Privacy

Privacy Policy update of 12 August 2024

Dear Visitor, respect for the Privacy Law is particularly important to us.

In particular, the “General Data Protection Regulation” (EU Regulation 2016/679, known by the English acronym “GDPR”) requires us to provide you with the following information on the processing of your Personal Data, pursuant to art. 13 of the aforementioned Regulation.

The “Processing of Personal Data”, in simple terms, is any operation concerning any “information relating to an identified or identifiable natural person”. For example, name and surname, or an e-mail address with a “username” that identifies you (e.g. stevejobs@….), is considered “Personal Data”, and the actions of collection, registration with us and use to send you a communication, they are considered “Processing” operations; so also (again for example) the communication of Personal Data to other organizations and archiving.

Our organization is defined as the “Data Controller”, as a subject who establishes how and for what purposes to process information relating to natural persons.

You, as the “natural person to whom the Personal Data refer”, are defined as the “Data Subject”, and you have the right to receive the following information on who we are, what Personal Data we process, why, how and for how long we process them, and what obligations and rights you have in this regard.

Depending on whether you are a simple Visitor or want to write to us via the contact form, we collect and/or we need you to provide us with some Data, which we need to allow you to browse the Site and/or allow us to reply to you; in the first case (i.e. when you just visit the Site) it is generally information that does not allow you to be identified (and therefore we will only process “Navigation Data”).

The website of the Authority for the Protection of Personal Data contains further information useful for better understanding the subject (see for example: https://www.mca.org.mt/content/data-protection).

The definitions of the terms and expressions used are contained in the Glossary at the bottom of the page. Although not expressly defined here, please refer to the definitions contained in the Terms of Use of the Site; in the event of any conflict between definitions, for the purposes of this Privacy Policy the definitions in the Glossary (at the bottom of the page) prevail over those contained in the Terms of Use of the Site.

The information presented here concerns only the processing carried out on personal data collected through this Site. In the event that you start a relationship with us that goes beyond what is described through the Site, may be further information regarding the processing of personal data.

We do not intentionally collect personal information referring to natural persons who, according to their national legal system of origin, lack the legal capacity to act for the purpose of stipulating contracts. In the event that information on these subjects is recorded, we will delete it in a timely manner, at the request of the interested party or of those who exercise authority over him.

Who are we (“Data Controller”)?

MACTT Educational Group Ltd, Company Registration Number C 44520, VAT MT18927427, with registered offices in Level One, Triq Dun Karm, Birkirkara BKR 9037 (Malta)

What are the categories of interested parties to whom this information is addressed?

Visitor: the natural or legal person who uses a device and navigates the public pages of the Site via the Internet or who writes to the Owner through the “Contact” area or “RPL request” area.

For information relating to the “first contact”, also consult the information “First Contact“.

What categories of Personal Data do we process?

“Common” Personal Data (name and surname, e-mail address), to the minimum extent necessary to achieve each of the Purposes indicated below.
To allow you to use the Site, we also process Navigation Data, which sometimes do not consist of Personal Data because they do not allow your identification. For more information on the meaning of Navigation Data and under what conditions they form Personal Data, please consult the respective item in the Glossary at the bottom of this statement.

Why do we process Personal Data (Purpose) and on what is the Processing (Legal Basis) of each category of Data based?

#	Purpose	Categories of Personal Data	Legal Basis
1	Analyzing traffic on the Site (e.g. detecting the most visited pages, the number of visitors by hour or day, geographical origin, average connection time, browsers used, visitor origin – from search engines or other sites -, phrases and words searched for, etc.) to understand how it is used and manage it, optimize and improve it, or even just for statistical purposes; solve operational problems (e.g. page loading anomalies); perform monitoring activities to reject and/or prevent cyber attacks and frauds.	Navigation data, anonymous information (which does not allow us to trace your identity)	The need to make the Site available in compliance with the Terms of Use (Article 6 § 1.b GDPR)
2	Send targeted promotional messages (retargeting or advertising on social networks), through third-party services that install profiling cookies	Common	Your consent (art. 6 § 1.a GDPR), freely given and revocable at any time moment through the banner and the extended Cookie Policy
3	Satisfy your requests regarding the Site and our activities (e.g. requests for quotes) received at the addresses on the Site or by other	Common	The need to adopt pre-contractual measures on your request (art. 6 § 1.b GDPR)
4	Fulfill the obligations established by the Applicable Law and/or orders given by	Common	The need to fulfill legal obligations (art. 6 § 1.c GDPR)
5	Ascertain, exercise and/or defend a right in the competent offices	Public administrations and authorities	Our legitimate interest in defending our right (art. 6 § 1.f GDPR)

To whom we communicate the Data (Categories of Recipients) ?

To the minimum extent necessary for the achievement of each of the purposes, on the basis of the applicable Law and/or a contractual agreement with the Data Controller, to:

a)   Subjects necessary for the execution of the activities connected and consequent to the management of the Site, who act as of Data Processors (e.g. IT service providers, etc.);

b)   Consultants and/or professionals appointed by us, independent Data Controllers;

c)   Other subjects Authorized by us (e.g. our workers), committed to confidentiality or recipients of a legal obligation to confidentiality;

d)   Public organizations and Authorities, if and within the limits in which this is required by the Applicable Law or by their orders, or for the exercise, assessment and/or defense of a right in court.

The Data Controller does not disseminate Personal Data, except in the case in which it is requested, in accordance with the law, by Authorities, information and security bodies or other public entities for purposes of defense or state security or prevention, detection or prosecution of crimes.

Do we transfer Personal Data outside the European Union?

Yes, as follows.

The Company’s web site is located on servers hosted on UK Data Center in Continuity House, 205 Torrington Ave, Coventry CV4 9UT, UK and managed by Malta Hosting service of Liquidnet ltd13 Craigleith, 7 Kersfield Road Putney, London SW15 3HN nited Kingdom,  any transfer of Personal Data in the context of the Liquidnet ltd services is carried out on the basis of the Standard Contractual Clauses – pursuant to art. 46 § 3 of the GDPR; for more information see https://maltahosting.biz/terms-and-conditions-3/privacy-policy-5/

Personal data relating to the RPL procedure will be stored and hosted on a server in Malta operated by NetShop ISP – Data Center & Web Hosting Services, 120 Faneromenis Avenue Imperial, Tower, 2nd Floor, Larnaca 6031, Cipro with Malta Data Center is located at 54/55 Triq Manuel Borg Gauci, Qormi, Malta. for more information see https://netshop-isp.com.cy/legal/privacy-policy/

We guarantee that the transfer of Personal Data outside the European Union is only to countries that guarantee an adequate level of protection, for which there is a decision of adequacy by the European Commission, or on the basis of one of the other guarantees provided for in Chapter V of the GDPR.

Do we perform automated decision-making processes and/or profiling activities?

We carry out profiling activities only through profiling cookies (see the extended Cookie Policy).

How long do we keep the Data?

The maximum storage time for the Personal Data collected through the form will not exceed two years, unless you ask us to delete them beforehand or the applicable legislation requires us to keep them for a longer period or allows it to protect our rights and/or legitimate interests.

Does the Site use Cookies?

Yes. To find out more and to view our policy in this regard, you can consult the extended Cookie Policy.

Are you obliged to provide us with Personal Data?

Due to the functioning of the Internet, you cannot refuse the communication of Browsing Data. You can refuse the installation of Profiling Cookies, through the “banner” and the extended Cookie Policy.

You are not obliged to write to us through the addresses on the Site, but if you want to do so, you must communicate the Personal Data we request from you.

What happens if you refuse to communicate your data?

If you refuse to communicate the Data for the purpose n. 3, we will not be able to respond to your requests. Refusal to install Profiling Cookies has no consequences.

What rights do you have as an “interested party”?

You, as a person to whom the data refers (“Data Subject”) have the right to:

a)    access the data held by the Data Controller, and request a copy, except in cases where the exercise of the right harms the rights and freedoms of other natural persons;

b)    request the rectification of any incomplete or inaccurate data;

c)     request the deletion of data, subject to the exclusions or limitations established by the Applicable Regulations (e.g. by art. 17 § 3 GDPR);

d)    request the limitation of processing, where the conditions are met and subject to the exclusions established by art. 18 § 2 GDPR;

e)    request data portability (i.e. receive them in a structured format, commonly used and readable by an automatic device, in order to be able to transmit them to another Data Controller without impediments), to the extent that the processing is based on consent or on the need to execute a contract where technically possible and except where the exercise of the right harms the rights and freedoms of other natural persons;

f)      lodge a complaint with the Data Protection Authority of your country, or of the place where the alleged violation occurred.

For further information, also consult the “Contact us” disclosure.

Right to object

You can object to the processing based on the legitimate interest of the Data Controller, at any time for reasons connected to your particular situation (e.g. damage to honor, reputation, decency), subject to the demonstration by the Data Controller of a legitimate interest binding and prevailing pursuant to art. 21.1 GDPR, and unless the processing is necessary for the assessment, exercise or defense of a right in court.

Who can you contact with questions or to exercise your rights?

You can contact us at the following e-mail address: privacy@mactt.eu.