1. Data Controller
The data controller of this website is Credence Holdings Limited, a limited liability company registered in Malta with company registration number C89172, whose registered office is situated at 40, Villa Fairholme, Sir Augustus Bartolo Street, Ta’ Xbiex, XBX 1095, Malta.
2. Categories of Personal Data Processed and its Purpose
Credence collects data to operate effectively to provide you with the best experience of our products and services. Credence collects and processes the personal data for specified, explicit, and legitimate purposes. Your personal data shall be processed fairly and lawfully. Your personal data shall not be processed for any purpose that is incompatible with that for which it was collected. Credence ensures that your personal data is adequate and relevant in relation to the purpose of the processing. Credence shall always seek to ensure that any personal data processed is correct and up to date. Credence shall collect and process personal data only for the extent necessary in terms of the specific purposes for which it was collected and processed, and such personal data shall be retained in accordance with that set out under the heading “Data Retention” hereof.
Your personal data may be processed for any of the following purposes:
2.1. Where you have unambiguously given your consent in accordance with Article 6(1)(a) of the GDPR. In such cases, the personal data shall only be processed for the specific purposes for which your consent was given. In this respect, you may withdraw your consent to the processing of such data at any time and we shall cease to process such data accordingly unless the processing thereof is necessary for any other lawful purpose as set out.
2.2. Where the processing of the personal data is necessary for the performance of an agreement or contract or in order to take the necessary steps to enter into such a contract or agreement, such as receiving an enquiry, and in order to consequently enable us to provide the required services. Such personal data, where the person requiring the services or entering into the contract or agreement is a natural person, shall be processed pursuant to Article 6(1)(b) of the GDPR. In respect of Contact Persons, any personal data pertaining thereto shall be lawfully processed on the basis of Articles 6(1)(b) and/or 6(1)(f) of the GDPR as the processing of such personal data may be necessary for the performance of the contract and we may also have a legitimate interest in the processing of such personal data in order to carry out our services and monitor our contractual relationship in terms of the relevant contract.
2.3. Where, in terms of Article 6(1)(c) of the GDPR, processing of the personal data is necessary for compliance with legal obligations to which we are subject. Such legal obligations include, inter alia, tax, employment and accounting related obligations as well as other legal obligations arising from the Anti Money Laundering and Terrorist Financing Regulations (AML/TF) and any related regulations or legislation.
Your personal data will be provided directly by you, as in the case when you have submitted an enquiry, contacted us for support or when you enter contractual obligations with us. In the case of Contact Persons, your personal data may also be provided by the legal person or employer you represent or on behalf of which you act, and in such a case your personal data shall only be processed in so far as any of the above are applicable thereto. We may also acquire some data from public sources such as the Malta Business Registry website.
3. Download Information
When you visit our website, the following information will automatically be processed and this shall solely be for the use of Credence:
3.1. The requested web page or download;
3.2. Whether the request was successful or not;
3.3. The date and time when you accessed the site;
3.4. The internet address of the website or the domain name of the computer from which you accessed the site;
3.5. The operating system of the machine running your web browser and the type and version of your web browser and other similar security features which are used for authentication purposes and account access.
4. Data Retention
Credence ensures that it shall retain your personal data for as long as is necessary and insofar that there a remains a lawful purpose, in terms of the GDPR or any other applicable law, for the retention thereof. When your personal data is no longer required, we shall take all reasonable steps to ensure that all personal data retained is disposed of correctly and in a timely manner. Retention periods may vary between a few months about simple enquiries to over ten years due to legal obligations which arise from different applicable laws and/or court orders.
6. Personal Data by Use of Our Website
When using this website’s online facilities, you may be required to provide your contact details for contact purposes. All information provided in the notification form, complaints and queries sections will be solely used by Credence and its staff as may be necessary, to provide you with the services required, and for other administrative purposes as may be required to enable us to properly exercise our functions according to law.
7. Your rights as a Subject
As an individual, you have the right to request confirmation as to whether any of your personal data is being exercised and if so, you have the right to access such personal data as well as any information concerning, inter alia, the purposes of the processing and the categories of personal data processed.
You may obtain a copy of the Personal Data being processed by submitting a request in writing to our privacy officer, the details of which are set out hereunder.
8. Rectification & Deletion
You have the right to request that any such personal data pertaining to yourself be blocked or erased especially where you believe that your personal data has not been processed according to the GDPR or any other applicable laws, and you may, where applicable proceed with notifying any third party about the measures undertaken. Although all reasonable efforts will be made to keep your information updated, you are kindly requested to inform us of any change referring to the personal data held by us. In any case, if you consider that certain information about you is inaccurate, you may request rectification of such data. Provided that no such notification shall be provided if it is shown to be impossible or it will entail a disproportionate effort.
9. Restriction of Processing
Subject to certain requisites, you have the right to request the restriction of processing of your personal data.
10. Data Portability
Under the Regulation you have the right to receive, upon request, a copy of the personal data that you have provided to us in a structured, commonly used and machine-readable format and to transmit such data to another controller, for free. Credence shall endeavour to ensure that such requests are processed within one month, provided that it is not excessive and does not affect the rights of other individuals’ personal data.
11. Right to Be Forgotten
Upon request, you have the right to have your personal data erased by us. Credence, acting as a controller, will take all necessary actions (including technical measures) to comply with the request unless your personal data needs to be retained to comply with legal obligations, court orders or any other lawful ground on the basis of which such data may be retained in terms of Article 17(3) of the GDPR.
12. Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data and we shall consequently refrain from the processing thereof unless we have compelling legitimate grounds for the processing, such as the performance of the contract in question or exercise of any legal obligations to which we are subject or for the establishment, exercise or defence of legal claims.
If Credence uses a third-party supplier or business partner to process personal data on its behalf, we shall ensure that this processor will provide security measures to safeguard personal data that is appropriate to the associated risks. Credence shall endeavour that the third-party supplier or business partner is to provide the same level of data protection as us. We shall ensure that the third-party supplier or business partner shall process personal data only to carry out its contractual obligations towards us or upon the instructions of Credence and not for any other purposes. When we process personal data jointly with an independent third party, we will explicitly specify its respective responsibilities in the relevant contract or any other legally binding document.
14. Response to Breaches in Personal Data
When we learn of a suspected or actual personal data breach, we shall perform an internal investigation and take appropriate remedial measures in a timely manner. Where there is any risk to your rights and freedoms, we shall notify the relevant Supervisory Authorities without undue delay and, when possible, within 72 hours from when we learn of such breach.
16. Data Transfer
We shall ensure that before transferring personal data out of the European Economic Area (EEA), adequate safeguards will be used including but not limited to the signing of a Data Transfer Agreement/Addendum, as required by the European Union. Authorisation may be obtained from the relevant Data Protection Authority where required.
18. Transaction Security
Credence shall endeavour that all personal data collected, retained, and processed is stored securely and protected against unauthorised or unlawful processing and against any accidental loss, destruction or damage. This website uses Secure Sockets Layer (SSL) to ensure secure transmission of your personal data. You should be able to see the padlock symbol in the status bar on the bottom right hand corner of the browser window. The URL address will also start with https:// depicting a secure webpage. SSL applies encryption between two points such as your PC and the connecting server. Any personal data transmitted during the session will be encrypted or scrambled and then decrypted or unscrambled at the receiving end. This will ascertain that data cannot be read during transmission.
19. Governing Law
21. Complaints and Feedback
Any complaints or objections may be sent to the following email address: firstname.lastname@example.org You also have the right to lodge a complaint with the competent supervisory authority in the particular Member State of your habitual residence for alleged infringement of the GDPR.
Any comments or suggestions that you may have, and which may contribute to a better quality of service are welcome and greatly appreciated.
This Policy shall be deemed effective as of January 01, 2020.