Privacy Policy
Effective Date: 20th March 2025
At QON Ltd., we are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679, as well as applicable Maltese data protection laws, including the Data Protection Act (Chapter 586 of the Laws of Malta). This Privacy Policy outlines how we collect, use, disclose, and protect your personal data when you use our website and services.
1. Data Controller
The data controller responsible for processing your personal data is:
2. Personal Data We Collect
We may collect and process the following categories of personal data:
-
Identity Information
Full name, nationality, date of birth, and identification documents (if required). -
Contact Information
Email address, phone number, residential or business address. -
Financial Information
Banking details, investment preferences, and transaction history (for clients). -
Technical Data
IP address, browser type, device information, and usage data (collected via cookies). -
Communication Data
Emails, messages, and inquiries submitted through our Contact Form. -
Marketing Preferences
Your choices regarding newsletters and promotional materials.
We collect this data when you:
• Use our website and services.
• Contact us via email, phone, or our online Contact Form.
• Subscribe to our Insights & Thought Leadership updates.
• Apply for job opportunities or internships via our Careers Section.
3. Legal Basis for Processing
We process your personal data based on one or more of the following legal bases under Maltese and EU law:
-
Consent
When you provide clear consent to process your data for specific purposes, such as marketing communications. -
Contractual Necessity
When processing is necessary to fulfill a contract, such as providing investment or financial advisory services. -
Legal Obligation
When required by Maltese law or EU regulations to process personal data (e.g., compliance with Anti-Money Laundering (AML) laws). -
Legitimate Interest
When processing is necessary for our business interests, such as improving our website, responding to inquiries, or ensuring cybersecurity, provided your rights do not override these interests.
4. How We Use Your Personal Data
We process your personal data for the following purposes:
- To provide wealth management, investment advisory, and financial services.
- To respond to inquiries and communicate with you effectively.
- To comply with legal and regulatory obligations (AML, KYC, tax reporting).
- To improve website security and optimize user experience.
- To conduct marketing, newsletters, and business communications, subject to your preferences.
- To evaluate job applications and internship requests under our Careers Section. We will not use your personal data for automated decision-making or profiling that produces legal or significant effects on you.
5. Data Sharing & Third-Part Disclosures
We respect your privacy and confidentiality and do not sell, rent, or trade your personal data.
However, we may share data with:
-
Regulatory Authorities
When required by law (e.g., MFSA, FIAU, tax authorities). -
Service Providers & Partners
IT providers, financial institutions, or external consultants who assist us in delivering services. -
Legal & Compliance Entities
Lawyers, auditors, and compliance firms for regulatory obligations.
Any third party processing your data on our behalf is contractually required to ensure data protection and confidentiality in compliance with GDPR and Maltese law.
6. Data Retention Policy
We retain personal data only for as long as necessary for the purposes stated in this Privacy Policy, in accordance with legal and regulatory obligations.
-
Client-related data
Retained for the duration of the business relationship plus 5 years after termination, as required by AML laws. -
Financial transaction data
Retained for at least 10 years, per tax and financial regulations. -
Job applications
Retained for 12 months for future career opportunities unless otherwise requested. -
Marketing preferences
Retained until you opt out of receiving communications.
Once the retention period expires, data is securely deleted or anonymized.
7. International Data Transfers
If we transfer your personal data outside the European Economic Area (EEA) (e.g., to financial partners, service providers, or cloud storage providers), we ensure that appropriate safeguards are in place:
-
Adequacy Decision
Transfers only occur to countries recognized by the European Commission as having an adequate level of data protection. -
Standard Contractual Clauses (SCCs)
We implement legally binding agreements to protect your data when transferring to jurisdictions without an adequacy decision.
We take all necessary precautions to ensure your data remains secure, regardless of location.
8. Your Rights Under GDPR & Maltese Law
As a data subject, you have the following rights:
-
Right to Access
Request a copy of your personal data. -
Right to Rectification
Correct inaccurate or incomplete data. -
Right to Erasure (‘Right to be Forgotten’)
Request deletion of your personal data under certain conditions. -
Right to Restrict Processing
Limit the processing of your data in specific circumstances. -
Right to Data Portability
Receive your data in a structured format for reuse elsewhere. -
Right to Object
Object to processing based on legitimate interests or direct marketing. -
Right to Withdraw Consent
Withdraw consent at any time, without affecting prior lawful processing.
9. Cookies & Website Tracking
As a data subject, you have the following rights:
- Essential Cookies – Necessary for website functionality.
- Analytics Cookies – Used to monitor website performance and user behavior.
- Marketing Cookies – Employed for targeted advertising, subject to user consent.
You can manage cookie preferences through your browser settings or opt-out via our Cookie Policy.
10. Security Measures
We implement strict technical and organizational measures to protect personal data from unauthorized access, alteration, disclosure, or destruction. These include:
-
Encryption protocols
for data transmission and storage. -
Access controls & authentication measures
for restricted data handling. -
Regular cybersecurity audits & compliance checks.
-
Data breach response mechanisms
in compliance with GDPR.
11. Updates to This Privacy Policy
We may periodically update this Privacy Policy to reflect legal, regulatory, or operational changes. Any modifications will be posted on this page with an updated effective date. We encourage you to review this page regularly to stay informed about how we protect your data.
12. Contact Information & Complaints
If you have questions about this Privacy Policy or wish to exercise your rights, please contact:
If you believe your data protection rights have been violated, you have the right to lodge a
complaint with the Office of the Information and Data Protection Commissioner (IDPC) in Malta:
IDPC Malta Address:
Level 2, Airways House, High Street, Sliema, SLM 1549, Malta
www.idpc.org.mt
Get in Touch
Your wealth deserves a bespoke, forward-thinking approach. Whether you aim to diversify your portfolio, optimize your tax structure, or establish a long-term family wealth strategy, we are here to support you every step of the way.
Contact us today to explore how we can help you preserve, grow, and protect your assets with tailored, high-caliber solutions.
