Privacy Policy: Attard Baldacchino

Last updated: Wednesday, 14 May 2025
Author: Alex Hili – Operations Manager
Document Type: Public

This privacy policy sets out how our legal migration firm uses and protects any information that you give when you use our services. We are committed to ensuring that your privacy is protected — your information is regarded as confidential.

1. Information We Collect

To provide our services and cater to your specific requirements for relocation to Malta, we gather a variety of data from you. This collection process has been designed to offer effectiveness, precision, and confidentiality. Here's a detailed breakdown of the information that we may collect:

1.1 Personal Identification Information

This information is necessary to establish your identity and ensure secure communication. Mainly, we require:

• Full name

• Date of birth

• Nationality

• Residential address

• Phone number(s)

• Email address

• Bank details

1.2 Legal Documents and Certifications

To execute the migration procedures, we need access to crucial legal documents and certifications. These include:

• International Passport;

• Valid Travel Documents;

• Work history documents or CV;

• Academic qualifications;

• Financial statements;

• Evidence of Income History;

• Evidence of assets held;

• Health insurance coverage;

• Criminal record checks;

• Marriage and/or birth certificates, if applicable.

1.3 Other Relevant Information

Additional data may be required depending on the specific services you require or are applying for. This can encompass a range of information, such as:

• Details about any property you own or intend to rent or buy in Malta;

• Tax records, information and documents;

• Immigration history;

• Language proficiency;

• Proof of a stable and regular income sufficient to maintain yourself and your family.

Please note that this list is not exhaustive. The requirements may vary depending on your specific circumstances and any changes to the residency laws in Malta. We ensure that the collection of this information is done securely and in strict compliance with data privacy laws. Our topmost priority is to protect your information while providing professional and efficient services.

2. Retention and Use of Information

At our firm, we collect and retain personal information to better understand your needs, facilitate our services, and improve your overall experience. The primary reasons we use this data include:

2.1 Facilitate the Migration Process

In order to assist you with your migration needs, we gather crucial details and documentation to effectively guide you through the immigration process. This information is used to help you navigate the requirements, procedures, and deadlines associated with your specific situation and in line with Malta’s regulatory requirements, policies, and guidelines.

2.2 Improve Our Services

To continually enhance the quality of our services, we rely on the information we obtain to analyse and understand the current trends, identifying areas in which we can develop, grow, and satisfy our clients' needs.

2.3 Promotional Communications

With your consent, we periodically send promotional emails regarding new services, updates, or other relevant information that we believe could benefit you. These communications help keep you informed about the latest news, offerings, and opportunities available.

2.4 Retention Time of Personal Information

The duration for retaining your personal information depends on the necessity and purpose for which it was initially collected. We serve various sectors that often entail the need for long-term documentation; therefore, our retention times are tailored accordingly to accommodate these specific requirements.

We consistently review and evaluate our data retention period to ensure that the length of time is justifiable and in line with legal and regulatory obligations. Once your information is no longer needed, we take the appropriate steps to securely erase or dispose of it following our established data retention policy.

By effectively managing the retention and use of your information, we strive to deliver services that surpass your expectations and maintain the trust you place in our firm.

3. Digital and Physical Copies

Our firm handles both digital and physical copies of your data.

• Digital Copies: Your digital data is held on secure servers and is encrypted. A secure network infrastructure is implemented using global best practice standards.

• Physical Copies: Your physical documents are stored securely with limited access and surveillance in secure facilities. All important or sensitive physical information is properly preserved, classified, and, when required, verified and apostilled. 

4. Data Classification, Verification, and Apostille

Our firm recognises the importance of handling your data with the utmost precision and care, which is guided by a series of established procedures.

4.1 Data Classification

We undertake a systematic process of data classification, which involves labelling the data we process based on its sensitivity and importance. The classification process typically consists of these categories:

• Public: This category refers to data that can be made available to the public without causing harm or providing a significant advantage to others.

• Internal: This category includes information that, while not damaging if made public, is primarily intended for internal use.

• Confidential: This category includes data that can cause significant damage to individuals or the firm if disclosed.

• Strictly Confidential: This highest level of classification, usually applies to highly sensitive information or critical data, whose disclosure would result in severe damages.

The classification of data is not a one-time process. We regularly review our data sets to ensure that they are classified correctly and that the appropriate security controls are implemented.

4.2 Data Verification

Data verification comes into play when confirming the accuracy and completeness of your data. This methodical process helps reduce errors, ensuring the information we work with is a fair and precise representation of your personal and legal details.

4.3 Document Apostille

An apostille is a certificate that authenticates the origin of a public document. It is largely used for documents that have been executed in one country and need to be used in another country. Thus, when required, we take the responsibility of getting the essential documents apostilled from the competent authority as per the 1961 Hague Convention Treaty.

This authentication process ensures the removal of any requirement for double certification, by both the originating country and by the foreign institution or administration where it is to be used. This streamlines the process of verifying the legitimate status of your important documents, improving the efficiency of our services. Together, these three processes allow us to manage and authenticate your data and documentation, ensuring the smooth execution of our services securely and effectively.

5. Data Security

Your data security is a top priority at our firm, and we have implemented stringent measures on multiple levels to ensure the safety and confidentiality of your information. In our commitment to protect your data, we draw from the top global standards — especially the International Organisation for Standardisation (ISO) standard number 27001 regarding Information security management and the General Data Protection Regulation (GDPR).

5.1 Information Security Technologies

We implement sophisticated, state-of-the-art technology designed to prevent unauthorised access or disclosure of your information. This includes:

• Encryption: We use strong encryption algorithms both in transit and at rest to protect your data from unauthorised access. This means all communications between us and our clients are conducted over secure channels.

• Firewalls and Intrusion Detection Systems: We use high-end firewalls and intrusion detection systems to block unauthorised access to our networks and monitor for any potential threats.

• Access Control: We have strict access control systems in place. This means that only authorised personnel have access to your data. Access is granted on a 'need-to-know' basis and is regularly reviewed.

• Regular Security Updates and Patch Management: We regularly update and patch our systems to ensure they are protected against known vulnerabilities.

5.2 Policies and Procedures

We have a robust framework of policies and procedures in place to ensure your data is kept secure:

• Data Classification: We follow a strict data classification policy that categorises data based on its sensitivity. This allows us to implement appropriate security controls for each type of data.

• Data Retention: We do not keep your information longer than necessary. Our data retention policy outlines the lengths of time we keep different types of data.

• Incident Response: In case of a security breach, our incident response policy outlines the steps we will take to mitigate the situation, notify the affected parties and regulatory authorities, and prevent future occurrences.

Our commitment is to consistently provide a secure environment for your data. Your trust in our ability to handle your data securely is of the utmost importance to us.

6. Your Rights Under the GDPR

The General Data Protection Regulation (GDPR) is legislation that provides comprehensive privacy and security rights for individuals within the European Union. Under the GDPR, you have a range of rights regarding your data:

6.1 Right to be Informed

You have the right to be informed about the collection and use of your data. This includes:

• Why are we processing your data

• The categories of data being processed

• Who will it be shared with

• How long will it be stored

We fulfil this right by providing you with this privacy policy and notifying you of any significant updates.

6.2 Right to Access

You have the right to obtain confirmation that your data is being processed and to access your data. We will provide this information to you free of charge and within a reasonable timeframe.

6.3 Right to Rectification

You have the right to have inaccurate personal data rectified or completed if it is incomplete. If such a request is made, we will rectify the data within one month of the request.

6.4 Right to Erasure (‘Right to be Forgotten’)

You have the right to request the deletion of your personal data under certain circumstances, such as if:

• The personal data are no longer necessary for the purposes collected

• You withdraw your consent

• The personal data has been unlawfully processed

6.5 Right to Restrict Processing

You have the right to request the restriction or suppression of your data. This allows you to limit the way we use your data while retaining the information in our records for potential future use.

6.6 Right to Object

You have the right to object to the processing of your data in certain circumstances, like if the data is being used for direct marketing.

6.7 Right to Data Portability

You have the right to receive personal data you have provided to a controller in a structured, commonly used, and machine-readable format. This allows you to move, copy, or transfer personal data from one IT environment to another safely and securely.

For any of these requests or further information on your rights under the GDPR, please contact us at the details provided in this policy.

7. Changes To This Privacy Policy

This policy is subject to change, and any changes will be posted on our website.

For any queries or concerns about this policy or our practices, please contact us at admin@ab.eu.