Privacy Policy

At Geren Corporate Services, we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and protect personal data when you visit our website, contact us, book a consultation, subscribe to our mailing list, create an account, or engage with us in relation to our governance, board-support, company-secretarial, regulatory reporting, consultancy, mentoring, or corporate support services.

This Privacy Policy is intended to comply with the General Data Protection Regulation (EU) 2016/679, applicable Maltese data protection laws, and guidance issued by the Malta Information and Data Protection Commissioner. The IDPC confirms that organisations handling personal data are subject to obligations under the GDPR.

1. Who We Are

For the purposes of data protection law, Geren Corporate Services acts as the data controller for personal data processed through this website and in connection with our business activities.

Controller: Geren Corporate Services
Website: www.gerencorporate.mt
Email: support@gerencorporate.mt
Location: St. Julian’s, Malta

A “controller” is the person or organisation that determines why and how personal data is processed.

2. Scope of This Privacy Policy

This Privacy Policy applies to personal data processed when you:

• visit or browse our website;

• submit a contact form;

• contact us by email, phone, or other communication channels;

• book a consultation or service through the website;

• create or use a website account;

• subscribe to our mailing list;

• purchase or request information about our services;

• engage with us as a client, prospective client, supplier, business partner, adviser, representative, or other third party.

3. Personal Data We May Collect

Depending on your interaction with us, we may collect the following categories of personal data.

3.1 Contact and Enquiry Data

When you use the contact form or contact us directly, we may collect:

• first name;

• last name;

• email address;

• telephone number;

• message content;

• enquiry details;

• any additional information you voluntarily provide.

Your contact page currently requests first name, last name, email, message, code, and phone.

3.2 Booking and Service Data

When you book a consultation or request a service, we may collect:

• name and surname;

• email address;

• telephone number;

• booking date and time;

• selected service;

• service notes or consultation details;

• payment or billing information, where applicable;

• records of previous bookings, subscriptions, orders, or account activity.

This is relevant because the website includes online booking, paid consultation options, account features, bookings, orders, and subscriptions.

3.3 Client and Corporate Service Data

Where you engage us for governance, board-support, company-secretarial, regulatory reporting, consultancy, or corporate support services, we may process:

• client identity and contact details;

• company and corporate structure information;

• director, shareholder, officer, beneficial owner, or authorised representative details;

• board and governance information;

• regulatory, statutory, or corporate filing information;

• documents and correspondence required to assess or deliver services;

• billing, invoicing, and payment records;

• due diligence or verification information where required.

This reflects the nature of the services described on the website, including governance, board-support, company-secretarial, regulatory reporting, and corporate support services.

3.4 Mailing List and Marketing Data

If you subscribe to our mailing list, we may collect:

• email address;

• name, where provided;

• subscription preferences;

• records of consent or unsubscribe requests;

• interaction with marketing communications, where applicable.

Your website currently includes a mailing list sign-up area.

3.5 Technical and Website Usage Data

When you visit our website, we may collect technical data such as:

• IP address;

• browser type and version;

• device type;

• operating system;

• pages visited;

• date and time of access;

• referring website;

• approximate location based on technical data;

• cookie and analytics information, where applicable.

4. How We Collect Personal Data

We may collect personal data:

• directly from you when you submit a form, book a service, create an account, subscribe, or contact us;

• through our website and booking/account functionality;

• through email, telephone, online meetings, or other communications;

• from companies, representatives, advisers, or business partners involved in an engagement;

• from public registers, corporate registries, regulatory sources, or official databases;

• through cookies or similar technologies.

5. Why We Process Personal Data

We process personal data for the following purposes:

5.1 To Respond to Enquiries

We use contact details and message content to respond to enquiries about governance, board-support, company-secretarial, regulatory reporting, consultancy, mentoring, or corporate support services.

5.2 To Manage Bookings and Consultations

We process booking and service information to schedule consultations, confirm appointments, manage cancellations or changes, provide service information, and maintain records of client interactions.

5.3 To Provide Services

We use personal and corporate information to deliver requested services, including governance support, board-support, company-secretarial assistance, regulatory reporting support, consultancy, mentoring, and corporate support.

5.4 To Manage Accounts, Orders, and Subscriptions

Where website account, booking, subscription, or order functionality is used, we process personal data to operate those features, maintain account records, process requests, and provide user access.

5.5 To Comply With Legal and Regulatory Obligations

We may process personal data to comply with applicable legal, regulatory, tax, accounting, anti-money laundering, corporate, recordkeeping, or professional obligations.

5.6 To Send Marketing Communications

Where permitted by law, we may send newsletters, updates, service information, or other communications. For direct marketing, the IDPC states that organisations must be able to demonstrate either consent or that the marketing falls within the controller’s legitimate interests.

5.7 To Protect Our Business and Legal Rights

We may process personal data to protect our legal rights, prevent misuse of the website, handle disputes, enforce agreements, maintain records, and protect the security of our systems.

5.8 To Improve the Website and Services

We may process technical and usage data to maintain, secure, analyse, and improve our website and services.

6. Legal Bases for Processing

We process personal data only where we have a lawful basis under the GDPR. Depending on the circumstances, we may rely on:

• Consent, where you have agreed to a specific processing activity, such as subscribing to marketing communications or accepting optional cookies.

• Contract, where processing is necessary to take steps before entering into a contract or to perform a contract with you.

• Legal obligation, where processing is necessary to comply with applicable law or regulatory requirements.

• Legitimate interests, where processing is necessary for our legitimate business interests, provided your rights and freedoms do not override those interests.

• Legal claims, where processing is necessary for the establishment, exercise, or defence of legal claims.

7. Special Category Data

We do not intentionally collect special category personal data through the website. Special category data includes information relating to health, racial or ethnic origin, political opinions, religious beliefs, trade union membership, biometric data, genetic data, or sexual orientation.

If such information is provided to us voluntarily or becomes relevant in connection with a specific engagement, we will process it only where permitted by law and with appropriate safeguards.

8. Cookies and Similar Technologies

Our website may use cookies and similar technologies to:

• make the website function properly;

• support account, booking, subscription, or order functionality;

• remember user preferences;

• understand website traffic and usage;

• improve website performance;

• support security and fraud prevention.

Cookies may be:

• strictly necessary cookies;

• functional cookies;

• analytics cookies;

• marketing cookies, where applicable.

Where required by law, we will request your consent before using non-essential cookies.

You should also maintain a separate Cookie Policy or cookie banner, especially if Wix analytics, Google Analytics, Meta Pixel, LinkedIn tracking, or similar tools are enabled.

9. Who We Share Personal Data With

We may share personal data with:

• website hosting and website platform providers;

• booking, account, subscription, payment, and order management service providers;

• email, cloud, IT, cybersecurity, and document storage providers;

• accountants, auditors, lawyers, tax advisers, company-service providers, and other professional advisers;

• independent professional partners where specialist legal, accounting, audit, tax, company-service-provider, or other reserved professional services are required;

• banks, payment processors, or financial institutions;

• public authorities, regulators, courts, law enforcement bodies, or corporate registries where legally required;

• other parties where necessary to protect our rights, comply with law, or deliver services.

Your website disclaimer already states that some services may be facilitated through independent professionals, including Maltese warranted lawyers, licensed or qualified corporate service providers, accountants, auditors, tax advisers, and other professional advisers.

We do not sell personal data.

10. International Transfers

Where personal data is transferred outside the European Economic Area, we will ensure that appropriate safeguards are in place, such as:

• an adequacy decision by the European Commission;

• Standard Contractual Clauses;

• contractual, technical, and organisational safeguards;

• another lawful transfer mechanism permitted by the GDPR.

This may be relevant where website, cloud, email, payment, booking, analytics, or software providers process data outside the EEA.

11. How Long We Keep Personal Data

We keep personal data only for as long as necessary for the purposes for which it was collected, including legal, regulatory, accounting, tax, contractual, and business recordkeeping purposes.

As a general guide:

• contact form enquiries may be retained for as long as necessary to respond and manage follow-up;

• mailing list data is retained until you unsubscribe or withdraw consent, unless a longer period is required to maintain suppression records;

• booking and consultation records may be retained for business, accounting, legal, and service history purposes;

• client and engagement records may be retained for the duration of the relationship and for a reasonable period afterwards to comply with legal, regulatory, tax, accounting, and limitation-period requirements;

• website technical data may be retained for shorter periods unless required for security, legal, or operational reasons.

The GDPR principle of storage limitation requires personal data not to be kept longer than necessary for the purpose for which it is processed.

12. Security of Personal Data

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, misuse, alteration, disclosure, or destruction.

These measures may include:

• restricted access to records;

• password protection;

• secure cloud and email systems;

• confidentiality controls;

• internal access controls;

• secure document handling;

• secure communication methods where appropriate;

• periodic review of data handling practices.

Where a personal data breach occurs and notification is required, the IDPC states that a controller shall notify the Office within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to individuals’ rights and freedoms.

13. Your Data Protection Rights

Subject to applicable legal conditions and limitations, you may have the following rights:

• Right of access — to ask whether we process your personal data and to receive a copy of that data.

• Right to rectification — to ask us to correct inaccurate or incomplete data.

• Right to erasure — to ask us to delete personal data in certain circumstances.

• Right to restriction — to ask us to restrict processing in certain circumstances.

• Right to data portability — to receive certain personal data in an electronic format or request transfer to another controller, where applicable.

• Right to object — to object to processing based on legitimate interests or direct marketing.

• Right to withdraw consent — where processing is based on consent, you may withdraw that consent at any time.

• Right to lodge a complaint — to complain to the Malta Information and Data Protection Commissioner or another competent supervisory authority.

The IDPC lists these rights, including access, rectification, erasure, restriction, data portability, withdrawal of consent, and the right to lodge a complaint.

14. How to Exercise Your Rights

To exercise your rights or ask questions about this Privacy Policy, contact us at:

Email: support@gerencorporate.mt
Location: St. Julian’s, Malta

We may ask you to verify your identity before responding to a request. We will respond within the timeframe required by applicable data protection law.

15. Marketing Communications

If you subscribe to our mailing list or request updates, we may use your email address to send you information about our services, updates, events, or relevant business communications.

You may unsubscribe or object to marketing communications at any time by:

• using the unsubscribe option, where available;

• contacting us at support@gerencorporate.mt.

We will not send marketing communications where we are not legally permitted to do so.

16. Third-Party Websites and Platforms

Our website may contain links to third-party websites or platforms, including social media pages such as LinkedIn.

We are not responsible for the privacy practices, content, or security of third-party websites. You should review the privacy policy of any external website or platform before submitting personal data.

17. Children’s Data

Our website and services are intended for business and professional users. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate consent or legal basis, we will take steps to delete it.

18. Professional and Regulatory Disclaimer

The processing of personal data in connection with any service does not change the nature of the service being provided.

The information and services described on this website are provided for general business, governance, regulatory support, and consultancy purposes only and do not constitute legal, tax, audit, accounting, investment, or other regulated professional advice unless expressly provided by an appropriately authorised professional.

Where a service requires approval, authorisation, registration, non-objection, or involvement of a warranted, licensed, registered, or otherwise qualified professional, the relevant service will only be undertaken once applicable legal and regulatory requirements have been satisfied.

19. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our website, services, legal obligations, or business operations.

The latest version will be published on this page with the updated date shown at the top.

20. Contact Us

For any questions about this Privacy Policy or how we process personal data, please contact:

Geren Corporate Services
Email: support@gerencorporate.mt
Location: St. Julian’s, Malta
Website: www.gerencorporate.mt