1Data Controller
The data controller responsible for your personal data is:
2Personal Data We Collect
We collect personal data that you voluntarily provide to us when you:
- Contact us via our contact form, email, or phone (name, email address, phone number, company name, message content)
- Subscribe to our newsletter (email address)
- Request services or quotes (business information, project requirements)
- Browse our website (automatically collected data via cookies - see our Cookie Policy)
3Legal Basis for Processing (Article 6 GDPR)
We process your personal data based on one or more of the following legal bases:
Consent (Article 6(1)(a))
For marketing communications and newsletter subscriptions. You can withdraw consent at any time.
Contract Performance (Article 6(1)(b))
To provide services you have requested and fulfill our contractual obligations.
Legitimate Interest (Article 6(1)(f))
To respond to inquiries, improve our services, and ensure website security.
Legal Obligation (Article 6(1)(c))
To comply with applicable laws and regulations in Malta and the EU.
4How We Use Your Personal Data
- To respond to your inquiries and provide customer support
- To deliver the services you have requested
- To send marketing communications (only with your consent)
- To improve our website and services through analytics
- To comply with legal obligations
5Data Sharing & Third Parties
Your personal data will not be sold to third parties. We may share your data with:
- Service providers who assist us in operating our website and business (hosting, email services, CRM)
- Analytics providers to help us understand website usage (with your consent)
- Legal authorities when required by law
All third-party processors are bound by data processing agreements ensuring GDPR compliance.
6International Data Transfers
Some of our service providers may be located outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your data in accordance with GDPR requirements.
7Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
- Contact inquiries: 2 years from last contact
- Client data: Duration of contract + 7 years (legal requirements)
- Marketing consent: Until consent is withdrawn
- Analytics data: 26 months (anonymized)
8Your Rights Under GDPR
Under GDPR and Malta's Data Protection Act, you have the following rights:
Right of Access
Request a copy of your personal data
Right to Rectification
Correct inaccurate or incomplete data
Right to Erasure
Request deletion of your data ("right to be forgotten")
Right to Restriction
Limit how we process your data
Right to Data Portability
Receive your data in a structured format
Right to Object
Object to processing based on legitimate interest
To exercise any of these rights, please contact us at hello@oarcdigital.com. We will respond within one month.
9Cookies
Our website uses cookies to enhance your browsing experience. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.
10Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- SSL/TLS encryption for all data transmission (HTTPS)
- Secure access controls and authentication
- Regular security assessments
- Limited access on a need-to-know basis
11Complaints
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the supervisory authority:
Information and Data Protection Commissioner (IDPC)
Floor 2, Airways House, High Street
Sliema, SLM 1549, Malta
12Policy Updates
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this policy periodically. Continued use of our website after changes constitutes acceptance of the updated policy.