top of page
Sailing

Privacy Policy

Who we are

This Privacy Policy explains how we collect, use, disclose and protect personal data when you visit our website or interact with us.

The controller for this website and for client relationships booked in the European Union is:

Manentia Wealth Consulting Group Limited
Company registration number: C 80087
12 Rokna Apartments
Qui-si-sana Place
Sliema SLM 3110
Malta

Manentia Wealth Consulting Group Limited is licensed and regulated by the Malta Financial Services Authority (MFSA).

For all privacy matters, you can contact our Data Protection Officer at: DPO@mwcgroup.ch.
 

Personal data we collect

We may collect and process the following categories of personal data:

  • Identification and contact details – for example, name, postal address, email address, phone numbers, nationality, date of birth, tax residence, client identifiers, identification documents.

  • Client and engagement information – information about your financial and family situation, employment, assets and liabilities, objectives, risk tolerance, investment preferences, pension information, insurance needs, and records of our interactions and recommendations.

  • Regulatory and compliance information – information required for KYC, AML, sanctions and fraud-prevention checks, including documentation and screening results.

  • Special categories of personal data – for example, health data where required to arrange insurance products or where relevant to certain financial planning, processed only where necessary and permitted by law (typically with your explicit consent).

  • Technical and usage data – device and browser information, IP address, log data and cookie identifiers when you visit our website (see our Cookie Policy).

We collect personal data directly from you, from persons acting on your behalf, from product providers and business partners, from public sources and from compliance/screening tools.
 

Purposes and legal bases (EU GDPR)

We process personal data for the following purposes and on the bases set out in Articles 6 and 9 GDPR:

  • To provide services and manage our relationship with you

    • To assess your needs, provide advice, implement and manage products, and communicate with you.

    • Legal basis: Article 6(1)(b) GDPR – performance of a contract or steps taken at your request before entering into a contract.

  • To comply with legal and regulatory obligations

    • To comply with obligations under Maltese and European financial-services, AML, tax, accounting and consumer-protection laws and regulations.

    • Legal basis: Article 6(1)(c) GDPR – compliance with legal obligations.

  • To pursue legitimate interests

    • To manage our business and risks, monitor quality, manage disputes and legal claims, improve our services, protect our systems and information, prevent fraud and financial crime, and perform internal reporting and analytics.

    • Legal basis: Article 6(1)(f) GDPR – our legitimate interests, balanced against your interests and fundamental rights.

  • To protect vital interests

    • In limited circumstances, to protect your or another person’s vital interests.

    • Legal basis: Article 6(1)(d) GDPR.

  • With your consent

    • For specific processing activities where consent is required by law, for example:

      • processing health data or other special categories of personal data for insurance or related services;

      • certain direct marketing and electronic communications;

      • the use of non-essential cookies and similar technologies.

    • Legal basis: Article 6(1)(a) and, where applicable, Article 9(2)(a) GDPR – your consent, which you may withdraw at any time without affecting the lawfulness of processing prior to withdrawal.

Where we process special-category data (such as health data), we do so only where one of the conditions in Article 9(2) GDPR applies, typically your explicit consent or where necessary for the establishment, exercise or defence of legal claims.
 

Profiling and automated decision-making

We may use profiling to determine your risk profile, investment objectives and product suitability or appropriateness.

We do not use solely automated decision-making that produces legal effects concerning you or similarly significantly affects you within the meaning of Article 22 GDPR.
 

Sharing your personal data

We may share your personal data with:

  • Other MWC Group entities, for group management, support and intra-group services, and where they provide services directly to you;

  • Product providers and business partners, including banks, custodians, insurers, pension and investment platforms and other providers you instruct us to engage or that are necessary to deliver our services;

  • Professional advisers and service providers, including auditors, lawyers, tax advisers, compliance advisers, IT and cloud service providers, communication providers and other suppliers that process personal data on our behalf under written contracts;

  • Regulators, authorities and courts, such as the MFSA, the Financial Intelligence Analysis Unit (FIAU), tax authorities and law-enforcement bodies, where required or permitted by law; and

  • Other third parties, where you have given your consent or where we are otherwise permitted or required to do so by law.

We do not sell your personal data.
 

International transfers, including the Philippines

We may transfer personal data to countries outside the European Economic Area (EEA), including to:

  • Other MWC entities;

  • Our support office in the Philippines, which provides back-office, administrative and IT support; and

  • Third-party service providers (for example, hosting, cloud and communication providers).

Where personal data is transferred to a country that does not benefit from an adequacy decision under Article 45 GDPR, we implement appropriate safeguards such as:

  • EU Standard Contractual Clauses (2021) between the exporter and recipient;

  • Contractual restrictions on access and use; and

  • Technical measures (such as encryption and access logging).

Where a U.S. service provider participates in the EU-U.S. Data Privacy Framework, we may rely on that participation as part of our transfer mechanism, together with other safeguards where appropriate.

You may contact DPO@mwcgroup.ch for more information about transfers and the safeguards we use.
 

Security

We implement technical and organisational security measures designed to protect personal data, including role-based access control and multi-factor authentication, encryption where appropriate, secure configuration and patching, network and endpoint security, backups and business continuity procedures, and incident detection and response.
 

Retention of personal data

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, regulatory, accounting and reporting obligations and to defend or establish legal claims.

As a general indication:

  • Core client and advice records are usually kept for five to seven years after the end of the client relationship or the date of the last transaction, or longer where required by law or necessary for legal claims.

When personal data is no longer required, we will delete or irreversibly anonymise it in line with our retention policies and applicable laws.
 

Your rights under EU GDPR

Subject to conditions and applicable law, you have the following rights:

  • Right of access – to obtain confirmation as to whether we process your personal data and, if so, access to that data.

  • Right to rectification – to request correction of inaccurate or incomplete personal data.

  • Right to erasure – to request deletion of personal data in certain circumstances.

  • Right to restriction of processing – to request that we limit processing in certain situations.

  • Right to data portability – to receive personal data you have provided to us in a structured, commonly used and machine-readable format and to transmit it to another controller where technically feasible.

  • Right to object – to object to processing based on legitimate interests and to object at any time to processing for direct marketing.

  • Right to withdraw consent – where we rely on your consent, you may withdraw it at any time.

To exercise your rights, please contact DPO@mwcgroup.ch. We may need to verify your identity before responding.

You also have the right to lodge a complaint with your local supervisory authority. In Malta, this is the Information and Data Protection Commissioner (IDPC).
 

Cookies and similar technologies

Our website uses cookies and similar technologies. Essential cookies are required for the site to function. Non-essential cookies (such as analytics or marketing cookies) are only used with your consent.

You can manage your cookie preferences via the cookie banner or through your browser settings. For more details, please see our Cookie Policy.
 

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted on our website with an updated “Last updated” date.

bottom of page