PRIVACY STATEMENT – MDINA PARTNERS

At Mdina Partners, we take your privacy seriously. This statement explains how we collect, use, store, and share personal information, and the rights you have under data protection laws.

1. Data Controller
The company acts as the “Data Controller” regarding the information we collect and process. If you have any questions or concerns about the use of your data, please contact us at info@mdinapartners.com.

2. Data Collection and Use

2.1. Information collection
We may collect:
• Non-personally identifiable information eg IP addresses and website cookies.
• Personally identifiable information (PII) eg information that can identify individuals, such as names, addresses, email addresses, and contact numbers.
• Sensitive information (e.g., health details) — only when necessary for our services and only with your explicit consent

2.2. Consent and Withdrawal
We collect personal data necessary for the provision of services or required by law. By providing us with your information, you consent to the collection, processing, and storage of your data as described in this Privacy Statement.

We may also process your data on other lawful bases under GDPR, including:
(i) performance of a contract,
(ii) to comply with legal obligations, and
(iii) for our legitimate interests (e.g., improving services, preventing fraud).

You have the right to withdraw consent at any time by contacting us at info@mdinapartners.com.Please note this may affect the services we can provide.

2.3. Use of Personal Data
We use your personal data to:

• provide our services and manage our relationship with you
• communicate with you about services, updates, or enquiries
• handle invoicing and payments
• improve our website and services
• meet our legal and regulatory obligations.

2.4. Data Sharing
We only share data where necessary:
• with professional advisors (e.g., accountants)
• with trusted service providers (e.g., IT, cloud storage, payment processors) who act on our behalf and keep your data secure
• with public authorities when required by law.

We never sell your data.

3. Data Security and Storage

3.1. Data Security
We use appropriate technical and organisational measures to safeguard your personal data against unauthorised access, alteration, disclosure, or destruction, by:
• restricting access to personal data to authorised personnel only
• using encryption and secure connections where appropriate
• regular system updates and monitoring.

3.2. Data Retention
We keep personal data only as long as necessary for the purposes for which it was collected or as required by law. Where possible, retention periods are limited to five (5) years. Once data is no longer required, it will be securely deleted or anonymised to prevent identification.

4. Data Disclosure and Transfer

4.1. Third-Party Service Providers
We may engage trusted third-party service providers (e.g., cloud storage, payment processors) who process personal data on our behalf. These providers are carefully selected and obligated to implement appropriate security measures to protect personal data.

4.2. Legal Requirements
We may disclose personal data if required by law or in response to lawful requests from public authorities.

4.3. Cross-Border Transfers
If your personal data is transferred outside the UK or EU/EEA, we ensure appropriate safeguards are in place (such as adequacy decisions or Standard Contractual Clauses) to protect your data and comply with applicable data protection laws.

5. Individual Rights
Regarding your personal data, you have the right to:
• access and rectify incorrect or incomplete personal data
• request erasure of personal data (where legally possible)
• restrict or object to how we process your data
• receive a copy of your data in a portable format
• withdraw consent where this is the basis for processing.
To exercise your rights, please contact us at info@mdinapartners.com. Responses will be provided within one month (extensions may apply for complex cases).

We do not use automated decision-making or profiling.

6. Complaints

If you have concerns about how your data is handled, please contact us at info@mdinapartners.com. We will look into and respond to any complaints we receive. You also have the right to contact the Office of the Information and Data Protection Commissioner (IDPC) in Malta.

7. Cookies and Analytics

We use cookies to offer a personalised service through our websites. Cookies store limited information about your website usage. Some are essential for the site to work, while others help us improve performance, personalise content, or support marketing.
• Performance cookies help us understand how visitors use the website, and which pages are visited.
• Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.
• Analytical cookies are used to understand how visitors interact with the website and help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

When you visit our site, you will see a cookie banner where you can change your settings at any time via the banner or in your browser.

We may also use analytics tools provided by Google, Inc., or similar providers to collect aggregated, anonymised data on user activity for website improvement.

8. Policy Reviews and Updates
We review and update this Privacy Statement regularly to reflect changes in our services, legal requirements, or industry best practices. The latest version will always be published on our website.

9. Contact Information
If you have any questions or concerns regarding this Statement or the handling of personal data, please contact us at info@mdinapartners.com.

We review this statement regularly to reflect legal requirements and service changes. It was last updated in August 2025.