van Cutsem Wittamer Marnef & Partners​ About us

Privacy Policy

Last updated: 11th May 2021

Zerafa Trustees Ltd (“us”, “we”, or “our”) is a limited liability company incorporated under the laws of Malta on the 25th January 2021 with company registration number C 97921 having its registered office at 215/1, Old Bakery Street, Valletta VLT 1451, Malta, and is authorised by the Malta Financial Services Authority (“MFSA”) in terms of the Trust and Trustees Act, Cap 331 of the Laws of Malta.

Zerafa Trustees Ltd operates the website and is the Data Controller for the website. Zerafa Trustees Ltd is committed to protect the privacy of individuals who visit the website and who make use of its services.

This page informs you of our policies regarding the collection, use, and disclosure of Personal Data (as defined below) in connection with your relationship with us as our clients, acting for a client, or being generally interested in our services, including this website, in terms of the Data Protection Act, Cap 440 of the Laws of Malta and Regulation EU 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”).

We will not use or share your information with anyone except as described in this Privacy Policy.

For queries or more information on this Privacy Policy you are kindly requested to contact our Data Protection Officer, Dr. Omar Zerafa, on [email protected].

We use your Personal Data for providing and improving our services. By using our services and this website, you agree to the collection and use of data in accordance with this policy.

1.    Data Collection and Use

While using our services or browsing our website, we may ask you to provide us with Personal Data that can be used to contact or identify you. Personal Data refers to any information relating to you as an identified or identifiable natural person, which may include, but is not limited to, your email address, name, and phone number (“Personal Data”). Personal Data does not include data from which you can no longer be identified, such as anonymised aggregate data.

We are committed to collect, process, handle, and store your Personal Data in accordance with the principles laid down in the GDPR. In this regard, your Personal Data will be:

  • Processed lawfully, fairly, and in a transparent manner
  • Collected for specified, explicit, and legitimate purposes
  • Not further processed in a manner that is incompatible with those purposes, unless it is for archiving purposes in the public interest
  • Not kept longer than necessary for the achievement of those purposes, unless for the public interest
  • Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed
  • Accurate and kept up to date, and we will take every reasonable step to ensure that any inaccurate Personal Data is erased or rectified without delay
  • Processed in a manner that ensures appropriate security and confidentiality.

We will collect, process, handle or store your Personal Data only if:

  • You have given consent for one or more specific purposes
  • It is necessary for the performance of a contract or prior to the entering into a contract to which you are a party
  • It is necessary for our compliance with a legal obligation
  • It is necessary in order to protect your vital interests or the vital interests of another natural person
  • It is necessary for the performance of a task carried out in the public interest
  • It is necessary for the purposes of the legitimate interests pursued by us, except where such interests are overridden by your interests or your fundamental rights and freedoms which require protection of your Personal Data.

2.    Subject to the Consent and the Rights of Data Subjects

The collection, processing, handling, and storing of your Personal Data will always be subject to the consent and all the rights you are entitled to, as outlined in subsequent sections, including the necessary minimum information which must be communicated to you. You may at all times, subject to certain exemptions, withdraw your consent or request the erasure or rectification of your Personal Data. In such cases, we shall irrevocably destroy or rectify your Personal Data.

3.    Storage of Personal Data

We are committed to store your Personal Data in the most secure manner using effective and modern software which shall be kept updated. The storage of your Personal Data shall be made in accordance with the principles and procedures applicable to the processing of Personal Data, laid down in the previous section of this Policy. This Policy requires that your Personal Data is kept confidential by limiting the access to your Personal Data to you or to persons who actually require such access for legitimate reasons and with the appropriate security measures in place to avoid unauthorized access or sharing of your Personal Data. We shall have in place all necessary procedures to ensure that any erasure of your Personal Data is done safely and securely with no possibility of recovery of such data. We shall also implement back-up and disaster recovery solutions for unintentional loss of your Personal Data.

The security of your Personal Data is important to us, but remember that no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

4.    Data Minimisation

We are committed to process and store your Personal Data only as long as such storage is required and for legitimate purposes. Therefore, this Policy requires the erasure, within reasonable time, of your Personal Data which is no longer required or the purpose for which data was stored is no longer relevant.

5.    Data Processing

We collect your Personal Data when you:

  • Access our website
  • Post a query or complaint through our website
  • Request our service
  • Apply for an opportunity with us; and
  • Engage us to provide our services.

Compliance with Laws

We may require your Personal Data in order for us to remain compliant with any law or regulation, or to satisfy a legal or statutory obligation. We will disclose your Personal Data with any employee of Zerafa Trustees Ltd or any other person we deem fit where required to do so by law or by court order or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our service. The Personal Data which we may process in this regard includes, but is not limited to, your name, address, identification number, date of birth, country of birth, email address, and phone number.


We may use your Personal Data to contact you with newsletters, marketing or promotional materials, and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.

Log Data

We collect information that your browser sends whenever you visit our website (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (IP) address, browser type, browser version, the pages of our website that you visit, the time and date of your visit, the time spent on those pages, and other statistics.

In addition, we may use third party services such as Google Analytics that collect, monitor and analyse this type of information to increase our website’s functionality. These third-party service providers have their own privacy policies addressing how they use such information. You can opt-out of Google Analytics for Display Advertising and customise the Google Display Network ads by visiting the Google Ads Settings page. Google also recommends installing the Google Analytics Opt-out Browser Add-on for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page.


Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer’s hard drive.

We use cookies to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our website.

Service Providers

We may employ third party companies and individuals to facilitate our services, to provide services on our behalf, to perform related services, or to assist us in analysing how our service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obliged not to disclose or use it for any other purpose.

6.    International Transfer

Your Personal Data may be transferred to, and maintained on, computers located outside of your country where the data protection laws may differ than those from your jurisdiction.

If you are located outside Malta and choose to provide information to us, please note that we transfer the information, including Personal Data, to Malta and process it there.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

7.    Notification of Breach

In the case that the security or confidentiality of your Personal Data is breached, we shall inform the competent supervisory authorities within 72 hours of such breach, and we shall also inform you without undue delay of such breach if we deem such breach to constitute a high risk to your rights and freedoms. In notifying you of such breach, we shall communicate in plain language:

  • The name and contact details of the Data Protection Officer or other contact point where more information can be obtained
  • The likely consequences of the breach
  • The measures taken or proposed to be taken to address and mitigate the effects of the breach.

8.    Rights of Data Subjects

We are committed, to the best of our abilities, to allow you to exercise your rights in relation to your Personal Data held by us. We are committed to respect and act upon any exercise of such rights.

Right to Information

You are entitled to certain minimum information when your Personal Data is collected. Throughout this Privacy Policy we are providing you with such information, which includes the following:

  • Our identity and our contact details or of our representative
  • The contact details of the Data Protection Officer
  • The purposes and legal basis of the processing of your Personal Data
  • The legitimate interests pursued by us for the processing of your Personal Data
  •  The recipients of your Personal Data
  • Where your Personal Data is not collected directly from you, information as to the source of your Personal Data; and
  • The fact that we may transfer your Personal Data to a third country or international organisation and that appropriate safeguards are in place.

This Privacy Policy is also providing you with the following information:

  • The period for which your Personal Data will be stored, or the criteria used to determine that period
  • Information on the rights to which you are entitled
  • The fact that the provision of your Personal Data is both a statutory and contractual requirement, and instances where you are obliged or not obliged to provide your Personal Data and the possible consequences of failure to provide such data; and
  • The existence of automated decision-making, including profiling, and information on the logic involved, the significance and the envisaged consequences of such processing of your Personal Data.

Right of Access

This Policy requires us to allow you to exercise your right in requesting a confirmation from us as to whether your Personal Data is being processed and the right to access your Personal Data. You are also entitled to access the information on your Personal Data mentioned in the previous sub-section.

Right to be Forgotten and Rectification

You shall have the right to obtain from us without undue delay the rectification of inaccurate Personal Data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.

You may also ask us to destroy any of your Personal Data. When such request is made, we are obliged to destroy your Personal Data in an irrecoverable manner and without undue delay if one of the following grounds applies:

  • Your Personal Data is no longer necessary in relation to the purposes for which it was collected or processed
  • You withdraw your consent on which the processing is based and where there is no other legal ground for the processing
  • You object to the processing and there are no overriding legitimate grounds for the processing
  • Your Personal Data has been unlawfully processed
  • Your Personal Data has to be erased for compliance with a legal obligation in the EU or under Maltese Law; and
  • Your Personal Data has been collected in relation to the offer of information society services.

This right to erase your Personal Data shall not be granted if the processing of your Personal Data is necessary for:

  • Exercising the right of freedom of expression and information
  • Compliance with a legal obligation which requires processing by the EU or Malta, or for the performance of a task carried out in the public interest
  • Reasons of public interest in the area of public health
  • Archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes as long as erasure of your Personal Data is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • The establishment, exercise or defence of legal claims.

Right to Restrict Processing

  • This Privacy Policy also commits us to allow you to exercise your right to restrict us from processing your Personal Data when one of the following applies
  • The accuracy of your Personal Data is contested by you, for a period enabling us to verify the accuracy of your Personal Data
  • The processing is unlawful, and you oppose the erasure of your Personal Data and you request the restriction of its use instead
  • We no longer need your Personal Data for the purposes of the processing, but your Personal Data is required by you for the establishment, exercise, or defence of legal claims
  • You have objected to processing of your Personal Data, for the period pending verification whether we have legitimate grounds which override your fundamental rights and freedoms.
  • Where processing has so been restricted, your Personal Data shall, with the exception of storage, only be processed
  • With your consent
  • For the establishment, exercise, or defence of legal claims
  • For the protection of the rights of another natural or legal person; or
  • For reasons of important public interest of the EU or one of its member states.

Apart from restricting processing, you shall also have the right to object, at any time, to processing of your Personal Data when the processing of your Personal Data is required for the performance of a task carried out in the public interest or for the purposes of our legitimate interest. In such case, we may continue to process your Personal Data only if we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. If you object to the processing of your Personal Data for direct marketing purposes, we shall cease the processing.

Right to Data Portability

You may also request to receive your Personal Data from us in a structured, commonly used and machine-readable format. You may also request such Personal Data to be transmitted to another controller without any hindrance from us where:

  • The processing is based on a consent or on a contract; and
  • The processing is carried out by automated means.

9.    Links to Other Sites

Our website may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. When connecting to such other websites you will no longer be subject to this Privacy Policy but to the privacy policy of the new site. We therefore strongly advise you to review the privacy policy of every site you visit.

We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services.

10.  Fees

We will in general not charge for any reasonable exercise of your individual rights mentioned in this Privacy Policy. However, we may charge a reasonable fee if your request to exercise your individual rights is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

11.  Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. It is therefore in your interest to check the Privacy Policy any time you access our website to be familiar with the most updated version of this Privacy Policy. Changes to this Privacy Policy are effective when they are posted on this page.

12.  Contact Us

If you have any questions about this Privacy Policy, please contact us on [email protected]. Any comments or suggestions you may have which may contribute to a better quality of service will be welcome and greatly appreciated.