Privacy Policy

Effective Date: 01.01.2025
Last Updated: 15.04.2025

1. Information We Collect

Personal Information

We collect the following types of personal information:

Contact Information:

Full name and job title
Email address and phone number
Business name and address
Billing and invoicing details

Business Information:

Company registration details
VAT numbers (where applicable)
Industry and business type
Website login credentials and access details

Payment Information:

Credit card details (processed securely via third-party providers)
Bank account information for direct debits
Billing addresses and payment history
Transaction records and invoices

Technical Information:

IP address and browser type
Device information and operating system
Website usage patterns and page visits
Cookies and tracking data
Server logs and error reports

Communication Records:

Email correspondence and support tickets
Chat conversations and phone call records
Meeting notes and project documentation
Feedback and survey responses

Marketing Information:

Communication preferences and consent records
Social media interactions and engagement
Newsletter subscriptions and opt-in data
Campaign performance and analytics

2. How We Collect Information

We collect information through various methods:

Direct Collection:

Contact forms and inquiry submissions
Account registration and onboarding
Phone calls and email communications
Surveys and feedback forms
Payment processing and billing

Automatic Collection:

Website cookies and tracking technologies
Google Analytics and performance monitoring
Server logs and error tracking
Email open rates and click tracking
Social media plugins and interactions

Third-Party Sources:

Business directories and public records
Social media platforms and professional networks
Payment processors and financial institutions
Partner referrals and integrations

3. How We Use Your Information

We use your personal information for the following purposes:

Service Delivery

Website Development: Creating and maintaining your website
SEO Services: Implementing search engine optimisation strategies
Hosting Management: Providing secure website hosting and maintenance
Support Services: Responding to inquiries and technical issues
Analytics Reporting: Generating performance reports and insights

Business Operations

Payment Processing: Managing subscriptions and processing payments
Account Management: Maintaining client accounts and service records
Communication: Sending service updates, notifications, and correspondence
Legal Compliance: Meeting regulatory requirements and tax obligations
Quality Assurance: Monitoring service quality and customer satisfaction

Marketing and Communication

Service Promotion: Sending information about relevant services (with consent)
Newsletter Distribution: Sharing industry insights and company updates
Social Media Engagement: Interacting on social platforms and responding to comments
Content Personalisation: Tailoring website content and service recommendations
Market Research: Understanding customer needs and improving services

Legal and Security

Fraud Prevention: Detecting and preventing fraudulent activities
Security Monitoring: Protecting systems and data from unauthorised access
Legal Defence: Protecting our rights and defending against legal claims
Regulatory Compliance: Meeting data protection and business regulations

4. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

Contract Performance: Processing necessary for service delivery and subscription management

Legitimate Interest: Business operations, marketing, security, and improvement of services

Consent: Direct marketing communications and non-essential cookies (where explicit consent is obtained)

Legal Obligation: Tax reporting, financial record keeping, and regulatory compliance

5. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information. However, we may share data with trusted third parties:

Service Providers

Payment Processors: Stripe, PayPal, and banking institutions for payment processing
Hosting Providers: Cloud hosting services for website and data storage
Communication Tools: Email service providers and customer support platforms
Analytics Services: Google Analytics, Search Console, and performance monitoring tools
Security Services: Cybersecurity providers and backup services

Business Partners

Subcontractors: Freelancers and agencies assisting with service delivery
Technology Vendors: Software providers and integration partners
Professional Advisors: Legal, accounting, and business consultancy services

Legal Requirements

Government Authorities: When required by law, court order, or regulatory request
Law Enforcement: For fraud prevention and legal investigations
Business Transactions: In case of merger, acquisition, or business sale (with appropriate safeguards)

All third parties are bound by strict confidentiality agreements and data processing contracts, ensuring your information is protected.

6. International Data Transfers

EU to Australia Transfers:

Personal data may be transferred between our Malta and Australian operations
Appropriate safeguards in place, including Standard Contractual Clauses
Data protection standards are maintained across all jurisdictions

Third-Party Transfers:

Some service providers may be located outside the EU/Australia
We ensure adequate protection through approved transfer mechanisms
All transfers comply with GDPR and Australian Privacy Act requirements

7. Data Security

We implement comprehensive security measures to protect your personal information:

Technical Safeguards

Encryption: All data is encrypted in transit and at rest using industry-standard protocols
Access Controls: Multi-factor authentication and role-based access permissions
Network Security: Firewalls, intrusion detection, and regular security monitoring
Secure Storage: Data stored on secure servers with regular backup procedures
Software Updates: Regular updates and patches to maintain security standards

Organizational Measures

Staff Training: Regular data protection and security awareness training
Access Limitation: Data access restricted to authorised personnel only
Confidentiality Agreements: All staff are bound by strict confidentiality obligations
Incident Response: Documented procedures for handling security breaches
Regular Audits: Periodic security assessments and compliance reviews

Monitoring and Response

24/7 Monitoring: Continuous monitoring of systems for security threats
Backup Procedures: Regular data backups are stored securely in multiple locations
Disaster Recovery: Comprehensive disaster recovery and business continuity plans
Breach Notification: Immediate notification procedures for any data breaches
Vulnerability Management: Regular security testing and vulnerability assessments

8. Data Retention

We retain your personal information only as long as necessary for the stated purposes:

Active Clients

During Service Period: For the duration of your subscription and service relationship
Account Information: Maintained while your account remains active
Communication Records: Retained for customer service and legal purposes

Retention Periods

Financial Records: 7 years from the end of service (tax and accounting requirements)
Website Files: During the subscription period, then per our Terms & Conditions
Marketing Data: Until you withdraw consent or unsubscribe
Legal Documents: As required by applicable law or until legal matters are resolved

Data Deletion

Secure Deletion: Data is permanently deleted using secure methods
Anonymisation: Where possible, data anonymised rather than deleted for analytics
Client Requests: Data deleted upon valid deletion requests (subject to legal retention requirements)

9. Your Rights

Under GDPR and the Australian Privacy Act, you have the following rights:

Access and Information

Right to Access: Request copies of personal data we hold about you
Right to Information: Understand how your data is processed and shared
Data Portability: Receive your data in a structured, machine-readable format

Correction and Deletion

Right to Rectification: Correct inaccurate or incomplete personal information
Right to Erasure: Request deletion of personal data (subject to legal retention requirements)
Right to Restriction: Limit processing of your data in certain circumstances

Control and Objection

Right to Object: Object to processing based on legitimate interests or for direct marketing
Consent Withdrawal: Withdraw consent for marketing communications at any time
Automated Decision-Making: Not be subject to decisions based solely on automated processing

Exercising Your Rights

To exercise any of these rights, contact us at contact@maltawebagency.com with:

Clear identification of yourself
Specific details of your request
Proof of identity (to prevent unauthorised access)

We will respond to valid requests within 30 days (1 month under GDPR).

10. Cookies and Tracking Technologies

What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us provide better service and understand how you interact with our site.

Types of Cookies We Use

Essential Cookies:

Required for website functionality and security
Cannot be disabled without affecting site operation
Include session management and authentication cookies

Performance Cookies:

Help us understand how visitors use our website
Collect anonymous information about page visits and user behaviour
Include Google Analytics and performance monitoring tools

Functional Cookies:

Remember your preferences and settings
Provide enhanced features and personalisation
Include language preferences and accessibility settings

Marketing Cookies:

Track your online activity for advertising purposes
Help us deliver relevant advertisements and measure campaign effectiveness
Include social media plugins and remarketing tags

Managing Cookies

You can control cookies through:

Browser Settings: Most browsers allow you to refuse or delete cookies
Cookie Preferences: Use our cookie preference centre (where available)
Opt-Out Tools: Google Analytics opt-out and advertising preference controls

Third-Party Cookies

Google Analytics: For website performance analysis and user behavior tracking
Social Media: Facebook, LinkedIn, and other social platform integrations
Payment Processors: For secure payment processing and fraud prevention
Marketing Tools: Email marketing platforms and conversion tracking

11. Marketing Communications

Consent and Preferences

Opt-In Required: We only send marketing emails with your explicit consent
Clear Purpose: All communications clearly identify their purpose and sender
Easy Unsubscribe: Every marketing email includes an unsubscribe link
Preference Centre: Manage your communication preferences at any time

Types of Communications

Service Updates: Important notifications about your account and services
Educational Content: Industry insights, tips, and best practice guides
Product Information: Updates about new features and service offerings
Event Invitations: Webinars, workshops, and industry events

Frequency and Control

Reasonable Frequency: We limit marketing communications to avoid overwhelming you
Segmented Content: Communications tailored to your interests and service usage
Immediate Unsubscribe: Unsubscribe requests processed immediately
Suppression Lists: Maintained to ensure unsubscribed contacts don’t receive marketing

12. Children’s Privacy

Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover we have collected information from a child under 18, we will:

Delete the information immediately
Notify the parent or guardian if contact information is available
Take steps to prevent future collection from the same source

If you believe we have collected information from a child, please contact us immediately at contact@maltawebagency.com.

13. Data Breach Response

In the event of a data breach that poses a risk to your privacy:

Immediate Response

Containment: Immediate steps to contain and limit the breach
Assessment: Evaluation of the scope and impact of the breach
Notification: Notification to relevant authorities within 72 hours (where required)

Communication

Individual Notification: Affected individuals are notified if there is a high risk to their privacy
Clear Information: Explanation of what happened and what information was involved
Remedial Actions: Steps taken to address the breach and prevent future incidents
Support: Contact information and support for affected individuals

Prevention

Root Cause Analysis: Investigation to understand how the breach occurred
System Improvements: Implementation of additional security measures
Staff Training: Enhanced training to prevent similar incidents
Regular Reviews: Ongoing assessment of security procedures and protocols

14. Updates to This Policy

We may update this Privacy Policy from time to time to reflect:

Changes in our business practices
New legal or regulatory requirements
Feedback from customers and regulators
Technological developments and security improvements

Notification of Changes

Email Notification: Significant changes communicated via email to active clients
Website Notice: Prominent notice on our website for 30 days after updates
Version Control: Previous versions available upon request
Effective Date: Clear indication of when changes take effect

Your Continued Use

Continued use of our services after policy updates constitutes acceptance of the revised policy. If you disagree with changes, you may:

Contact us to discuss your concerns
Adjust your privacy preferences
Terminate your service relationship (subject to contractual obligations)

15. Contact Information

Data Protection Inquiries

For questions about this Privacy Policy or our data practices:

Email: contact@maltawebagency.com
Subject Line: “Privacy Policy Inquiry” or “Data Protection Request”

Malta Address:
Malta Web Agency
Calm Waters, Block B – Flat 8
Dun Anton Debono
San Giljan, Malta

+356 99051864

Entity:

W.J.D. Pty Ltd
ABN: 80 119 876 587

Response Times

General Inquiries: Response within two business days
Data Subject Requests: Response within 30 days (1 month under GDPR)
Urgent Privacy Concerns: Response within 24 hours
Breach Notifications: Immediate response and investigation

Regulatory Contacts

If you’re not satisfied with our response, you may contact:

Malta Data Protection Authority:
Office of the Information and Data Protection Commissioner
Level 2, Airways House
High Street, Sliema SLM 1549, Malta

Australian Privacy Commissioner:
Office of the Australian Information Commissioner
GPO Box 5218, Sydney NSW 2001, Australia

By using Malta Web Agency’s services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and processing of your personal information as described herein.

This Privacy Policy is effective as of 01.01.2025 and supersedes all previous versions.