Phoenix Group Ltd takes Data protection very seriously and invests in resources to ensure that personal data is protected through processes that are by design targeted at keeping personal data safe. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.
The processing of personal data, such as name, address, e-mail address, telephone and mobile numbers, date and place of birth, father’s name and mother’s name and maiden surname of a data subject shall always be in line with the General Data Protection Regulation (GDPR). By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.
As the controller, Phoenix Group Ltd has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed.
The Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Phoenix Group Ltd,
“Lock, Stock & Barrel”
Phoenix Business Centre,
Triq il-Blata l-Kahla
Santa Venera SVR 9022, Malta
What data do we collect and why do we store and process your Personal Data?
Phoenix Group Ltd collects a series of general data and information when a data subject either becomes a client at one of our branches or through our other communication channels. This data and information is stored securely either on a centralized server or on one of the company’s computers. Generally, when a data subject visits one our outlet we collect the following: Name & Surname, Address, Telephone and Mobile numbers and email addresses as well as the date and place of birth and maiden surnames.
When using our website, we may collect the above personal details as well. Our web hosting provide also collects data through their server logs such as (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (referrer), (4) the date and time of access to the Internet site, (5) an Internet protocol address (IP address), (6) the Internet service provider of the accessing system, and (7) any other similar data and information that may be used in the event of attacks on our information technology systems.
The data collected is never used by Phoenix Group Ltd to draw any conclusions about the data subject. Rather, this information is needed to help us deliver the level of service that we feel our clients deserve. We use this data to be able to contact our clients and also to offer them new services and offers from time to time. Subscription to these offers and services will require separate consent from our clients. Offers may be sent to data subjects through various channels such as: Email Marketing, printed material by post and SMS notifications.
Phoenix Group Ltd analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files, if any are stored separately from all personal data provided by a data subject.
Where we are obliged to process your personal data in fulfillment of a legal requirement to which we are subject, or in pursuance of performing an obligation under a contract which we have with you, and you fail to provide us with that data, we may not be able to perform the Services as agreed upon.
Phoenix Group Ltd also records your personal data in a debtors list in our accounting system. For this purpose, we retain personal data as outlined previously in this document. We retain this data for:
- To perform debtor controls;
- So that we record clients’ personal details as required by the Arms Act;
- To be used in submitting fire arm applications to the Police;
Who collects personal data?
Data is collected by
- By our representatives through physical contact;
- Through our website and social media pages;
- Through emails opened and actioned by our representatives;
- Through phone calls;
- Through postal mail;
We usually retain the personal data of our clients for the period during which they are considered as clients. As part of the services we offer, we include periodic services as part of a structured course or programme. In this case Phoenix Group Ltd will retain the data throughout the period of the programme and will request permission to retain the data longer if necessary.
As a policy, Phoenix Group Ltd retains all personal data for two years from the date of the last contact with the client. After this period, the data subject is no longer considered a client and their data is erased unless asked to do otherwise by the data subject. In the case of marketing communications, we ask for specific permission from the data subject to retain their email address and/or phone number indefinitely. The data subject is reminded continuously in every mail shot that they may opt out whenever they like of these communications.
Who we share your data with
Phoenix Group Ltd may use third party partners to help in processing data for marketing or other purposes such as ICT, logistics and Accounting and Audit firms. We are assured that our partners handle personal data under the strictest controls. We also purposely share only the data that is required for the processing task rather than all the personal data about a data subject.
Phoenix Group Ltd is a licensed by the Police to deal in firearms and ammunition in terms of the Arms Act (Cap 480) and the Arms Licensing Regulations (Subsidiary Legislation 480.02), In abiding by the strict conditions set forth under these regulations, Phoenix Group Ltd. shall
- Keep a register showing the movement of any arm proper and ammunition and shall, on receiving or disposing of, under any title whatsoever, any arm proper or ammunition, for whatever reason, make or cause to be made an entry in the register specifying:
- the name, surname, a legally valid identification document number, occupation and place of residence of the person from whom the arms proper or ammunition were received or to whom they are to be delivered;
- the number or quantity of arms proper or ammunition and the date of their receipt or disposal;
- the description of the arms proper or ammunition, and the type, make, model, calibre and serial number of any arm proper and any modification thereto;
- the licence number of the person to whom the arm proper or ammunition is transferred.
- Shall retain and conserve the register for as long as it remains licensed, after which it is required to deposit the said register with the Commissioner, which register shall, on the date of deposit, be duly signed by the licensee and countersigned by the Commissioner or any officer authorised by him.
- make available this register to any police officer who may at all reasonable times demand inspection of the register, inspect any premises and stores of any dealer, and check the entries above mentioned, in order to take account of the stock in hand, and to ensure compliance with the duties and obligations of the dealer under this article.
These obligations under the Arms Act and the Arms Licensing Regulations over-ride our obligations under the GDP Regulations.
Transferring of data outside of the European Union, particularly to countries which might not have appropriate data protection safeguards in place, will be based on your consent.
Subscription to our newsletter
On our website, users are given the opportunity to subscribe to our newsletter. Phoenix Group Ltd uses this newsletter to inform its customers and business partners about its offers. The newsletter may only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject registers for the newsletter and (3) if the data subject is a client and gives Phoenix Group Ltd consent (Opts in). A confirmation e-mail will be sent to the e-mail address when a user subscribes. A double opt-in procedure is employed. This confirmation e-mail is used to prove whether the owner of the e-mail address as the data subject is authorized to receive the newsletter.
During the registration for the newsletter, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the e-mail address of a data subject at a later date, and it therefore serves the aim of the legal protection of the controller.
The personal data collected as part of a registration for the newsletter will only be used to send our newsletter.
CCTV Cameras at our premises
Wherever we have CCTV cameras installed, their purpose is solely for security and not to monitor the movement of clients or employees. Their purpose is simply to ensure the security of the company’s assets as well as the personal physical security of our clients while they are at our premises. Data collected through these systems will only be divulged to third parties such as law enforcement agencies in the event of a security incident. Data on these systems is stored in a rotating manner and it is overwritten roughly every 30 days.
The processing of your data will be processed in accordance with the provision of the GDPR. Phoenix Group Ltd takes appropriate precautions to preserve your rights and prevent any corruption, loss, damage or destruction of your personal data. The company has appropriate security arrangements, including, where appropriate, limited physical access, administrative, procedural, and information ICT measures to prevent unauthorized or accidental access, collection, use, disclosure, copying, modification, disposal or destruction of personal data. In case our systems are compromised and suffer a data breach where the personal data of our Clients is exposed, $Company will promptly inform the data subject and the Office of the Data Protection Commissioner.
Phoenix Group Ltd’s employees have access to personal data strictly on a “need to use” basis for the performance of their duties. Company employees are aware of the confidential nature of personal data and how they should handle it in strictest confidence.
How to contact us
You may contact us as follows:
Phoenix Group Ltd
Lock Stock & Barrel
Phoenix Business Centre
Triq Il-Blata L-Kahla,
Santa Venera SVR 9022
Tel: +356 2148 0118
Routine erasure and blocking of personal data
The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data is erased in accordance with legal requirements.
You rights as a data subject
As a data subject GDPR provides you with extensive rights as follows:
- Right of confirmation
- Right of access
- Right to rectification
- Right to erasure (Right to be forgotten)
- Right of restriction of processing
- Right to data portability
- Right to object
- Automated individual decision-making, including profiling
- Right to withdraw data protection consent
- Data protection for applications and the application procedures
For more detailed information about your rights under GDPR, please request our detailed GDPR rights document.
Last revison 20th May 2018