1.0 Privacy Policy

We are committed to protecting our visitor’s privacy and we will not collect any personal information about you as a visitor unless you provide it voluntarily.

Before or at the time of collecting personal information, we will identify the purposes for which information is being collected.

We will collect and use personal information solely for fulfilling those purposes specified by us and for other ancillary purposes (including as required by law) relevant to providing the service you requested – in any other case, we will request to obtain the consent of the individual concerned.

We will only store your personal information for the length of time required for the purpose for which it is collected.

2.0 Personal Information

Personal information is defined as being any information which can be linked to an identified or identifiable individual. Quite simply, if any information can be linked to you it becomes personal information and we therefore take great care when collecting and processing such information in order to protect the privacy of our users.

In certain instances, if you choose to withhold any personal information it may not be possible for us to fulfil the service you are requesting.

3.0 Legal requirements

We may be required by law to:

Disclose certain personal information for purposes of law enforcement or national security; Store personal information for various periods of time (e.g., in connection with tax laws).

4.0 The Data Protection Act & GDPR and control of your personal information

CRC Malta Ltd. processes personal data as defined in the GDPR which will be brought into force from May 25th 2018. We therefore consider that we have a legal duty to respect and protect any personal information we collect from you and we will abide by such duty. We take all safeguards necessary to prevent unauthorized access and we do not pass on your details collected from you as a visitor, to any third party unless you give us your consent to do so.

This provides amongst other things that the data we hold about you should be processed lawfully and fairly. It should be accurate, relevant and not excessive. The information should be kept up to date and not retained for longer than is necessary.

To make sure that you can control your personal information we enable you to:

Ask to view the personal information we hold about you;

Request that any personal information that is inaccurate, irrelevant or out-of-date be amended or deleted;

Have your personal information deleted, if such deletion is permissible by law and/or will not prejudice our position at law.

5.0 What personal data do we collect from you?

As a website visitor, we collect three types of information on you:

Contact or feedback information;

Web page download information.

In different parts of this website, you will have the option to submit personal data (e.g., e-mail address, name, contact number and any additional data in a request). The submission of such data occurs on the basis of a freely chosen, explicit and voluntary option and entails acquisition of the sender’s email address, which is necessary to reply to any request, as well as the acquisition of such additional personal data included.

6.0 What do we do with your personal data?

The information we learn from customers helps us personalise and continually improve your shopping experience at CRC Malta. We use the information to handle orders, deliver products and services, process payments, communicate with you about orders, products, services and promotional offers, update our records and generally maintain your accounts with us, display content such as customer reviews and recommend merchandise that might be of interest to you.

We also use this information to improve our store and platform, prevent or detect fraud or abuses of our website and enable third parties to carry out technical, logistical or other functions on our behalf.

Other examples include:

To fulfil your requests for products and services and communicate with you about those requests.

To provide customer service and alert you to product information, including recalls.
Handle complaints

To help us improve and customize our service offerings, website, and advertising.

To send you information about our products, services, and promotions.

To protect the security or integrity of our website and our business.

With regard to credit qualification and applications.

To accomplish these purposes, we may combine personal and non-personal information we collect online with offline information, including information from third parties.

Forms of Communication used by CRC Malta LTD may include Text Messages, Phone Calls, Emails

Third Party Service Providers: We employ other companies and individuals to perform functions on our behalf. Examples include delivering packages and processing credit card payments. They have access to personal information needed to perform their functions, but may not use it for other purposes. Further, they must process the personal information in accordance with this Privacy Notice and in accordance with the GDPR.

The processing of your personal data for the purposes of legitimate interest is carried out pursuant to Article 9, letter f) of the Data Protection Act and for the pursuit of the legitimate interest of CRC Malta LTD in carrying out the economic operations indicated therein pursuant to article 6, letter f) of the European Regulation no. 679/2016 on the protection of personal data (“GDPR”), applicable from 25 May 2018, adequately balanced with your interests as the processing takes place within the limits strictly necessary for the execution of these operations.

7.0 How is your personal data processed?

Your personal data is processed with automated (occasionally manual) means by persons who have been specifically appointed by CRC Maltas Ltd and, if necessary, also by data processors, even external, appointed by CRC Malta Ltd itself. Adequate security measures are implemented to prevent the data from being lost, unlawfully and/or inappropriately used, or accessed without authorisation.

8.0 What is the scope of communication and disclosure of your personal data?

CRC Malta Ltd., for the Contractual Purposes referred to in this notice, can communicate your personal data to subjects that perform services functional to the management of its requests, and in particular to the following categories of subjects located within the European Union and, within the limits set out in this privacy policy, outside the European Union, (a) providers of assistance services, tax and legal advice, (b) IT service providers, (c) companies of the group to which CRC Malta Ltd belongs, ( d) subjects and authorities whose right of access to your personal data is expressly recognized by law, regulations or provisions issued by the competent authorities. Depending on the circumstances, these recipients will process your personal data as data controllers or data processors.

CRC Malta Ltd, for the purposes of legitimate interest referred to in this notice, may communicate your personal data to parties who perform services functional to these purposes and, in particular, to the following categories of subjects located within the European Union and, within the limits set out in this privacy policy, outside the European Union, to (a) providers of assistance services, tax and legal advice, (b) IT service providers, (c) subject assignee companies or branch of company, potential purchasers of CRC Malta Ltd and companies resulting from possible mergers, demergers or other transformations of CRC Malta Ltd, including within the scope of the activities functional to such operations, and (d) competent authorities. The subjects indicated above may act, as appropriate, as data processors or independent data controllers.

9.0 Will your data be transferred abroad

Your personal data may be freely transferred outside the national territory to countries located in the European Union. Should your personal data be transferred to countries outside the EU this shall occur exclusively in compliance with the appropriate and adequate guarantees for the purpose of the extended transfer in accordance with the applicable legislation and in particular article 27 of the Data Protection Act and articles 45 and 46 of the GDPR.

You will have the right to obtain a copy of the data held abroad and to obtain information about the place where such data is stored by expressly requesting CRC Malta Ltd. for this information through the contact information as presented below.

The following provisions have become effective as of 25 May 2018, when the GDPR has become enforceable.

a) Data Protection Officer: the appointed Data Protection Officer pursuant to article 37 of the GDPR can be contacted via the means provided at the end of this Notice.

b) Data retention period: CRC Malta Ltd. will process your personal data for the period necessary to satisfy the purposes for which they were collected. In any case, the following retention periods apply to the processing of personal data for the following purposes:

i. the data collected for Contractual Purposes are kept for the entire duration of the period during which the requested service is provided to you and for 10 years following the expiration of this period for defence purposes and / or to exercise CRC Malta Ltd.’s rights in court and/or out of court in case of disputes with you.

ii. the data collected for Legitimate Interest Purposes are kept for a period of 10 years from the time of collection.

Once the above terms have expired, your personal data may be deleted, anonymised and / or aggregated.

c) Additional rights: You can at any time
i. requests the restriction of the processing of your personal data where one of the following applies:

you contest the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data;

the processing is unlawful and you oppose to the erasure of the personal data and requests the restriction of their use instead;

ii. oppose at any time to the processing of your personal data:
iii. request cancellation of personal data concerning you without undue delay;
iv. obtain the portability of personal data concerning you;
v. lodge complaints with the appropriate Data Protection Supervisory Authority.

10.0 Contact or Feedback

When you fill the form on the Contact Us or Item Request Info, we use the personal information submitted in the form only to respond to your message. This personal information will not be kept longer than necessary and will be deleted once the feedback requirement is met. In certain instances, if you choose to withhold any personal information it may not be possible for us to contact you back to respond to your query.

11.0 Links to other Websites

Our site has a number of links to other local and international organisations and agencies. In some cases, for the benefit of the visitor, it may be required that we link to other web sites of other organisations after permission is obtained from them respectively. It is important for you to note that upon linking to another site, you are no longer on our site and you become subject to the privacy policy of the new site.

12.0 Changes to this Privacy Policy

If there are any changes to this privacy policy, we will replace this page with an updated version. It is therefore in your own interest to check the “Privacy Policy” page any time you access our web site so as to be aware of any changes which may occur from time to time.

13.0 Contact Us

CRC Malta Ltd has a Data Protection Officer who can be reached at:

Contact us | CRC Group Malta

Or on Email: dataprotectionofficer@crcmalta.com

Or by post: CRC Group, Tilio’s Buildings, St. Paul Street, Naxxar, NXR4016, Malta, Europe

Or by Phone: +356 2141 9400