This policy sets out how we will treat and use your personal information. When you visit and browse through out website, you can do so without telling us who you are and/or revealing any personal information about yourself. You may however voluntarily choose to provide us with personal information if you complete and submit any of the forms that may be available on our website. This will enable us to contact you to provide you with the feedback or service which you have requested. This PsyPotential Privacy Policy relates to the services provided by PsyPotential Ltd., hereafter referred to as ‘We’, ‘Us’, ‘Our’, ‘Ourselves’, or ‘PsyPotential’, Our website https://www.psypotential.com/, and any associated domains (or sub-domains). In this policy, ‘You’, ‘Your’ and ‘User’ refer to an identified or identifiable natural person being receiving or being involved in any of Our services.
PsyPotential Contact Details
PsyPotential is a Professional Training and Coaching consultancy organisation Registered in Malta whose address is G. Sandys, Naxxar, NXR 4163, Malta, and who acts as the data controller responsible for processing Your Personal Data.
If You have any questions about privacy or should You wish to exercise any of Your rights, please contact Us at: info@psypotential.com or by writing to G. Sandys, Naxxar, or by phoning Us at +356 79887982.
Data Protection Principles
PsyPotential is committed to processing data in accordance with its responsibilities under the GDPR and in accordance with the applicable law, namely Chapter 586 and 440 of the Laws of Malta as well as the General Data Protection Regulations which require that data shall be:
Processed lawfully, fairly, and in a transparent manner in relation to individuals;
Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Personal Data PsyPotential Collects
Personal data refers to any information which identifies You as an individual, or which relates to another identifiable individual. We collect personal data both digitally (e.g., via email or other online platforms, including publicly available sources), and physically (e.g., via physical documents).
The categories of Personal Data we collect may vary according to Your relationship with Us and may include:
Contact Information:
Name;
Date of birth;
Gender;
Email address;
Address;
Business name;
Job title;
Profession;
Phone number;
Comments/notes containing any Personal Data You choose to send us;
Psychometric test results (inclusive of official or related reports); and
Coaching or developmental notes taken during sessions.
Financial Information:
Bank account details
Credit or debit card information
How and Why We Collect Personal Data
We do not collect any personal data in addition to that which You choose to provide to Us. In general, We only collect personal data that we need to be able to provide You with the services You request from Us, and that which we are legally required to collect, use and store for the stipulated period of time.
Personal Data Relating to Third Parties
By providing Us with or permitting Us to use personal data relating to individuals other than Yourself (e.g., when You give Us data related to other involved people pertaining to the organisation or group who will be involved in or receive Our services), You are making it apparent that You have the right and authority to be sending and authorising Us to use those personal data.
Cookies
Our website also makes use of a number of cookies. A cookie is an element of data that a website can send to your browser, which may then store it on Your system. Cookies are created for each session when you visit Our website. We assure You that the information collected by means of such cookies does not enable Us to make use of identifiable personal information in any way contrary to that which is expressly permitted by the applicable legislation. Should You wish to reject all, or certain cookies used by Our website, You may modify Your web browser preferences accordingly.
If, however You reject all cookies, then You might be unable to use some of the services available on Our website.The information so gathered through cookies may include:
The date and time when You accessed Our website;
The website pages that You view and any download that You may make through such pages whilst on Our website;
Whether or not such viewing or download is successful;
The internet address of the website or the domain name of the computer from which You access our website;
The operating name of the machine running Your web browser; and the type and version of said web browser.
Purposes of Processing of Your Data
The following table describes what We may use Your personal data for and the corresponding legal grounds for doing so.
New or Prospective Users
Purpose of Processing
Categories of Personal Data
Legal Basis for Processing
Evaluating Your requests to use/receive Our services
Contact Information
Consent
To manage Our relationship with You
Contact Information
Consent
To manage Our relationship with You
Contact Information
Performance of a Contract
To maintain records of new services in accordance with regulations
Contact Information, Financial Information
Legal Obligations
Ongoing Users
Purpose of Processing
Categories of Personal Data
Legal Basis for Processing
To continue providing You with Our services
Contact Information
Consent
To maintain records of ongoing services in accordance with regulations
Contact Information, Financial Information (where applicable)
Consent
To process payments transactions (where applicable)
Contact Information, Financial Information
Performance of a Contract
To monitor attendance of sessions (training, coaching, or otherwise)
Contact Information
Performance of a Contract
Past Users
Purpose of Processing
Categories of Personal Data
Legal Basis for Processing
To maintain records of past services in accordance with regulations
Contact Information
Legal Obligations
Transfer of Data via Technology
We are not responsible or liable for anything done by You or any third party with regard to Your personal data before We receive it, including the transfer of data from You to Us by technological means or via the internet (e.g., WhatsApp, OneDrive, Dropbox etc.), unless otherwise stipulated by Maltese law.
Sharing of Personal Data with Other Categories of Recipients
In compliance with Data Protection Laws, relevant data will be shared as necessary with staff/employees of PsyPotential in order to carry out processing as described in the respective manner above.We will never share or sell Your personal data with third parties in any way.In the case of psychometric assessment processing, the recipients of Your personal data will not be acting on Our behalf and will be acting in their own capacity as data controllers, independent from Us. As they receive Your personal data from You directly, We are not responsible for what these entities may do with Your personal data. It is your responsibility to read through their respective privacy policies with regard to Your personal data.
The third parties who we may share your personal data with are:
Category of Recipient
Purpose of Processing
Cloud Service Providers (e.g., OneDrive and Microsoft services)
Hosting of data under security protocols and exclusive control by PsyPotential staff members
IT Service Providers
Maintenance and support of our IT systems
Legal Advisors
Compliance with legal obligations or when necessary for the establishment or defence of relevant claims
Security of Data
We take reasonable security measures in order to protect Your personal data from unauthorised access, improper use, or loss. Despite these security measures, we cannot guarantee that the transmission and storage of Your personal data can ever be absolutely and entirely secure. In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, PsyPotential shall promptly assess the risk to people’s rights and freedoms and if appropriate shall report this breach to the official regulations.
Retention Periods
We will retain Your Personal data only for as long as necessary to provide You with Our services, complete and store contractual information and to maintain Our relationship with You.Where Your Personal Data are no longer required by (Us), we will delete or anonymise the Personal Data in question after the completion of its contractual purposes, unless otherwise requested by you or stipulated by the law.
Your Rights
You retain various rights which you can exercise by submitting a data request as outlined in the beginning of this policy. We aim to reply to all legitimate requests within one month from receiving them. In the case that We require more time to reply to Your request, We will notify You accordingly.
Your Right of Access: You can ask Us what personal data is being used, how, why and where.
Your Right to Rectification: You can ask Us to change any of the data we retain on you in order to improve accuracy. We urge You to do this in order to ensure the veracity of all personal information retained.
Your Right to Erasure: You can ask Us to erase Your data.
Your Right to Data Restriction: You can ask that We temporarily stop processing Your data.
Your Right to Data Portability: You can ask that We share personal data concerning You.
Your Right to Withdraw Consent: You can withdraw consent which was previously given to Us.
Your Right to Object to Processing: You can object to data processing.
Your Right to lodge a Complaint: If you feel that any of your rights have been violated, you have the right to complain to the supervisory authority responsible for data protection, being the Data Protection Commissioner. The contact details of the Maltese Supervisory Authority are as follows: Information and Data Protection Commissioner Telephone: (+356) 2328 7100 Email: idpc.info@idpc.org.mt Website: www.idpc.org.mt
We reserve the right to change, modify, add and/or remove sections of this Privacy Policy at any time.