Privacy Policy

E&S Consultancy Limited and/or any related entities (hereinafter referred ‘E&S’, ‘E&S Group’, ‘us’ or ‘we’) understands the importance of Your personal data and how it is used and shared online and according to the agreements entered into with E&S Group. We endeavour in respecting the value of the privacy of all who visit our website and enter into agreement for services provided by E&S Group and ensure that we only collect and retain personal data in ways described in this Policy, and in a manner that adheres with the Company’s obligations and rights under the law. Under the General Data Protection Regulation 2016/679 (GDPR or Regulation) and other applicable legislation E&S Group is required to comply with data protection including procedures so as to ensure that your data is safeguarded at all times and processed in manner that your rights are protected. E&S Group takes these obligations very seriously and ensures that it has taken all the technical and organisational measures to safeguard your privacy. E&S encourages you to read carefully this Privacy Policy and make sure that you understand it. Prior to submitting an enquiry or engaging us for our services you shall be requested to read and accept this Privacy Policy. E&S strives to provide you with optimal service and shall ensure that it will abide by the legal requirements when doing so.  Your non-acceptance of the Privacy Policy means that you decline submitting any queries or engage us for our services and you should stop using our website immediately. E&S Group understands the importance of the data subject’s personal data and how it is used and shared online.  

Data Controller

The data controller of this website is E&S Consultancy a company registered in Malta with company registration number C 50332, whose registered office is situated at Palace Court, Church Street, St. Julian’s STJ 3049 Malta. Our privacy officer can be contacted by email at, or by Post at Palace Court, Church Street, St. Julian’s STJ 3049 Malta.

Requirements, Information collected and purpose

E&S collects data to operate effectively to provide you with the best experience of our products and services.  E&S collects and processes the personal data for specified, explicit, and legitimate purposes. Your personal data shall be processed fairly and lawfully. Your personal data shall not be processed for any purpose that is incompatible with that for which it was collected. E&S ensures that your personal data is adequate and relevant in relation to the purpose of the processing. E&S shall strive that your personal data processed is correct and up to date as to its knowledge at the time of processing.  E&S shall collect process and retain personal data only for the extent necessary for the specific purposes for which You have been informed and for the retention period as specified under the heading “Data Retention”. Your personal data may be processed only if you have unambiguously given your consent or the processing is necessary for the performance of a contract to which you are party or in order for you to be able to enter into contract obligation or for compliance with legal obligations as in the case of Anti Money Laundering and Terrorist Financing Regulations (AML/TF) and any other interest carried out in the public interest or in the exercise of official authority vested in E&S or a third party with whom the personal data is disclosed except where such interest is overridden by the interest to protect the fundamental rights and freedoms that arise from the righty of privacy. Some of your personal data will be provided directly by you, as in the case when you have submitted an enquiry, contact us for support or when you enter into contractual obligations with us. We also collect personal data automatically using technologies like cookies which shall be explained further under the heading “Cookies”. E&S shall collect the following personal data when entering into contractual obligations with us: Your name and surname, email address, postal address, phone number, company name, job title, date of birth, nationality, international passport copy, Identity card copy, driving licence copy, proof of residence (E.g. utility bill or a bank statement copy), e-wallet information (where applicable), personal description and Curriculum Vitae, source of wealth and other similar information data provided by you.

 Download Information

When you visit our website, the following information will automatically be processed and this solely for the use of E&S:

  1. The requested web page or download;
  2. Whether the request was successful or not;
  3. The date and time when you accessed the site;
  4. The Internet address of the website or the domain name of the computer from which you accessed the site;
  5. The operating system of the machine running your web browser and the type and version of your web browser and other similar security features which are used for authentication purposes and account access.

Data Retention

E&S ensures that it will not retain your personal data for any longer than it is necessary and for the purposes for which the personal data was originally collected, retained and processed. When your personal data is no longer required we shall take all reasonable steps to ensure that all personal data retained is disposed of in a timely manner. Retention periods may vary between a few months with regard to simple enquiries to over ten years due to legal obligations which arise from different applicable laws and/or court orders.


Cookies are small pieces of data that the site transfers to the user’s computer hard drive when the user visits the website. We use cookies to facilitate and improve your experience of our website and to improve our products and services. This website makes limited use of cookies and consequently, for any further information, you are being guided to visit our Cookies Policy.

 Personal data provided by use of website

When using this website’s online facilities, you may be required to provide your contact details for contact purposes. All information provided in the notification form, complaints and queries sections will be solely used by the Data Controller and his staff as may be necessary, to provide you with the services required and for other administrative purposes to enable the controller exercises his functions according to law.

 Your rights as data subject

As an individual, you may exercise your right to access your personal data held about you by us by submitting your request in writing to the privacy officer.

Rectification, deletion

E&S shall at your request immediately rectify, block or erase your personal data that has not been processed according to the GDPR and Data Protection Act or processed unlawfully and where applicable proceed with notifying any third party about the measures undertaken. Although all reasonable efforts will be made to keep your information updated, you are kindly requested to inform us of any change referring to the personal data held by us. In any case, if you consider that certain information about you is inaccurate, you may request rectification of such data. Provided that no such notification shall be provided if it is shown to be impossible or it will entail a disproportionate effort.

Data Portability

Under the Regulation you have the right to receive, upon request, a copy of the personal data that you have provided to us in a structured, commonly used and machine-readable format and to transmit such data to another controller, for free. E&S  shall endeavour to ensure that such requests are processed within one month for free, subject that it is not excessive and does not affect the rights of other individuals’ personal data.

Right to be forgotten

Upon request, you have the right to have your personal data erased by us. E&S acting as a controller will take all necessary actions (including technical measures) to inform third-party data processors to comply with the request unless your personal data needs to be retained to comply with legal obligations or court orders.


In the event that E&S uses a third-party supplier or business partner to process personal data on its behalf, we shall ensure that this processor will provide security measures to safeguard personal data that is appropriate to the associated risks. E&S shall endeavour that the third party supplier or business partner is to provide the same level of data protection. We shall ensure that the third party supplier or business partner shall process personal data only to carry out its contractual obligations towards us or upon the instructions of E&S and not for any other purposes. When we process personal data jointly with an independent third party, we will explicitly specify its respective responsibilities of and the third party in the relevant contract or any other legal binding document.


E&S does not engage in any direct marketing. However, in the event that in the future we decide to engage in any direct marketing we will only do so with your given consent. You may always decide to decline from receiving any notifications and may cancel the service by sending an e-mail to   

Response to Personal Data Breach Incidents

When we learn of a suspected or actual personal data breach, we shall perform an internal investigation and take appropriate remedial measures in a timely manner. Where there is any risk to your rights and freedoms, we shall notify the relevant Supervisory Authorities without undue delay and, when possible, within 72 hours from when we learn of such breach.


E&S shall be responsible for and be able to demonstrate compliance with the principles outlined in this Privacy Policy.

International data transfer

We shall ensure that before transferring personal data out of the European Economic Area (EEA), adequate safeguards will be used including but not limited to the signing of a Data Transfer Agreement/Addendum, as required by the European Union. Authorisation may be obtained from the relevant Data Protection Authority where required. Furthermore, the entity receiving the personal data shall comply with the principles of personal data processing set forth in Cross Border Data Transfer Procedure.  

Links to other Web Sites

To give you a better service our website can connect you with a number of links to other local and international organisations and agencies. When connecting to such other websites you will no longer be subject to this Policy but to the Privacy Policy of the new website.

Transaction Security Policy

E&S shall endeavour that all personal data collected, retained, and processed is stored securely and protected against unauthorised or unlawful processing and against any accidental loss, destruction or damage. This website uses Secure Sockets Layer (SSL) to ensure secure transmission of your personal data.  You should be able to see the padlock symbol in the status bar on the bottom right hand corner of the browser window.  The URL address will also start with https:// depicting a secure webpage.  SSL applies encryption between two points such as your PC and the connecting server. Any personal data transmitted during the session will be encrypted or scrambled and then decrypted or unscrambled at the receiving end.  This will ascertain that data cannot be read during transmission.

Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the Republic of Malta and relevant EU legislation. In the event of any conflict between this Policy and applicable laws and regulations, the latter shall prevail.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time in response to changing legal, technical and/or business development. If there are any changes to this Privacy Policy, we will replace this page with an updated version. When we update our Privacy Policy, we shall take appropriate action and inform you accordingly by a Privacy Notice consistent with the significant changes we would have made. However, it is in your own interest to check the “Privacy Policy” page from time to time by accessing our website so as to be aware of any changes which may have occurred.


Any comments or suggestions that you may have and which may contribute to a better quality of service will be welcome and greatly appreciated.


This Policy shall be deemed effective as of 6th August 2018.