Data Privacy Policy (GDPR)
APS Bank plc is committed to protecting your privacy. We strongly believe that you should be fully aware of the personal data that we process about you and how and why we do so. We also believe that we have a duty to help you better understand your various rights at law. As part of this ongoing commitment and in line with our obligations under the EU General Data Protection Regulation or ‘GDPR’, we have put in place a GDPR-compliant Data Privacy Policy that we keep regularly updated as well as internal procedures that are also regularly evaluated and updated as needed. We also take several ongoing measures to better protect your personal data.
Below, you can download our full Data Privacy Policy as well as our CCTV Policy. Before doing so, you may wish to read the following easy-to-understand introductory points:
1. What is the General Data Protection Regulation (GDPR)?
This is a European Union (EU) Regulation intended to strengthen and unify the protection of Personal Data for European Union residents.
2. What are the key changes with the GDPR?
- Significantly expanded territorial scope
- Mandatory data breach notification in certain cases
- Mandatory appointment of a Data Protection Officer in certain cases
- Data processors now also directly responsible at law
- More stringent consent requirements
- Increased level of information to be provided to data subjects
- More stringent requirements in controller-processor contracts
- Removal of the general notification requirement
- New data subject rights
- Larger penalties for non-compliance
3. Who does the GDPR apply to?
The GDPR applies to natural and legal persons acting as data controllers or data processors who process the personal data of natural persons residing in the EU (data subjects).
4. What are the Data Subject rights?
- Right of Access
- Right to Rectification and Restriction
- Right to Object
- Right to Withdraw Consent
- Right to Erasure (Right to be Forgotten)
- Right to Data portability
- Right to Lodge a Complaint
5. What is the definition of Personal Data?
Personal Data includes any information relating to an identifiable EU resident irrespective of whether it regards his or her private, professional or public life. Personal Data can include a name, photo, email address, bank details, medical information or an IP address.
6. What is a Data Subject?
A natural person who is the subject of Personal Data i.e. data which can identify and distinguish a living individual from any other.
7. What is a Data Controller?
A Data Controller includes a natural or legal person controlling and responsible for the keeping and use of Personal Data both electronically and in manual files. This is the entity that determines the purposes and means of the processing.
8. What is a Data Processor?
A Data processor includes a natural or legal person involved in the processing of Personal Data on behalf of a Data Controller. Usually, a Processor is a third party external to the Data Controller. The duties of the Processor towards the Controller must be detailed in an agreement.
10. What do you need to do if you require more information?
- Download the documents below (including our full Data Privacy Policy).
- Contact our Data Protection Officer by sending an email to dataprotectionofficer@apsbank.com.mt or a letter to the Data Protection Officer, APS Bank plc, APS Centre, Tower Street, Birkirkara, BKR 4012, Malta
- www.idpc.org.mt
- www.eugdpr.org/key-changes.html
- https://ec.europa.eu/info/law/law-topic/data-protection_en