At MWC Group, we take data protection and privacy seriously and will only use personal information to provide services to prospects and clients that have requested it.
MWC Group collects personal data in compliance with the European Union General Data Protection Registration (GDPR).
MWC Group is also committed to complying with the U.S.- E.U. Safe Harbor Framework and U.S.- Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding its handling of personal information from European Union member states and Switzerland.
Why do we collect information about you?
Information about you may be put onto the MWC database and used, analysed and assessed by us to provide you with a better service. We only collect information that we believe to be relevant and required to better conduct our business and to provide our clients with better services and products. We use the information that we collect about you in the following ways and in particular for the following purposes:
- for the provision of information or other services in relation to any specific requests that you may make to us, and to give you statements;
- according to law, we may be required from time to time to disclose your information to Governmental bodies, agencies or our Regulators or recognised external authorities, but we will only do so under proper authority;
- for internal assessment and analysis;
- for research and statistics;
- for the detection and prevention of fraud and any other illegal acts or criminal activity which MWC is bound to report and in line with our anti-money laundering policy;
- to develop and improve the MWC products and services;
- to check your identity and address.
What information do we collect about you?
In order to provide our clients with better services and products, we need to collect different types of information, such as (list non-exhaustive):
- name, surname, date of birth, etc;
- nationality, country of birth, tax residency, etc;
- PEP status, etc;
- marital status, nominated beneficiaries, etc;
- financial data such as payslips, pension statements, bank statements, etc.
It may also include special categories of personal data such as data about your health, as this will affect our advice and is required for insurance or annuity contracts, if this is necessary.
How will we use the information about you?
We typically collect personal data about you when you provide information to us or others acting on our behalf, when communicating or transacting with us in writing, electronically, or by phone
In addition, we may receive personal information about you from third parties, such as public sources or information vendors, your bank, your legal, financial, tax or other professional advisers, introducers, distributors or other intermediaries who market or provide services to you.
Who might we share your information with?
In order to deliver our services to you effectively we may also send your details to third parties such as those that we engage for professional compliance, accountancy or legal services as well as product and platform providers that we use to arrange financial products for you.
We may transfer the personal data we collect about you to non-EEA countries. Those countries may not have the same standard of data protection laws as the EEA. Where this is the case, unless an exemption applies, we will seek to put in place appropriate safeguards where possible, such as the EEA approved standard contractual clauses to ensure that your personal data is treated in a manner that is consistent with and respects the EEA laws on data protection. If you require further information about this you can request it from us.
To fulfil our obligations in respect of prevention of money-laundering and other financial crime we may send your details to third party agencies for identity verification purposes.
We may use your contact details and process your personal data to inform you of relevant opportunities, developments, events and products that may be of interest to you. We may carry out direct marketing in order to inform you, by mail, telephone, email or other electronic means, about other products and services provided by MWC Group, its subsidiaries, affiliates, associates, agents and by carefully selected third parties and for research purposes. We won’t share your information for marketing purposes with companies outside our associated companies.
Reasons for processing your personal data
We process your data for the purposes of our legitimate interest so that we can provide you with financial advice & products, investment management and arrange financial services & transactions. The primary legal basis that we intend to use for the processing of your data is for the performance of our contract with you. The information that we collect about you is essential for us to be able to carry out the services that you require from us effectively. Without collecting your personal data we would also be unable to fulfil our legal and regulatory obligations.
How long your personal data will be held
We will retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements and our legitimate interests in maintaining such personal information in our records. This will normally include any period during which we are dealing or expect to deal with you and what we consider to be a suitable period thereafter for our internal record-keeping purposes. In doing this we will have regard to the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Generally, we will keep information relevant to our dealings with you for not longer than five (5) years following the last date of activity. In some circumstances your personal data may be anonymised so that it can no longer be associated with you, in which case it is no longer personal data. Once we no longer require your personal data for the purposes for which it was collected, we will securely destroy your personal data in accordance with applicable laws and regulations.
How can I access the information you hold about me?
You have rights under data protection laws in relation to your personal data.
You have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data. This is in situations where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights. As a licensed institution, we are under certain obligations to process and retain certain data for compliance purposes. Please note that these requirements supersede any right to objection requests under applicable data protection laws.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. Please note that any requests in relation to the restriction of the processing of your data means that we may not be able to perform the contract we have or are trying to enter into with you.
- Request the transfer of your personal data to you or to a third party. We will provide to you, your personal data in a structured, commonly used, machine-readable format, which you can then transfer to an applicable third party. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide services to you. We will advise you if this is the case at the time you withdraw your consent.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Our website contains links to other websites. This policy only applies to this website so when you link to other websites you should read their individual privacy policies.
Security & Data Breaches
We process Personal Data in a proper manner and take appropriate security measures to prevent unauthorized access, disclosure, or modification. If, in the unlikely event, a data breach occurs that is likely to result in a risk for the rights and freedoms of the prospect or client, then they will be notified within 72 hours of MWC Group first having become aware of the breach.
Whilst we take measures to ensure that your personal data cannot be intercepted by third parties, please note that when using our website, data is transported over an open network (the internet) which is accessible to third parties and which cannot be regarded as a secure environment. We may transmit or store any data provided by you when using our website outside your country of residence. In such cases, we will make every effort to secure an appropriate standard of protection for your data, including those relating to bank-client confidentiality and data protection, but it is possible that data may be relayed to a country in which the prevailing standards of data protection are lower than in your country of domicile. We accept no responsibility or liability for the security of your data during transmission via the Internet. We would like to draw your attention to the fact that you can communicate with us by other means whenever you consider it appropriate on data protection grounds.
We may utilize social media websites (e.g. Facebook, LinkedIn, etc.) to update prospects/clients and other interested parties about events and other news. Their voluntary participation in these social media efforts is subject to the Terms of Service of the relevant social media website.
Questions regarding this Policy
If anyone have any questions about this policy, please contact the Data Protection Officer:
by email: email@example.com
by post: MWC Group Ltd, DPO, Suite 11/12, 229 Tower road, SLM 1601, Sliema, Malta