Privacy Notice – Buttigieg Insurance Brokers

This Privacy Notice lays out the obligations regarding data protection and the rights of its customers (defined as ‘you’, your’ and refers to current, prospective clients, family members, claimants and or other interested persons) under an insurance policy brokered through Buttigieg Insurance Brokers Ltd. (the ‘Company’), a Company incorporated in Malta with registration number C 5701 with address 213, Triq Haz Zabbar, Fgura, Malta FGR 1010.

The Company is Insurance Broker, enrolled and regulated by the Malta Financial Services Authority, in terms of the Insurance Distribution Act (Chapter 487 of the Laws of Malta).

Useful definitions

Customer – Refers to current, prospective clients, family members, claimants and or other interested persons

Personal Data – means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Our Services

We provide you with insurance broking services, including claim processing support and assistance. In order for such services to be provided to you, we are required to process your Personal Data. Throughout our insurance broking services we shall receive your Personal Data as a customer and we are to ensure that such Personal Data is processed in line with the General Data Protection Regulation((EU) 2016/679), the Data Protection Act (Chapter 586 of the Laws of Malta) and any other law and subsidiary legislation in Malta related to the processing of Personal Data as introduced or amended from time to time (thereafter referred to as “Data Protection Legislation’).

Principles of processing personal data

The Company is defined as a controller and in line with Article 5 (2) of the GDPR, it is to be responsible for, and able to demonstrate compliance with the principles laid below for processing of personal data:

  • processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
  • collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
  • accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
  • processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

Purposes for collecting your Personal Data

By appointing us as your Insurance Broker, or by using our services, you confirm that you are giving us your consent to process your data, as per below.

We will process and use your data to enter into a contract with you and to provide you with our Insurance Brokering services. We shall not process and use your Personal data without your consent unless we need to:

  • Pursue our legitimate interests;
  • To process the information to enter into or carry out an agreement we have with you
  • To process the information to comply with a legal obligation;
  • Where we believe that the use of your information is in the public interest
  • To establish, exercise or defend our legal rights; or
  • To use your information for insurance purposes:

You are to ensure that your Personal data, including sensitive personal data, is:

  • Provided to us in an accurate, up to date and to immediately inform us should any changes in Your Personal Data takes place;
  • If required by law, you will obtain data subjects’ consent prior to providing such data to Us and the purposes for which we will use such Personal data of other data subjects.

Processing of your personal data

At the start and during your relationship with us, we shall collect and process the following Personal Data:

  1. Individual details – name, surname, address, other contact details, gender, martial status, family details (dependents), date and place of birth, employment details, relationship to policyholder/ insured/beneficiary or claimant (as applicable)
  2. Identification details – identity card number, passport number, driver’s license number
  3. Financial Information- payment card number
  4. Insured risk related data – Health data, criminal records data (driving offences)
  5. Policy Information – demands and needs assessment, statement, quotations and policies you obtain
  6. Credit and anti-fraud data – details received from various anti-fraud and sanctions databases, regulators or law enforcement agencies
  7. Previous and current claims
  8. Marketing data – whether you have contented to receiving marketing data from us
  9. Website and communication usage – through your visits to our website and information collected through cookies and other tracking technologies such as IP address and domain name., brower version and operating system, traffic data, location data, web logs and other communication data and the recourses that you can access

How do we use your information?

  • assessing the proposer circumstances and insurance needs;
  • presenting such details to insurers for the purpose of obtaining quotations and placing cover;
  • processing claims;
  • undertaking checks to guard against fraud, money laundering, bribery and other illegal activities;
  • handling complaints; and analysing data, identifying trends, and developing our business services.

Disclosure of your personal information

We may share relevant information with third parties including insurers; loss adjusters and loss assessors; professional advisors; other insurance brokers; agents and service providers/processors.

Information may also be supplied to our internal auditors and regulatory bodies if required by them and to other parties if required or permitted by law.

It is our policy to retain documents and information, including insurances effected, in electronic or paper format for a period as appropriate having regard to when a claim or complaint may arise in connection with our processing of the information provided.

The legal basis for this processing is that it is necessary for the protection of our legitimate interests. After such a period of time, such data shall be destroyed without notice to the data subjects.

Data Subject’s rights

All data subjects have the right to ask the Company for;

  1. information about how their data is processed,
  2. access the data we hold about them which will be provided to them within one month of making the request, and is free of charge unless we reasonably believe that the request made is manifestly unfounded or excessive,
  3. have incomplete or inaccurate data rectified,
  4. restrict our processing of the data subject’s personal data (although we will still be permitted to store it),
  5. data portability. We are obliged to provide the data subject’s data in a format that allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability),

Data subjects who may wish to exercise the above rights or make a complaint on the use of their Personal Data, may do so by writing to us either via email on, by phone on +356 21802298 or by visiting us or sending us an email o the address below:

Head Office


Zabbar Road,

Fgura FGR1010,