Privacy Policy

Fenech & Fenech Advocates takes the protection of your privacy very seriously and recognises its obligations as a Data Controller in terms of applicable data protection law, mainly the General Data Protection Regulation EU 2016/679 as supplemented by the Data Protection Act (Chapter 586 Laws of Malta), together with other laws which relate to privacy and electronic communications.

We are committed towards compliance with the principle of accountability and the 6 GDPR Data Protection Principles:

Lawfulness, fairness and transparency; to process personal data lawfully, fairly and in a transparent manner;

Purpose Limitation; to process personal data for specified, explicit and legitimate and compatible purposes;

Data Minimisation; to process personal data only as is adequate, relevant and limited to what is necessary in relation to the purposes;

Accuracy; to process personal data which is accurate and up to date

Storage Limitation; to process personal data for no longer than is necessary for the purposes for which it was processed;

Integrity and Confidentiality; to process personal data in a manner that ensures appropriate security of the personal data;

One of your rights is that you must be informed when your ‘personal data’ – also known as personal information which directly or indirectly identifies you – is ‘processed’ (e.g. collected, used, stored) by any organisation. You also have the right to know the details and purpose of that processing. This privacy policy describes our practices relating to the personal data of visitors of and of persons who make use of our facilities and services. It is meant to help you understand what information we collect, why we collect it and how you can update, manage, and delete your personal data.

For all our services, the ‘data controller’ that is responsible for your privacy, is Fenech & Fenech Advocates, a partnership with its address at 198 Old Bakery Street Valletta, Malta. In this privacy policy “We/our/us” means Fenech & Fenech Advocates; Unless expressly stated, this Privacy Policy does not apply to the information practices of, or services offered by, other companies and organisations.

If you have any questions about how we protect your privacy, get in touch here:

We assure you that we carry out our best efforts to only use and disclose any personal data collected from you in accordance with the manner set out in this policy.

Navigating this Privacy Policy (Contents)

In this privacy policy we are going to tell you about

Information we collect

Most of the personal information which we may collect about you through this website is given to us only if you choose to give it to us.

Such personal information may be requested from you when you fill in a field (e.g. to submit a vacancy, sign up for a newsletter or fill in any other form with your questions and comments or any other form or application downloaded through or from our website. If you send us emails, then the personal data we process will depend on what you send us in the email.

If you provide personal data to us about someone else (such as one of your directors or employees, a member of your family or someone with whom you have dealings) you should ensure that you are entitled to disclose that personal data to us and that, without our taking any further steps, we may collect, use and disclose that personal data as described in this privacy policy. Remember to look out for your responsibilities at law –  You must ensure that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.

Information we collect from you when browsing this website

The information we collect from you from this website may include the following:

If you choose to communicate with us using the Contact Form we ask for

Your Name + Surname;

Your Email address;

Your message to us;

Information about your device (phone or laptop) with which you browsed our website (see the section on Cookies below);

If you send us a request and/or CV for potential recruitment, we will process the personal data which you choose to provide in the request and/or CV;

The tables below set this out in more detail, showing what we do, and why we do it with the personal data you provide to us on/via this website.

Personal Data            Why we use it           Legal Basis

Your Name + Surname;

To be able to identify you as the person communicating with us;

–       Our and your legitimate interest to keep track and follow up on your communication; or

–       Necessary to take steps to enter into a contract of services with you;

To verify whether we have previously communicated with or done business with you or your organisation (as applicable);

–       Our and your legitimate interest to keep track and follow up on your communication; or

–       Necessary to take steps to enter into a contract of services with you;

–       Necessary to comply with our obligations as a Law Firm (including confidentiality, legal privilege, anti-fraud or anti-money laundering laws and to avoid conflicts of interest).

Your Email address;

To be able to communicate back with you;

–       Our and your legitimate interest to keep track and follow up on your communication; or

–       Necessary to take steps to enter into a contract of services with you;

To send you communications about our products and services which we offer, unless you unsubscribe;   –       Necessary to take steps to enter into a contract of services with you;

–       Our and your legitimate interest for you to be aware of products or services which are likely to interest you or your business (until you unsubscribe); or

–       Because the law allows us to communicate with persons who showed an interest or are our clients, unless the unsubscribe.

Your message to us;

–       To log, keep track and follow up on your communication to us, depending on the scope of your communication.

–       Our and your legitimate interest to keep track and follow up on your communication; or

–       Necessary to take steps to enter into a contract of services with you; or

–       Necessary to comply with a law to which your communication might refer;

Information we collect from you not via this website

Depending on your relationship with us, we may collect other information from you if you communicate with us other than by the mere use of this website, for instance,

In the course of our business, when you seek to engage us, or if you engage us to provide legal or other services, or

When you contact or request information from us, or

When you otherwise create a relationship with us (e.g. send us a query, CV or complaint).

When you engage with our staff for business purposes;

When you attend a seminar or other event (including training sessions);

When you are invited as our guest;

When you sign up to receive information from us;

When you apply for an internship;

When you or your organisation provide services to us;

Therefore, generally you will be able to choose whether to provide us with your personal data.

However, if you choose not to provide the personal data that we need to collect, or are not able to provide it, then this may affect our ability to act on your behalf or to provide services to you (for example, if the personal data is required to process your instructions or to carry out mandatory KYC screening or to carry out internal conflict checks).

If you choose not to not provide personal data that we need, it may also delay or prevent us from providing services to you.

Information we may collect directly from you

Depending on your relationship with us, personal data we may collect about you directly from yourself could include:

Your contact details: This may include your name, title, address (home/work), telephone number (home/work), mobile phone number (home/work), job title, fax number, email address, place of work.

Information relating to the matter, inquiry or dispute in relation to which you are seeking our advice, opinion or representation or a request for proposals in relation to same;

Further business information necessarily processed in the context of a client contractual relationship with us;

Other information voluntarily provided by you or on your behalf, such as instructions, billing details or payments made or to be made;

Information provided to us by or on behalf of our clients, or generated during the provision of our services, which may include special category data;

Where we process special categories of data in the course of our client services, we do so to assist you and/or your organisation to establish, exercise or defend legal claims or to assist you and/or your organisation in fulfilling the rights and obligations of applicable employment or social security laws.

For example, in employment, tort, insurance or health & safety related claims, disputes may require processing of information on health and medical conditions or injuries, alleged harassment, discrimination, race, religion and/or sexual orientation. In criminal law cases, we will collect information about the alleged offences and any related criminal history. In tax and VAT claims or social security matters we may need to process sensitive personal information, such as if we are advising on benefits.

Information processed for client/relationship management and file opening procedures – This includes name, business information, identification and your relationship to other persons;

Information to enable us to check and verify your identity, e.g. your date of birth, passport details, identity card, utility bills;

Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers and bank details including security code numbers and other related billing information, as well as, where applicable, information relating to the source of funds;

Personal data collected from publicly available resources and credit agencies or any other information needed to enable us to undertake a credit or other financial checks on you;

Personal data about relevant and significant litigation or other legal proceedings against you or a third party related to you and details of that third party’s relationship with you;

Personal data provided to us for the purposes of attending meetings and events, including information about disabilities, health requirements or dietary requirements,

Other personal data regarding your preferences where it is relevant to legal or other services that we provide;

Details of your visits to our premises, including entry and exit logs, flight details, travel details; accommodation details and/or

Membership of a professional or trade association or union.

Information we collect or generate about you using our technologies or security systems

Depending on your relationship with us, it may be necessary for us to collect or generate information about you by means of our technology and security systems for instance:

CCTV Footage (we operate a CCTV system for security, safety and order installed on the perimeter of and inside of our premises);

Information about your use of our IT, communication and other systems or information relating to materials and communications we send to you electronically;

Call logs for communication purposes and/or billing purposes;

Print logs;

Emails, Fax and Instant Messaging

Social Media platforms and media;

Anti-virus software and other monitoring tools (firewalls etc);

Time-Recording software;

Invoicing Software;

Such processing is (i) either to carry out our business and pursue our legitimate interests and/or to protect your legitimate purposes or that of others and/or (ii) to fulfil a contract, or take steps linked to a contract, with you or your organisation. There are instances when the law will also require us to carry out such processing (e.g. the need to ensure minimum security levels for protecting personal data we process).

Information we collect from third-party sources

There may be instances where we it may be necessary for us to collect information about you from third party sources including:

Publicly accessible sources such as from Registry of Companies; Public Lands Registry; The Justice Website;

Credit reference agencies;

Government agencies;

Third party organisations that you have or have had dealings with;

Documents which may include reference to you provided to us in the course of our services, whether by our client, or in data rooms;

Such processing is (i) either to carry out our business and pursue our legitimate interests and/or to protect your legitimate purposes or that of others and/or (ii) to fulfil a contract, or take steps linked to a contract, with you or your organisation. There are instances when the law will also require us to carry out such processing (e.g. the need to carry out KYC procedures).

Anonymised Data (Not Personal Data)

During the course of our business we also anonymise and aggregate personal information (so that it no longer identifies you) and use it for purposes including testing our IT systems, research, data analysis, improving our site and app, and developing new products and services. We may also share this anonymised and aggregated information with third parties.

This not your “personal data”, as we cannot identify you from it.

Check out the next sections to understand how and why we use this information.

How & Why we use your information

We use your information in a number of different ways — what we do with it then depends on the information and the purpose for which we collected, we carry out best efforts to ensure this is don’t on the basis of necessity and proportionality.

Under data protection law, we can only use your personal data if we have a proper reason for doing so. This will be for one of 6 grounds. In our case the ones that apply most are:

For the performance of our contract with you or to take steps at your request before entering into a contract, for example because processing is necessary for the performance of a client instruction;

To comply with our legal and regulatory obligations;

For our legitimate interests or those of a third party; A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

For the establishment, exercise or defence of legal claims or proceedings; or

Where you have given consent. Where we apply your consent as a basis to process personal data we acknowledge that you may withdraw such consent at any time – in which case, unless there is another lawful ground which permits us to continue to process the personal data, we shall cease to process that personal data. Before giving us your consent please be sure that you understood what we are asking your consent for.

We may process a special category personal data (e.g. health data) on the basis of a number of grounds permitted by law, including:

Where you have given your explicit consent;

For compliance with a legal obligation;

For the purposes of establishing, exercising or defending legal claims;

Where it is in your vital interests;

Where you have manifestly made the personal data public; and/or

For compliance with an employment law obligation.

Where you engage us we process personal data to fulfil a contract, or take steps linked to a contract, with you or your organisation for the following purposes:

to register you as our client;

to provide and administer our legal services or other services to you;

to process payments, billing and collection; and

to process applications for employment and engage employees.

to process applications for interns and engage interns.

We may process your personal data for the following purpose/s :-

To provide legal advice or other services, as engaged and/or instructed or authorised by you or your organisation;

To ensure the confidentiality of commercially sensitive information;

To manage and administer your (or your organisation’s) relationship with us, including use for the purposes of processing payments, accounting, auditing, billing and collection and other support services;

To conduct checks to identify our clients (KYC), verify and/or authenticate their identity and/or those of others persons involved with the client (e.g. shareholders of a company); This can include automated checks of personal data you provide about your identity against relevant databases and contacting you to confirm your identity, or making records of our communications with you for compliance purposes.

To monitor, screen for and action financial and other sanctions or embargoes, including credit reference checks with credit reference agencies;

To comply with professional, legal and regulatory obligations that apply to our firm, e.g. rules issued by our professional regulators;

Where necessary to gather, provide or confirm information required by or relating to audits, enquiries or investigations by enforcement authorities, regulatory bodies, courts, tribunals and government agencies;

To log, deal and track any complaints received;

To ensure business policies are adhered to, e.g. policies covering security and internet use and to prevent unauthorised access and modifications to systems;

For operational reasons, e.g. health and safety and as ensuring safe working practices, improving efficiency, risk management, training, staff assessment and quality control;

For statistical analysis, to improve our services and communications or to manage our practice, e.g. in relation to new business leads, expanding our contacts, reviewing our financial performance, extending our client base, work type and other efficiency measures;

To update and enhance client records;

For marketing our services;

For the purposes of external audits and quality checks, e.g. for an audit of our accounts or obtaining an external valuation of our business or undergoing vendor or purchaser due diligence disclosures;

For insurance purposes;

To lodge statutory tax returns;

To identify representatives of our clients, suppliers and/or service providers;

For recruitment and employment purposes and compliance with stator requirements such as payroll, social security contributions and income tax deductions.

In relation to several of the above-mentioned instances that we process your personal data, we are processing such personal data on the ground that it is necessary in our legitimate interest or that of a third party (including, possibly, your own) for us to do so.  These interests cover a number of aspects of our business operations, namely:

Maximising efficiency – so that we can deliver the best service to you using the various levels of expertise and making most efficient use of our back-office administration;

To improve our privacy policy – to ensure that you know about any changes to the website or the terms of this Privacy Policy.

Client Assessments – to carry out research and analysis of your data (including billing information) as this helps us understand our clients better, who they are and how they interact with us;

Tailoring Services – to allow us to provide bespoke services where requested by you;

Confidentiality, IPRs and Trade Secrets – Protecting our commercially valuable information and intellectual property;

Crime Prevention – Preventing and detecting fraud and/or criminal activity;

Credit Control – For credit control purposes and to make sure clients can pay for the services we provide;

Risk Management – For the purposes of risk management and to maintain our accreditations so we can demonstrate we operate to the highest standards; and

Communicating with Clients – Ensuring keep up to date with our clients and contacts and developments in their organisations.

Security of our Systems – ensuring that our IT and communications systems, including networks and servers, are secure – also to protect your sensitive commercial and personal data;

Improved Web Presence – to improve and ensure the security of the website (for example, for statistical, testing and analytical purposes, troubleshooting).

Cross Reference – To share data with related entities or entities with whom we are closely associated;

Where we apply legitimate interest as a basis to process personal data we acknowledge that you may object to such processing at any time.

Retention Periods

We will hold on to your information for no longer than is necessary keeping in mind the purpose/s (or compatible purposes) for which we first collected the data and the purposes set out in this privacy policy.

We may also keep hold of some of your information if it becomes necessary or required to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.

Different retention periods apply for different types of data and different criteria will apply for the determination of retention periods. The retention periods we apply take account of:

Legal and regulatory requirements and guidance;

Minimum retention periods provided by law;

Laws which require retention of periods for undefined terms, including the GDPR;

Laws which grant special powers to authorities to investigate or take action within periods commencing after discovering breaches;

Prescriptive Limitation periods that apply in respect of taking legal action;

Our ability to defend ourselves against legal claims and complaints;

Good practice; and

The operational requirements and the nature of our business.

The set of circumstances relevant to a client, the services rendered, degree of risk, type of data and others risk factors;

We strive to maintain a retention policy which sets out the different retention periods for the types of information we hold – however it is not always possible to have fixed retention periods, and therefore we apply the above-mentioned criteria using a risk-based approach. As a guide:

we will keep personal data while your engagement with us is active or until such time as you ask us to stop communications with you, and for some years thereafter, unless we need to keep the data for longer;

we may keep certain categories of personal data for longer in order to meet any legal or regulatory requirements, or to resolve a legal dispute;

we may keep certain categories of personal data for longer for back-up and redundancy purposes, including to ensure business continuity;

and, we may keep different types of personal data for different lengths of time if required by law (for instance, we may need to keep certain personal data relating to purchases for about 10 years in order to comply with tax reporting requirements);

When it is no longer necessary to retain your personal data, we will delete or anonymise it.

You may obtain more information as to the retention periods or the criteria used by us to determine the retention periods by contacting us here

Children Under 18

If you are aged 18 or under, please get your parent/guardian’s permission before you provide any personal information to us. We may need to process personal data relating to parents or guardians in that case – and we may also need to request for verification documentation to ensure that consent is given or authorised by the holder of parental responsibility.

Sharing your information

We do not, and will not, sell any of your personal data to any third party – including your name, address, email address or credit card information. It is not our business to do so – and we want to earn your trust and confidence.

In the course of our business it may be necessary for us share your data with the following categories of persons/companies/entities as an essential part of being able to provide our services, as set out in this statement:

Partners and lawyers and employees of our organisation, on a needs basis;

Other professional advisors who we instruct on your behalf or refer you to (e.g. audit firms, accountants etc);

External/foreign law firms whose expertise may be required;

Other companies or institutions that are involved in the process of facilitating our services to you or billing to you (e.g. banks);

Our client(s) – if we have collected your personal data in the course of providing legal or other services to any of our clients, we may disclose it to that client, and to others in the proper course of our duties or as required or permitted by law;

Professional service providers, such as translation companies, marketing agencies, advertising partners and website hosts, back-up and redundancy service providers who service us in turn to operate our business.

Credit reference agencies, law enforcement and fraud prevention agencies, so we can help tackle fraud.

Our insurers, brokers;

Our auditors

Other companies or entities with whom we are closely associated, as sometimes we offer internal services and/or have the need in our legitimate interests to share data on a confidential basis; This includes Fenlex Corporate Services Limited, Fenlex Trust Services Ltd, Fenlex Group Holding Limited, CSU Corporate Services Limited and Fenech & Fenech Marine Services Limited. These may change from time to time. Associated entities and their subsidiaries use the information collected to help us improve the content and functionality of our websites; to better understand our customers and markets; and to improve our products and services and for administration and other business purposes.

In most circumstances we will not disclose personal data to others without consent. However there may be occasions where we might have to – e.g. with a court order, to comply with legal requirements and satisfy a legal request, to investigate or report actual or suspected fraudulent or criminal activities, for the proper administration of justice, to protect your vital interests, to fulfil your requests, to safeguard the integrity of the relevant websites operated by us or by such related entities or subsidiaries, or in the event of a corporate sale, merger, reorganisation, dissolution or similar event involving us and/or our subsidiaries and related entities.

When we do share data, we do so on an understanding with the other entities that the data is to be used only for the purposes stated in this policy. We carry out best efforts to select service providers (“data processors”) who guarantee appropriate security and organisational measures to protect personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you and to ensure compliance with data protection laws. The recipient of the information will be bound by confidentiality obligations.

There may be instances where we have to transfer data outside of the European Economic Area (EEA), including to countries that do not have the same level of data protection legislation for personal data. This may apply, for example,

Where we instruct foreign lawyers in connection with the services we are providing to clients;

Where your, or our, service providers are located outside the EU/EEA;

If you are based outside the EU/EEA.

If a dispute involves foreign jurisdictions;

If we ever have to share data with entities that are outside of the EEA, we will be sure to do so in a manner that complies with the requirements established by the GDPR by implementing appropriate safeguards, including for example based on your consent, or to fulfil a legal obligation or to protect the public interest and/or for our or your legitimate purposes and/or to full our legal or contractual obligations to you.

Marketing Messages

We would normally communicate to you about products or services in which you have shown interest and similar products or services that we offer and which would be of interest to you – we understand that you would be interested in receiving this information as it is of use with the product or service.

This is in our and your legitimate interest. But rest assured, you can ask us to stop (See below).

How to stop marketing messages from us

You can stop receiving marketing messages from us at any time through any of the following methods:

By clicking on the ‘unsubscribe’ link in any email we send you;

By contacting us on

Once you do this, we will carry out best efforts to update our database to ensure that you don’t receive further marketing messages. Please note that, it might take a few days for all our systems to be updated.

If you ask us to stop marketing messages this will not stop service communications (such as updates on the services we are engaged to provide). This may be necessary of us to communicate to you as part of our services from our contract.

We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.


What are cookies?

A cookie is a small text file (typically numbers and letters) that is downloaded onto ‘terminal equipment’ (e.g. your computer or smartphone) when you (or someone else) access a website using that device. Cookies are then sent back to originating website on each subsequent visit – and they are useful because they allow a website to recognize a user’s device and store some information about your preferences or past actions.

Some cookies are needed for the sole purpose of carrying out the transmission of a communication over an electronic communications network – others may be necessary for the provision of a service over the internet, in which case they have to be used.

Other cookies may be desirable to improve your experience, in which case we will ask you for your consent to use them.

Passive Information which we collect

Apart from the information you provide us with when using our Website, other information is passively collected from you (without you actively furnishing such information) when you navigate through the website. We use various technologies and navigational data collection methods to gather such passive information for various reasons, for example to track how many visitors access our website, the date and time of their visit, the length of their stay and which pages they view. The passive information also aids us to determine which web browsers our visitors use and the address from which they accessed our website – for instance if they connect to our Website through clicking on one of our banner ads. This technology does not identify you personally.

Such passively collected information may be used and combined to improve our services to website visitors, customise the website based on your preferences, compile and analyse statistics and trends of our visitors and their use of the sites operated by us and our related entities or subsidiaries. Together with our related entities and subsidiaries we will use this information and share it with third parties to improve the content, functionality and administration of our websites, to better understand our customers and markets, and to improve our products and services.

What cookies do we use?

The cookies we use are the following:


Our website uses cookies used by the WordPress Content Management System – but these do not collect any identifiable information about the users visiting our site.

These cookies only store content entered by admin users, i.e. users who have administrative access to the website and have the ability of modifying/updating/creating content on the website.

Data collected by these cookies is limited to:

–   the admin user’s user name

–   a double-encrypted copy of the admin user’s password

–   information related to the admin user’s WordPress custom layout

–   These cookies are retained on the admin user’s machine for a period of 2 weeks, after which the cookie will expire and become unusable

Necessary for our  legitimate purpose and that of the users of our website which, on balance, does not outweigh privacy rights

Our website makes use of Google Analytics. This is done by placing small text files, known as session cookies, on your device to collect information about how visitors use our website. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. This information is transmitted to and stored by Google on servers in the US. We do not seek to identify persons from this information. Click here for an overview of privacy at Google Changes/updates to the tool are constantly being done by the Google Development Team To understand how our website is used. Data collected includes but is not limited to the below:

–   time of visit, pages visited, and time spent on each page

–   referring site details, i.e. the URL a user came through to arrive at our site

–   browser, ex Mozilla Firefox or Google Chrome

–   operating system, ex Microsoft Windows 10 or Google Android 8.0

–   accessing device screen resolution, ex 1920×1080 or 1280×756 pixels per inch

–   accessing device location, though this will be limited to the location of the internet service provider

–   accessing device language

Necessary for our  legitimate purpose and that of the users of our website which, on balance, does not outweigh privacy rights

How do you change your cookie settings?

Most web browsers allow some control of most cookies through the browser settings.  You can find out how to do this by clicking “help” on your browser menu. You should note that by blocking or deleting cookies certain parts of the Website may not function correctly.

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit or

Vacancies – Job Applicants

We are the data controller for the information you provide during a recruitment process, unless otherwise stated. If you have any queries about the process or how we handle your information please contact us at

What will we do with the information you provide to us?

All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary. We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.

We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.

What information do we ask for, and why?

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary. The information we ask for is used to assess your suitability for employment. Please do not send us information other than that which is necessary for us to be able to evaluate your suitability for a role

You don’t have to provide what we ask for but it might affect your application if you do not.


Our Human Resources Manager, in discussion with partners, shortlist applications for interview.


We might ask you to participate in further recruitment tests or occupational personality profile questionnaires; and/or to attend an interview – or a combination of these. Information will be generated by you and by us and if so, this information is held by us for the recruitment exercise and perhaps after, if you are selected, if this remains relevant for the particular job.

If we make a conditional offer of employment we may ask you for information so that we can carry out pre-employment checks – which may be required to seek assurance as to trustworthiness, integrity and reliability and the possibility to work in Malta. Further processing of your information would be required if we are to apply for a work permit.

Depending on the job requirements, you may be required to provide: Proof of your identity; Proof of your qualifications; Police Conduct; declaration to declare any unspent convictions.

We may contact your referees, using the details you provide in your application, directly to obtain references.

We may also ask you to complete a questionnaire about your health. This is to establish your fitness to work, where it is required.

We may process personal data which you have manifestly made publicly;

If we make a final offer, we will also ask you for the following:

Bank details – to process salary payments

Emergency contact details – so we know who to contact in case you have an emergency at work

Final recruitment decisions are made by the partners/managers and members of our team.

Employees and certain details about the employment are registered with JobsPlus – a government agency, as this is required by law.

Retention Periods

If you are unsuccessful following assessment for the position you have applied for, we may ask if you would like your details to be retained in our talent pool for a period of twelve (12) months. If you say yes, we may proactively contact you should any further suitable vacancies arise within that period. You may ask us to cancel this at any time – however we normally keep information about your application for at least six (6) months from the period of communication of our decision to you, in case you raise any questions about the process.

Data will be stored in a range of different places, including on your application record, in employee files, in HR management systems and on other IT systems [including email], as applicable.

If you are employed, we will keep your personal data throughout the employment and for a period after that in accordance with our HR privacy policy.

Your rights

You enjoy several rights relating to your personal information:

The right to be informed about how your personal information is being used;

We need to be clear with you about how we process your personal data. We do this through this Privacy Policy, which we will keep as up to date as possible.

The right to access the personal information we hold about you;

You can access the personal data we hold on you by contacting us on or +356 21241232.

To process your request, we will ask you to send us proof of identity so that we can be sure we are releasing your personal data to the right person.

We will carry out our best efforts to process your request within one month or, if the request is particularly complex, two months. We can provide you with a copy of your personal data in electronic format or hard copy.

If we consider the frequency of your requests as being unreasonable, we may refuse to comply with your request. In those circumstances, if you disagree, you can complain to the data protection authority – in Malta, the Information and Data Protection Commissioner.

The right to request the correction of inaccurate personal information we hold about you;

We appreciate feedback from you to ensure our records are accurate and up-to-date.

If you think that the information we hold about you is inaccurate or incomplete please ask us to correct it by contacting us here

The right to request that we delete your data, or stop processing it or collecting it;

You can ask us to delete your personal data.

Please note however that this right is not absolute  – in that, despite a request for erasure, we may be justified to keep personal data which we need to keep, e.g. (i) to comply with a legal obligation (for instance, we are required by personal data for VAT reporting purposes); and (ii) in relation to the exercise or defence of any legal claims.

When you ask us to delete your personal data, we assume that you do not want to hear from us again. To ensure that we do not send you any special offers in the future (for example, if we purchased your details from a third party list), we will retain just enough of your personal data solely for suppression purposes.

Other than as described above, we will always comply with your request and do so as promptly and efficiently as possible. We would carry out our best efforts to notify any third parties with whom we have shared your personal data about your request so that they could also comply.

If you ask us to delete your information in accordance with your rights set out above, we will retain basic information on a suppression list to record your request and to avoid sending you unwanted materials in the future.

As with any deletion process, things such as routine maintenance, unexpected outages, bugs or failures in our protocols may cause delays in the processes. We carry out best efforts to maintain systems designed to detect and remediate such issues.

The right to stop direct marketing messages;

The right to object to certain processing based on legitimate interest;

You have a right to object to our use of your personal information including where we use it for our legitimate interests or where we use your personal information to carry out profiling using automated means.

The right to request human intervention if automated processing without human intervention is used to make decisions having legal or similar effects on you;

The right to withdraw consent for other consent-based processing at any time;

The right to request that we transfer or port elements of your data either to you or another service provider;

You have the right to move, copy or transfer your personal data from one organisation to another. If you do wish to transfer your personal data we would be happy to help.

If you ask for a data transfer, we will give you a copy of your personal data in a structured, commonly used and machine-readable form (e.g. a CSV file format). We can provide the personal data to you directly or, if you request, to another organisation.

Please note that we are not required to adopt processing systems that are compatible with another organisation, so it may be that the recipient organisation cannot automatically use the personal data we provide.

When making a transfer request, it would be helpful if you can identify exactly what personal data you wish us to transfer.

The right to complain to your data protection regulator — in Malta – the Information and Data Protection Commissioner (IDPC)

If you want to exercise your rights, have a complaint, or just have questions, please contact us here

Please appreciate that the rights must be exercised within some limitation – for example, if you ask us for information we can only give you what relates to you and not what relates to other persons. When we receive requests, we may also request that you identify yourself and provide documentation or information for verification (we would not want to disclose information to the wrong person). Unreasonable requests may be subjected to a reasonable fee or refusal to respond.

Security of your Personal Data

Security of your personal data is very important to us.

Where it’s appropriate, our website uses HTTPS to help keep information about you secure. However, no data transmission over the internet can be guaranteed to be totally secure.

If you are requested to complete a registration process you may need to create a username, password and/or other identification information. Any passwords your create should be kept confidential by you and should not be disclosed to or shared with anyone. Where you do disclose any of these details, you are solely responsible for all activities undertaken where they are used. Always choose a strong password, meaning it should be lengthy and include a mixture of letters and numbers with mix of CAPS.

We do our best to keep the information you disclose to us secure. However, we can’t guarantee or warrant the security of any information which you send to us.

Our organisations is committed to continue improving its infrastructure depending on best practice and standards in order to strengthen the security of data. As there are different categories of data, not all data can or needs to be treated in the same way. Security measures that we use depending on certain factors and can include:

Use of secure servers;

Use of firewalls;

Use of encryption;

Use of encrypted VPN connections;

Use of double-authentication

Physical access controls;

Segregation and sandboxing of data;

Visitor management systems;

Information access controls;

Use of back-up systems;

Use of Tier III Certified Data Centres;

Implementation of ITIL as our ITSM best practice methodology; These process include; incident & change management, risk management, Information Security policies, Data protection policies, notification processes

Regular in-house vulnerability testing;

We review our information collection, storage and processing practices, including physical security measures, to prevent unauthorised access to our systems

We restrict access to personal information to employees, contractors and agents who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

Please understand, however, that no system is perfect or can guarantee that unauthorised access or theft will not occur.

Changes to how we protect your privacy

Our website is continually under review – new functions and features are periodically added and improved to interface, thus changes to our privacy policy may be required from time to time.

We therefore encourage you to check our privacy policy on a frequent basis.

Links to other websites

This privacy notice does not cover the links within this site linking to other websites which are not controlled by us. We are not responsible for the collection or use of your personal information from these third-party websites.

Therefore, we encourage you to read the privacy statements on the other websites you visit.

How to contact us

We are always happy to hear from you, whether to make a suggestion but especially if you feel we can do better.

If you have any questions about this Privacy Policy, or if you wish to make a complaint about how we have handled your personal information, please contact our Data Protection Officer who may be contacted here:


Address: Data Protection Officer

Fenech & Fenech Advocates

198, Old Bakery Street,

Valletta, VLT 1455