Contact

Compliance

Privacy Policy

Vassallo Group is committed to protect the privacy of individuals who visit the website and who make use of the on-line facilities. This privacy policy provides you with information in terms of article 13 of the General Data Protection Regulations. The policy can be easily accessible via a link at the bottom of each web page.

  • We collect only the minimum data necessary to respond to your enquiry.
  • We will never sell your personal data to any third party.
  • We keep your data only for as long as is necessary and required by law.
  • You are in control — your rights over your data are set out clearly in this Policy.

We, the team at Vassallo Builders, strongly value your privacy and are committed to protecting your personal data as though it were our own. This Privacy Policy describes our practices relating to the personal data of visitors to www.vassallobuilders.com and those who make use of our online facilities.

 

The data controller — the company responsible for your privacy — is Vassallo Builders Ltd, The Three Arches, Valletta Road, Mosta, MST 9016, Malta. If you have any questions, please contact our Data Protection Officer at dpo@vassallogroupmalta.com.

1. Who We Are and How to Contact Us

This Privacy Policy applies to the website at www.vassallobuilders.com (the “Website”), operated by Vassallo Builders Ltd. For the purposes of the GDPR (EU) 2016/679 and the Data Protection Act (Chapter 586 of the Laws of Malta), we are the Data Controller of personal data collected through this Website.

 

OrganisationVassallo Builders Ltd
AddressThe Three Arches, Valletta Road, Mosta, MST 9016, Malta
DPO Emaildpo@vassallogroupmalta.com
Tel22107000
Organisation Vassallo Builders Ltd
Address The Three Arches, Valletta Road, Mosta, MST 9016, Malta
DPO Email dpo@vassallogroupmalta.com
Tel 22107000

You also have the right to complain to the Information and Data Protection Commissioner (IDPC) — the Maltese supervisory authority for data protection matters. We would, however, appreciate the opportunity to address your concerns in the first instance.

IDPC Office of the Information and Data Protection Commissioner
Address Second Floor, Airways House, High Street, Sliema SLM 1549, Malta
Tel +356 2328 7100
Email idpc.info@gov.mt
Website www.idpc.org.mt
IDPC Office of the Information and Data Protection Commissioner
Address Second Floor, Airways House, High Street, Sliema SLM 1549, Malta
Tel +356 2328 7100
Email idpc.info@gov.mt
Website www.idpc.org.mt

2. Information We Collect

Most of the personal data we collect through this Website is provided to us only if you choose to give it to us — for example, when you fill in an enquiry form, sign up to our newsletter, or contact us by email.

 

2.1  Data You Provide to Us

The information we collect from you normally includes:

  • First name and surname
  • Email address
  • Contact telephone number
  • Home or business address (where provided)
  • The content of any message, enquiry or request you submit

 

You are not obliged to provide this information. However, if you do not, we may be unable to respond to your enquiry.

 

2.2  Data Collected Automatically

When you visit our Website, certain technical data is collected automatically through our web servers, cookies and analytics tools, including:

  • IP address and approximate geographic location
  • Browser type, version and operating system
  • Pages visited, date and time of visit, and referring URL
  • Device type (phone, tablet, desktop)

 

Please refer to Part B (Cookie Policy) for full details.

3. How and Why We Use Your Information

We only process personal data where we have a valid legal basis under Article 6 of the GDPR. The table below sets out what data we collect, the purposes for which we use it, and the lawful basis we rely upon.

Personal Data Purpose Legal Basis (Art. 6 GDPR)
Name, email address, telephone number and enquiry content To respond to enquiries submitted through our Website contact form; to follow up on your enquiry where appropriate. Legitimate interests (Art. 6(1)(f)) — responding to a request you have initiated; or pre-contractual steps (Art. 6(1)(b)).
Email address (marketing opt-in only) To send you information about our services, projects and updates where you have opted in to receive marketing communications. Consent (Art. 6(1)(a)). You may withdraw consent at any time.
Technical browsing data (IP address, browser, pages visited, referral URL) To ensure the Website functions correctly and securely; to monitor and improve Website performance and user experience; to detect and prevent misuse. Legitimate interests (Art. 6(1)(f)) — improving our online services and maintaining security.
Cookie and analytics data For Website analytics, performance monitoring and (where consented) enhanced functionality. See Part B (Cookie Policy). Consent (Art. 6(1)(a)) for non-essential cookies. Strictly necessary cookies: no consent required.
Personal Data Name, email address, telephone number and enquiry content
Purpose To respond to enquiries submitted through our Website contact form; to follow up on your enquiry where appropriate.
Legal Basis (Art. 6 GDPR) Legitimate interests (Art. 6(1)(f)) — responding to a request you have initiated; or pre-contractual steps (Art. 6(1)(b)).
Personal Data Email address (marketing opt-in only)
Purpose To send you information about our services, projects and updates where you have opted in to receive marketing communications.
Legal Basis (Art. 6 GDPR) Consent (Art. 6(1)(a)). You may withdraw consent at any time.
Personal Data Technical browsing data (IP address, browser, pages visited, referral URL)
Purpose To ensure the Website functions correctly and securely; to monitor and improve Website performance and user experience; to detect and prevent misuse.
Legal Basis (Art. 6 GDPR) Legitimate interests (Art. 6(1)(f)) — improving our online services and maintaining security.
Personal Data Cookie and analytics data
Purpose For Website analytics, performance monitoring and (where consented) enhanced functionality. See Part B ( Cookie Policy ).
Legal Basis (Art. 6 GDPR) Consent (Art. 6(1)(a)) for non-essential cookies. Strictly necessary cookies: no consent required.

4. Retention Periods

NOTE: Where we rely on legitimate interests as our lawful basis, we have assessed that our interests do not override your fundamental rights and freedoms. You may object to processing on this basis at any time — see Section 8 (Your Rights).

We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by law. The following retention periods apply:

Category of Personal Data Retention Period
Enquiry data — where no business relationship follows 2 years from the date of the enquiry
Enquiry data — where a business relationship develops Duration of the business relationship plus 7 years
Marketing consent and opt-in records Until consent is withdrawn, plus 3 years for record-keeping
Website analytics data (aggregated) 26 months (standard Google Analytics retention)
Web server logs and technical access data 90 days, unless required for a security investigation
Cookie consent records 12 months from the date of consent
Category of Personal Data Enquiry data — where no business relationship follows
Retention Period 2 years from the date of the enquiry
Category of Personal Data Enquiry data — where a business relationship develops
Retention Period Duration of the business relationship plus 7 years
Category of Personal Data Marketing consent and opt-in records
Retention Period Until consent is withdrawn, plus 3 years for record-keeping
Category of Personal Data Website analytics data (aggregated)
Retention Period 26 months (standard Google Analytics retention)
Category of Personal Data Web server logs and technical access data
Retention Period 90 days, unless required for a security investigation
Category of Personal Data Cookie consent records
Retention Period 12 months from the date of consent

We may retain data for longer where required by law, to resolve a dispute, or to enforce our terms and conditions. On expiry of the applicable retention period, personal data will be securely deleted or irreversibly anonymised. You may request further information about our retention periods by contacting us at dpo@vassallogroupmalta.com.

5. Children Under 16

Our Website is not directed at children under the age of 16. If you are under 16, please obtain your parent or guardian’s permission before providing any personal information to us. Where we need to process personal data relating to a parent or guardian on behalf of a minor, we may request verification documentation to confirm that consent has been given by the holder of parental responsibility.

6. Sharing Your Information

We do not, and will not, sell any of your personal data to any third party — including your name, address or email address.

 

We may share your data with the following categories of organisations where necessary and proportionate:

  • Vassallo Group companies — other members of Vassallo Group where relevant to our operations. All Group companies are subject to the same data protection standards.
  • Professional service providers — including marketing agencies, website hosts, IT providers and analytics providers who process data on our behalf under written data processing agreements.
  • Law enforcement, fraud prevention and regulatory authorities — where we are legally required to disclose personal data, for example in response to a court order or to comply with applicable law.

 

In most circumstances we will not disclose personal data without your consent. However, there may be occasions where we are required to do so — for example, to comply with a legal obligation, to protect vital interests, or in the event of a corporate reorganisation. If we ever transfer data to entities outside the European Economic Area (EEA), we will do so only in compliance with the GDPR, including through the use of Standard Contractual Clauses approved by the European Commission.

7. Marketing Communications

We will only send you marketing communications by email or other electronic means if you have given us your explicit and freely given consent to do so.

 

You can stop receiving marketing messages from us at any time by:

  • Clicking the ‘unsubscribe’ link in any email we send you; or
  • Contacting us directly at dpo@vassallogroupmalta.com.

 

Once you request to stop marketing messages, we will update your profile accordingly. Please note it may take a few days for all systems to be updated. Stopping marketing messages will not affect any service communications that are necessary as part of a contractual relationship with you.

8. Your Rights

Under the GDPR and the Data Protection Act (Chapter 586 of the Laws of Malta), you have the following rights in relation to your personal data. These rights are subject to certain legal limitations and exemptions.

Your Right What This Means
Right to be Informed (Art. 13–14) You have the right to be told clearly how and why we process your personal data. This Privacy Policy fulfils that obligation.
Right of Access (Art. 15) You can access the personal data we hold about you by contacting us at dpo@vassallogroupmalta.com or on 22107000. We will respond within one month. We may ask you to verify your identity before releasing personal data.
Right to Rectification (Art. 16) If you believe the information we hold about you is inaccurate or incomplete, please ask us to correct it by contacting us at dpo@vassallogroupmalta.com.
Right to Erasure (Art. 17) You may ask us to delete your personal data. This right is not absolute — we may retain data where required by law, to comply with a legal obligation, or in relation to the exercise or defence of legal claims.
Right to Restriction (Art. 18) You may request that we restrict processing of your personal data in certain circumstances, for example while the accuracy of data you have contested is being verified.
Right to Data Portability (Art. 20) Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, machine-readable format (e.g. CSV), which we can provide to you or transfer to another organisation at your request.
Right to Object (Art. 21) You may object to processing based on legitimate interests, including profiling. You may also object to direct marketing at any time.
Rights re: Automated Decisions (Art. 22) You have the right not to be subject to decisions based solely on automated processing that produce significant legal effects. We do not carry out such processing on this Website.
Right to Withdraw Consent (Art. 7(3)) Where we rely on your consent for processing, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
Right to Complain You have the right to lodge a complaint with the IDPC at any time: idpc.info@gov.mt | www.idpc.org.mt | Tel: +356 2328 7100.
Your Right Right to be Informed (Art. 13–14)
What This Means You have the right to be told clearly how and why we process your personal data. This Privacy Policy fulfils that obligation.
Your Right Right of Access (Art. 15)
What This Means You can access the personal data we hold about you by contacting us at dpo@vassallogroupmalta.com or on 22107000. We will respond within one month. We may ask you to verify your identity before releasing personal data.
Your Right Right to Rectification (Art. 16)
What This Means If you believe the information we hold about you is inaccurate or incomplete, please ask us to correct it by contacting us at dpo@vassallogroupmalta.com.
Your Right Right to Erasure (Art. 17)
What This Means You may ask us to delete your personal data. This right is not absolute — we may retain data where required by law, to comply with a legal obligation, or in relation to the exercise or defence of legal claims.
Your Right Right to Restriction (Art. 18)
What This Means You may request that we restrict processing of your personal data in certain circumstances, for example while the accuracy of data you have contested is being verified.
Your Right Right to Data Portability (Art. 20)
What This Means Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, machine-readable format (e.g. CSV), which we can provide to you or transfer to another organisation at your request.
Your Right Right to Object (Art. 21)
What This Means You may object to processing based on legitimate interests, including profiling. You may also object to direct marketing at any time.
Your Right Rights re: Automated Decisions (Art. 22)
What This Means You have the right not to be subject to decisions based solely on automated processing that produce significant legal effects. We do not carry out such processing on this Website.
Your Right Right to Withdraw Consent (Art. 7(3))
What This Means Where we rely on your consent for processing, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
Your Right Right to Complain
What This Means You have the right to lodge a complaint with the IDPC at any time: idpc.info@gov.mt | www.idpc.org.mt | Tel: +356 2328 7100.

To exercise any of your rights, please contact us at dpo@vassallogroupmalta.com. We may ask you to verify your identity before processing your request. Unreasonable or excessively repetitive requests may be subject to a reasonable fee or refusal in accordance with Article 12(5) GDPR.

9. Security of Your Personal Data

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures include:

  • HTTPS/TLS encryption for all data transmitted between your browser and our Website
  • Secure server environments with firewalls and access controls
  • Encryption of personal data in transit and at rest where appropriate
  • Physical access controls at data centres
  • Information access controls limiting access to authorised personnel only
  • Use of back-up systems and disaster recovery procedures

 

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the IDPC within 72 hours (Article 33 GDPR) and, where the risk is high, notify you directly without undue delay (Article 34 GDPR).

10. Links to Other Websites

Our Website may contain links to third-party websites not operated by us. This Privacy Policy does not apply to those websites. We are not responsible for their privacy practices or content and encourage you to read the privacy statements of every external website you visit.

11. Changes to This Privacy Policy

Our Website is continually under review and this Privacy Policy may be updated from time to time. When we make material changes, we will post the updated Policy on this page with a revised effective date. We encourage you to review this Policy periodically.

12. How to Contact Us

If you have any questions about this Privacy Policy or wish to make a complaint about how we have handled your personal information, please contact us:

Organisation

Vassallo Builders Ltd

Address

The Three Arches, Valletta Road, Mosta, MST 9016, Malta

DPO Email

dpo@vassallogroupmalta.com

Tel

22107000

Organisation Vassallo Builders Ltd
Address The Three Arches, Valletta Road, Mosta, MST 9016, Malta
DPO Email dpo@vassallogroupmalta.com
Tel 22107000