General
The EU General Data Protection Regulation (GDPR), which came into force on 25 May 2018, provides new rights to individuals and requires organisations to provide information about their processing in a clear and transparent way. We have published this Privacy Policy to take into account new requirements and to explain how Francis Busuttil & Sons (Marketing) Limited (“the Company”, “we” or “us”) collects, stores, and uses personal data for the scope of the Win with Mulino Bianco Campaign (hereinafter referred as the ‘Campaign’). Any capitalised terms used in this Privacy Notice shall have the same meaning attributed to them under the Win with Mulino Bianco Campaign Terms and Conditions
available at winwithmulinobianco.mt.
Any personal data provided by you voluntarily through our website winwithmulinobianco.mt
will be processed in accordance with the Data Protection Act (Chapter 586 of the Laws of Malta), the GDPR and any other relevant data protection legislation, as may be amended from time to time.

Data Controller
For the purposes of the GDPR, FBSM is the Data Controller. If you have any questions about how we process your personal data, please email our data protection representative on gdpr@fbsmarketing.com. Our postal address is Busuttil Buildings, St Venera Square, Santa Venera SVR 1681.

Information We Collect
When signing up as a participant to the Campaign, the personal data that we may collect about you usually includes:

– Your Name & Surname
– Your Email Address
– Contact Number
– Date of Birth
– Shop from where Products were purchased
– All information appearing on your Identity Card.

Your identity document will only be requested should you be a declared a winner of a Prize.
If you are declared a winner, you may be required to provide a valid identity document to verify your eligibility and claim your prize. Your identity document will only be requested for verification purposes and will not be retained beyond the necessary verification period.
Providing this personal data is necessary to participate in the Campaign. If you choose not to provide the required data, this will be treated as a deemed withdrawal from the Campaign, and you will no longer be eligible to participate or claim any prize. All personal data
requested is necessary for participation in the Campaign. Failure to provide required data may result in disqualification.

When you visit our website, the following information will be automatically collected:

– the requested web page or download;
– whether the request was  successful or not;
– the date and time when you accessed the site;
– the Internet address of the web site or the domain name of the computer from which you accessed the site;
– the operating system of the machine running your web browser and the type and version of your web browser.

Basis of Processing
We will process personal data on the basis of your freely given consent whilst submitting the form to take part in the Campaign.

We will process your personal information when you register your participation in the Campaign and anything ancillary thereto and to validate your identity should you be declared a winner.

You may withdraw your consent at any time. However, as participation in the Campaign is based solely on your freely given consent, withdrawing consent will be treated as a withdrawal from the Campaign. This means you will no longer be eligible to participate, and if you have already been selected as a winner, we will not be able to process your prize claim, and an alternative winner may be selected.

For transparency, the Company may publish the name and surname of winners on its official website and/or social media channels. This processing is based on legitimate interest (Article 6(1)(f) GDPR) in ensuring the fairness and credibility of the Campaign. If you do not wish for your name to be published, you may object under Article 21 GDPR, and we will assess your request on a case-by-case basis.

The publication of winners’ photographs is entirely optional and requires explicit consent. At the time of prize collection, winners will be given an Image Release Consent Form, allowing them to decide whether their photo may be published. This consent is freely given and can
be withdrawn at any time without affecting the receipt of the prize.

Sharing your Information
Any data collected may be shared with:
a. employees in order for the data to be processed for the purpose for which it was collected.

b. Our agents and third parties who provide serves to us insofar as this is necessary, including our appointed data processors, MYC Communications Limited. All third parties receiving personal data are contractually bound to process the data only as instructed and to maintain appropriate security measures;

c. The Malta Gaming Authority and the authority overseeing the Campaign. If we ever have to share your personal data with an entity outside the EU, we will do so in accordance with the requirements of the GDPR and any other applicable law.

Data Security
We take the security of your personal data very seriously and have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed, so as to safeguard its integrity and confidentiality.

The security measures we have implemented to ensure safe transmission and storage of personal data include:
• Use of secure servers;
• Use of firewalls;
• Use of encryption;
• Physical access controls at data centres;
• Information access controls;
• Use of back-up system
• End point protection system

We also regularly review and, where practicable, improve upon these security measures.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

While we do our utmost to safeguard your personal data, no data transmission over the internet can be totally secure and therefore we cannot guarantee or warrant that no unauthorized access will occur.

Your Rights

Rights of Access
You have the right to access all the personal data we hold about you and processed by the
Company. To exercise this right, you can contact us at the email or postal address at the top of this page.
In order to process this request, we will require proof of your identity. We will do our best to process the request as soon as possible, and in no event not longer than sixty days from hearing from you.

Right to Rectification
You have the right to request modification of all the personal data held and processed by the Company. If you think we may hold details about you that are inaccurate or out of date, please contact us at the email or postal address at the top of this page.

Right to Erasure (‘right to be forgotten’)
You have the right to request that we delete the personal data held and processed by the Company by contacting us at the email or postal address at the top of this page. This right is not absolute, and we may be justified in keeping certain personal data, for instance when we are legally obliged to do so or if such data may be necessary for us to defend a legal claim.

Right to Object
You have the right to object to the processing of your personal data, including where such processing takes place for the Company’s legitimate interests, and you may request to withdraw from all future activities and the removal of all personal data held and processed by us by contacting us at the email or postal address at the top of this page.

Right to Data Portability
You have the right to move, copy or transfer your personal data from one organisation to another, and you have the right to request from us a copy of your personal data in a structured, commonly used and machine-readable format, which we may provide to you or another organisation at your request. If you would like us to assist you with this please contact us at the email or postal address at the top of this page.

Right to Lodge a Complaint
All Data Protection enquiries/complaints should be sent to gdpr@fbsmarketing.com
You also have the right to lodge a complaint with the Information and Data Protection Commissioner in Malta as the data protection supervisory authority:

Information and Data Protection Commissioner
Level 2, Airways House
Hight Street
Sliema, SLM 1549
Malta
Tel: (+356) 2328 7100
Email: idpc.info@idpc.org.mt

Retention

We will not store personal data for longer than is necessary keeping in mind the purpose/s (or compatible purposes) for which we first collected that data. We may also need to keep some of your personal data where we are obliged to do so in terms of legal or regulatory requirements, or in order to protect ourselves against legal claims, or to enforce our company terms and conditions.

For more information about our retention policy, please contact us at the postal or email addresses at the top of this page.

Links to Third Party Websites
We may post links to other web sites which are operated by companies that are outside of our control, and your activities at those sites will be governed by the policies, practices and laws of those third party operators. We encourage you to review the privacy practices of these third parties as we are not responsible for the privacy practices of those sites.

Cookies
A cookie is a small piece of data that a website asks your browser to store as text strings on your computer’s hard-disk. All cookies are set with expiry dates which determine how long they reside on your browser. Generally, cookies can be removed automatically after the lapse of the expiry date or else can be deleted manually by the user.

Types of Cookies We Use
This website only makes use of cookies only for functionality that is strictly necessary for services that are explicitly requested by the user for their session. This website uses session cookies. Session cookies are used to deliver the basic functions of a website i.e. to allow pages to remember technical changes or selections you may make between pages. Session cookies are temporary cookies and are generally erased when you close your browser. We do not use any third party or persistent cookies.

By clicking on buttons or links to third party sites or services, you will be redirected to an external site, which has its own cookie and privacy policies over which we have no control.

Managing Cookies
Within your browser you can choose whether you wish to accept cookies or not. Different browsers make different controls available to you.

Changes to this Privacy Policy
We may update this Privacy Policy periodically. Any changes will be posted on this page, and where significant changes occur, we will notify you via the website or other appropriate means.

Law and Jurisdiction

This Policy shall be governed by Maltese Law. Any dispute arising from, or related to, such Policy shall be subject to the non-exclusive jurisdiction of the courts of Malta.