Privacy Policy

Home Advocates Privacy Policy

EMD as Data Controller is committed to protecting your privacy. EMD will not collect any personal information about you unless you provide it voluntarily or unless we are legally required to obtain it in terms of our Anti-Money Laundering (‘AML’) obligations. We will process any personal data only insofar as is necessary to provide one or more Services you have requested or otherwise with your consent. Any personal information communicated to EMD is kept within its own records in accordance with the Data Protection Act (Chap. 586 of the Laws of Malta) as currently in forceas well as the General Data Protection Regulation (Regulation (EU) 2016/679).


Client Means the Entity or any physical person engaging EMD to provide the Services.
EMD Means any one or more of EMD entities indicated below:
  EMD Trust Services Limited (C32231) Vault 13-15, Valletta Waterfront, Floriana, FRN 1914
  EMD Advisory Services Limited (C27724) Vault 13-15, Valletta Waterfront, Floriana, FRN 1914
  EMD Consultancy Limited (C46546)
Vault 13-15, Valletta Waterfront, Floriana, FRN 1914
  EMD Private Clients (C64729)
Vault 13-15, Valletta Waterfront, Floriana, FRN 1914
  EMD Solutions Limited (C39305)
Vault 13-15, Valletta Waterfront, Floriana, FRN 1914
  EMD Advocates
Vault 13-15, Valletta Waterfront, Floriana, FRN 1914
EMD Group Means all of the entities included within definition of ‘EMD’ above as well as any other holding, subsidiary, associated and related companies, firms and entities and their successors in title.
Data Protection Officer EMD has appointed a Data Protection Officer ‘DPO’ for EMD Advocates, EMD Trust Services Limited (C32231) and EMD Advisory Services Limited (C27724) who can be contacted at:
Tel. No.: +356 2203 0000
Entity Means the legal person engaging EMD to provide the Services.
Personal Data Means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic cultural or social identity of that natural person.
Personal Data Breach A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Personnel Means and includes the directors, other officers, employees, consultants, and staff of EMD and the partners and staff of its holding, subsidiary, associated and related companies, firms and entities and their successors in title.
Services Means those services in respect of which EMD has been engaged (whether by Letter of Engagement or otherwise) to provide to you or to the Entity in which you are involved whether directly or indirectly or which you represent.
Website Means the EMD website available at:
Website Visitor Means any person browsing through the Website not being a Client.
Special Categories of Data Means any personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Who is the Controller?

The Controller in respect of personal data of Website Visitors is EMD Advisory Services Limited. For Contact Requests, the Controller is the EMD entity responding to your request. In all other cases the Controller is the EMD entity which you have engaged to provide Services to you or to the Entity. Each EMD entity can be contacted below:-
Vaults 13-15,
Valletta Waterfront,
FRN 1914
Tel. No.: +356 21233005

2. Legal Basis & Purpose

  • (a) All Website Visitors

What Personal Data do we collect?

In accordance with general practice, certain information will be automatically logged in respect of every request made, which information comprises (a) name or network address of the computer making the request (b) the date and time of connection (c) the http request containing identification of the documentation collected and (d) the status code of the request. This information may be utilised for system administration, bug tracking and producing usage statistics. For website security purposes and to ensure that this service remains available to all users, we monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage.

We use cookies to help identify your computer so we can optimise your browsing experience (cookies are very small text files that are stored on your computer when you visit some websites). When visiting our Website for you will be notified of our use of cookies and your confirmation will be requested. You can still disable any cookies already stored on your computer at any time. You may also change your browser settings so as to allow/disallow cookies. Note that, if you disable the cookies we may not be able to provide you with a tailored user experience. For further information please consult our Cookies Policy .

If you read or download information from our site, we automatically collect and store the requested web page or download, whether the request was successful or not, the date and time when you accessed the site, the Internet address of the web site or the domain name of the computer from which you accessed the site, the operating system of the machine running your web browser and the type and version of your web browser.

We collect and process personal data relating to Website usage for the purposes above described being in our legitimate interest to do so as to provide an optimal browsing experience.

  • (b) Contact Services: Information Requests

What personal data do we collect?
When using the Contact Services, we ask you to provide your name and email address (collectively, “Contact Data”). This information will be provided by you by filling the online form on our Website. The information will be used so that our representatives can contact you with further details and will be processed by us on the basis of your request prior to providing any Services.

  • (c) Contact Services: Subscribing to our Newsletter

What personal data do we collect?
When subscribing to our newsletter, we will collect your Contact Data and store it in our mailing list. We will use your Contact Data to send you updates regarding any legal developments and updates regarding our services.EMD also uses its list for sending invitations to events which it holds.We will process your data based on consent. You may withdraw your consent at any time by sending an email to


3. What Personal Data does EMD collect?

When engaging an EMD entity to provide Services as a minimum we will collect your name, surname, contact details (email and phone) and address of the person engaging EMD and where such person is an Entity, the personal data of the physical person acting as a contact person for the Entity. Said details may be included in the Letter of Engagement engaging EMD to provide Services and obtained to establish proper communication channels in respect of the performance of the contract as well as for billing and debt collection purposes.

Furthermore, certain Services we provide are regulated and/or monitored by the Malta Financial Services Authority (‘MFSA’) and/or the Financial Intelligence Unit (‘FIAU’) and we will therefore need to obtain the following additional information.

  1. Personal Declaration: EMD may need to compile the personal declaration which will record the details of the beneficial owners of the Entity as well as the details of the directors of the Entity and the directors of any shareholder of the Entity. The details recorded will include the person’s name, surname, address, passport number, email address, mobile number, employment history and declarations regarding past convictions and civil suits. This information will be compiled by the relevant person with EMD’s assistance
  2. EMD may also request due diligence documentation in terms of its Anti Money Laundering requirements. Such documents include, a copy of the person’s passport or identification document, a bank reference, a professional reference, conduct verifications, bank statements, a Curriculum Vitae and a utility bill. The information and documentation collected is necessary to enable EMD to provide one or more Services. In addition, EMD may request updated documentation from time to time.

We process your personal data in order to perform the Services and otherwise to comply with our legal and regulatory requirements.

4.How long is it kept?

Information we collected regarding Your Website usage is kept for three (3) months and deleted/ rendered anonymous thereafter. When submitting an Information Request, your Contact Data will be retained until you are contacted by our representatives with further information regarding our Services, your information will be retained throughout our correspondence and will be deleted if we do not hear back within six (6) months from the last communication. If you subscribe to our newsletter Your Contact Data will be retained until you unsubscribe.

If you engage an EMD entity to provide Services you will be entered into our client database and we are then required to keep a record of the information collected under point (d) for a minimum of five (5) years from when EMD ceases to provide all Services to the Client for whatsoever cause or reason. EMD may be required to keep certain data including the Letter of Engagement, invoices and receipts for a longer period in line with its accounting, tax and VAT compliance requirements. In any case, the retention period shall not exceed ten (10) years from the date when EMD ceases to all Services to the Client.

5.Who does EMD share the data with?

  • (a) We will share the data with other entities forming part of the EMD Group as well as any other persons appointed by EMD to provide any of the Services.
  • (b) We will also share your data with the competent authorities, including the MFSA and the FIAU, if we are required to do so in order to comply with any applicable law, regulation or court order.
  • (c) From time to time EMD, may need to disclose personal, commercial or other data pertaining to the Client to third parties engaged to perform services on behalf of the Client (for example consultants, banks, legal advisors, lawyers, accountants and trade mark agents).

6. Transfers to third countries?

Any personal data processed by EMD is stored on servers hosted on the Microsoft 365 service and shall be subject to the Microsoft Privacy Statement (, EMD may, as part of the Services, need to share your data with third parties established or operating in other countrieswhich maynot have equivalent data protection or confidentiality/secrecy laws in place. While all efforts are made to minimise the risk to the Client’s personal data, the processing of Client personal data in countries which do not afford equivalent protection exposes the personal data to additional risk of disclosure and breach. The sharing of such data shall be carried out subject to appropriate safeguard being in place including the use of transfer model clauses. Furthermore, any such disclosure shall not concern any special category of data except with the specific consent of the data subject and shall only be done if necessary for the provision of the Service(s) or at the request of the Entity (where applicable).

7. Your Rights

You have certain rights in relation to your personal information. If you would like further information in relation to these or would like to exercise any of them, please contact us via email at at any time. You have the following rights:

  • Access to your information: : You may, at any time submit a request to know what information is held in your regard, if any. You can ask us for a copy of your personal information; confirmation as to whether your personal information is being used by us; details about how and why it is being used; and details of the safeguards which are in place if we transfer your information outside of the European Economic Area (“EEA”).
  • Rectification: EMD will use its best endeavours to update and maintain the data as accurate as possible within a reasonable time. You may, at any time, submit a request to have any inaccuracies corrected. EMD assumes no responsibility or liability for the accuracy or correctness of any data provided if changes are not communicated to us.
  • Right to be forgotten: where processing is based on consent and in other specific circumstances You may request to have any or all of your details erased. You can ask us for further information on these specific circumstances by contacting us using the details below. We will pass your request onto other recipients of your personal information unless that is impossible or involves disproportionate effort. You can ask us who the recipients are using the contact details below.
  • Restriction of processing: You may, at any time, submit a request to restrict the processing of your data. You have a right to ask us to restrict the way that we process your personal information in certain specific circumstances. You can ask us for further information on these specific circumstances by contacting us using the details below. We will pass your request onto other recipients of your personal information unless that is impossible or involves disproportionate effort. You can ask us who the recipients are using the contact details below.
  • Right to data portability – You may request to receive your personal information in a structure commonly used and machine readable format and have it transferred to another controller. This right only applies where we use your personal information on the basis of your consent or performance of a contract and where our use of your information is carried out by automated means.
  • Right to object and automated individual decision-making – where processing is based on the performance of a task in the public interest or based on our legitimate interests, You may object to the processing, however, this is subject to any of our overriding interests including in particular compliance with legal requirement on our part. In such case we will aim for a result that is mutually satisfactory such as taking your personal information off the live environment and archiving it for the necessary period to enable us to comply with our legal requirements.
  • Right to object to direct marketing – You may object to the processing of your personal data for the purpose of direct marketing. In the event of such an objection, We will no longer be able to provide you with updates regarding our products and services.

We will consider all such requests and provide our response within a reasonable period (and in any event within one month of your request unless we tell you we are entitled to a longer period under applicable law). Please note, however, that certain personal information may be exempt from such requests in certain circumstances, for example if we need to keep using the information to comply with our own legal obligations or to establish, exercise or defend legal claims. If an exception applies, we will tell you this when responding to your request. We may request you provide us with information necessary to confirm your identity before responding to any request you make.


Any questions or requests for further information should be addressed to You are advised that should you feel that we have breached our commitments in terms of this Privacy Policy you may file a complaint with the Information and Data Protection Commissioner in Malta.

9. Links to other Web Sites

The Website may have a number of links to websites of other Maltese and international organisations and agencies. In some cases, for the benefit of the Website Visitor. It is important for you to note that upon linking to another site, you are no longer on our website and you become subject to the privacy policy of the new site.

10. Changes to this Privacy Policy

EMD is continually improving and adding features to its Website and improving and adding to our existing products, services, and programs. Because of these ongoing changes, changes in the law, and the changing nature of technology, EMD’s data practices will be adapted accordingly. If there are any changes to this privacy policy, we will post a notice to this effect on our website. It is therefore in your own interest to check the “Privacy Policy” and “Cookies” pages any time you access our web site so as to be aware of any changes which may occur from time to time.

11. Security

EMD will use its best endeavours to ensure that adequate and reliable security measures are in place to protect personal data from being lost, misused or illegally accessed.