We are committed to keeping your personal information safe and being open about how we use it. We collect and use your data for clear reasons, and we want you to understand what we collect, why we need it, and what your rights are.

To make sure we do this properly, we follow the EU’s General Data Protection Regulation (GDPR). We have put together a Data Privacy Policy that we review regularly to keep it up to date. We also take extra measures to better protect your personal data.

Important notice

In April 2025, we updated our Data Privacy Policy to make it clearer and better protect your personal information.

1. What is the General Data Protection Regulation (GDPR)?

This is a European Union (EU) Regulation intended to strengthen and unify the protection of Personal Data for European Union residents.

2. What are the key changes with the GDPR?

• Significantly expanded territorial scope
• Mandatory data breach notification in certain cases
• Mandatory appointment of a Data Protection Officer in certain cases
• Data processors now also directly responsible at law
• More stringent consent requirements
• Increased level of information to be provided to data subjects
• More stringent requirements in controller-processor contracts
• Removal of the general notification requirement
• New data subject rights
• Larger penalties for non-compliance

3. Who does the GDPR apply to?

The GDPR applies to natural and legal persons acting as data controllers or data processors who process the personal data of natural persons residing in the EU (data subjects).

4. What are the Data Subject rights?

• Right of Access
• Right to Rectification and Restriction
• Right to Object
• Right to Withdraw Consent
• Right to Erasure (Right to be Forgotten)
• Right to Data portability
• Right to Lodge a Complaint

5. What is the definition of Personal Data?

Personal Data includes any information relating to an identifiable EU resident irrespective of whether it regards his or her private, professional or public life. Personal Data can include a name, photo, email address, bank details, medical information or an IP address.

6. What is a Data Subject?

A natural person who is the subject of Personal Data i.e. data which can identify and distinguish a living individual from any other.

7. What is a Data Controller?

A Data Controller includes a natural or legal person controlling and responsible for the keeping and use of Personal Data both electronically and in manual files. This is the entity that determines the purposes and means of the processing.

8. What is a Data Processor?

A Data processor includes a natural or legal person involved in the processing of Personal Data on behalf of a Data Controller. Usually, a Processor is a third party external to the Data Controller. The duties of the Processor towards the Controller must be detailed in an agreement.

9. What do you need to do if you require more information?

• Download the documents below (including our full Data Privacy Policy).
• Contact our Data Protection Officer by sending an email to dataprotectionofficer@apsbank.com.mt or a letter to the Data Protection Officer, APS Bank plc, APS Centre, Tower Street, Birkirkara, BKR 4012, Malta
• www.idpc.org.mt