MMS Privacy Statement
We are GM International Conferences & Exhibitions Ltd (“we”, “us” and “our”), a company incorporated under the laws of Malta with company registration number C 33836 and having its registered office at St. Lucia Street 147/1, 1185 VLT Valletta, Malta.
Throughout this Privacy Statement (“Statement”), the expressions “you”, “your” and “yourself” shall refer to yourself as our customers or a person authorised to represent you, by means of a power of attorney.
As organisers of conferences and events including “Malta Maritime Summit” (the “Summit”) we are committed to protecting the privacy and security of your personal data which we process, and to handle your personal data, whether held electronically or in manual form, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 (GDPR), the Data Protection Act (Cap. 586) and subsidiary legislation related thereto.
This Statement explains how we collect, process and store data about you when you register for and attend the Summit, with whom and under which special circumstances we will share your personal data, the length of time we retain your personal data for and the measures we take to ensure your personal data remains confidential and secure, in accordance with legal requirements. This privacy notice explains how we use your personal data in relation to your interest in, or attendance at the Summit run by us.
You are kindly requested to read and understand this Privacy Statement.
1. Scope of this privacy statement
This Privacy Statement relates to our use of any personal information we collect about you or use in relation to the following services (collectively, the “Services”):
– the Summit;
– the Summit website;
– the Summit app;
– online surveys and polls relating to the Summit;
– the Summits’ official social media channels.
2. Data collected and method of collection
- Attendee registration form. When you register to attend the Summit, you are required to provide us with basic information such as name, address, email address, telephone number, and date of birth. We also give you the option to provide additional information.
- Summit app profile information. While installing the Summit app, you will have an option of providing us with additional profile information, such as name and email address, and whether you want your profile information to be discoverable within the app by other attendees and partners of the Summit. Certain profile information may also be included on our Featured Attendees page.
- Summit survey responses. We may ask you to participate in optional surveys regarding your experience at the Summit in order to help us improve the event services, marketing, customer relationships and experiences.
Following the reception of the data, an electronic profile is created in our tools for each person or entity (the “Contact Profile”).
The Contact Profile may contain but is not limited to the personal data about you:
- date of birth;
- phone numbers;
- email addresses;
- physical location data during an event;
- food or allergies preferences (your explicit consent shall be requested);
- emergency contact information;
- organization or company of employment and/or job title;
- field of activity and/or interest;
- credit card references/numbers;
- accommodation preferences;
- other communicated preferences;
- passport; and
- visa details.
Furthermore, we may also collect personal data about you:
- When you make an enquiry to us from our website.
- When you subscribe to our newsletter.
- When you speak to our staff.
We photograph and film the Summit which will be used to market our services and to promote future events and Summits. We will therefore process your image. If you do not wish to be photographed or filmed at the Summit, please contact us using the contact details provided below.
3. Purpose of data collection
We use the data collected to provide, maintain, protect and improve the overall quality of our services.
In addition to creating Contact Profiles, we may use your data for the following purposes:
- Providing and improving the requested Services. We use your personal data as necessary to run the Summit, such as to register attendees, reserve places for attendees, issue tickets, prepare delegate lists and provide you with relevant connections and content during the Summit based on information you provided us with and your use of the Summit app.
- Communicating with you. We use your personal information to contact you regarding your registration to attend or speak and to notify you of any relevant changes as well as to ask for your feedback of the Summit after you have attended.
If you opt-in to receiving our newsletter, we will use your personal information for outreach and marketing, such as to send you information about our future events. You can opt-out of these communications by using the unsubscribe links in our communications. We may also use your information in order to market conferences and Summits. For example, in accordance with your preferences we sometimes use your image in our published list of Conference attendees.
- Advertising. We film and photograph the Summit which will be used to market our services and to promote future events or Summits on our website, social media channels and in marketing materials.
- Other purposes: We may use your data as we believe to be necessary or appropriate:
- under applicable law, including laws outside your country of residence;
- to comply with legal process;
- to respond to requests from public and government authorities including public and government authorities outside your country of residence;
- to enforce our terms and conditions;
- to protect our operations;
- to protect our rights, privacy, safety or property, you or others; and
- to allow us to pursue available remedies or limit the damages that we may sustain.
By becoming a Summit subscriber you consent to the collection, storage and processing of your personal information as outlined above. We will ask for your consent before using data for a purpose other than those that are set out in this Statement, subject to mandatory laws.
4. What is the legal basis of the processing?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- To perform the contract we are about to enter into or have entered into with you.
- For our legitimate interests (for example, in order to manage and develop our business, study how customers use our products/services, to develop them, grow our business, and inform our marketing strategy).
- Where we need to comply with a legal obligation.
Generally, we do not rely on consent as a legal basis for processing your personal data, although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us using the contact details provided below.
To the extent that you may provide us with personal data about yourself that is sensitive, for example relating to any disability, allergies, or other dietary requirements that you have, we will process this information with your explicit consent, or if it is necessary:
- For the establishment, exercise or defence of legal claims;
- Very occasionally, when it is needed to protect your or another person’s vital interests and you are not capable of giving your consent (for example, in an emergency).
5. Disclosure of your personal data
Without prejudice to anything contained in this Privacy Statement, we may need to grant access to, disclose or share your personal data with the parties set out below for the purposes set out in Clause 3 above:
• Our Group corporate entities including GM Corporate and Fiduciary Services Limited, GM International Services Ltd., all of, 147/1, St. Lucia Street, Valletta, VLT 1185, Malta;
• Our affiliate law firm Gauci-Maistre Xynou (Legal | Assurance) of 147/8, St. Lucia Street, Valletta, VLT 1185, Malta;
• Service providers, including those that provide IT support and system administration services for us;
• Suppliers and external agencies that we engage to process information on our and/or your behalf, including to provide you with the information and/or materials that you have requested;
• Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets (successors in title). Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Policy.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not transfer your personal data to any third parties for marketing purposes.
6. Duration of storage of your personal data
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
If you consent to stay in touch with us, or subscribe to our newsletter, essential information to communicate with you will be kept until you withdraw your consent by contacting us using the contact details provided below or by unsubscribing to the specific communication using the link provided therein.
7. How we protect your personal data
We use various methods to protect your personal data. These methods include strict administrative system controls restricting access by unauthorised personnel to personal data and advanced technological security systems to encrypt data-in-transit and data at rest. Our network, servers and infrastructure are secured and continuously monitored with firewalls and threat prevention systems to prevent attacks such as malware and ransomware. Security measures also extend to staff training on their obligation to keep all personal information confidential and adhere to the necessary procedures when processing personal data.
While we endeavour to always protect its systems, sites, operations and information against unauthorised access, use, modification and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored, shall be absolutely safe from intrusion by others, such as hackers.
8. Social Media Usage
While we may have official profiles on social media platforms, you are advised to verify authenticity of such profiles before engaging with, or sharing information with such profiles. We will never ask for your passwords or personal details on social media platforms. You are advised to conduct yourself appropriately when engaging with us on social media.
There may be instances where our website features social sharing buttons, which help share web content directly from web pages to the respective social media platforms. You use social sharing buttons at your own discretion and accept that doing so may publish content to your social media profile feed or page.
10. Your rights
You have various rights in connection with the processing of your personal information by us under certain circumstances, as explained below.
- Right to be Informed. You are entitled to know, free of charge, what type of information we hold and process about you, who has access to it, how it is held and kept up-to-date, for how long it is kept, and what we are doing to comply with data protection legislation.
- Right of Access. You are entitled to obtain confirmation on how your personal data is being processed by us and request a copy of your data as well as all the available information concerning its processing.
- Right to Rectification. You are entitled to request the rectification of your personal data held by us in instances where personal data held is inaccurate or incomplete.
- Right to Erasure (the Right to be Forgotten). You are entitled to request the erasure of personal data held by us, where there is no compelling reason for its continued processing. We are not obliged to accede to this request if such data needs to be retained by us in order to comply with a legal obligation or to establish, exercise or defend legal claims.
- Right to Restriction of Processing. You are entitled to block or suppress the processing of your personal data, provided that certain conditions are satisfied. As with erasure, restrictions of processing may result in our inability to serve you with a specific service or product.
- Right to Data Portability. You are entitled to obtain your personal data and reuse it for your own purposes across different services. This information however only relates to that data provided to us by you by means of a contract or when providing us with your consent.
- Right to Object. You are entitled to object to the processing of your personal data which is collected by us. This right does not apply in all circumstances, for example, where we process information because it is necessary for the performance of a contract.
- Right to Withdraw Consent. When you have provided us with your consent for the processing of your personal data, such consent may be withdrawn at any time thereby terminating any associated processing. We may continue to process your information if there is another legitimate reason for doing so such as to observe statutory requirements or for the performance of a contract.
- Right to Lodge a Complaint. You are also at liberty to complain to the data protection regulator, i.e. the Information and Data Protection Commissioner, whose contact details are provided below, or by visiting https://idpc.org.mt. Alternatively, you may raise the complaint with the data protection regulator in the country where you live or work.
To exercise any of your above mentioned rights, you are requested to contact our Data Protection Officer (DPO) using the details set out in the ‘Contact Details’ section below. We aim to comply as quickly as possible with your requests and will ensure that it is provided within a reasonable timeframe and in any event within a period of 30 days from receipt of your request, proof of your identity and the fulfilment of any requirement deemed necessary to verify the authentication of your request, unless there is good reason for delay. This delay may be extended by a further 60 days where necessary. When your request cannot be met within a reasonable time, the DPO shall inform you of the delay within 30 days from receipt of your request, proof of your identity and the fulfilment of any requirement deemed necessary to verify the authentication of your request and the reason for the delay will be explained to you in writing. As explained above, these rights may be restricted, if applicable, in terms of the GDPR
11. Contact details
The Data Protection Officer can be contacted by email at email@example.com, by telephone on (+356) 21235341 (ext.132) or in writing at the following address:
Data Protection Officer
GM International Conferences & Exhibitions Limited
147/1, St. Lucia Street,
Valletta VLT 1185, Malta
The Information and Data Protection Commissioner may be contacted as follows:
Telephone: (+356) 2328 7100