Privacy Policy
This Privacy Policy sets out how we deal with your Personal Data, in our capacity as Data Controller. If you have any queries about this Privacy Policy or anything it contains, please contact us by e-mail on
Capstone Group (hereinafter referred to as “Capstone”) respects the right to privacy of users of this website and of its clients. Capstone will always seek to protect your Personal Data. This Policy describes how we gather and use such information, the amount of information Capstone holds on you and how it uses it.
The following definitions shall have the same meaning as those contained in the General Data Protection Regulation (EU) 2016/679 (“GDPR”): “Data Subject”, “Data Controller, “Data Processor”, “Personal Data”, “Process” or “Processing”
Specifically, this Privacy Policy deals with:
- What Information is Collected?
- How we use your Personal Data
- Providing Personal Data to Third Parties
- Retention of Personal Data and the Right to be Forgotten
- Privacy Compliance
- Security
- Third Party Websites
- How we Communicate with you
- Security and Staff Awareness Measures
- Right of Access/Questions
- Changes to the Privacy Policy
- Who we are and how to contact us
What Information is Collected?
Capstone may collect Personal Data from you as the Data Subject, when you provide your Personal Data through our website, when you enter into services agreements with us or sign letters of engagement, through your professional/legal relationship with us, while you are in contact with our staff or at any other stage in the course of business.
Through Our Website
You may visit our website without revealing any information about yourself. You may however choose to provide us with Personal Data when you send an e-mail to us via the “Contact Us” link on our site. In such instances, we will store the information that you provide us with and process it further as may be necessary for us to respond to and administer any request that you may make.
From time to time we may process your Personal Data to provide you with information and updates that might be of interest to you in relating to our professional services and developments in legislation. You are requested to inform us by sending an e-mail to if you do not wish to receive any such information from us or opt out via the “Unsubscribe” link in any marketing email.
Our website also uses a technology called “cookies”. A “cookie” is a piece of software, which may be sent to your computer. Cookies enable us to collect information about how our website and services are being used and to manage them more efficiently. The information so gathered through cookies may include:
- the date and time when you access our website;
- the website pages that you view and any download that you may make through such pages;
- whether or not such viewing or download is successful;
- the Internet address of the website or the domain name of the computer from which you access our website;
- the operating system of the machine running your web browser; and the type and version of your web browser.
Should you wish to reject all, or certain cookies used by our website, you may modify your Web browser preferences to do so. If, however, you reject all cookies then you might be unable to use some of the services available on our website. Moreover, you may set your browser to notify you when you receive a cookie, giving you the opportunity to choose whether or not you wish to accept it. In this regard, it is important to note that if you do so, this may materially distort the quality of service and data you receive through our website.
If the product you are using has digital certificates/certificate signatures, then your name and related details may be displayed as part of any certificate issued to you. It will be seen by those to whom your certificate or signature is presented or who rely on it. Your details may also need to be entered into a related status directory of certificates issued.
Through Our Professional Services
Before providing our professional services, we view and retain Personal Data such as your name, address, email address, date of birth, gender, identification documents, information in relation to your occupation. We may also process data received through your e-mails to us, accounting, payment data etc. This is important data required for ‘Know-your-Customer’ processes, as imposed by anti-money laundering regulations, applicable in Malta.
In view of the strict legal obligations imposed upon us, we would not be able to provide you with our professional services if you do not supply us with the Personal Data required by applicable laws.
How we use your Personal Data
We use the Personal Data we collect to deliver the professional services and honour the services agreements or letters of engagement which regulate our relationship. Other processing activities include professional communication with you, marketing communication such as newsletters and updates (if you have provided your consent), as well as for the purpose of fulfilling our legal obligations.
The legal basis for the processing of your Personal Data may vary, but this would include the following:
- Your explicit consent, which you may withdraw at any time by sending us an email or unsubscribing from marketing communications;
- When the processing is necessary for the performance of a contract such as a services agreement or letter of engagement;
- When the processing is necessary for our legitimate business interests, in the provision of the services you have engaged us to carry out;
- When the processing is necessary to promote safety and security as described in the ‘Security’ section below;
- When the processing is necessary to comply with any applicable legal obligation.
Providing Personal Data to Third Parties
Please be aware that data sent through the internet may potentially, for reasons beyond our control that are solely of a technical nature, be transmitted across international borders even where sender and receiver of information are located in the same country. Consequently, Personal Data relating to you may be transmitted via a country having a lower level of data protection than that existing in your country of residence.
Personal Data, once obtained from you, may be transmitted to third parties in those situations where any one of the exceptional instances indicated below arises.
Without prejudice to anything contained in this Privacy Policy, it is pertinent to point out that we are obliged to disclose personal data relating to you to any third party if such disclosure is necessary inter alia for the following purposes:
- for the purpose of preventing, detecting or suppressing fraud or any other criminal offence;
- where it is necessary as a matter of national or public security;
- in the interest of national budgetary, monetary or taxation matters that can arise;
- to protect and defend our rights and property or that of users of our website;
- to protect against abuse, misuse or unauthorised use of our website;
- to protect the personal safety or property of users of our website (e.g. if you provide false or deceptive information about yourself or attempt to pose as someone else, we shall disclose any information we may have about you in our possession so as to assist any type of investigation into your actions);
- for any purpose that may be necessary for the performance of any agreement you may have entered into with us; or
- as may be allowed or required by or under any law.
It is also important to highlight the fact that there may be instances where we may transfer your Personal Data to other service providers, acting as Data Processors, who process data for us, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures. Data Processors, who are engaged to assist us in attaining the purposes of processing listed in the ‘How we use your Personal Data’ section, include service providers which supply us with services globally, including for customer support, information technology, payments, sales, data analysis, research, and surveys.
We do not transfer your Personal Data to any third parties for marketing purposes.
Retention of Personal Data and the Right to be Forgotten
We keep your Personal Data for as long as necessary for our legitimate business interests, for legal reasons and to prevent harm, including as described in the ‘How we use your Personal Data’ and ‘Providing Personal Data to Third Parties’ sections of this policy.
Capstone acknowledges that you have a right to be forgotten. Therefore, no Personal Data that is processed while providing you with our services, or through our website will be kept longer than necessary for the purposes for which it is processed. Personal Data will only be kept for a period corresponding with our obligations of retention under relevant laws.
Should you wish all or any category of your Personal Data to be deleted, you may request this in writing at
Privacy Compliance
Our Privacy Policy is compliant with the Data Protection Act (Chapter 586 of the laws of Malta), and European Union data protection legislation, including but not limited to the General Data Protection Regulation (GDPR).
Security
Capstone engages all reasonable efforts for the purpose of safeguarding the confidentiality of all Personal Data that it processes and regularly reviews and enhances its technical, physical and managerial procedures so as to ensure that your personal data is protected from:
- unauthorised access,
- improper use or disclosure,
- unauthorised modification,
- unlawful destruction or accidental loss.
To this end we have implemented security policies, rules and technical measures dedicated to the protection of the Personal Data processed by us and that data that we have under our control. All our employees and third-party data processors who have access to and are associated with the processing of Personal Data, are further obliged to respect the confidentiality of our visitors’ and clients’ personal data.
By its very nature however the internet is not a secure medium and data sent via this medium can potentially be subject to unauthorised acts by third parties that are outside of our control. There can be no absolute guarantee in relation to the privacy or confidentiality of any information passing through our website. We shall accept no responsibility or liability whatsoever for the security of your data while in transit through the internet.
Third Party Websites
The Capstone website may from time to time contain links to both local and/or international third-party websites after obtaining permission from them. Any such links are not an endorsement by us of any information in such websites or products and/or services offered through the same. We shall not accept any responsibility whatsoever for the content, use, availability, privacy practices or the content of any such websites. Please note that upon accessing such other websites, you become subject to the Privacy Policy of such other sites.
No third party is permitted to link any other website to our website without obtaining our prior written consent.
How we Communicate with you
We use your contact information when necessary, to provide you with our professional services. We may also use your contact information to keep you updated through our newsletters and other updates. You can limit or restrict the receipt of these communications via the “Unsubscribe” link in any marketing email.
E-Mail Communications Policy
Capstone may intercept some mail and e-mail addressed to individuals within Capstone. The reasons it may do this are related to security of Capstone, its staff and others, for detection and prevention of crime and to identify correct recipients or to make sure mail is dealt with during staff absence. In the case of e-mails, we may reject, delay or remove content from e-mails whose nature, content or attachments which may disrupt our systems or because they may pose security issues, possibly through viruses. We may also filter out e-mails which contain certain content on the basis that content is offensive or the e-mail is unwanted or spam. In certain circumstances this may unfortunately result in “innocent” e-mails being affected but we do try and reduce such occurrences.
All e-mail messages sent from Capstone are routinely scanned for viruses and as such should be free from any virus, malicious code, script or other executable attachment. The accuracy of scanning products is not guaranteed. The recipient(s) should therefore carry out any checks that they deem to be appropriate in this respect. Capstone cannot be held responsible for loss of or damage to data or other damages, resulting from such actions out of its control, howsoever incurred.
All e-mail messages from Capstone are sent in good faith. We cannot be held responsible for any modification that happens by any virus, or other third party after they have been sent. All messages are intended for the recipient only. If you are not the intended recipient specifically identified as the addressee on it then you should delete the message and all its attachments and are prohibited from using, reading, disclosing to any person or otherwise acting on the information contained in it and/or its contents in any way and should also notify us as soon as possible of this fact.
Security and Staff Awareness Measures
Capstone has developed strict policies governing information technology. These cover areas such as access control, authentication, audit, monitoring, data storage and back up and transmission standards. Capstone’s staff is subject to a code of conduct which requires them to adhere to privacy principles.
Right to Access/ Questions
You have a right to request access to and/or correction of your personal data processed by Capstone. Any such request must be made in writing to Capstone at the address indicated on the homepage of the website and must be signed by yourself as the Data Subject to whom the particular data relates. The processing of such requests sometimes attracts the imposition of a nominal fee.
Data Subject Rights
The full list of Data Subject Rights:
- Right to access
- Right to be forgotten
- Right to rectification
- Right to restriction of processing
- Right to data portability
- Right to object
- Right to withdraw your consent
- Right to lodge a complaint with a supervisory authority
Changes to the Privacy Policy
This Privacy Policy may be modified at any given time, particularly where statutory obligations so require, or where the interest of our users’ security so requires. Any such changes will be posted here so that you are always kept informed of how and why we process your Personal Data.
It is therefore in your own interest to check this Privacy Policy page from time to time so as to familiarise yourself with any changes. The date when this Policy was last updated is indicated at the end of this Policy.
Who we are and how to contact us
If you have any questions about Capstone’s privacy / data protection policy or the use of data in a particular service, you should contact
Last Updated: 27.07.2021