.svg){kind=small}
PRIVACY POLIcy
Important information and who we are
In accordance with the provisions of the applicable Malta data protection laws and regulations, and of the Regulation n°2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”, collectively hereinafter the “Data Protection Law”), your personal information will be collected and processed by Valletta Credit Finance Corporation Ltd (‘ Company’ or ‘VCFC’) as the data controller, registration number C 54426, with address at Level 10, Q2, Quad Central, Triq l-Esportaturi Birkirkara, CBD 1040, Malta.
Controller
VCFC is the controller and responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice). We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below.
Third-party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. We may collect, use, store and transfer different kinds of personal data about you which we have grouped together in categories such as identity, financial and contact data. The table below provides a high level overview of the data being collected from our end in order to provide the requested product and/or service in line with regulatory requirements.
You can find further details about these categories in our GDPR Policy.
In accordance with the provisions of the applicable Malta data protection laws and regulations, and of the Regulation n°2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”, collectively hereinafter the “Data Protection Law”), your personal information will be collected and processed by Valletta Credit Finance Corporation Ltd (‘ Company’ or ‘VCFC’) as the data controller, registration number C 54426, with address at Level 10, Q2, Quad Central, Triq l-Esportaturi Birkirkara, CBD 1040, Malta.
Controller
VCFC is the controller and responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice). We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below.
Third-party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. We may collect, use, store and transfer different kinds of personal data about you which we have grouped together in categories such as identity, financial and contact data. The table below provides a high level overview of the data being collected from our end in order to provide the requested product and/or service in line with regulatory requirements.
You can find further details about these categories in our GDPR Policy.
Type of Data
and Documents
Examples
Legal Basis
Identification and Verification Data
Name, Date of birth, National ID, Identification Tax number, Marital status, dependants (in cases when there is a guarantor or PEP), IP address, telephone number, Social Security Number, work email, personal email, billing address and residential address
The Art. 6(1)(b)(f) GDPR. Necessary to establish a contractual relation with the client and a legitimate interest of the business.
Financial Data
Transactions related to the payment and/or card account including the IBAN, certain card details, account balance, details about the payments, details about the products or services we provide to you, transaction history and credit scoring related information (where applicable)
The Art. 6(1)(b) of the GDPR. Necessary to process payments and deliver financial services.
AMLCFT Data
Identification documents related information including the document number; issuing country and expiry date; image of ID document, likeness images (where applicable), face-match images (where documentation is provided through digital means), adverse media screening; sanctions screening; transaction monitoring and risk ratings.
Article 6(1)(c) GDPR: Necessary to comply with legal obligation under AML laws.
Documentary Data
includes copies of your passport, driver’s licence, ID card, proof of address and references; screening reports;
The Art. 6(1)(b)(f) GDPR. Necessary to establish a contractual relation with the client and a legitimate interest of the business
Technical Data
includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
The Art. 6(1)(b)(f) GDPR. Necessary to establish a contractual relation with the client and a legitimate interest of the business.
Profile data
includes your username and password, purchases or services requested by you, your interests, preferences and feedback.
The Art. 6(1)(b)(f) GDPR. Necessary to establish a contractual relation with the client and a legitimate interest of the business.
Marketing and Communications Data
includes your preferences in receiving marketing from us and your communication preferences.
The Art. 6(1)(b)(f) GDPR. Necessary to establish a contractual relation with the client and a legitimate interest of the business.
How is your personal data collected?
We will collect personal information about you from a number of sources including:
• information given to us on application forms, in letters and emails, over the phone or through the approved devices you use.
• from analysis of how you use our products and services, including the frequency, nature, location, origin and recipients of any payments.
• from, or through, other organisations (for example other entities such as card associations, insurance companies, retailers, social media, credit reference agencies, fraud prevention agencies and public information sources).
How we use your personal information
We will use your personal information:
• to provide products and services, manage your relationship with us and comply with any laws or regulations we are subject to (for example the laws that prevent financial crime or the regulatory requirements governing the products we offer).
• for other purposes including improving our services, exercising our rights in relation to agreements and contracts and identifying products and services that may be of interest.
To support us with the above, we analyse information we know about you and how you use our products and services. Your personal data as mentioned in the table above shall be stored in our system in line with the applicable retention period. This is with the purpose of ensuring the security of our customers transactions, preventing fraud, and identifying as well as complying with AML regulations.
You can find out more about how we use your information and your rights attached to it in our GDPR Policy.
Who we share your personal information with
We may share your personal data with trusted third parties where necessary to pursue our legitimate business interest, such as maintaining secure payments systems, preventing fraud, complying with legal obligations, or providing you with our services. These third parties include regulatory authorities, financial partners and technological service providers. All such parties are required to protect your information and use it only for the intended purpose.
The Company may transfer personal data to countries outside the European Economic Area (EEA) only where such transfers comply with the requirements of the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act (Cap. 586, Laws of Malta).
Transfers of personal data shall take place only when:
The European Commission has issued an adequacy decision confirming that the recipient country ensures an adequate level of data protection. This includes transfers to the United Kingdom, which is currently recognised as providing an adequate level of protection. Where no adequacy decision exists, the Company shall use appropriate safeguards, such as the European Commission’s Standard Contractual Clauses (SCCs) of 2021, or other legally recognised transfer mechanisms, to ensure equivalent protection of personal data.Before relying on such safeguards, the Company shall conduct a Transfer Impact Assessment (TIA) to evaluate the legal and practical implications of the transfer and confirm that the recipient can comply with the obligations under the SCCs or other relevant mechanism.
Why we need this personal information
If you want to enter into a contractual relationship with us, we will need to collect certain personal information from you such as name and surname, residential address, contact number; e-mail, a copy of your identification and proof of address document; (as well as any information contained in it), taxpayer identification code, telephone number, employment details, financial information, source of wealth and source of funds . We may also need to collect certain information from you to comply with legal obligations (such as, in particular, obligations arising from applicable tax regulations).
We may also collect certain personal information from you or publicly available sources such as financial, contractual, transaction, location, profile and usage data based on our legitimate interest in preventing fraud, protecting our customers, improving and promoting our services. If the processing of your personal information is based on our legitimate interests, you may object to such processing at any time. We may also ask your consent, only where necessary, for the purposes of Article 105 of the PSL (Article 94(2) of PSD2) for the processing of certain personal information from you. If you decide to give your consent for a certain processing operation, you may withdraw your consent at any time.
What rights you have over your personal information?
The law gives you a number of rights in relation to your personal information including:
• To request access to your personal data
• To request correction of your personal data
• To request erasure of your personal data
• To object to processing of your personal data
• To request restriction of processing your personal data
• To request transfer of your personal data
• To withdraw consent
You can find out more about these rights and the limits thereto in our GDPR Policy (see also below on how to exercise your rights).
Marketing
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following personal data control mechanisms:
Promotional offers from us
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us (or from another company within the Insignia associated companies) if you have requested information from us, if you have provided your express consent for receiving that marketing, or, in certain cases, if it is in our legitimate interest.
Third-party marketing
We will not share your personal data with any company outside the Insignia Group of Companies for marketing purposes.
Opting out
You can ask us to stop sending you marketing messages by contacting us at any time. Where you opt out of receiving these marketing messages, you will still receive important information such as changes to your existing services.
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please seeour Cookie Policy.
Telephone Calls
We maymonitorand/or record your telephone calls to us, or ours to you, to ensure consistent servicing levels (including staff training) and account operation, toassist(whereappropriate)in dealing with complaints or disputes, and to assist us in ensuring we comply with our legal obligations.
How long we keep your information for
We will keep your information for as long as you are a customer of the Company. In accordance with the GDPR, your information cannot be kept for longer than is necessary for the purposes for which the personal data are processed. After you stop being a customer, we may keep your data for a reasonable period of timefor screening, AMLCFT and regulatory purposes. In any case, the retention period will never exceed the 10 years.
Our Privacy Policy
It is important that you understand how the personal information you give us will be used. Therefore, we strongly advise that you read this Privacy Notice and our GDPR Policy.
If you would like to contact us or exercise any of your rights
If you have any questions, require more information about how we use your personal information, or wish to exercise any of your rights or lodge a data protection complaint, please contact our Data Protection Officer on dpo@vcfc.eu or at the following address: Level 10, Q2, Quad Central, Triql-EsportaturiBirkirkara, CBD 1040, Malta
You also have the right to make a complaint at any time to the Office of the Information and Data Protection Commissioner at the following address: Office of the Information and Data Protection Commissioner Floor 2, Airways House, Triq Il - Kbira, Tas-Sliema SLM 1549.
We will collect personal information about you from a number of sources including:
• information given to us on application forms, in letters and emails, over the phone or through the approved devices you use.
• from analysis of how you use our products and services, including the frequency, nature, location, origin and recipients of any payments.
• from, or through, other organisations (for example other entities such as card associations, insurance companies, retailers, social media, credit reference agencies, fraud prevention agencies and public information sources).
How we use your personal information
We will use your personal information:
• to provide products and services, manage your relationship with us and comply with any laws or regulations we are subject to (for example the laws that prevent financial crime or the regulatory requirements governing the products we offer).
• for other purposes including improving our services, exercising our rights in relation to agreements and contracts and identifying products and services that may be of interest.
To support us with the above, we analyse information we know about you and how you use our products and services. Your personal data as mentioned in the table above shall be stored in our system in line with the applicable retention period. This is with the purpose of ensuring the security of our customers transactions, preventing fraud, and identifying as well as complying with AML regulations.
You can find out more about how we use your information and your rights attached to it in our GDPR Policy.
Who we share your personal information with
We may share your personal data with trusted third parties where necessary to pursue our legitimate business interest, such as maintaining secure payments systems, preventing fraud, complying with legal obligations, or providing you with our services. These third parties include regulatory authorities, financial partners and technological service providers. All such parties are required to protect your information and use it only for the intended purpose.
The Company may transfer personal data to countries outside the European Economic Area (EEA) only where such transfers comply with the requirements of the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act (Cap. 586, Laws of Malta).
Transfers of personal data shall take place only when:
The European Commission has issued an adequacy decision confirming that the recipient country ensures an adequate level of data protection. This includes transfers to the United Kingdom, which is currently recognised as providing an adequate level of protection. Where no adequacy decision exists, the Company shall use appropriate safeguards, such as the European Commission’s Standard Contractual Clauses (SCCs) of 2021, or other legally recognised transfer mechanisms, to ensure equivalent protection of personal data.Before relying on such safeguards, the Company shall conduct a Transfer Impact Assessment (TIA) to evaluate the legal and practical implications of the transfer and confirm that the recipient can comply with the obligations under the SCCs or other relevant mechanism.
Why we need this personal information
If you want to enter into a contractual relationship with us, we will need to collect certain personal information from you such as name and surname, residential address, contact number; e-mail, a copy of your identification and proof of address document; (as well as any information contained in it), taxpayer identification code, telephone number, employment details, financial information, source of wealth and source of funds . We may also need to collect certain information from you to comply with legal obligations (such as, in particular, obligations arising from applicable tax regulations).
We may also collect certain personal information from you or publicly available sources such as financial, contractual, transaction, location, profile and usage data based on our legitimate interest in preventing fraud, protecting our customers, improving and promoting our services. If the processing of your personal information is based on our legitimate interests, you may object to such processing at any time. We may also ask your consent, only where necessary, for the purposes of Article 105 of the PSL (Article 94(2) of PSD2) for the processing of certain personal information from you. If you decide to give your consent for a certain processing operation, you may withdraw your consent at any time.
What rights you have over your personal information?
The law gives you a number of rights in relation to your personal information including:
• To request access to your personal data
• To request correction of your personal data
• To request erasure of your personal data
• To object to processing of your personal data
• To request restriction of processing your personal data
• To request transfer of your personal data
• To withdraw consent
You can find out more about these rights and the limits thereto in our GDPR Policy (see also below on how to exercise your rights).
Marketing
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following personal data control mechanisms:
Promotional offers from us
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us (or from another company within the Insignia associated companies) if you have requested information from us, if you have provided your express consent for receiving that marketing, or, in certain cases, if it is in our legitimate interest.
Third-party marketing
We will not share your personal data with any company outside the Insignia Group of Companies for marketing purposes.
Opting out
You can ask us to stop sending you marketing messages by contacting us at any time. Where you opt out of receiving these marketing messages, you will still receive important information such as changes to your existing services.
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please seeour Cookie Policy.
Telephone Calls
We maymonitorand/or record your telephone calls to us, or ours to you, to ensure consistent servicing levels (including staff training) and account operation, toassist(whereappropriate)in dealing with complaints or disputes, and to assist us in ensuring we comply with our legal obligations.
How long we keep your information for
We will keep your information for as long as you are a customer of the Company. In accordance with the GDPR, your information cannot be kept for longer than is necessary for the purposes for which the personal data are processed. After you stop being a customer, we may keep your data for a reasonable period of timefor screening, AMLCFT and regulatory purposes. In any case, the retention period will never exceed the 10 years.
Our Privacy Policy
It is important that you understand how the personal information you give us will be used. Therefore, we strongly advise that you read this Privacy Notice and our GDPR Policy.
If you would like to contact us or exercise any of your rights
If you have any questions, require more information about how we use your personal information, or wish to exercise any of your rights or lodge a data protection complaint, please contact our Data Protection Officer on dpo@vcfc.eu or at the following address: Level 10, Q2, Quad Central, Triql-EsportaturiBirkirkara, CBD 1040, Malta
You also have the right to make a complaint at any time to the Office of the Information and Data Protection Commissioner at the following address: Office of the Information and Data Protection Commissioner Floor 2, Airways House, Triq Il - Kbira, Tas-Sliema SLM 1549.