Skip to main content
search
0

ELEVIST WELLNESS LIMITED PRIVACY POLICY

Last Updated on 25.07.2022 Version 1.1

 

INTRODUCTION

This Master Privacy Policy (“Privacy Policy”) relates to the websitehttps://elevist.mt/and/or any sub-website and/or associated domains (and/or sub-domains) of https://elevist.mt/(hereinafter referred to as the “Site”),the services (which may includethe sale of goods and/or deliveries of the same) provided byElevist Wellness Ltd Limited(C101929), the owner of the Site,(“We“, “Us“, “Our“, “Ourselves” and/or “Elevist”) where Personal Data is processed by Us (via the Siteor otherwise) relating to You. In this Master Privacy Policy, “You” and “Your” and “User” refer to an identified or identifiable natural person being the User of the Site and/or client (or prospective client) of any of Our services. Our full details, including contact details, can be read below.

For information on how Your personal data is processed throughout the Site (which is owned and operated by Bluberry Investments Limited (‘Bluberry’) We invite you to read through the Privacy Policy of Bluberry, which can be found here.

You may be reading this Privacy Policy as a User or visitor of the Site or You may have been directed here by one (or more) of Our condensed privacy policies or Our other notices (digital or otherwise).

Although this Privacy Policy provides detailed, layered information on how and why We generally process Personal Data (via the Siteor otherwise) as well as detailed information about Your various rights, the specific and tailor-made content of such condensed policies or other notices will, in most cases, provide You with more focused and detailed information on specific processing operations (for example, the specific legal basis for processing certain categories of Personal Data and the specific purpose for doing so depending on the matter at hand).

Although our goal is to always be as clear and transparent as possible, We appreciate that legal documents can sometimes be difficult to read. However, We strongly encourage You to read this Privacy Policy (which is layered for Your convenience) with care. Please do not hold back from contactingUs for any clarification You may need.For example, if You need clarification on a specific legal basis We are relying on to process Your Personal Data for a specific processing operation, We would be happy to provide You with any such information You may need.

APPLICABLE LAWS

As an entity established in Malta, EU, the main privacy laws that are applicable to Elevistin so far as You are concerned, are as follows:

  • The Maltese Data Protection Act (Chapter 586of the Laws of Malta)as well as the various subsidiary legislation issued under the same – the ‘DPA’;
  • The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – the ‘GDPR’.

All the above, as may be amended from time to time, referred to together as the “Data Protection Laws”

WHAT IS MEANT BY PERSONAL DATA?

PERSONAL DATA” means any information that identifies You as an individual or that relates to an identifiable individual.

Whenever it is not possible or feasible for Usto make use of anonymous and/or anonymised data (in a manner that does not identify any Users of the Site or customers of Our services), We are nevertheless committed to protecting Your privacy and the security of Your Personal Data at all times.

We collect Personal Data in various ways both digitally via the Site (either when You choose to provide Us with certain data or in some cases, automatically or from third parties) as well as non-digitally (for example when You fill in a physical form to benefit from one or more of Our services).

PERSONAL DATA WE COLLECT ABOUT YOU

There are various categories of Personal Data that We collect about You, namely:

 

CONTACT DETAILS:
  • Name
  • Surname
  • Mailing address,
  • Telephone or mobile number
  • Email address

 

REGISTRATION DATA:
  • a username
  • password
  • date of birth
  • country of residence
  • gender

 

MARKETING DATA
  • Name
  • Email address
  • Mailing address
  • Interests
  • Proof of opt-in consent (where needed)
  • Objections to marketing
  • Website data
  • Online identifiers (including IP addresses and information generated via Your browser)

 

TRACKING DATA:
  • IP address
  • Location Data
  • GPS Data

 

FINANCIAL INFORMATION:
  • Bank account details
  • Credit card information

 

ADDITIONAL INFORMATION:

In some cases, (for example, if You are a client [or prospective client] of Our services, via the Siteor otherwise) We may request additional Personal Data as a means of securely identifying You or for another similar lawful purpose (which will be explained in the table below and/or in a condensed policy/notice that may have directed You here).

Many of the categories of Personal Data above are collected directly from You (for example, Your Contact Details). However,WE MAY ALSO COLLECT PERSONAL DATA FROM OTHER SOURCES, including data companies, publicly accessible databases, joint marketing partners, social media platforms and other third parties. We may also receive Personal Data about You from third parties when We need to confirm Your Contact Details or even certain Financial Information. Should this be the case, We will take all measures as required by law to further inform You about the source of such Personal Data as well as the categories of Personal Data We collect and process. There are certain instances at law where We are specifically forbidden from disclosing to You such activity (for example, when carrying out due diligence for anti-money laundering purposes).

For a detailed description of the reasons why We process the categories of Personal Data above (and any other specific Personal Data We process) as well as the corresponding legal ground(s) for doing so please see the ‘What We Use Your Personal Data For (Purpose of Processing)’ below.

For information/Personal Data that We may collect automatically via the Site, please see the Cookies section below.

SOCIAL MEDIA

If You choose to connect one or more of Your social media accounts with Our Site (if this option is available) to enable the sharing of Personal Data via social media platforms, certain categories of Personal Data relating to You from Your social media account(s) will be shared with Us.

HOW AND WHY WE COLLECT PERSONAL DATA

As a general rule, We do not collect any Personal Data, that is, information that identifies You as an individual other than that which You choose to provide to Ussuch as the data (including Contact Details and Registration Data)You provide when registering with Our Site (where this is available),when contacting Us with enquiries relating to Ourgoods and/or services, when subscribing to any service offered by Us or via Our Site, such as any newsletters as may be issued by Us from time to time or even when subscribing to any offers We (and/or Our affiliates and/or corporate partners) may offer from time to time(see Personal Data We Collect About You above).

Unless otherwise specified and subject to various controls, as a general rule, We only collect Personal Data (from You or elsewhere) that We:

  • Need to be able to provide You with the goods and/or services You request from Us
  • Are legally required to collect/use and to keep for a predetermined period of time
  • Believe to be necessary for Our legitimate business interests

For a detailed description of the reasons why we process specific categories of personal data as well as the corresponding legal ground(s) for doing so, please seethe ‘What We Use Your Personal Data For (Purpose of Processing)’ below.

PERSONAL DATA RELATING TO THIRD PARTIES

By providing Us with or allowing Us to access Personal Data relating to individuals other than Yourself (for example, any minors under Your care who may require Our services), You are letting Us know that You have the authority to send Us that Personal Data or the authority to permit Us to access those data in the manner described in this Privacy Policy.

WHAT WE USE YOUR PERSONAL DATA FOR (PURPOSE OF PROCESSING)

The following is a description (in a clear and plain manner) of what We use Your Personal Data for and the corresponding legal ground(s) we rely on for doing so.

For more detail on what is meant by terms such as ‘Contact Details’, ‘Registration Data’ and other categories of Personal Data used in the tables below, please see the section above relating to Personal Data We Collect About You.

Please note that WHERE WE RELY ON YOUR CONSENT, THIS CAN BE WITHDRAWN AT WILL (See Special Note on Consent below).

 

PROSPECTIVE CLIENTS/USERS OF THE SITE/NEW CLIENTS OF OUR SERVICES:

PURPOSE OF THE PROCESSING

CATEGORIES OF PERSONAL DATA

LEGAL BASIS FOR PROCESSING

Evaluating Your application(s)/requests You send Us to use/receive/subscribe to any of Our services .

Contact Details

Identification Details

Financial Information

Contractual Necessity

Legitimate Interest (detection and prevention of fraud)

Set up a record on our systems

Registration Data

Contact Details

Contractual necessity

Legitimate interest (to ensure we have an accurate record)

To manage our relationship with you

Registration Data

Contact Details

Financial Information

Transaction and Usage data

Contractual necessity

Compliance with our legal obligations

To establish and investigate any suspicious behaviour in order to protect our business from any risk and fraud and to be in line with the law

Registration Data

Contact Details

Identification and verification Data

Log in Data

Legitimate interest (detection and prevention of fraud)

Compliance with our legal obligations

Subscribing to a newsletter or mailing list

Registration Data/Contact Details

Your consent

To be able to provide You with marketing material that You may have requested from Us or that We may be authorised at law to provide to You

Marketing Data

Tracking Data

Your Consent (where we need this)

OR

Our legitimate interests (where we don’t need Your consent)

To monitor our premises via CCTV for security purposes

CCTV footage (deleted after 7 days)

Legitimate Interests

ONGOING CLIENTS OF OUR SERVICES:

PURPOSE OF THE PROCESSING

CATEGORIES OF PERSONAL DATA

LEGAL BASIS FOR PROCESSING

Maintain records on our systems

Registration Data

Contact Details

Financial Information

Other Communication Data

Contractual necessity

Legitimate interest (to ensure we have an accurate record)

Continue to manage our relationship with you

Registration Data

Contact Details

Financial Information

Other Communication Data

Transaction and Usage data

Contractual necessity

Compliance with our legal obligations

To process and manage payments transactions (where applicable)

Financial Information

Contractual necessity

To be able to provide You with (some or all of) Our services – including those provided via the Site.

Registration Data

Contact Details

Contractual Necessity

Comply with legal and regulatory obligations

Registration Data

Contact Details

Legal obligation

Subscribing to a newsletter or mailing list

Registration Data/Contact Details

Your consent

Your being able to participate in an online survey or poll

Registration Data/Contact Details

Your consent

To be able to provide You with marketing material that You may have requested from Us or that We may be authorized at law to provide to You

Marketing Data

Your Consent (where we need this)

OR

Our legitimate interests (where we don’t need Your consent)

To carry out corporate acquisitions, mergers, or transactions

Identification and Verification Data

Financial Information

Bank Account Details

Our legitimate interests (to facilitate corporate acquisitions, mergers, or transactions)

To monitor our premises via CCTV for security purposes

CCTV footage (deleted after 7 days)

Legitimate Interests

Should We need to process Your data for a new purpose in the future, which is entirely unrelated to the above, We will inform You of such processing in advance and You may exercise Your applicable rights (as explained below) in relation to such processing.

Finally, do note that without certain Personal Data relating to You, We may not be in the position to provide some or all of the services You expect from Us or even to guarantee the full functionality of Our Site.

ACCURACY OF PERSONAL DATA

All reasonable efforts are made to keep any Personal Data We may hold about You up-to-date and as accurate as possible. You can check the information that We hold about You at any time by contacting Us in the manner explained below. If You find any inaccuracies, We will correct them and where required, delete them as necessary. Please see below for a detailed list of Your legal rights in terms of any applicable data protection law.

DIRECT MARKETING

We only send mail, messages and other communications relating to marketing where We are authorised to do so at law. In most cases We rely on Your consent to do so (especially where We use electronic communications). If, at any time, You no longer wish to receive direct marketing communications from Us please let Us know by contacting Us at the details below or update Your preferences on any of Our Site(s) (where applicable). 

In the case of direct marketing sent by electronic communications (where We are legally authorised to do so) You will be given an easy way of opting out (or unsubscribing) from any such communications.

Please note that even if You withdraw any consent You may have given Us or if You object to receiving such direct marketing material from Us (in those cases where We do not need Your consent), from time to time We may still need to send You certain important communications from which You cannot opt-out.

TRANSFERS TO THIRD COUNTRIES

As a general rule, the data We process about You (collected via the Site or otherwise) will be stored and processed within the European Union (EU)/European Economic Area (EEA) or any other non-EEA country deemed by the European Commission to offer an adequate level of protection (the so-called ‘white-listed’ countries, including the UK, listed here: https://ec.europa.eu/info/law/law-topic/data-protection_en).

In some cases, it may be necessary for Us to transfer Your Personal Data to a non-EEA country not considered by the European Commission to offer an adequate level of protection (for example to one or more of Our data processors located there). For example, for the implementation of Your desired transaction it can be necessary that We disclose Your Personal Data to banks outside the EEA.

In such cases, apart from all appropriate safeguards that We implement, in any case, to protect Your Personal Data, We have put in place additional adequate measures. For example, We have ensured that the recipient is bound by the EU Standard Contractual Clauses (the EU Model Clauses) designed to protect Your Personal Data as though it were an intra-EEA transfer. You are entitled to obtain a copy of these measures by contacting Us as explained below.

INTERNET COMMUNICATIONS

You will be aware that data sent via the Internet may be transmitted across international borders even where sender and receiver of information are located in the same country. We cannot be held responsible for anything done or omitted to be done by You or any third party in connection with any Personal Data prior to Our receiving it including but not limited to any transfers of Personal Data from You to Us via a country having a lower level of data protection than that in place in the European Union, and this, by any technological means whatsoever (for example, WhatsApp, Skype, Dropbox etc.). 

Moreover, We shall accept no responsibility or liability whatsoever for the security of Your data while in transit through the internet unless Our responsibility results explicitly from a law having effect in Malta.  

AUTHORISED DISCLOSURES

Without prejudice to anything contained in this Privacy Policy and in the interest of full transparency, We reserve the right to disclose (and otherwise process) any relevant Personal Data relating to You which We may be processing (including in certain cases relevant IP addresses) to authorised third parties in or outside the EU/EEA if such disclosures are allowed under the Data Protection Laws (whether or not You have provided Your consent) including but not limited to: 

  1. For the purpose of preventing, detecting or suppressing fraud (for example, if You provide false or deceptive information about Yourself or attempt to pose as someone else, We may disclose any information We may have about You in Our possession so as to assist any type of investigation into Your actions);
  2. in the event of Bluberry being involved in a merger, sale, restructure, acquisition, joint venture, assignment, transfer;
  3. to protect and defend Our rights (including the right to property), safety, or those of Our affiliates, of Users of Our Site or even Your own;
  4. to protect against abuse, misuse or unauthorised use of Our Site;
  5. for any purpose that may be necessary for the performance of any agreement You may have entered into with Us (including the request for provision of services by third parties) or in order to take steps at Your request prior to entering into a contract;
  6. to comply with any legal obligations such as may arise by way of response to any Court subpoena or order or similar official request for Personal Data; or 
  7. as may otherwise be specifically allowed or required by or under any applicable law (for example, under anti-money laundering legislation).

SHARING OF PERSONAL DATA WITH OTHER CATEGORIES OF RECIPIENTS

 

Relevant data will also be disclosed or shared as appropriate (and in all cases in line with the Data Protection Laws) to/with members and staff of Bluberry, to/with other entities within the Bluberry Group and/or to/with affiliated entities and/or sub-contractors established within the European Union (including Elevist Wellness Limited, the Seller of the goods on Our Site)  if pertinent to any of the purposes listed in this Privacy Policy (including to/with Our services providers who facilitate the functionality of the Site and/or any service You may require). Personal information will only be shared by Us to provide the services You request from Us or for any other lawful reason (including authorised disclosures not requiring Your consent). 

Any such authorised disclosures will be done in accordance with the Data Protection laws (for example all Our processors are contractually bound by the requirements in the said Data Protection Laws, including a strict obligation to keep any information they receive confidential and to ensure that their employees/personnel are also bound by similar obligations). The said service providers (Our processors) are also bound by a number of other obligations (in particular, Article 28 of the GDPR).  

For the purposes of booking appointments with Us and making use of Our services, Your personal data will, on an as-needed basis, be shared with appropriate physiotherapists and Pilates instructors (“Partners”) as separate controllers. 

For the avoidance of all doubt, for as long as Your personal data remains with Us, We remain fully responsible for Your personal data as data controller(s). When Your personal data is shared with and/or transferred to Our Partners as separate controllers the Partners would become fully responsible as separate controllers for those personal data. Should You have any queries regarding how such Partners process Your personal data, you are kindly invited to contact them directly (either in person during Your visit/consultation and/or by other means as they may make available to You.)

Your Personal Data will never be shared with third parties for their marketing purposes (unless You give Your consent thereto).

The third parties who We may disclose to and/or share Your Personal Data with are, at the date of this Privacy Policy, the following:

CATEGORY OF RECIPIENT

PURPOSE OF PROCESSING

Cloud Service Providers

Hosting of data under state-of-the-art security protocols and our exclusive control

IT Service Providers

Maintenance and support of our IT systems/Website(s) – with restricted access and under our strict controls

Payment Service Providers

To process any online or POS payments received by you

Auditors

Compliance with our auditing obligations – with access granted only to essential personal data 

Legal Advisors 

Compliance with our legal obligations or when necessary for the establishment, exercise or defence of legal claims.

Public Authorities

Compliance with legal obligations and only after verifications are made into necessity of disclosure.

Partners

To refer You (clients) to the Partners for the purposes of making use of the services available. 

Subcontractors

Subcontractors (either separate controllers or processors) include delivery companies to be able to deliver products to You on the basis of appropriate safeguards such as necessary contracts being in place between us. 

Sellers of goods on Our Site

For the purpose of providing You with the required goods You choose to purchase via Our Site (including but not limited to Elevist Wellness Limited, the seller of the said goods on Our Site)

SECURITY MEASURES

The personal information which We may hold (and/or transfer to any affiliates/partners/subcontractors as the case may be) will be held securely in accordance with Our internal security policy and the law. 

We use reasonable efforts to safeguard the confidentiality of any and/or all Personal Data that We may process relating to You and regularly review and enhance Our technical, physical and managerial procedures so as to ensure that Your Personal Data is protected from:

-unauthorised access

-improper use or disclosure

-unauthorised modification

-unlawful destruction or accidental loss.

To this end We have implemented security policies, rules and technical and organisational measures to protect the Personal Data that We may have under Our control. All our members, staff and data processors (including specific subcontractors, including cloud service providers established within the European Union), who may have access to and are associated with the processing of Personal Data, are further obliged (under contract) to respect the confidentiality of Our Users’ or clients’ Personal Data as well as other obligations as imposed by the Data Protection Laws.

Despite all the above, We cannot guarantee that a data transmission or a storage system can ever be 100% secure. For more information about Our security measures please contact Us in the manner described below.

Authorised third parties, and external/third party service providers, with permitted access to Your information (as explained in this Privacy Policy) are specifically required to apply appropriate technical and organisational security measures that may be necessary to safeguard the Personal Data being processed from unauthorised or accidental disclosure, loss or destruction and from any unlawful forms of processing. 

As stated above, the said service providers (Our data processors) are also bound by a number of other obligations in line with the Data Protection Laws (particularly, Article 28 of the GDPR).

RETENTION PERIODS

We will retain Your Personal Data only for as long as is necessary (taking into consideration the purpose for which they were originally obtained). The criteria We use to determine what is ‘necessary’ depends on the particular Personal Data in question and the specific relationship We have with You (including its duration). 

Our normal practice is to determine whether there is/are any specific EU and/or Maltese law(s) (for example tax or corporate laws) permitting or even obliging Us to keep certain Personal Data for a certain period of time (in which case We will keep the Personal Data for the maximum period indicated by any such law). For example, any data that can be deemed to be ‘accounting records’ must be kept for ten (10 years). 

We would also have to determine whether there are any laws and/or contractual provisions that may be invoked against Us by You and/or third parties and if so, what the prescriptive periods for such actions are (this is usually five (5) years in those cases where Our contractual relationship with You terminates or two (2) years in those cases where no such contractual relationship exists). In this case, We will keep any relevant Personal Data that We may need to defend Ourselves against any claim(s), challenge(s) or other such action(s) by You and/or third parties for such time as is necessary. 

Where Your Personal Data are no longer required by Us, We will either securely delete or anonymise the Personal Data in question.

PROCESSING FOR RESEARCH AND STATISTICAL REASONS

Research and statistics using User or client information is only carried out so that We may understand Our Users’ and/or clients’ needs, to develop and improve Our services/activities and/or for philanthropic goals representative of Bluberry’s purpose. In any case, We will always ensure to obtain any consent We may legally require from You beforehand. As in all other cases, We will also ensure to implement all appropriate safeguards as may be necessary. 

LINKS TO THIRD PARTY SOURCES

Links that We provide to third-party websites are clearly marked and We are not in any way whatsoever responsible for (nor can We be deemed to endorse in any way) the content of such websites (including any applicable privacy policies or data processing operations of any kind). We suggest that You should read the privacy policies of any such third-party websites.

COOKIES

When You visit Our Site, We collect certain categories of Personal Data automatically through the use of cookies and similar technologies. 

For more detailed information including what cookies are and how and why We process such data in this manner (including the difference between essential and non-essential cookies) please read Our detailed but easy-to-read Cookie Policy.

MINORS

The Site and Our services are not intended to be used by any persons under the age of eighteen (18) and therefore We will never intentionally collect any Personal Data from such persons unless under a specific legal exemption (if any). If You are under the age of consent, please consult and get Your parent’s or legal guardian’s permission to use the Site and to use Our services.

We shall consider that any Personal Data of persons under the age of eighteen (18) received by Us, shall be sent with the proper authority and that the sender can demonstrate such authority at any time, upon Our request.

AUTOMATED DECISION-MAKING

We do not rely on any decisions taken solely by automated means (in other words, without significant human intervention) – including any profiling. Should this position change in the future (and only as We may be legally permitted to do), You will be notified accordingly.  

YOUR RIGHTS UNDER THE DATA PROTECTION LAWS

Before addressing any request You make with Us, We may first need to verify Your identity. In all cases We will try to act on Your requests as soon as reasonably possible.

As explained in the Retention Periods section above, We may need to keep certain Personal Data for compliance with Our legal retention obligations but also to complete transactions that You requested prior to the change or deletion that You requested. 

Your various rights at law include:

Your Right of Access

You may, at any time request Us to confirm whether or not We are processing Personal Data that concerns You and, if We are, You shall have the right to access those Personal Data and to the following information:

  • What Personal Data We have, 
  • Why We process them, 
  • Who We disclose them to, 
  • How long We intend on keeping them for (where possible), 
  • Whether We transfer them abroad and the safeguards We take to protect them, 
  • What Your rights are, 
  • How You can make a complaint, 
  • Where We got Your Personal Data from and 
  • Whether We have carried out any automated decision-making (including profiling) as well as related information.

Upon request, We shall (without adversely affecting the rights and freedoms of others including Our own) provide You with a copy of the Personal Data undergoing processing within one month of receipt of the request, which period may be extended by two months where necessary, taking into account the complexity and number of the requests. We shall inform You of any such extension within one month of receipt of the request, together with the reasons for the delay.

Your Right to Rectification

You have the right to ask Us to rectify inaccurate Personal Data and to complete incomplete Personal Data concerning You. We may seek to verify the accuracy of the data before rectifying it.

Your Right to Erasure (The Right to be Forgotten)

You have the right to ask Us to delete Your Personal Data and We shall comply without undue delay but only where:

  • The Personal Data are no longer necessary for the purposes for which they were collected; or
  • You have withdrawn Your consent (in those instances where We process on the basis of Your consent) and We have no other legal ground to process Your Personal Data; or
  • You shall have successfully exercised Your right to object (as explained below); or
  • Your Personal Data shall have been processed unlawfully; or 
  • There exists a legal obligation to which We are subject; or
  • Special circumstances exist in connection with certain children’s rights.

In any case, We shall not be legally bound to comply with Your erasure request if the processing of Your Personal Data is necessary:

  • for compliance with a legal obligation to which We are subject (including but not limited to Our data retention obligations); or
  • for the establishment, exercise or defence of legal claims.

There are other legal grounds entitling Us to refuse erasure requests although the two instances above are the most likely grounds that may be invoked by Us to deny such requests. 

Your Right to Data Restriction

You have the right to ask Us to restrict (that is, store but not further process) Your Personal Data but only where:

  • The accuracy of Your Personal Data is contested (see the right to data rectification above), for a period enabling Us to verify the accuracy of the Personal Data; or
  • The processing is unlawful and You oppose the erasure of Your Personal Data; or
  • We no longer need the Personal Data for the purposes for which they were collected but You need the Personal Data for the establishment, exercise or defence of legal claims; or
  • You exercised Your right to object and verification of Our legitimate grounds to override Your objection is pending.

Following Your request for restriction, except for storing Your Personal Data, We may only process Your Personal Data:

  • Where We have Your consent; or
  • For the establishment, exercise or defence of legal claims; or
  • For the protection of the rights of another natural or legal person; or
  • For reasons of important public interest.

Your Right to Data Portability

You have the right to ask Us to provide Your Personal Data (that You shall have provided to Us) to You in a structured, commonly used, machine-readable format, or (where technically feasible) to have it ‘ported’ directly to another data controller, provided this does not adversely affect the rights and freedoms of others. This right shall only apply where:

  • The processing is based on Your consent or on the performance of a contract with You; and
  • The processing is carried out by automated means.

Your Right to Object to Certain Processing

In those cases where We only process Your Personal Data when this is 1.) necessary for the performance of a task carried out in the public interest or 2.) when processing is necessary for the purposes of the legitimate interests pursued by Us or by a third party, You shall have the right to object to processing of Your Personal Data by Us. Where an objection is entered, the processing of data shall cease, unless We as data controller provide compelling and legitimate grounds requiring the continuation of the data processing which outweigh the objections You may have raised.

When Your data is processed for direct marketing purposes, You have the right to object at any time to the processing of Your Personal Data, which includes profiling to the extent that it is related to such direct marketing.

For the avoidance of all doubt, when We process Your Personal Data when this is necessary for the performance of a contract, when necessary for compliance with a legal obligation to which We are subject or when processing is necessary to protect Your vital interests or those of another natural person, this general right to object shall not subsist.

Your Right to lodge a Complaint

You also have the right to lodge complaints with the appropriate Data Protection Supervisory Authority. The competent authority in Malta is the Office of the Information and Data Protection Commissioner (OIDPC). 

We kindly ask that You please attempt to resolve any issues You may have with Us first (even though, as stated above, You have a right to contact the competent authority at any time).  

WHAT WE MAY REQUIRE FROM YOU

As one of the security measures We implement, before being in the position to help You exercise Your rights as described above We may need to verify Your identity to ensure that We do not disclose to or share any Personal Data with any unauthorised individuals. 

TIME LIMIT FOR A RESPONSE

We try to reply to all legitimate requests within one month from receiving them. In some particular cases (for example, if the matter is particularly complex or if You send Us multiple requests), it may take Us longer than a month. In such cases, we will notify You accordingly and keep You updated.

COMPANY DETAILS

ELEVIST WELLNESS LIMITED a company registered in Malta with company registration number C 101929and whose registered office address is at56/58, TRIQ FRANCESCO BUHAGIAR, BIRKIRKARA,Malta is the data controller responsible for processing Your Personal Data that takes place via the Site or in the manner explained above (or in the condensed privacy policy or notice that directed You here).

If You have any questions/comments about privacy or should You wish to exercise any of Your individual rights,please contact Us at:seanm@elevist.mtor by writing to 56/58, TRIQ FRANCESCO BUHAGIAR, BIRKIRKARA(at the address above) by phoning Us using telephone number +356 2141 7282 (during normal office hours)

For more information relating to how Your personal data are processed on the Site itself, please read the privacy policy of Bluberry (the owner and operator of the Site) here. 

UPDATES

We reserve the right, at Our complete discretion, to change, modify, add and/or remove portions of this Privacy Policy at any time. If You are an existing client with whom We have a contractual relationship You shall be informed by Us of any changes made to this Privacy Policy (as well as other terms and conditions relevant to the Site). We shall also archive and store previous versions of the Privacy Policy for Your review. 

As a User of the Site with which We have no contractual relationship or even a lawful way of tracing, it is in Your interest to regularly check for any updates to this Privacy Policy (which are usually deemed to be effective on the date they are published on the Site), in the event that Our attempts to notify You of such updates do not reach You.

Last Updated on 22.08.2022

BLUBERRY INVESTMENTS LIMITED PRIVACY POLICY

Last Updated on 22.08.2022 Version 1.1

INTRODUCTION

This Master Privacy Policy (“Privacy Policy”) relates to the website https://elevist.mt/ and/or any sub-website and/or associated domains (and/or sub-domains) of  https://elevist.mt/ (hereinafter referred to as the “Site”), the services (which may include the sale of goods and/or deliveries of the same) provided by Bluberry Investments Limited (C 82305), the owner of the Site, (“We“, “Us“, “Our“, “Ourselves” and/or “Bluberry”) where Personal Data is processed by Us (via the Site or otherwise) relating to You. 

In this Master Privacy Policy, “You” and “Your” and “User” refer to an identified or identifiable natural person being the User of the Site and/or client (or prospective client) of any of Our services. Our full details, including contact details, can be read below. 

For information on how Your personal data are processed when purchasing goods from the e-shop on Our Site, We invite You to read through the Privacy Policy of Elevist Wellness Limited (the seller of the said goods), which can be found here.

You may be reading this Privacy Policy as a User or visitor of the Site or You may have been directed here by one (or more) of Our condensed privacy policies or Our other notices (digital or otherwise). 

Although this Privacy Policy provides detailed, layered information on how and why We generally process Personal Data (via the Site or otherwise) as well as detailed information about Your various rights, the specific and tailor-made content of such condensed policies or other notices will, in most cases, provide You with more focused and detailed information on specific processing operations (for example, the specific legal basis for processing certain categories of Personal Data and the specific purpose for doing so depending on the matter at hand). 

Although Our goal is to always be as clear and transparent as possible, We appreciate that legal documents can sometimes be difficult to read. However, We strongly encourage You to read this Privacy Policy (which is layered for Your convenience) with care. Please do not hold back from contacting Us for any clarification You may need. For example, if You need clarification on a specific legal basis We are relying on to process Your Personal Data for a specific processing operation, We would be happy to provide You with any such information You may need.

APPLICABLE LAWS

As an entity established in Malta, EU, the main privacy laws that are applicable to Bluberry in so far as You are concerned, are as follows:

  • The Maltese Data Protection Act (Chapter 586 of the Laws of Malta) as well as the various subsidiary legislation issued under the same – the ‘DPA’;
  • The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – the ‘GDPR’.

All the above, as may be amended from time to time, referred to together as the “Data Protection Laws”

WHAT IS MEANT BY PERSONAL DATA?

PERSONAL DATA” means any information that identifies You as an individual or that relates to an identifiable individual. 

Whenever it is not possible or feasible for Us to make use of anonymous and/or anonymised data (in a manner that does not identify any Users of the Site or customers of Our services), We are nevertheless committed to protecting Your privacy and the security of Your Personal Data at all times. 

We collect Personal Data in various ways both digitally via the Site (either when You choose to provide Us with certain data or in some cases, automatically or from third parties) as well as non-digitally (for example when You fill in a physical form to benefit from one or more of Our services).

PERSONAL DATA WE COLLECT ABOUT YOU

There are various categories of Personal Data that We collect about You, namely:

CONTACT DETAILS: 
  • Name
  • Surname
  • Mailing address,
  • Telephone or mobile number
  • Email address
REGISTRATION DATA: 
  • Username 
  • Password 
  • Date of birth 
  • Country of residence 
  • Gender
MARKETING DATA: 
  • Name
  • Email address
  • Mailing address
  • Interests
  • Proof of opt-in consent (where needed)
  • Objections to marketing
  • Website data
  • Online identifiers (including IP addresses and information generated via Your browser)
TRACKING DATA:
  • IP address
  • Location Data
  • GPS Data
FINANCIAL INFORMATION:
  • Bank account details
  • Credit card information
ADDITIONAL INFORMATION:

In some cases, (for example, if You are a client [or prospective client] of Our services, via the Site or otherwise) We may request additional Personal Data as a means of securely identifying You or for another similar lawful purpose (which will be explained in the table below and/or in a condensed policy/notice that may have directed You here). 

Many of the categories of Personal Data above are collected directly from You (for example, Your Contact Details). However, WE MAY ALSO COLLECT PERSONAL DATA FROM OTHER SOURCES, including data companies, publicly accessible databases, joint marketing partners, social media platforms and other third parties. We may also receive Personal Data about You from third parties when We need to confirm Your Contact Details or even certain Financial Information. Should this be the case, We will take all measures as required by law to further inform You about the source of such Personal Data as well as the categories of Personal Data We collect and process. There are certain instances at law where We are specifically forbidden from disclosing to You such activity (for example, when carrying out due diligence for anti-money laundering purposes). 

For a detailed description of the reasons why We process the categories of Personal Data above (and any other specific Personal Data We process) as well as the corresponding legal ground(s) for doing so please see the ‘What We Use Your Personal Data For (Purpose of Processing)’ below.

For information/Personal Data that We may collect automatically via the Site, please see the Cookies section below.

SOCIAL MEDIA

If You choose to connect one or more of Your social media accounts with Our Site (if this option is available) to enable the sharing of Personal Data via social media platforms, certain categories of Personal Data relating to You from Your social media account(s) will be shared with Us. 

HOW AND WHY WE COLLECT PERSONAL DATA

As a general rule, We do not collect any Personal Data, that is, information that identifies You as an individual other than that which You choose to provide to Us such as the data (including Contact Details and Registration Data) You provide when registering with Our Site (where this is available), when contacting Us with enquiries relating to Our goods and/or services, when subscribing to any service offered by Us or via Our Site, such as any newsletters as may be issued by Us from time to time or even when subscribing to any offers We (and/or Our affiliates and/or corporate partners) may offer from time to time (see Personal Data We Collect About You above). 

Unless otherwise specified and subject to various controls, as a general rule, We only collect Personal Data (from You or elsewhere) that We: 

  • Need to be able to provide You with the goods and/or services You request from Us 
  • Are legally required to collect/use and to keep for a predetermined period of time
  • Believe to be necessary for Our legitimate business interests

For a detailed description of the reasons why we process specific categories of personal data as well as the corresponding legal ground(s) for doing so, please see the ‘What We Use Your Personal Data For (Purpose of Processing)’ below.

PERSONAL DATA RELATING TO THIRD PARTIES

By providing Us with or allowing Us to access Personal Data relating to individuals other than Yourself (for example, any minors under Your care who may require Our services), You are letting Us know that You have the authority to send Us that Personal Data or the authority to permit Us to access those data in the manner described in this Privacy Policy. 

WHAT WE USE YOUR PERSONAL DATA FOR (PURPOSE OF PROCESSING)

The following is a description (in a clear and plain manner) of what We use Your Personal Data for and the corresponding legal ground(s) we rely on for doing so.

For more detail on what is meant by terms such as ‘Contact Details’, ‘Registration Data’ and other categories of Personal Data used in the tables below, please see the section above relating to Personal Data We Collect About You.

Please note that WHERE WE RELY ON YOUR CONSENT, THIS CAN BE WITHDRAWN AT WILL (See Special Note on Consent below).

 

PROSPECTIVE CLIENTS/USERS OF THE SITE/NEW CLIENTS OF OUR SERVICES:

PURPOSE OF THE PROCESSING CATEGORIES OF PERSONAL DATA LEGAL BASIS FOR PROCESSING
Evaluating Your application(s)/requests You send Us to use/receive/subscribe to any of Our services .

 

Contact Details

Identification Details

Financial Information

 

Contractual Necessity

Legitimate Interest (detection and prevention of fraud)

 

Set up a record on our systems Registration Data

Contact Details

 

Contractual necessity

Legitimate interest (to ensure we have an accurate record)

To manage our relationship with you Registration Data

Contact Details

Financial Information

Transaction and Usage data

Contractual necessity

 

Compliance with our legal obligations

To establish and investigate any suspicious behaviour in order to protect our business from any risk and fraud and to be in line with the law Registration Data

Contact Details

Identification and verification Data

Log in Data

 

Legitimate interest (detection and prevention of fraud)

Compliance with our legal obligations

Subscribing to a newsletter or mailing list Registration Data/Contact Details Your consent
To be able to provide You with marketing material that You may have requested from Us or that We may be authorised at law to provide to You Marketing Data

Tracking Data

Your Consent (where we need this)

OR

Our legitimate interests (where we don’t need Your consent)

To monitor our premises via CCTV for security purposes CCTV footage (deleted after 7 days) Legitimate Interests

 

ONGOING CLIENTS OF OUR SERVICES:

PURPOSE OF THE PROCESSING CATEGORIES OF PERSONAL DATA LEGAL BASIS FOR PROCESSING
Maintain records on our systems Registration Data

Contact Details

Financial Information

Other Communication Data

Contractual necessity

Legitimate interest (to ensure we have an accurate record)

Continue to manage our relationship with you Registration Data

Contact Details

Financial Information

Other Communication Data

Transaction and Usage data

Contractual necessity

 

Compliance with our legal obligations

To process and manage payments transactions (where applicable) Financial Information

 

Contractual necessity

 

To be able to provide You with (some or all of) Our services – including those provided via the Site. Registration Data

Contact Details

 

Contractual Necessity
Comply with legal and regulatory obligations Registration Data

Contact Details

 

Legal obligation

 

Subscribing to a newsletter or mailing list Registration Data/Contact Details Your consent
Your being able to participate in an online survey or poll Registration Data/Contact Details Your consent
To be able to provide You with marketing material that You may have requested from Us or that We may be authorized at law to provide to You Marketing Data Your Consent (where we need this)

OR

Our legitimate interests (where we don’t need Your consent)

To carry out corporate acquisitions, mergers, or transactions Identification and Verification Data

 

Financial Information

Bank Account Details

Our legitimate interests (to facilitate corporate acquisitions, mergers, or transactions)
To monitor our premises via CCTV for security purposes CCTV footage (deleted after 7 days) Legitimate Interests

Should We need to process Your data for a new purpose in the future, which is entirely unrelated to the above, We will inform You of such processing in advance and You may exercise Your applicable rights (as explained below) in relation to such processing.

Finally, do note that without certain Personal Data relating to You, We may not be in the position to provide some or all of the services You expect from Us or even to guarantee the full functionality of Our Site.

ACCURACY OF PERSONAL DATA

All reasonable efforts are made to keep any Personal Data We may hold about You up-to-date and as accurate as possible.You can check the information that We hold about You at any time by contacting Us in the manner explained below. If You find any inaccuracies, We will correct them and where required, delete them as necessary. Please see below for a detailed list of Your legal rights in terms of any applicable data protection law.

DIRECT MARKETING

We only send mail, messages and other communications relating to marketing where We are authorised to do so at law. In most cases We rely on Your consent to do so (especially where We use electronic communications). If, at any time, You no longer wish to receive direct marketing communications from Us please let Us know by contacting Us at the details below or update Your preferences on any of Our Site(s) (where applicable).

In the case of direct marketing sent by electronic communications (where We are legally authorised to do so) You will be given an easy way of opting out (or unsubscribing) from any such communications.

Please note that even if You withdraw any consent You may have given Us or if You object to receiving such direct marketing material from Us (in those cases where We do not need Your consent), from time to time We may still need to send You certain important communications from which You cannot opt-out.

TRANSFERS TO THIRD COUNTRIES

As a general rule, the data We process about You (collected via the Siteor otherwise) will be stored and processed within the European Union (EU)/European Economic Area (EEA) or any other non-EEA country deemed by the European Commission to offer an adequate level of protection (the so-called ‘white-listed’ countries, including the UK, listed here: https://ec.europa.eu/info/law/law-topic/data-protection_en).

In some cases, it may be necessary for Us to transfer Your Personal Data to a non-EEA country not considered by the European Commission to offer an adequate level of protection (for example to one or more of Our data processors located there). For example, for the implementation of Your desired transaction it can be necessary that We disclose Your Personal Data to banks outside the EEA.

In such cases, apart from all appropriate safeguards that We implement, in any case, to protect Your Personal Data, We have put in place additional adequate measures. For example, We have ensured that the recipient is bound by the EU Standard Contractual Clauses (the EU Model Clauses) designed to protect Your Personal Data as though it were an intra-EEA transfer. You are entitled to obtain a copy of these measures by contacting Us as explained below.

INTERNET COMMUNICATIONS

You will be aware that data sent via the Internet may be transmitted across international borders even where sender and receiver of information are located in the same country. We cannot be held responsible for anything done or omitted to be done by You or any third party in connection with any Personal Data prior to Our receiving it including but not limited to any transfers of Personal Data from You to Us via a country having a lower level of data protection than that in place in the European Union, and this, by any technological means whatsoever (for example, WhatsApp, Skype, Dropbox etc.).

Moreover, We shall accept no responsibility or liability whatsoever for the security of Your data while in transit through the internet unless Our responsibility results explicitly from a law having effect in Malta.

AUTHORISED DISCLOSURES

Without prejudice to anything contained in this Privacy Policy and in the interest of full transparency,We reserve the right to disclose (and otherwise process)any relevant Personal Data relating to Youwhich We may be processing (including in certain cases relevant IP addresses) to authorised third parties in or outside the EU/EEA if such disclosures are allowed under the Data Protection Laws (whether or not You have provided Your consent) including but not limited to:

  1. For the purpose of preventing, detecting or suppressing fraud (for example, if You provide false or deceptive information about Yourself or attempt to pose as someone else, We may disclose any information We may have about You in Our possession so as to assist any type of investigation into Your actions);
  2. in the event of Elevistbeing involved in a merger, sale, restructure, acquisition, joint venture, assignment, transfer;
  3. to protect and defend Our rights (including the right to property), safety, or those ofOur affiliates, ofUsers of Our Site or even Your own;
  4. to protect against abuse, misuse or unauthorised use of Our Site;
  5. for any purpose that may be necessary for the performance of any agreement You may have entered into with Us (including the request for provision of services by third parties) or in order to take steps at Your request prior to entering into a contract;
  6. to comply with any legal obligations such as may arise by way of response to any Court subpoena or order or similar official request for Personal Data; or
  7. as may otherwise be specifically allowed or required by or under any applicable law (for example, under anti-money laundering legislation).

SHARING OF PERSONAL DATA WITH OTHER CATEGORIES OF RECIPIENTS

Relevant data will also be disclosed or shared as appropriate (and in all cases in line with the Data Protection Laws)to/with members and staff of Elevist, to/with other entities within the Elevist Groupand/orto/with affiliated entities and/or sub-contractors established within the European Union if pertinent to any of the purposes listed in this Privacy Policy (including to/with Our services providers who facilitate the functionality of the Site and/or any service You may require). Personal information will only be shared by Us to provide the services You request from Us or for any other lawful reason (including authorised disclosures not requiring Your consent).

Any such authorised disclosures will be done in accordance with the Data Protection laws (for example all Our processors are contractually bound by the requirements in the said Data Protection Laws, including a strict obligation to keep any information they receive confidential and to ensure that their employees/personnel are also bound by similar obligations).The said service providers (Our processors) are also bound by a number of other obligations (in particular, Article 28 of the GDPR).

For the purposes of booking appointments with Us and making use of Our services, Your personal data will, on an as-needed basis, be shared withappropriate physiotherapists and Pilates instructors (“Partners”)as separate controllers.

For the avoidance of all doubt, for as long as Your personal data remains with Us, We remain fully responsible for Your personal data as data controller(s). When Your personal data is shared with and/or transferred to Our Partners as separate controllersthe Partners would become fully responsible as separate controllers for those personal data. Should You have any queries regarding how such Partners process Your personal data, you are kindly invited to contact them directly (either in person during Your visit/consultation and/or by other means as they may make available to You.)

Your Personal Data will never be shared with third parties for their marketing purposes (unless You give Your consent thereto).

The third parties who We may disclose to and/or share Your Personal Data with are, at the date of this Privacy Policy, the following:

CATEGORY OF RECIPIENT PURPOSE OF PROCESSING
Cloud Service Providers Hosting of data under state-of-the-art security protocols and our exclusive control
IT Service Providers Maintenance and support of our IT systems/Website(s) – with restricted access and under our strict controls
Auditors Compliance with our auditing obligations – with access granted only to essential personal data
Legal Advisors Compliance with our legal obligations or when necessary for the establishment, exercise or defence of legal claims.
Public Authorities Compliance with legal obligations and only after verifications are made into necessity of disclosure.
Partners To refer You (clients) to the Partners for the purposes of making use of the services available.
Subcontractors

Subcontractors (either separate controllers or processors) include delivery companies to be able to deliver products to You on the basis of appropriate safeguards such as necessary contracts being in place between us.

SECURITY MEASURES

The personal information which We may hold (and/ortransfer to any affiliates/partners/subcontractors as the case may be) will be held securely in accordance with Our internal security policy and the law.

We use reasonable efforts to safeguard the confidentiality of any and/or all Personal Data that We may process relating to You and regularly review and enhance Our technical, physical and managerial procedures so as to ensure that Your Personal Data is protected from:

-unauthorised access

-improper use or disclosure

-unauthorised modification

-unlawful destruction or accidental loss.

To this end We have implemented security policies, rules and technical and organisational measures to protect the Personal Data that We may have under Our control. All our members, staff and data processors (including specific subcontractors, including cloud service providersestablished within the European Union), who may have access to and are associated with the processing of Personal Data, are further obliged (under contract) to respect the confidentiality of Our Users’ or clients’Personal Data as well as other obligations as imposed by the Data Protection Laws.

Despite all the above, We cannot guarantee that a data transmission or a storage system can ever be 100% secure. For more information about Our security measures please contact Us in the manner described below.

Authorised third parties, and external/third party service providers, with permitted access to Your information (as explained in this Privacy Policy) are specifically required to apply appropriate technical and organisational security measures that may be necessary to safeguard the Personal Data being processed from unauthorised or accidental disclosure, loss or destruction and from any unlawful forms of processing.

As stated above, the said service providers (Our data processors) are also bound by a number of other obligations in line with the Data Protection Laws (particularly, Article 28 of the GDPR).

RETENTION PERIODS

We will retain Your Personal Data only for as long as is necessary (taking into consideration the purpose for which they were originally obtained). The criteria We use to determine what is ‘necessary’ depends on the particular Personal Data in question and the specific relationship We have with You (including its duration).

Our normal practice is to determine whether there is/are any specific EU and/or Maltese law(s) (for example tax or corporate laws) permitting or even obliging Us to keep certain Personal Data for a certain period of time (in which case We will keep the Personal Data for the maximum period indicated by any such law). For example, any data that can be deemed to be ‘accounting records’ must be kept for ten (10 years).

We would also have to determine whether there are any laws and/or contractual provisions that may be invoked against Us by You and/or third parties and if so, what the prescriptive periods for such actions are (this is usually five(5) years in those cases where Our contractual relationship with You terminates or two (2) years in those cases where no such contractual relationship exists). In this case, We will keep any relevant Personal Data that We may need to defend Ourselves against any claim(s), challenge(s) or other such action(s) by You and/or third parties for such time as is necessary.

Where Your Personal Dataare no longer required by Us, We will either securely delete or anonymise the Personal Data in question.

PROCESSING FOR RESEARCH AND STATISTICAL REASONS

Research and statistics using Useror client information is only carried out so that We may understand Our Users’ and/or clients’ needs, to develop and improve Our services/activities and/or for philanthropic goals representative of Elevist’s purpose. In any case, We will always ensure to obtain any consent We may legally require from You beforehand. As in all other cases, We will also ensure to implement all appropriate safeguards as may be necessary.

LINKS TO THIRD PARTY SOURCES

Links that We provide to third-party websitesare clearly marked and We are not in any way whatsoever responsible for (nor can We be deemed to endorse in any way) the content of such websites (including any applicable privacy policies or data processing operations of any kind). We suggest that You should read the privacy policies of any such third-party websites.

COOKIES

When You visit Our Site, We collect certain categories of Personal Data automatically through the use of cookies and similar technologies.

For more detailed information including what cookies are and how and why We process such data in this manner (including the difference between essential and non-essential cookies) please read Our detailed but easy-to-read Cookie Policy.

MINORS

The Site and Our servicesare not intended to be used by any persons under the age of eighteen (18) and therefore We will never intentionally collect any Personal Data from such personsunless under a specific legal exemption (if any). If You are under the age of consent, please consult and get Your parent’s or legal guardian’s permission to use the Site and to use Our services.

We shall consider that any Personal Data of persons under the age of eighteen (18) received by Us, shall be sent with the proper authority and that the sender can demonstrate such authority at any time, upon Our request.

AUTOMATED DECISION-MAKING

We do not rely on any decisions taken solely by automated means (in other words, without significant human intervention) – including any profiling. Should this position change in the future (and only as We may be legally permitted to do), You will be notified accordingly.

YOUR RIGHTS UNDER THE DATA PROTECTION LAWS

Before addressing any request You make with Us, We may first need to verify Your identity. In all cases We will try to act on Your requests as soon as reasonably possible.

As explained in the Retention Periods section above, We may need to keep certain Personal Data for compliance with Our legal retention obligations but also to complete transactions that You requested prior to the change or deletion that You requested.

Your various rights at law include:

Your Right of Access

You may, at any time request Ustoconfirm whether or not We are processing Personal Data that concerns Youand, if We are,You shall have the right to access thosePersonal Data and to the following information:

  • What Personal Data We have,
  • Why We process them,
  • Who We disclose them to,
  • How long We intend on keeping them for (where possible),
  • Whether We transfer them abroad and the safeguards We take to protect them,
  • What Your rights are,
  • How You can make a complaint,
  • Where We got Your Personal Data from and
  • Whether We have carried out any automated decision-making (including profiling) as well as related information.

Upon request, We shall(without adversely affecting the rights and freedoms of others including Our own) provide You with a copy of the Personal Data undergoing processing within one month of receipt of the request, which period may be extended by two months where necessary, taking into account the complexity and number of the requests. We shall inform You of any such extension within one month of receipt of the request, together with the reasons for the delay.

Your Right to Rectification

You have the right to ask Us to rectify inaccurate Personal Data and to complete incomplete Personal Data concerning You.We may seek to verify the accuracy of the data before rectifying it.

Your Right to Erasure (The Right to be Forgotten)

You have the right to ask Us to delete Your Personal Data and We shall comply without undue delay but only where:

  • The Personal Data are no longer necessary for the purposes for which they were collected; or
  • You have withdrawn Your consent (in those instances where We process on the basis of Your consent) and We have no other legal ground to process Your Personal Data; or
  • You shall have successfully exercised Your right to object (as explained below); or
  • Your Personal Data shall have been processed unlawfully; or
  • There exists a legal obligation to which We are subject; or
  • Special circumstances exist in connection with certain children’s rights.

In any case, We shall not be legally bound to comply with Your erasure requestif the processing of Your Personal Data is necessary:

  • for compliance with a legal obligation to which We are subject (including but not limited to Our data retention obligations); or
  • for the establishment, exercise or defence of legal claims.

There are other legal grounds entitling Us to refuse erasure requests although the two instances above are the most likely grounds that may be invoked by Us to deny such requests.

Your Right to Data Restriction

You have the right to ask Us to restrict (that is, store but not further process) Your Personal Data but only where:

  • The accuracy of Your Personal Data is contested (see the right to data rectification above), for a period enabling Us to verify the accuracy of the Personal Data; or
  • The processing is unlawful and You oppose the erasure of Your Personal Data; or
  • We no longer need the Personal Data for the purposes for which they were collected but You need the Personal Data for the establishment, exercise or defence of legal claims; or
  • You exercised Your right to object and verification of Our legitimate grounds to override Your objection is pending.

Following Your request for restriction, except for storing Your Personal Data, We may only process Your Personal Data:

  • Where We have Your consent; or
  • For the establishment, exercise or defence of legal claims; or
  • For the protection of the rights of another natural or legal person; or
  • For reasons of important public interest.

Your Right to Data Portability

You have the right to ask Us to provide Your Personal Data (that You shall have provided to Us) to You in a structured, commonly used, machine-readable format, or (where technically feasible) to have it ‘ported’ directly to another data controller, provided this does not adversely affect the rights and freedoms of others. This right shall only apply where:

  • The processing is based on Your consent or on the performance of a contract with You; and
  • The processing is carried out by automated means.

Your Right to Object to Certain Processing

In those cases where We only process Your Personal Data when this is 1.) necessary for the performance of a task carried out in the public interest or 2.) when processing is necessary for the purposes of the legitimate interests pursued by Us or by a third party, You shall have the right to object to processing of Your Personal Data by Us. Where an objection is entered, the processing of data shall cease, unless We as data controller provide compelling and legitimate grounds requiring the continuation of the data processing which outweigh the objections You may have raised.

When Your data is processed for direct marketing purposes, You have the right to object at any time to the processing of Your Personal Data, which includes profiling to the extent that it is related to such direct marketing.

For the avoidance of all doubt, when We process Your Personal Data when this is necessary for the performance of acontract, when necessary for compliance with a legal obligation to which We are subject or when processing is necessary to protect Your vital interests or those of another natural person, this general right to object shall not subsist.

Your Right to lodge a Complaint

You also have the right to lodge complaints with the appropriate Data Protection Supervisory Authority. The competent authority in Malta is the Office of the Information and Data Protection Commissioner (OIDPC).

We kindly ask that You please attempt to resolve any issues You may have with Us first (even though, as stated above, You have a right to contact the competent authority at any time).

WHAT WE MAY REQUIRE FROM YOU

As one of the security measures We implement, before being in the position to help You exercise Your rights as described above We may need to verify Your identity to ensure that We do not disclose to or share any Personal Data with any unauthorised individuals.

TIME LIMIT FOR A RESPONSE

We try to reply to all legitimate requests within one month from receiving them. In some particular cases (for example, if the matter is particularly complex or if You send Us multiple requests), it may take Us longer than a month. In such cases, we will notify You accordingly and keep You updated.

COMPANY DETAILS

BLUBERRY INVESTMENTS LIMITED a company registered in Malta with company registration number C 82305 and whose registered office address is at 56/58, TRIQ FRANCESCO BUHAGIAR, BIRKIRKARA, Malta is the data controller responsible for processing Your Personal Data that takes place via the Site or in the manner explained above (or in the condensed privacy policy or notice that directed You here).

If You have any questions/comments about privacy or should You wish to exercise any of Your individual rights, please contact Us at: seanm@elevist.mt or by writing to 56/58, TRIQ FRANCESCO BUHAGIAR, BIRKIRKARA (at the address above) by phoning Us using telephone number +356 2141 7282 (during normal office hours)

UPDATES

We reserve the right, at Our complete discretion, to change, modify, add and/or remove portions of this Privacy Policy at any time. If You are an existing client with whom We have a contractual relationship You shall be informed by Us of any changes made to this Privacy Policy (as well as other terms and conditions relevant to the Site). We shall also archive and store previous versions of the Privacy Policy for Your review.

As a User of theSite with which We have no contractual relationship or even a lawful way of tracing, it is in Your interest to regularly check for any updates to this Privacy Policy (which are usually deemed to be effective on the date they are published on the Site), in the event that Our attempts to notify You of such updates do not reach You.

 

Last Updated on 22.08.2022

Close Menu