This document applies to all personal information held by KSi Malta as the controllers of your personal data and goes into detail on how we processes your data, why do we process it, with whom this data may be shared, in what situations we may share this data and all the measures we are taking to ensure that your data is safe and secure.

The terms of this policy will apply as long as you are a client to KSi Malta, but will also continue to apply after you cease to be a client. It also applies if you have sent us your data to be part of our marketing mailing list and also if you have applied for a position with KSi Malta.

This privacy policy however does not cover how any other Morrison KSi firm handles personal data. All Morrison KSi firms are independent entities are only part of the same association of independent accounting and auditing firms and do not share any personal data with each other. This privacy policy applies only to KSi Malta and no other firm, company or association.

On our website, you may also find links to other websites which are not managed or owned by KSi Malta. KSi Malta is not responsible for any such websites and this privacy policy shall not apply in this regard. The businesses operating these websites, may or may not have their own privacy policy and in this regard, KSi Malta is no way responsible for the way such companies manage the processing of your personal data.

The data controller as defined under the Regulation (EU) 2016/679 which is generally referred to as the General Data Protection Regulation (hereinafter referred to as “GDPR”), is KSi Malta which is a civil partnership registered under Maltese Law, having registration number LPA-92 and registered address at 6, Villa Gauci, Mdina Road, Balzan, BZN 9031, Malta


The GDPR, is a new EU Commission regulation seeking to strengthen the protection of your personal data.

At KSi Malta, we seek to uphold the high standard imposed by GDPR by providing you with peace of mind that your personal data is stored securely and safely.

KSi Malta, through this website or through the general provision of its services, may collect personal data from you. You would be giving us personal data in any of the following events:

  • Engaging KSi Malta as your service provider - We would need to request certain information as part of our client acceptance procedure, consisting partially of personal data
  • Submitting to our newsletters - By submitting your contact details to receive newsletters, you are providing us with certain personal data
  • Submitting a query – By submitting a query through our website, you would be providing us with personal data
  • Through our real-time chat on our website- You can contact us through an instant messenger chat on our website where you might provide us with personal data
  • Applying for a position with KSi Malta- You may send us a CV in relation to applying for a position with us and therefore, you will providing us with your personal data

While providing you with services, we will generate other information about you which is also personal data. These would include:

  • Financial information which we would generate when completing financial documentation like accounting, audit or taxation documentation
  • KYC information which we would need to gather and verify
  • Risk rating in relation to your business

We shall always process your data legally in terms of the current laws and regulations and in terms of the GDPR.

As an applicant to work at KSi Malta, we process your information due to the fact that:

  1. You have consented to the Processing of the personal data. As soon as KSi Malta determines that we no longer require your data, your data shall be deleted, unless you consent to your data being kept for a further period

As a client, we process your information due to the fact that:

  1. Processing is necessary for the performance of our obligations
  2. Processing is necessary due to other obligations imposed by law
  3. Processing is necessary to be able to protect our legitimate interest

In relation to marketing, we process your information due to the fact that:

  1. If you are a client of ours, it is in your legitimate interest to receive marketing information about our services
  2. If you are not a client of ours, we will only send you marketing information if you have consented to such data being sent

Personal data is personal information about an individual like you. Through the provision of our services, we may collect any of the following personal data:

  • Your client forms and references
  • Your CV, ID card, Passport, utility Bill or other proof of address documents
  • Professional References and Bank References
  • Correspondence with or about you
  • Banking information
  • Financial Data on your assets
  • Source of wealth and source of funds information
  • Criminal History
  • Tax information
  • Information needed for payroll when relevant
  • Contact details
  • IP Address and email

Should you apply for a position with KSi Malta, we may collect any of the follwing information:

  • Name and Surname
  • Your CV and any information contained within
  • Contact Details
  • Information about past experiance
  • Qualifications

For marketing purposes, we may collect any of the following:

  • Name and Surname
  • Contact details

Certain other information may be classified as special personal data which includes any information relating to the following;

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic data
  • Biometric data for the purpose of uniquely identifying a natural person
  • Data concerning health
  • Data concerning a natural person’s sex life or sexual orientation

We will never store or process any data which is deemed to consist of special categories of data without obtaining your prior written consent.

KSi Malta seeks to provide the best possible protection to your data given to us through our website.

Your data is processed through our systems usually for KSi Malta to be able to provide you with our services. Data is stored on our systems and servers and is analyvzed by our relevant teams, either for compliance purposes or to be able to provide the relevant advice or service.

In some cases your data may also be processed by a third party processor, in terms of the current data protection laws, who will assist us in fulfilling our service standard. The law further obliges us to share your data with the competent authorities in certain situations as detailed under the relevant laws and regulations.

We might also be given information by third parties, either when providing services to you or through public authorities. Such personal data may also already be public.

We might obtain such information from;

  • Tax Authorities
  • Governmental Authorities
  • Regulatory Authorities
  • Publically available information
  1. You have the right to access your data. You have the right to ask for a copy of your personal data
  2. You have the right of recitifcation of incorrect data. If any data we have is incorrect, you have a right to ask for correction of such data
  3. You have the right to be forgotten and that your data is earesed after the passage of time. You may request KSi Malta so that any data that we have on you is deleted. As stated above, due to legal requirements, your data will be held by KSi Malta for the periods stated in the data retention section and then deleted
  4. You have the right to restriction of procession. This can be done in the following cases:
    1. Where you are contesting the accuracy of the data, while such a claim is being checked
    2. If we proecess your data unlawfully
    3. If we no longer need your data but are keeping the data because we need it for a legal claim
    Kindly note however the if you exercise this right, it will hinder the ability of KSi Malta to provide you with the required services, since we may need your personal data to be able to provide you with our services.
  5. You have the right to data protability. Your data may be requested in a machine-readable format and you may also request that your data is transfered directly to another person or service provider directly
  6. You may object to the processing of your data. You may at any time inform us that you are objecting to the use of your data for direct marketing and after which we shall stop using your data for such purposes
  7. If you have provided consent for the processing of your data you have the right to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn

In making your request in relation to the above, please not that:

  • We will analyse your request and provide you with a reply within 1 month, except in extreme situations as allowed under law. In such a case we will provide information as to why your request was not acceded to within the 1 month period
  • We have the right to refuse your request, if your request is not justified. In this case we shall inform you as to the reasons of why your request was refused
  • We have the right to charge a fee or refuse your request in extreme situations where your requests are manifestly repetitive or excessive
  • When you are making a request, we may request documentation to identify the person making the request

You have the right to lodge a complaint to the deata protection authority of your habitual residence if you believe that we have not complied with the requirements of the law. You may also file an action aganst us in a court of competent jurisdiction if you feel your rights have been infringed

In terms of the local laws and regulations and the GDPR, we strive to provide the best possible protection for your personal data.

This is to ensure that:

  • Your data is processed according to law
  • Your data is not processed in violation of your rights
  • Your data is obtained and stored for a specific lawful purpose
  • You are properly informed about your rights and about your data
  • The date processed is required and not excessive
  • Your information is accurate and updated;
  • Your information is stored safely and securely
  • Our IT systems are properly protected from attack in order to safeguard your data
  • Your data is kept accordingly to our established time frames and not for a longer period than required
  • Your data is not transferred to jurisdictions which do not adhere to equivalent standards without the appropriate safeguards as stated under law

From time to time we may send marketing material to individuals subscribed to our mailing list.

We send marketing material to our current clients to keep them up to date with any other services that we may offer, however feel free to subscribe to our mailing list below, if you would like to receive such information.

To be able to provide you with our services he have appointed third parties to assist us. In some cases your data is transferred to such third parties, or such third parties have access to your data. These third parties can be classified in the following categories:

IT SecurityService providers who help KSi Malta in ensuring
that your data remains secure
IT BackupsService providers who assist KSi Malta in relation
to backups for business continuity purposes so
that your data is not lost
PayrollService providers who provide assistance in the
provision of payroll services
Banking establishment and
other financial institutions
Processing of data would relate to offering services
in relation to assistance with banking matters
Third Party AdvisorsExperts and consultants who assist us in providing
you with the best advise and services
MarketingService providers who assist us in relation to
marketing and website
StorageService providers who assist us in storing and
archiving data


Such information shall only be shared or accessed by such third parties, if:

  • We have obtained your consent before
  • Such transfer of data is necessary for the performance of our services
  • Such a transfer of personal data is required under law or other a lawful request by a competent judicial authority

We shall strive to send your data only to other EU countries or other countries which ensure proper protection for your data.

When transferring your data to countries which are not deemed as such, proper measures in terms of the law shall be applied to ensure the protection of your personal data.

In cases where such measures cannot be achieved, personal data shall only be sent to these countries if necessary to perform our services and also subject to your prior consent.

We shall retain any personal information provided to us in terms of the law and shall delete any personal data when such a retention period lapses. In this regard, KSi Malta stores our information as follows:

  1. Any personal information on prospective employees shall be deleted immediately after we decide that such individual will not be engaged with KSi Malta, unless consent is provided. In such a case we shall keep such information for a year
  2. Any information in relation to clients or prospective clients, shall be kept as follows:
    1. Any information provided in relation to the identification and verification of a client shall be kept for 10 years. This is due to the fact that by law we are required to keep such information for such a period
    2. In relation to financial and accounting data for our clients, we shall retain such information for 10 years, due to obligations under tax laws and company laws
  3. You can also at any time object to the sending of any marketing material or simply unsubscribe from our mailing list. In such a case, we shall not send you any more marketing information and if you are not a client of KSi Malta, we shall also delete all your personal information

KSi Malta utilises proper security systems to ensure that your data is kept in a secure and safe manner and has also invested considerable resources in this regard.

Such measures may include encryption, firewalls, special software and also engaging of specialized individuals to provide your data with a proper level of security.

Cookies are text files which are placed on your computer, tablet or mobile phone when using our website, to collect standard internet log information and visitor information on our websites. Our website creates cookies every time you visit it.

Cookies are used for the following:

  • To analyse the traffic on our website
  • To determine which sections or services on our website are of most interest to visitors
  • To make improvements to our website
  • To ensure that visits to our websites are properly recorded

Kindly note that our website contains hyperlinks to other websites. Please note that KSi Malta is not responsible for the content of these other websites or their respective adherence to data protection laws and rules.

KSi Malta does not provide any quality controls to such websites and shall accept no responsibility for their performance, security, accuracy, content or privacy in relation to your personal data.

We shall not process data of minors without their guardians’ written consent. In some cases we may be required to process such data due to certain services that we are offering, like residence schemes, which such minors may benefit from with their guardians. In such a case, if consent is refused, we would not be able to provide our services.

Our data protection officer is Bernard Charles Gauci.

If you wish to make any inquiry regarding your personal data, wish to have any of your data corrected or request access to your personal data, you may contact him on the details to be found at the end of this policy. Please note that we may charge a fee or refuse requests which are manifestly repetitive or excessive.

Any request must be in writing and must also include your name, address and a description of the information or correction required. We may also ask for other identification documentation. Such information is essential so that we can identify you properly.

Due to the fact that technology and the relevant legislation regarding data protection and data privacy changes at a rapid pace, KSi Malta may at any time make changes or amendments to this privacy policy.

In such a case we will amend or replace the relevant sections of this policy. It is thus in your interest to regularly check this section for any changes that may be done from time to time.


This Policy has been updated on the 6th January 2020

Members of

Learn more Learn More Contact Us