Privacy Policy

EMD as Data Controller is committed to protecting your privacy. EMD will not collect any personal information about you unless you provide it voluntarily or unless we are legally required to obtain it in terms of our Anti-Money Laundering (‘AML’) obligations. We will process any personal data only insofar as is necessary to provide one or more Services you have requested or otherwise with your consent.  Any personal information communicated to EMD is kept within its own records in accordance with the Data Protection Act (Chap. 440 of the Laws of Malta) as currently in force including any law repealing and replacing the said Chap. 440 of the Laws of Malta as well as General Data Protection Regulation (Regulation (EU) 2016/679).

  1. Definitions
Client Means the Entity or any physical person engaging EMD to provide the Services.
EMD Means any one or more of EMD entities indicated below:
  EMD Trust Services Limited (C32231)

Vault 13-15, Valletta Waterfront, Floriana, FRN 1914

  EMD Advisory Services Limited (C27724)

Vault 13-15, Valletta Waterfront, Floriana, FRN 1914

  EMD Consultancy Limited (C46546)

Vault 13-15, Valletta Waterfront, Floriana, FRN 1914

  EMD Private Clients (C64729)

Vault 13-15, Valletta Waterfront, Floriana, FRN 1914

  EMD Solutions Limited (C39305)

Vault 13-15, Valletta Waterfront, Floriana, FRN 1914

  EMD Advocates

Vault 13-15, Valletta Waterfront, Floriana, FRN 1914

EMD Group Means all of the entities included within definition of ‘EMD’ above as well as any other holding, subsidiary, associated and related companies, firms and entities and their successors in title.
Data Protection Officer EMD has appointed a Data Protection Office ‘DPO’ for the entire EMD Group who can be contacted at:


Tel. No.: +356 2203 0000

Entity Means the legal person engaging EMD to provide the Services.
Personal Data Means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic cultural or social identity of that natural person.  
Personal Data Breach A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Personnel means and includes the directors, other officers, employees, consultants, and staff of EMD and the partners and staff of its holding, subsidiary, associated and related companies, firms and entities and their successors in title.
Services Means those services in respect of which EMD has been engaged (whether by Letter of Engagement or otherwise) to provide to you or to the Entity in which you are involved whether directly or indirectly or which you represent.
Website Means the EMD website available at:
Special Categories of Data Means any data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

 Who is the Controller?

The Controller is the EMD entity which will be providing the Services as identified in the Letter of Engagement entered into between yourself in your personal name and/or on behalf of the Entity and EMD. Each EMD entity can be contacted below:-

Vaults 13-15,
Valletta Waterfront,
FRN 1914
Tel. No.: +356 21233005

  1. Legal Basis & Purpose
    • Services

What Personal Data does EMD collect?

When engaging an EMD entity to provide Services as a minimum we will collect your name, surname, contact details (email and phone) and address of the person engaging EMD and where such person is an Entity, the personal data of the physical person acting as a contact person for the Entity. Said details may be included in the Letter of Engagement engaging EMD to provide Services and obtained to establish proper communication channels in respect of the performance of the contract as well as for billing and debt collection purposes.

Furthermore, certain Services we provide are regulated and/or monitored by the Malta Financial Services Authority (‘MFSA’) and/or the Financial Intelligence Unit (‘FIAU’) and we will therefore need to obtain the following additional information.

  1. Personal Declaration: EMD may need to compile the personal declaration which will record the details of the beneficial owners of the Entity as well as the details of the directors of the Entity and the directors of any shareholder of the Entity. The details recorded will include the person’s name, surname, address, passport number, email address, mobile number, employment history and declarations regarding past convictions and civil suits. This information will be compiled by the relevant person with EMD’s assistance.
  2. EMD may also request due diligence documentation in terms of its Anti Money Laundering requirements. Such documents include, a copy of the person’s passport or identification document, a bank reference, a professional reference, conduct verifications, bank statements, a Curriculum Vitae and a utility bill. The information and documentation collected is necessary to enable EMD to provide one or more Services. In addition, EMD may request updated documentation from time to time.
  • Contact Services: Subscribing to our Newsletter

What personal data do we collect?

When subscribing to our newsletter, we will collect your Contact Data and store it in our mailing list. We will use your Contact Data to send you updates regarding any legal developments and updates regarding our services. You may unsubscribe at any time by sending an email to

  1. How long is it kept?

If you engage an EMD entity to provide Services you will be entered into our client database and we are then required to keep a record of the information collected under point (d) for a minimum of five (5) from when EMD ceases to provide all Services to the Client for whatsoever cause or reason. EMD may be required to keep certain data including the Letter of Engagement, invoices and receipts for a longer period in line with its accounting, tax and VAT compliance requirements. In any case, the retention period shall not exceed ten (10) years from the date when EMD ceases to all Services to the Client.

If you subscribe to our newsletter Your Contact Data will be retained until you unsubscribe.

  1. Who does EMD share the data with?
  • We will share the data with other entities forming part of the EMD Group as well as any other persons appointed by EMD to provide any of the Services.
  • We will also share your data with the competent authorities, including the MFSA and the FIAU, if we are required to do so in order to comply with any applicable law, regulation or court order.
  • From time to time EMD, may need to disclose personal, commercial or other data pertaining to the Client to third parties engaged to perform services on behalf of the Client (for example consultants, banks, legal advisors, lawyers, accountants and trade mark agents).
  1. Transfers to third countries?

Any personal data processed by EMD is stored on servers locally. However, EMD may, as part of the Services, need to share your data with third parties established or operating in other countries which may not have equivalent data protection or confidentiality/secrecy laws in place. While all efforts are made to minimise the risk to the Client’s personal data, the processing of Client personal data in countries which do not afford equivalent protection exposes the personal data to additional risk of disclosure and breach. The sharing of such data shall be carried out subject to appropriate safeguard being in place including the use of transfer model clauses.  Furthermore, any such disclosure shall not concern any special category of data except with the specific consent of the data subject and shall only be done if necessary for the provision of the Service(s) or at the request of the Entity (where applicable).

  1. Your Rights
    • Access to your information: You may, at any time submit a request to know what information is held in your regard, if any, and request a copy of same.
    • Rectification: EMD will use its best endeavours to update and maintain the data as accurate as possible within a reasonable time. EMD assumes no responsibility or liability for the accuracy or correctness of any data provided. You may, at any time, submit a request to have any inaccuracies corrected.
    • Right to be forgotten: where processing is based on consent, You may at any time request to have any or all of your details erased. In the event of such a request, EMD will no longer be able to provide you with updates regarding legal developments and news relating to its Services.
    • Restriction of processing: You may, at any time, submit a request to restrict the processing of his/her data. Certain restrictions on processing may result in EMD being unable to provide the Services. In such cases, EMD will terminate the business relationship and archive the file. The file will be deleted following five (5) years or ten (1) years (as the case may be) from the archiving and this in line with its regulatory compliance requirements.
    • Right to data portability – You may request to receive your personal information in a structure commonly used and machine readable format and have it transferred to another controller.
    • Right to object and automated individual decision-making – where processing is based on the performance of a task in the public interest or based on our legitimate interests, You may object to the processing, however, this is subject to any of our overriding interests including in particular compliance with legal requirement on our part. In such case we will aim for a result that is mutually satisfactory such as taking your personal information off the live environment and archiving it for the necessary period to enable us to comply with our legal requirements.
  1. Breach

Any questions or requests for further information should be addressed to You are advised that should you feel that we have breached our commitments in terms of this Privacy Policy you may file a complaint with the Information and Data Protection Commissioner in Malta.

  1. Specific Consents
Mailing List: By ticking the box, the Client consents to have its name and contact details placed on EMD’s mailing list which EMD uses for the purpose of sending out mailings by email regarding legal developments and news regarding our services which may be of interest to the Client.  EMD also uses its list for sending invitations to events which it holds.
The Client may revoke consent to one or both of the above at any time by emailing
  1. Changes to this Privacy Policy

EMD is continually improving and adding to existing products, services, and programs. Because of these ongoing changes, changes in the law, and the changing nature of technology, EMD’s data practices will be adapted accordingly. If there are any changes to this privacy policy, we will post a notice to this effect on our Website. It is therefore in your own interest to check the “Privacy Policy” and “Cookies” pages any time you access our web site so as to be aware of any changes which may occur from time to time.

  1. Security

EMD will use its best endeavours to ensure that adequate and reliable security measures are in place to protect personal data from being lost, misused or illegally accessed.

Further information may be obtained from one of our leading experts by contacting us below:

Your Name (required)

Your Email (required)


Your Message

 Yes, I would like to receive EMD's newsletter with information regarding legal developments and new services.

To help us fight spam, please enter the verification code below: