Privacy Policy

Privacy Policy

This Privacy Policy describes practices of Chetcuti Cauchi for collecting, using, maintaining, protecting and disclosing information in relation to visitors. This Policy has been drafted in line with Article 12 of the General Data Protection Regulation which states that the controller shall take appropriate measures to provide information where personal data is to be collected1 and where personal data have been obtained but not from the data subject2.

1. Who we are?

Chetcuti Cauchi (hereinafter referred to as “We” or “Us”) is a group of entities constituted and operating internationally and providing legal, tax, personal and business consultancy. Chetcuti Cauchi operates a general informational website regarding such services offered, including services offered by Chetcuti Cauchi Advocates and CC Consulting Ltd, a company duly incorporated under the laws of Malta, bearing registration number C47375. In terms of potential handling of data, our website includes the functionality of contacting Us to ask a question, inquire about our services, make a complaint, or leave any feedback. We currently operate primarily from 120, St Ursula Street, Valletta, Malta, Europe. Persons having interest in obtaining more information on our practices or otherwise can send an email on We respect the privacy of individuals, and we are committed to protect the information of visitors.

2. What data do We collect?

This Policy applies mutatis mutandis to data collected from:

  • Our website (hereinafter referred to as the “CC Website”)

  • People who request to Receive Updates and Information from Us

  • People who send us a Request for Information

  • People who use our Services

  • Prospective employees and current Employees

  • Collaborators and Suppliers

Visitors and users of the CC Website, and any person falling in any of the categories mentioned above hereinafter shall be referred to as “You”.

In accordance with the General Data Protection Regulation 2016/679 (hereinafter referred to as “GDPR”), personal data is any information which is related to an identified or identifiable natural person, whether directly or indirectly, in particular by reference to an identifier such as a name and any location information, and to an online identifier, such as for instance, name, an identification number, and e-mail address (hereinafter referred to as “Personal Data”).

We collect the following Personal Data:

Personal Data that You might provide to Us when You:

  • contact Us to ask a question or inquire about our services,

  • send Us a request for information,

  • are services by Us,

  • engage Us for any service,

  • make a complaint, or leave any feedback,

  • apply for a prospective post with Chetcuti Cauchi,

  • agree to become a collaborator or supplier of Chetcuti Cauchi.

Personal Data We collect automatically:

  • when making use of the CC Malta Website

As you navigate through our website we may use cookies, which are small files placed on the hard drive of Your computer or mobile device, and web beacons, to collect information about your equipment, browsing patterns and actions. Data collected from cookies and web beacons might include information on a web browser, details of your visits to the CC Malta Website, including inter alia, traffic data and logs, page views and an internet protocol address.

Personal Data we collect should You apply for a post on the CC Malta Website:

  • Name and contact details;

  • Your previous experiences and details of your previous jobs;

  • Education details and transcripts;

  • Referees names and contact details; and

  • Answers to questions made to you during the recruitment process.

Whilst you are not obliged to provide information relating to the above, your application may be affected. We work with various recruitment agency and such information may be obtained from agencies you would have applied with. The information we collect will be used:

  • To process your application;

  • To assess your suitability for employment;

  • To contact you on the progress of your application; and

  • Comply with any legal or regulatory requirement.

We may request You to allow Us to process your Personal Data to contact You for any other vacancy that may arise. Should You consent, We will contact You whenever a suitable vacancy will arise.

  • On acceptance of an employment offer of an employee, We may collect the following information:

  • Identification document;

  • Police conduct certificate or equivalent; and

  • Health Information to ensure You are fit to work and to cater for any special conditions.

This additional information collected is processed to undertake pre-employment checks. This information is necessary to finalize Your employment and onboarding process.

Personal Data collected from third-party sources:

In order to provide the optimum service to You, We have contracted with third-party suppliers and service providers. We may obtain Personal Data about You from third parties, including but not limited to:

  • Google Analytics: This is a third-party tool by Google Inc that helps gather data. Google Analytics offers an opt-out option (add-on required). This tool allows Us to understand more about our visitor; for example, information such as the website visitor’s location and device used, including information on the visitor’s demographic.

  • Google Ads: This third-party tool carries out similar functionalities to Google Analytics however it is limited to the tracking of ads shown to the user.

  • Unbounce: This is a third-party tool which gathers IP Addresses of visitors to the CC Malta Website.

  • Hotjar: This third-party tool allows us to gather helpful data such as location data and information regarding the visitor’s specific attention to on-screen links and choices.

  • Our CRM System: The Request for Proposal system also collects the internet protocol address of each visitor to our website who send a Request for Proposal to us.

  • Other Service Providers: In order to be able to fulfil our contractual obligation with You, if any, we may engage third party companies to assist. In order to provide you with the best service possible, we might need to share data with our service providers.

We require that any third parties providing information has obtained such information lawfully and that the third party has obtained the appropriate consent to share the information. We work hard to ensure that data collected from third parties is lawfully obtained, stored and shared, however we are not in a position to ascertain this fully, and therefore, we shall not be deemed responsible for any breach carried out by our third parties, whether listed above or otherwise.

3. How We use your data?

In line with the principle of data minimization and data economy, we only collect personal data and process it on the following legal basis:

  • To contact You, to respond to your queries, complaints or questions, to troubleshoot and diagnose problems, complaints or questions.

  • To operate the CC Malta Website, ensuring security and integrity, to enforce our agreements and policies.

  • To carry out our contractual obligations, if any, with You and provide You with the best service possible.

  • For legitimate interest, primarily to protect us from legal action or claims from third parties, including you and/or to protect our legal rights and/or those of our employees, including to ensure apt performance of the website for the desired enduser experience.

We endeavour not to collect additional Personal Data or use the Personal Data we have collected for materially different, unrelated or incompatible purposes without asking for your consent.

We ensure the maximum level of safety and adopt high security measures to prevent unauthorized access, disclosure, modification or unauthorized distribution of data. The data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In some cases, the data may be accessible to certain types of persons in charge, involved with the operation of this CC Malta Website (such as, but not limited to, administration, marketing, legal and system administration) as data processors by Us.

4. Legal Basis

When processing your Personal Data, we rely solely on the following legal basis:

Consent – As per Article 6(1) (a) of the GDPR, processing of data is lawful when the data subject gives consent to the processing for a specific purpose. We will process your personal data when you consent. By ticking or choosing the ‘I accept’ or ‘I agree’ options when faced with the choice, You consent for us to process your Personal Data. Such consent can be easily withdrawn at any time.

Necessary – As per Article 6 (1) (b), we shall lawfully process personal data if it is necessary for the performance of a contract to which You are a party, or in order to conclude the required legal and customary steps to enter into a contract with You.

Moreover, We may legally process data if it is necessary for compliance and adherence to legal obligations to which We are subject3 or if required to protect Your vital interest or that of any other natural person4 or it is necessary for the performance of any task carried out in the public interest or in the exercise of an official authority vested to Us5.

Legitimate Interest – As per Article 6(1)(f) of the GDPR, We process certain data in order to improve the CC Malta Website and to troubleshoot and eliminate certain technical problems and to develop new features.

5. Who has access to your data?

We do not share your Personal Data with third parties for their marketing purposes. However, we might share anonymous or hashed data with third parties for our own marketing purposes. In line with the consent which you have provided we might share data in the following ways:

Our service providers – We may share your Personal Data with our service providers, such as inter alia, data storage company and other third parties who might be from time to time engaged to perform specific tasks for Us.

Chetcuti Cauchi – Employees and owners of the CC Malta Website may have access to your data should this be required. Moreover, owners might share your data during business enlargement, consolidation or bankruptcy. Your Personal Data, therefore, is accessible to all group entities and processed by any one or more of such group entities, albeit depending on (i) the services requested by you, and (ii) the extent to which we have a legal basis to process your Personal Data, in line with the GDPR. Financial-related Personal Data which relates to You is controlled by the group entity CC Consulting Ltd, a company duly incorporated under the laws of Malta, bearing registration number C 47375. All the entities of the Chetcuti Cauchi group follow and adhere to appropriate technical and organisational measures, in line with EU Data Protection law, for the processing of Personal Data.

Collaborators and suppliers – We may share your Personal Data with collaborators and suppliers who share our standards and commit to our level of privacy policies and practices where this would be necessary for the performance of an agreement entered into between You and Us, or any pertinent group entity thereof, which involves an area of specialisation which the pertinent collaborator or supplier is geared to service and which area We would not necessarily match with the collaborator or supplier in terms of complete fulfilment of the performance duly necessary for such agreement. The sharing therefore of your Personal Data in such a circumstance would be necessary for the performance of such an agreement between You and Us, in terms of Article 6(1)(b) of the GDPR, as explained above.

Legal Requirements – We might be asked by law enforcement agencies to disclose your Personal Data for the establishing of any legal or litigious right by the competent authorities, in cases of evident prima facie mala fides from Your end.

Your request – As per the GDPR – in the event that You decide to access Your right to data portability as per below, we have no option but to transfer Your Personal Data accordingly.

6. How We store Your data

We maintain sophisticated and top of the line data protection practices when it comes to securing Your Personal Data, in order to protect it. We use commercially available physical and technical safeguards which have been designed to secure Your Personal Data from loss, or unauthorized access or use. Additionally, we do not share Personal Data which We collect unless in line with this Policy. We have adopted a ‘need-to-know’ policy, and therefore Personal Data is only disclosed to only employees who strictly need to know Your Personal Data in order to provide You services.

This notwithstanding, We are aware that despite we take all the measures which are feasibly available to Us, there might be rare instances of data loss or damage due to accidents which are beyond our control. No method of transmitting data over the internet can be classified as without risk.

Any transmission of Personal Data is done at Your own risk and We cannot guarantee that such Personal Data may not be accessed, disclosed or altered by unauthorized persons.

Additionally, We herein outline programmes and systems We use in our collection, processing and storing of data:

  • We use an online portal managed and operated by Us online to store and process information, data and details;
  • We use reCAPTCHA to detect any improperly use of Our websites by automated mechanical processing. Certain personal data, which is necessary in relation to such processing, such as an IP address, is thus transmitted to “Google”. This is primarily done in order to comply with the necessary appropriate technical and organisation safeguards required to be implemented in terms of the GDPR;
  • When someone visits our website/s and consents for the collection and processing of analytical and/or other non-necessary data, a third party service, Google Analytics, is utilised to collect data such as standard internet log information and details of visitor behaviour patterns. This information is processed in such a manner that it does not identify the user or render them identifiable. Such information is only collected as per our Cookie Policy;
  • We use third party Human Resources systems for the collection, processing and storing of information on prospective employees and employees. All third party systems We use are GDPR compliant. Any such collection, processing or storing of information would therefore be undertaken depending on the extent of legal basis existent for such prospective employee or employee.

7. Data Retention

In light of the GDPR provisions6, We keep Personal Data as long as necessary in order to keep up with our legal obligations. Therefore, unless you explicitly request to have Your Personal Data deleted as per the below, We will retain your Personal Data in our secure database for as long as is needed to rectify any concern or query for which the data was relayed to us.

Notwithstanding the previous provision, Personal Data collected might be kept for an additional period as may be required for legal or tax reasons, or for legitimate and lawful business purposes.

8. Your Rights

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The Right to Access Your Persona Data7 - You have the right to request for copies of Personal Data which has been collected concerning Yourself. You can access this right at reasonable intervals. This right should not adversely affect the rights or freedoms or others, including intellectual property rights, trade secrets or software copyright held by Us.

The Right to Rectification8 - You have the right to request that without unjust delay We correct any information You relayed to Us, which You believe is inaccurate. You also have the right to request to complete information which You have relayed to us which You believe is incomplete, by providing a supplementary statement.

The Right to Erasure9 - You have the right to request the erasure of Your Personal Data without undue delay and We shall erase such Personal Data as considerably soon as possible when one of the following grounds apply:

  • The Personal Data is no longer necessary in relation to the purpose for which it was collected or processed

  • You withdraw consent on which processing is based or there is no longer a legal ground for the processing;

  • You object to the processing pursuant to Article 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing; or

  • The processing was unlawful.

The above right shall not apply to the extent that processing is necessary for the establishment, exercise or defence of legal claims.

The Right to lodge a complaint with a supervisory authority – You have the right to lodge a complaint with the pertinent supervisory authority where You consider that the processing of Your Personal Data infringes any point contained in this Privacy Policy or any provision in the GDPR. In terms of Article 12(4) GDPR, further to a notification from Us, that We will not be taking action as per the request made by Yourself pursuant to one of the rights contained herein or to any other right which may be invoked by Yourself under the GDPR, You have the right to lodge a complaint with a supervisory authority for the possibility of seeking a judicial remedy thereto on the basis of such decision.

The Right to Restrict Processing10 - You have the right to request that We restrict the processing of Your personal data, under certain conditions:

  • The accuracy of the Personal Data is contested by Yourself, for a period, to enable us to verify the accuracy of such Personal Data.

  • The processing is unlawful and You oppose to the erasure of the Personal Data and restrict use instead.

  • We no longer need to process Your Personal Data, but such Personal Data is required by Yourself for the establishment, exercise or defence of legal claims.

  • You have objected to the processing in line with Article 21(1) of the GDPR, pending verification whether the our legitimate grounds override those of the data subject.

When Personal Data is restricted in line with the above, such data may only be processed with Your consent.

The Right to withdrawal – You have the right to withdraw the consent You gave Us to process your Personal Data for the purposes herein mentioned, if either point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR have been utilized as a lawful basis to process the Personal Data.

Exception to Abovementioned Rights

In line with Article 12(2) of the GDPR, the effective exercise of Your rights under Articles 15 to 22 of the GDPR inter alia, may be refused to be effected, if We deem that We are unable to identify the data subject concerned.

9. Cross-Border Transfer of Data

Chetcuti Cauchi takes well into consideration the necessary cross-border nature of data utilisation across computer systems and the world wide web.

Intra-Group Transfers of Data Within the EU/EEA

The free exchange of personal data between Member States is a fundamental aspect of the EU’s basic principles. This principle is also reflected in the GDPR, which excludes the restriction or prohibition of the free movement of personal data within the EU or EEA.

The GDPR therefore allows for the transfer between EU/EEA companies subject to the existence and/or fulfilment of a legal basis as per section 4 of this privacy policy.

Transfers Outside the EU/EEA

Personal Data we collect from You is collected, stored or processed within the EU/EEA. We may work with providers which are located outside the EU/EEA. However, we endeavour to transfer data to such providers following adoption of the adequate safeguards. Such appropriate safeguards include contractual arrangements, particularly standard contractual clauses approved by the European Commission.

10. Automated Decision Making

CC Malta Website does not use any Personal Data provided by Yourself for the purpose of automated decision-making, including profiling, which has a legal or similarly significant effect.

11. Changes

We keep this Privacy Policy under regular review and place any updates on this web page. This Privacy Policy was last updated on 11th March 2022.

12. Contact Us

If you have any comments, concerns or questions about this Privacy Policy or our privacy practice, please send an email to

1 Article 13, General Data Protection Regulation.
2 Article 14, General Data Protection Regulation.
3 Article 6 (c), General Data Protection Regulation.
4 Article 6 (d), General Data Protection Regulation.
5 Article 6 (e), General Data Protection Regulation.
6 Article 5 (e), General Data Protection Regulation.
7 Recital 63 & Article 15, General Data Protection Regulation.
8 Article 16, General Data Protection Regulation.
9 Article 17, General Data Protection Regulation.
10 Article 18, General Data Protection Regulation.

Contact Us
Please send me legal and other updates