Last updated on 30 June 2020
MZ Investment Services Ltd (the “Company” or “MZISL” or “we” or “us” or “our”) is a private limited liability company registered and incorporated under the laws of Malta. The Company is licensed by the Malta Financial Services Authority (the “MFSA”) as a Category 2 investment services licence holder and is authorised to provide the following investment services in terms of the Investment Services Act (Chapter 370, Laws of Malta): Investment Advisory Services; Discretionary Portfolio Management Services; Reception and Transmission of Orders; Execution of Orders; Placement of Instruments without a Firm Commitment Basis; and Nominee Services. The Company provides its investment services to retail clients, professional clients and eligible counterparties (collectively, the “Clients”) in relation to a number of investment instruments as set out in the Company’s licence.
As your trusted provider of Financial Services, we owe you our commitment to protect and maintain your personal data in the best way possible.
Purpose and Rationale
From May 2018 a new Data Protection Law, known as ‘GDPR’ (General Data Protection Regulation) came into effect. This regulation is meant to protect your personal data. For this reason, we have updated our ‘Data Protection and Confidentiality Policy’. This Policy is intended to inform you of the information we may have about you, what we use it for and your rights in relation to this data.
- MZISL shall respect and protect the confidentiality of all the information concerning you and shall not, without the your prior consent, disclose any such information to a third party except in the proper performance of these Terms or as required by law in the course of business as MZISL carries out our instructions.
- MZISL maintains strict information security procedures designed to prevent unauthorised access to our Client’s information. However, the Client’s personal information may and will be shared with third parties in the course of providing a Service to the Client, as further detailed in point 7. Personal Data may also be shared for the prevention and detection of any criminal activity which MZISL is legally bound to report.
- MZISL has in the past obtained, and may in the future obtain from you various Consents, Authorisations and Agreements. These will remain in force unless we receive different / new instructions from you as the Client.
Of particular mention here is the Client’s Email Address, Mobile Number and Correspondence Address. When such information is given to MZISL, the Client is consenting that these mediums may be used to communicate with the Client. MZISL commits to ensure that all reasonable steps are taken to protect the data of the client but the Client needs to understand the inherent risks associated with the different mediums.
The Client remains responsible to ensure that the information is correct and up to date. Any changes need to be reported to MZISL as soon as possible. If MZISL suspects fraud or money laundering risk it may refuse to provide its services.
MZISL will only use your information if it has your consent or if it is legally bound to do so. Information about you in the public domain may be used by MZISL without requesting your explicit consent.
We remind you that you may withdraw your consent at any time however MZISL may be unable to stop processing and holding your Personal Data if it has a legitimate reason to do so.
Personal Data – Definition, Use, Collection & Disclosure
Personal Data is defined as all Information that directly identifies you, the individual, as the client of MZISL.
Examples of personal data include:
- Name, address, ID number, IP address, system ID, cookies, account mnemonics, social media profiles, bank account numbers etc.
- MZISL will also maintain Transaction Information (collected or generated) about the client, such as, movements and details of Investments, details of payments, telephone call recordings, cctv footage, queries, complaints, etc.
- Personal Documents requested from the client or obtained by MZISL KYC (Know your Client) verification processes will be kept by MZISL as required by law, particularly, in satisfaction of the ‘Prevention of Money Laundering and Funding of Terrorism Regulations’. Data may be collected by MZISL from various databases, Courts, Regulators, Tax Authorities, etc.
MZISL will only use your information (unless this information is in the public domain) when we have your explicit consent. As our client we use your information / Personal Data in a number of ways:
- Processing and verifying your Account Opening Form. MZISL insists that it obtains all relevant information on the Client prior to Account Opening. This information is required to service the client in the best way possible and to remain in line with the Anti Money Laundering obligations imposed on MZISL.
- Processing of investment or other client service requests.
- Keeping you informed as to the transactions (purchases, sales, income payments etc.) and periodic valuations / reporting
- For Research, Statistics and Product Development
- For Internal Assessment and Analysis
- For Compliance and Reporting purposes, including those arising from legal or regulatory obligations, as they may change from time to time. We may use your information to detect or prevent crime and unlawful acts (including Financing or Terrorism, Money Laundering and Financial Crimes)
- For Marketing purposes, including Market Research and Direct Marketing. Such research is carried out for internal and product development purposes only. The medium or means of communication with you as the client will be the one supplied to MZISL at account opening stage and during your relationship with MZISL. You may change your mind on how you receive marketing messages or you may decide to stop receiving them altogether.
- For other legal or regulatory obligations required by law
You shall have the right to require access to your personal data. In certain circumstances, the client or MZISL may request the revision of any inaccurate, incomplete or outdated material personal data.
Selected individual employees of MZISL will have access to your data, on a need to know basis, in order to service and support you. Each and every member of staff is responsible to maintain ‘Customer Confidentiality’.
Client personal data will only be disclosed to third parties, if this is required to fulfil your requests for service or any other Legal and Regulatory Requirements. MZISL will strive to appropriately protect your data and will never sell your personal information.
The Company does not sell your personal data, although this may be shared, where lawful to do so, with other third-parties as per below:
- ID Authentication and Fraud Prevention Agencies
- Legal Advisors
- Regulatory Bodies
- Stock Exchanges
- System Support
- Regulatory Authorities
Third-party business partners or service providers are scrutinized to make sure they use appropriate security measures to protect the confidentiality and security of personal data. These entities are only allowed to process your data according to our instructions and are not permitted to use the same data for their own purposes. MZISL maintains strict security measures to prevent unauthorised use of personal data by anyone
Personal Data is mainly collected by MZISL as follows:
- At onboarding stage
- During reviews of client portfolios
- Through order raised with the Company
- On submission of AML and other risk data
- On updating the client’s profile and his/her preferences
- On contacting us with a query
- On providing feedback to MZISL
- On reporting issues and complaining
- From publicly available sources (e.g. business registry, court databases etc)
- From generic online searches
- From recordings
Marketing may be carried out through emails or mailshots. You may withdraw your consent to the processing of personal data for marketing purposes at any time by sending an email to the address specified further below.
Clients’ personal data may be held by MZISL as long as necessary for the specific purpose it was collected for. Typically, MZISL is legally obliged to retain personal data for not less than a period of 5 years from the date that the relationship between the client and MZISL ends, or when the occasional transaction is carried out.
In some instances, MZISL will be bound to retain the data for a longer period. This may arise from:
- Other overriding regulations
- In accordance with provisions of the ‘Prevention of Money Laundering and Funding of Terrorism Regulations’
- On request by the MFSA, or any other regulatory body and/or supervisory authority
- To Defend a legal claim
In some cases you may ask us to remove your data.
You, the person in relation to whom MZISL holds person identifiable data, have rights under data protection laws:
- Right of access – you have the right to receive a copy of any personal data we hold on you
- Right of rectification – you have the right to request us to correct your personal data where it is inaccurate or incomplete
- Right to erasure – in some cases you may ask MZISL to erase your personal data
- Right to restrict processing – in some cases you may ask MZISL to suspend use of your personal data
- Right to Data Portability – you have the right to request your personal data and reuse it with another organisation. The right only applies to personal data provided by way of contract or consent
- Right to object – in some cases you may object to our use of your personal data
- Rights related to automated decision making, including profiling – MZISL does not employ systems that make decision with no human involvement, such as profiling, which uses personal data to make calculated assumptions about you. You have the right to challenge and request a review of such processing should MZISL start using such technology on your personal data
Requests and Contact
The client is advised that any requests for more information or complaints in respect of the processing and retention of personal data are to be directed to:
The Data Protection Officer
MZ Investment Services Limited
PO Box 24
This can be done via written communication sent either by post or to the email address: firstname.lastname@example.org.
While you will be charged no fee to exercise your data subject rights, MZISL reverses the right to charge a reasonable fee if your request repetitive, excessive or unfounded. MZISL may also request personal information on processing such requests to confirm your identity and ensure your personal data is not disclosed to any person who has no right to receive it.
This does not prejudice the Client’s right complain to the Office of the Information and Data Protection Commissioner at www.idpc.org.mt.
This policy was last updated on 30 June 2020. We review this policy regularly and reserve the right to make changes. The most recent version will always be published in this page, in the website, and therefore it is in your best interest to check this page every time you access our site.