Clients Privacy Notice

This privacy notice complies with the Data Protection Legislation. It serves as a notice for our clients, including prospective clients. It notifies them about the personal data that the company holds relating to their relationship with the Company, for what purpose it is processed and for how long it is expected to be used.

1. Introduction.

Vivendo Holdings Ltd., Vivendo Retail Ltd., Vivendo Logistics Ltd., Vivendo Projects Ltd., Vivendo Cyprus Ltd., part of Vivendo Group (hereinafter referred to as Vivendo, the Data Controller, the Company, our, we us) respects the privacy of all its clients and prospective clients and is dedicated to protect the personal data it has to process about such clients. We thus want to inform you how we use and protect your personal data. This includes informing you of your rights.

Data Protection Legislation: Data Protection Legislation: (i) unless and until the General Data Protection Regulation is no longer directly applicable in Malta, the General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in Malta and then (ii) any successor legislation to the GDPR or the Data Protection Act (Ch. 586 of the Laws of Malta).

2. Vivendo Group.

Our full details are:
•Name of our Data Protection Officer (DPO): Charlene Borg
•Email Address: dpo@vivendo.mt
•Postal Address: Vivendo Group
c/o Dex Workspace,
Mdina Road ,Qormi.
QRM9011
•Contact Number: +356 2359 7314

3. Data we may collect from you.

We may collect personal data from you because of a legal reason or because you have consented us to do so for a specific purpose.
Information you may give us during different stages of our relationship:
•Identity Data includes first name, last name, identity card number or passport number.
•Contact Data includes billing address, delivery address, email address and telephone number/s.
•Financial Data includes bank account and payment card details.
•Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
•Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

You may give us information about you, for example:
•By filling in a form, sending us an e-mail or over a telephone call.
•Requesting a quote for a product or service.
•Purchasing a product or service.

If you fail to provide personal data which we need to collect by law, or under the terms of a contract we have with you, we may not be able to perform the contract we have or the contract we need to enter into with you (for example, to provide you with goods or services). In such a case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

We may also receive information about you from third parties (including, for example, background checking agencies, credit reference agencies and payment services) and may receive information about you from them as part of the service we provide you, or for legal reasons.

4. How we use your personal data.

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Where we need to perform the contract we are about to enter into or have entered into with you.

Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.

Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you via email, text message or by post. You have the right to withdraw consent to marketing at any time by either unsubscribing from our mailing list or by contacting our DPO.

5. Purpose for processing your personal data.

Vivendo will process your data when:
•You request us to quote for a product or service.
•You enter into a contract with us.
•You give us permission to do so.
•We must provide services to you after you have purchased a product or service from us.
•To comply with the law.

6. MARKETING.

We may use your Identity Data, Contact Data, Transaction and Marketing and Communication Data details to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).

You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and, in each case you consented to receive such information. You have the right to withdraw consent to marketing at any time by either unsubscribing from our mailing list or by contacting our DPO.

7. Change of purpose.

We will only use your personal data for the purposes for which we collected it. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

8. Sharing of your personal data.

We may have to share your personal data with the parties set out below:
Third party service providers including, delivery people, installers and suppliers based in the EU who provide delivery, installation services and products.
Professional advisers including lawyers, bankers, auditors and insurers based in Malta who provide consultancy, banking, legal, insurance and accounting services.

Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes (unless we have a Joint Controllers agreement with them and in that case you will also receive information on how they will process your data from them) and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We do not transfer your personal data outside the European Economic Area (EEA).

9. DATA SECURITY.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know and who are subject to a duty of confidentiality.

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

10. Retention periods.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

11. Your Rights.

You have the right to:
•Be informed.
We are giving you this Privacy Notice to keep you informed.
•Access.
Please contact our DPO if you wish to access the personal information we hold about you. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

•Rectification.
Please contact our DPO if you wish to rectify your information. We will also rectify the information you have consented us to pass on to third parties, if it is the case.
•Erasure.
Please contact our DPO if you want us to erase all your personal data and we do not have a legal reason to continue to process and hold it.
•Restrict Processing.
Please contact our DPO if you want us to restrict processing of your data. In this case we will restrict processing but we will still hold the data.
•Data Portability.
Please contact our DPO if you want information on how to port your data elsewhere. This right only applies to personal data that you have provided to us as the Data Controller.
The data must be held by us by consent or for the performance of a contract.
•Object.
You have the right to object to us processing your data even when we do so for our legitimate interests. If you wish to object please contact our DPO.
•Withdraw Consent.
If you have given us your consent to process your data but later changed your mind, you have the right to withdraw your consent at any time. Please contact our DPO in case you wish to withdraw consent.
•Complain to a Supervisory Authority.
You have the right to complain to the IDPC if you feel that we have not responded to your requests to solve a problem. The supervisory authority in Malta is the Office of the Information and Data Protection Commissioner (IDPC) which is at Floor 2, Airways House, Triq il-Kbira, Tas-Sliema and can be reached on 2328 7100.

12. Changes to Our Privacy Notice.

We may change this notice from time to time in the future. Changes to our privacy policy will be notified to the data subjects through the preferred means of communication.