Data Protection Policy
The aim of the Data Protection Act (Chapter 440 of the Laws of Malta) is to protect each individual’s right to privacy with respect to the processing of personal data relating to such individuals. The Act transposed into Maltese law the provisions of the EU Data Protection Directive 95/46/EC. Furthermore, under the provisions of the Act, Legal Notice 16 of 2003 transposed the EU Privacy and Electronic Communications Directive 2002/58/EC. In line with their obligations under the Act, MistralPay invests in the latest technologies and training of all staff to ensure that the confidentiality and integrity aspect of customer information and data are assured. When using this website’s online facilities, data subjects may be required to provide their personal data for the purposes of fraud prevention, marketing activities, anti-money laundering controls. All the aforementioned is in place in order to assure MistralPay customers that at all times personal data: a. Is processed fairly and lawfully. b. Is always processed in accordance with good practice. c. Is is only collected for specific, explicitly stated and legitimate purposes. d. Is not processed for any purpose that is incompatible with that for which the information is collected. e. That is processed is adequate and relevant in relation to the purposes of the processing. f. Is processed no more than is necessary having regard to the purposes of the processing. g. That is processed complete and correct and, if necessary, up to date. All reasonable measures are taken to complete, correct, block or erase data to the extent that such data is incomplete or incorrect, having regard to the purposes for which they are processed. h. Is not kept for a period longer than is necessary, having regard to the purposes for which they are processed. MistralPay processes Personal Data if the data subject has unambiguously given his consent. The customer may revoke consent at any time on compelling legitimate grounds. If the customer has not given consent to the processing, the processing is only allowed if it falls under one of the following five headings: a. If processing is necessary for the performance of a contract to which the data subject is party to or in order to take steps at the request of the data subject prior to entering into a contract. b. If processing is necessary for compliance with a legal obligation to which the Controller is subject. (e.g. reporting to the tax authorities, or reporting of suspicious transactions under the Prevention of Money Laundering and Funding of Terrorism Regulations.) c. If processing is necessary in order to protect the vital interests of the data subject. d. If processing is necessary for the performance of an activity that is carried out in the public interest or in the exercise of official authority vested in the Controller or in a third-party to whom the data is disclosed. e. If processing is necessary for a purpose that concerns a legitimate interest of the Controller or of such a third-party to whom personal data is provided, except where such interest is overridden by the interest to protect the fundamental rights and freedoms of the data subject and in particular the right to privacy. Furthermore, MistralPay reserves the right to disclose personal data to relevant recipients when MistralPay has reasonable grounds to suspect irregularities that involve a MistralPay Account. The MistralPay Customer has the right to request access to the MistralPay Customer’s own personal data and/or has the right to correct and/or erase wrong and/or inappropriate data.