter collectively referred to as “deliverables”) to ERL;

ii)    Have entered into a contract for the provision of deliverables to ERL;

iii)   May prospectively enter into a contract for the provision of deliverables from ERL;

iv)   Have entered into a contract for the provision of deliverables from ERL.

 

References to “you” or “your” shall accordingly be deemed to refer to the Entities’ data subjects, including but not limited the people employed, contracted or otherwise engaged by such Entities.

We are committed to respecting your privacy. If you have questions about Our processing of your personal data, you may contact Engineering Resources Ltd., at the address Engineering Resources Limited, Triq Durumblat, Attard MST 4818, or by email at info.erl@engineeringresources.com.mt or by telephone on +356 22266557.

ERL’s Data Protection Officer may also be contacted at Engineering Resources Limited, Triq Durumblat, Attard MST 4818, or by email at dpo.erl@engineeringresources.com.mt and +356 22980583.

 

Please read this Privacy Notice carefully to understand our practices with respect to your personal data.

 

1.    Updates

We may update this Privacy Notice at Our sole discretion including as a result of a change in applicable law or processing activities. Any such changes will be communicated to you prior to the commencement of the relevant processing activity.

 2.    What amounts to personal data?

The term “personal data” refers to all information through which you can be personally identified or identifiable, such as name, surname, address and billing information.

 3.    How do We collect personal data?

We typically collect your data:

·       From you (or your employer/person who engaged you) directly as part of the process of entering into a contract with Us such as through forms, contracts, business cards, correspondence and information submitted in tenders and request for quotation; and

·       Through information which arises in the course of Our working relationship with the Entity.

We might also collect your data from third parties as part of the process of entering into a commercial contractual relationship with Us or during the duration of Our contractual relationship such as through credit checks or trade references. Information from public sources might also be collected about you.

 4.    What personal data do We process?

The personal data that We collect and process generally but not only relates to:

·       Personal details such as names, surnames, date and place of birth and ID/Passport numbers;

·       Personal details of father, mother, children, next of kin, partners such as name and surname;

·       Contact details such as address, telephone/mobile numbers and email;

·       Documentation relating to your identity such as ID/Passport copies;

·       Work location;

·       Work times;

·       Documentation relating to your experience, qualifications and skills such as CVs, warrants and educational      ​​certificates;

·       eFinancial information such as bank account details, pending dues, VAT number, etc.;

·       Personal data that We collect and process as a result of legal obligations imposed on Us; and

·       Any information which is voluntarily provided to Us by you or by the Entity.

 5.    How do We use your personal data?

Irrespective of the manner that We have collected your personal data, We will only process such data for the purposes of the relationship with the Entity or for purposes which are inherently related thereto, including the fulfilment of any legal or regulatory obligations imposed on Us.

Typically, your personal data will be processed for: 

·       Contacting the Entity to possibly engage in a working business relationship with Us;

·       Evaluation of suitability of deliverables prior to entering into a commercial contract with the Entity;

·       Management of Our relationship with the Entity including performance of the contract therewith and steps necessary to enter into or amending such contract;

·       Billing, invoicing, debtor transaction processing and debt collection;

·       Supporting the relationship with the Entity;

·       General administration purposes;

·       Compliance and reporting;

·       Defending Ourselves in the event of a legal claim or dispute;

·       The purposes which you or the Entity requested when providing the data to Us;

·       The purpose of a legitimate interest pursued by Us or by a third party, provided such interest is not overridden by your interests, fundamental rights and freedoms; and

·       Any other purposes imposed or permitted by law which are inherently related to the relationship with the Entity.

 6.    Legal Basis

We primarily process your personal data for the performance of our contract with the Entity, including any steps which may be necessary to enter into such contract (such as tenders).

We may also process personal data on the following legal basis:

·       Compliance with legal obligations imposed on Us – in particular obligations imposed on Us as a result of financial or environmental legislation and health and safety;

·       To protect Our or a third party’s legitimate interests – in particular interests which may arise directly or indirectly in relation to the execution of the contract with Engineering Resources Ltd. When We process your personal data on the basis of Our legitimate interests, We ensure that the legitimate interests pursued are not overridden by your interests, rights and freedoms; and

·       For the purposes of establishing, exercising or defending legal proceedings.

Processing special categories of your personal data is not envisaged unless We have reason to institute proceedings or investigations with respect to theft of Our services. Should the processing of special categories of personal data become envisaged, We will ensure that We have additional grounds for such processing.

 7.    Recipients

We may share your personal data with third party recipients who typically are:

·     selected individuals within Our company, on a need-to-know basis;

·    any service providers that may require access to your personal data in rendering Us with their services, including legal, accounting, billing, audit, insurance providers, consultants, and IT service providers;

·     banks;

·    authorised consultative bodies and agencies dealing with financial and accounting matters including the Court of Auditors, Financial Irregularities Panel, Internal Audit Service and Anti-Fraud Office; and

·    third parties, including but not limited to governmental institutions and authorities that may be of an executive, judicial or legislative nature, to whom disclosure may be required as a result of legal obligations imposed on Us.

We do not share your personal data with any entity located outside of the EU or EEA unless required to do so at law.

 8.    Automated Decision-Making and Profiling

Your personal data will not be used for any decision solely taken on the basis of automated decision-making processes, including profiling.

 9.    Data Retention

We retain your personal data exclusively for the period in which We may lawfully retain your personal data. Thereafter, your personal data shall be immediately and irrevocably destroyed.

Typically, due to the contractual relationship with the Entity, We retain personal data for up to five (5) years from the end of Our contractual relationship with the Entity on the basis of Our legitimate interests to protect Ourselves from civil cases which might institute against Us in relation to such contractual relationship.

As a result of legal obligations imposed on Us, personal data related to accounting, transactions and tax records may be kept for up to ten (10) years.

We may have a legitimate interest to hold your data for longer periods such as when your data is required for exercising or defending legal claims.

 10.    Your Rights

For as long as We retain your personal data, you may exercise certain rights in relation to your personal data including:

-   Right of access – you have the right to ascertain the personal data We hold about you and to receive a copy of such personal data;

-   Right to Erasure – in certain circumstances you may request that We delete the personal data that We hold on you, or you withdraw your consent for Us to hold your personal data;

-   Right to Object – you have a right to object and request that We cease the processing of your personal data where we rely on Our, or third party’s legitimate interests for processing your personal data or a task carried out in the public interest;

-   Right to Portability – you may request that We provide you with certain personal data which you have provided Us in a structured, commonly used and machine-readable format. Where technically feasible, you may also request that We transmit such personal data to a third-party controller indicated by you;

-   Right to Rectification – you have the right to update or correct any inaccurate personal data which We hold about you;

-   Right to Restriction – you have the right to request that We stop using your personal data in certain circumstances including if you believe that We are unlawfully processing your personal data or the personal data that We hold about you is inaccurate; and

-   Right to be informed of the source – where the personal data We hold about you was not provided to Us directly by you, you may also have the right to be informed of the source from which your personal data originates.

Your rights in relation to your personal data are not absolute. You will not have to pay a fee to access your personal data (or to exercise any of the other rights specified above). However, We may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, We may refuse to comply with your request in these circumstances. We may need to request specific information from you to help Us confirm your identity and ensure the exercise of your rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up Our response.2

 11.    Keeping your data secure

We take pride in keeping your data secure and will take appropriate technical and organisational measures to protect your data against unauthorised or unlawful processing, storage or access, including against accidental loss or destruction. Your personal data will be stored in paper files or electronically on Our technology systems or those of Our IT service providers.

12.    Complaints

If you have any complaints regarding Our processing of your personal data, please note that you may contact Us or Our Data Protection Officer at the details indicated above. You also have a right to lodge a complaint with the Office of the Information and Data Protection Commissioner in Malta (www.idpc.gov.mt)

 ​​