This Privacy Notice (“Notice”) applies where VCMS Company Limited (C 96371) (hereinafter referred to as the  “Company”  “We”,  “Us”  or  “Our”)  are acting as a  Data Controller with respect to  Our Processing of Your Personal Data.

The Company has been delegated certain services by Vacation Club Services Limited (BVI Company Number 2039169) (hereinafter referred to as the “Club Manager”)  and such services will involve the processing of your  Personal  Data.   As explained further below,  We may also be required to disclose your Personal Data with third parties, where We and such third parties have a lawful basis to allow for such disclosure to occur.

Any Personal Data We Process is kept within Our own records in accordance with the relevant data protection and privacy laws to which We are subject including but not limited to the Data Protection Regulation  (EU)  2016/679  (the  “GDPR”)  and the  Data  Protection  Act  (Chapter 586  of the Laws of Malta) and the subsidiary legislation issued thereto,  as may be amended from time to time (hereinafter collectively referred to as the “Applicable Laws”).

References to  “Data  Controller”,  “Data  Subject”,  “Personal  Data”,  and  “Process”,  “Processed”, “Processing”  in this  Privacy Notice have the meanings set out in,  and will be interpreted in accordance with the Applicable Laws. “You” and “Your” refers to the Data Subject.

 

  1. Data Controller Details

The  Data  Controller of your  Personal  Data is  VCMS  Company  Limited. We are committed to respecting your privacy.  If you wish to contact Us about Our privacy practices please feel free to do so by contacting our DPO, Mr. Mark Anthony Galea by post at VMCS Company Limited,   Radisson BLU, Resort & Spa, Golden Sands,  l/o  Mellieha,  MLH 5510, Malta or by email at DPO@vcmsmalta.com. You may also wish to contact us by telephone on +356 2033 0108.

 

  1. Personal Data

The term “Personal Data” refers to all personally identifiable information about you and includes all the information you provide to Us or information that is provided to Us by third parties, which can be identified with you personally.

The following are the Personal Data that We collect:

 

We may also collect  Personal  Data through  CCTV  surveillance that is present on  Our premises. Furthermore,  We collect audio and video footage of any sales meetings that Our employees or representatives hold with you.

We do not collect and/or otherwise  Process special categories of  Personal  Data.  Such special categories of Personal Data include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

 

  1. Purposes of Processing

The purposes of the processing for which your Personal Data are intended are:

From time to time we would also like to contact you about Our products and services, promotional offers, information relating to operations as well as information in relation to products and services provided by third parties offers and promotions (“Marketing”).

 

  1. Legal Basis

Our legal bases of Processing your Personal Data are:

  1. a) Contract – Your contractual agreement between the Club Manager and yourself in order for you to become a member. Providing such Personal Data is necessary for your membership. The provision of Personal Data in this context is a contractual necessity. The consequence for not providing your Personal Data to Us in order to undertake such Processing would be that  you  would  be  unable  to  complete  your  membership  application  and  contract,  thus meaning that you would not be considered to be a member;
  2. b) Legitimate Interests – in particular legitimate interests which may arise directly or indirectly in relation to your membership and in keeping you updated with information in relation to your membership, including marketing. We also have a legitimate interest to process your Personal Data  for  safety  and  security,  such  as  the  recording  of  telephone  conversations, video footage or electronic communications which result or may result in transactions where recordings will take  When we  process your Personal Data on the basis of Our  (or a third party’s) legitimate interests, we ensure that the legitimate interests pursued by Us (or a third party) are not overridden by your interests, rights and freedoms; and
  3. c) Your explicit  consent  –  in  which  case,  Our  Processing  shall  be  limited  to  the  purposes

specifically indicated when your consent was requested.

We might also have to Process your Personal Data to comply with legal obligations imposed on Us.

On the basis of Our (or a third party’s) legitimate interests or compliance with legal obligations, as applicable, We may also Process your Personal Data for the purposes of establishing, exercising or defending legal proceedings.

Irrespective of the manner that We have collected your Personal Data, We will only process such data for any purpose in connection with your membership and/or purposes that are inherently related thereto, including the fulfillment of any legal or regulatory obligation imposed on Us.

 

  1. Recipients

The recipients of your Personal Data are:

  1. a) selected individuals within Our company;
  2. b) Our intra-group companies and affiliates;
  3. c) Our agents and third parties that provide services to Us, and d) Third parties to whom disclosure may be required.

Individuals with access to your  Personal  Data shall be subject to the same limitations under this Privacy Notice.  Some of the recipient of your Personal Data are located outside of the EU (including within the United Kingdom) and therefore, We have implemented the necessary transfer safeguards which allow transfers to such recipients to take place.  Should you require more information on what measures    We have implemented with such recipients,    please contact our DPO on DPO@vcmsmalta.com or at the details listed in section 2 above.

 

  1. Processing Requirement

The processing of your Personal Data is not a statutory requirement – it is a requirement in order for you to become a member and avail yourself of Our and Our affiliates services.

 

  1. Automated Decision-Making and Profiling

Your Personal Data will not be used for any automated decision-making or profiling.

 

  1. Data Retention Period

We will generally store your  Personal  Data for a  period of  10  years starting from the date of termination of your membership agreement.   Thereafter,  it shall be immediately and irrevocably erased unless We need to keep your Personal Data to comply with a legal obligation or to exercise or defend any legal claim or complaint either by  Us or by a  third party having a  lawful basis to process your Personal Data in the context of these claims or complaints.

Any  Personal Data that has been collected on the basis of your consent shall be stored until such time that your consent has been withdrawn.

If We are required to determine a retention period for the storage of any of your Personal Data, We shall firstly determine whether there is any statutory retention period set out within applicable laws. in the absence of such laws, We will assess how long We determine the retention period would be with respect to that particular category of Personal Data.   The criteria which We take into account when determining such retention period include, but are not limited to what the data/information is used for and/or how easy or difficult would it be to make sure the data remains accurate and up to date.

 

  1. Your Rights

For as long as We retain your Personal Data, you have certain rights in relation to your Personal Data including:

Data that we hold about you;

Withdrawal of your consent shall not affect the lawfulness of the processing based on your consent prior to the withdrawal of your consent; and,

Please note that your rights in relation to your Personal Data are not absolute and We may not be able to entertain such a request if We are prevented from doing so in term of an applicable law.

You may exercise the rights indicated in this section by contacting Us at the details indicated above.

 

  1. Complaints

If you have any complaints regarding Our processing of your Personal Data, we kindly ask that you please attempt to resolve any issues you may have with  Us first by contacting Us at the contact details included above. However, please note that you always have a right to lodge a complaint with the Office of the Information and Data Protection Commissioner in Malta (www.idpc.gov.mt).

 

  1. Marketing

Marketing may be carried out using the following methods:

  1. Mail;
  2. Online;
  3. Telephone/Mobile; and/or
  4. Email.

In the event that We would like to contact you for marketing purposes, We shall typically do so on the basis of obtaining your consent, unless any other conditions apply.   Whenever We collect your consent, you have the option to withdraw your consent at any time.   However, the withdrawal of your consent does not affect the lawfulness of the processing based on your consent prior to the withdrawal.

 

  1. Where Your Provide Us with Personal Data Related to Third-Party Data Subjects

If you are a non-natural person and you supply to Us Personal Data of third party Data Subjects such as your employees, affiliates, service providers, underlying clients/customers, directors or any other individuals connected to your business, you shall be solely responsible to ensure that:

 

Applicable Law;

 

You hereby fully indemnify Us and shall render Us completely harmless on first written demand against all costs, damages, or liability of whatsoever nature resulting from any claims or litigation (instituted or threatened) against Us as a result of your provision of said Personal Data to Us.

 

This clause shall supersede and extinguish all previous agreements, promises,  assurances, warranties, representations, and understandings between Us and the non-natural person, as applicable, whether written or oral, relating to its subject matter.

 

  1. Processing of Personal Data relating to Minors

We may Process Personal Data relating to minors.   In certain situations, this Personal Data may not be provided to Us by the minors themselves but by a third party.  Where this type of  Processing takes place, We require that such third-party individual provides and explains this privacy notice to the minor and ensures that the minor understands the activities that are being undertaken by  Us with respect to the minor’s Personal Data.