Updated to EU Regulation No 679/2016, otherwise known as the “GDPR”
Data Protection Statement
Knight Divers processes information as an essential part of its business function. This includes confidential information about businesses and individuals. Information is a valuable asset and business continuity is dependent on its integrity and continued availability.
Article 37(1) of the GDPR requires the designation of a Data Protection Officer in three specific cases. Since the processing of personal data is not a core part of our business, does not require regular and systematic monitoring of data subjects and is not on a large scale; is not carried out by a public authority or body and does not consist of processing data on a large scale of special categories of personal, Knight Divers is not required to designate a Data Protection Officer. In case any of the conditions above change and we undertake new activities or provide new services that might fall within the conditions listed under Article 37(1), Knight Divers will take all necessary measures to appoint a Data Protection Officer as required.
Knight Divers’s compliance department is responsible for handling all data processing requirements, which can be contacted on [email protected] .
THE INFORMATION WE USE AND WHERE WE GET IT FROM
We collect and process various categories of personal information, including but not limited to basic information such as name and contact details, and behavioural data. Most of the information will have been provided by the client.
Where permitted by law, we may process information about criminal convictions or offences and alleged offences for specific and limited activities and purposes, such as to perform checks to prevent and detect crime.
WHY AND HOW KNIGHT DIVERS USES PERSONAL DATA
Knight Divers collects, processes, and determines how to process your personal information as Data Controller for the follow purposes:
- Providing and improving our products and services;
- Marketing communications with client in relation to the company’s own products and services, subject to the client’s prior express consent;
- In order to carry our customer due diligence;
- In order to comply with regulatory obligations.
PROCESSING OF DATA
All our employees shall always ensure with regards to the processing of personal data that:
- it is processed fairly and lawfully;
- it is processed in accordance with good practice;
- it is only collected for specific, explicitly stated and legitimate purpose;
- it is not processed for any purpose that is incompatible with that for which the information is collected;
- personal data that is processed is adequate and relevant in relation to the purpose of processing;
- no more personal data is processed than is necessary having regard to the purpose of the processing;
- personal data that is processed is correct and, if necessary, up to date;
- all reasonable measures are taken to complete, correct, block or erase data to the extent that such data is incomplete or incorrect, having regard to the purposes for which they are processed;
- personal data is not kept for a period longer than is necessary, having regard to the purposes for which they are processed.
HOW LONG KNIGHT DIVERS KEEPS PERSONAL DATA FOR
Knight Divers will retain your personal information for as long as is necessary to provide the services to you and others, and to comply with our legal obligations. We will not keep personal data longer than is necessary. Once the client has terminated the contract with the company, Knight Divers will anonymise the personal data of the client and keep it for an indefinite period without further notice, for the following reasons:
- To respond to any questions or complaints;
- To demonstrate that you are, or have been, treated fairly;
- To satisfy our record keeping obligations in accordance with the applicable legislation and regulations;
- To prevent fraud;
- To resolve disputes;
- To enforce the terms of service and take other actions permitted by law.
If you no longer want us to use your personal information or to provide you with the Knight Divers services, you can request that we erase your personal information and close your account with us. Please note that if you request the erasure of your personal information we will retain information from deleted accounts in an anonymity form as necessary for our legitimate business interest, to comply with the law, prevent fraud, collect fees, resolve disputes, assist with investigations, enforce the terms of service and take other actions permitted by law.
HOW YOU CAN ACCESS YOUR PERSONAL INFORMATION
Any person has the right of access to any personal data Knight Divers hold about them either on computer or in a structured manual file. To exercise this right, they should put their request in writing to the Compliance Department on the email provided above, there is no charge for this request however, a ‘reasonable fee’ may be liable should the data requests be deemed excessive.
Knight Divers is obliged to respond to such requests within one month of receipt of the request. Therefore, it is essential that such a request is recognised by all members of staff and is passed expeditiously to the Compliance Department to deal with.
The Compliance Department will record all such requests and ask all departmental heads to search their computer and manual files for data concerning the applicant.
Any person has also the right to make a request to correct any information we hold. Altering or deleting information AFTER such a request has been made AND in order the prevent disclosure of the information is a criminal offence. However, this does not prevent any change to the data, which would be made in the normal course of business.
KEEPING PERSONAL INFORMATION SECURE
Knight Divers has in place appropriate security measures designed to keep your personal data secure, preventing it form being lost, stolen, altered, used, accessed or disclosed in an unauthorised way.
These measures incude:
- Limiting access of your personal data to only individuals that have a genuine need to access it;
- Only allowing these individuals to use your personal data in accordance with your/our instructions;
- Having procedures in place to deal with any suspected or confirmed personal data breach and to notify you and any applicable regulator of a breach where we are legally required to do so.
Knight Divers have put in place procedures to deal with any suspected personal data breaches and will notify you and any applicable regulator where we are legally required to do so.
YOUR DATA PROTECTION RIGHTS
Under certain circumstances, by law you have the right to:
- Request access to your personal data.
This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you
This enables you to have any incomplete or inaccurate personal date we hold about you corrected, though we may need to verify the accuracy of the new data you provide us.
- Request erasure of your personal data
This enables you to ask us to delete or remove personal data where there is no lawful basis for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing. You need to be aware of how such a request will affect the running of your product and we will explain this to you if you make such a request.
- Object to processing of your personal data
You can object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
- Request the restriction of processing of your personal data
This enables you to ask us to suspend the processing of your personal date in the following scenarios: (a) if you want us to establish the personal data’s accuracy; (b) where our use of the personal data is unlawful, but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.
- Not be subject to automated decision making, including profiling
We do not make decisions based solely on automated processing, including profiling.
- Request receipt and/or transfer of your personal data to another party
We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Make a complaint to the local Data Protection Commissioner
In rare occasions where you believe your data has been wrongfully processed, stored or handled, you have the right to raise a concern with the Office of the Information and Data Protection Commissioner (IDPC). You can submit your complain through the form available on their website, following the link https://idpc.org.mt/en/Pages/contact/complaints.aspx for more details. Otherwise, you can send your complain to them by email on [email protected] or by post on the below address:
Information and Data Protection Commissioner
Level 2, Airways House
Sliema SLM 1549
- Withdraw consent at any time
You have the right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you want to exercise your rights above, please contact our Compliance Department on the email provided above.
You will not have to pay a charge to access your personal data (or to exercise any of the other rights). However, we may make a reasonable charge if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
WHAT WE MAY NEED FROM YOU
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
YOUR DUTY TO INFORM US OF CHANGES
It is important that the personal date we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
SHARING YOUR PERSONAL DATA INTERNATIONALLY
We are subject to the provisions of the General Data Protection Regulations that protect your personal data. Where we transfer your data to third parties outside of the European Economic Area (EEA), we will ensure that certain safeguards are in place to ensure a similar degree of security for your personal data. As such:
- We may transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or
- If we use US-based providers that are part of EU-US Privacy Shield, we may transfer data to them, as they have equivalent safeguards in place; or
- Where we use certain service providers who are established outside of the EEA, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
UPDATES TO THIS POLICY
We will occasionally update this Policy to reflect changes in the applicable Regulation as well as both company and customer feedback. We will contact you to inform you of the same whilst the revised Policy can be found on our website.
MARKETING CHOICES REGARDING YOUR PERSONAL INFORMATION
Where we have your consent to do so, we send you marketing communications by email about products and services that we feel may be of interest to you. You can ‘opt-out’ of such communications if you would prefer not to receive them in the future by sending a written request by email to our Compliance Department on the email provided above.
NEWSLETTER SIGN UP
As part of the registration process for our periodic e-newsletter, we collect personal information such as our name and email address. We use a third-party provider, MailChimp to deliver our newsletter. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see MailChimp’s privacy notice – https://mailchimp.com/legal/privacy/.
We use that information for a couple of reasons: to tell you about stuff you’ve asked us to tell you about; to contact you if we need to obtain or provide additional information; to check our records are right and to check every now and then that you’re happy and satisfied. We don’t rent or trade email lists with other organisations and businesses. You will only receive communication from us, if you have explicitly opted in to do so.
You can unsubscribe to general mailings at any time of the day or night by clicking the unsubscribe link at the bottom of any of our emails or by emailing our Compliance Officer on the email provided above.
Please note that once you unsubscribe from our email lists, we will delete your email address from our MailChimp account in a timely fashion soon thereafter.
COOKIES AND TRACKING TECHNOLOGIES
Knight Divers’s website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.