fbpx Skip to main content Skip to search

Clients’ Privacy Notice


Advisory 21 Ltd. (hereinafter referred to as ‘the Company’, the Data Controller, the Company, our, we us) respects the privacy of all its clients and prospective clients and is dedicated to protect the personal data it has to process about such clients. We thus want to inform you how we use and protect your personal data. This includes informing you of your rights.

Data Protection Legislation: Data Protection Legislation: (i) unless and until the General Data Protection Regulation is no longer directly applicable in Malta, the General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in Malta and then (ii) any successor legislation to the GDPR or the Data Protection Act (Ch. 586 of the Laws of Malta).

2.    Advisory 21 Ltd.

Our full details are:

Name of our Data Protection Lead (DPL): Angelito Sciberras

Email address: info@advisory21.com.mt

Postal address: 21 Business Centre, 20, Triq in-Nutar Debono, Naxxar NXR 2525 MALTA

Telephone number: +356 20995486


We may collect personal data from you because of a legal reason or because you have consented us to do so for a specific purpose.

You may give us information about you, for example:

  • By filling in a form, sending us an e-mail or over a telephone call.
  • Requesting a quote for a product.
  • Purchasing a product or service.

If you fail to provide personal data which we need to collect by law, or under the terms of a contract we have with you, we may not be able to perform the contract we have or  the contract we need to enter into with you (for example, to provide you with services). In such a case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.


We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.

Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you via email, text message or by post. You have the right to withdraw consent to marketing at any time by either unsubscribing from our mailing list or by contacting our DPL.


Advisory 21 Ltd. will process your data when:

  • You request us to quote for a product or service.
  • You enter into a contract with us.
  • You give us permission to do so.
  • We must provide services to you after you have purchased a product or service from us.
  • To comply with the law.


We may use your Identity Data, Contact Data, Transaction and Marketing and Communication Data details to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).

You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and, in each case you consented to receive such information. You have the right to withdraw consent to marketing at any time by either unsubscribing from our mailing list or by contacting our DPL.


We will only use your personal data for the purposes for which we collected it.  If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.


We may have to share your personal data with the parties set out below

  • Third party service providers including, data hosting providers based in the EU.
  • Professional advisers based in Malta who provide accounting services.
  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes (unless we have a Joint Controllers agreement with them and in that case you will also receive information on how they will process your data from them) and only permit them to process your personal data for specified purposes and in accordance with our instructions.


We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know and who are subject to a duty of confidentiality. We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.


We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.


 You have the right to be:

Informed – We are giving you this Privacy Notice to keep you informed.

Access – Please contact our DPL if you wish to access the personal information we hold about you. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Rectification – Please contact our DPL if you wish to rectify your information. We will also rectify the information you have consented us to pass on to third parties, if it is the case.

Erasure – Please contact our DPL if you want us to erase all your personal data and we do not have a legal reason to continue to process and hold it.

Restrict processing – Please contact our DPL if you want us to restrict processing of your data. In this case we will restrict processing but we will still hold the data.

Data portability – Please contact our DPL if you want information on how to port your data elsewhere. This right only applies to personal data that you have provided to us as the Data Controller. The data must be held by us by consent or for the performance of a contract.

Object – You have the right to object to us processing your data even when we do so for our legitimate interests. If you wish to object please contact our DPL.

Withdraw consent – If you have given us your consent to process your data but later changed your mind, you have the right to withdraw your consent at any time. Please contact our DPL in case you wish to withdraw consent.

Complain to a Supervisory Authority – You have the right to complain to the IDPC if you feel that we have not responded to your requests to solve a problem. The supervisory authority in Malta is the Office of the Information and Data Protection Commissioner (IDPC) which is at Floor 2, Airways House, Triq il-Kbira, Tas-Sliema and can be reached on 2328 7100.

12.    Changes to Our Privacy Notice

We may change this notice from time to time in the future. Changes to our privacy policy will be notified to the data subjects through the preferred means of communication.


Last Updated: May 2022