Website Privacy Policy and Cookie Policy
CY4 Ltd. (hereafter also referred to as ‘the Company, ‘we’ or ‘us’) is the Data Controller in terms of the Applicable Data Protection Legislation. The Company respects your privacy and is committed to protecting your Personal Data. This Privacy Notice explains how the Company will comply with Applicable Data Protection Legislation, the General Data Protection Regulation (EU) 2016/679 (‘GDPR’), the Data Protection Act (Chapter 586 of the Laws of Malta), any subsidiary legislation thereto and any other applicable laws relating to privacy and electronic communications as may be amended from time to time
It is important that you read this Privacy Notice, together with any other privacy notice that is provided on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using your information.
Data Controller of this Website
The Data Controller is CY4 Ltd., a company registered under the Laws of Malta. This means that we are responsible for deciding why and how we use your Personal Data.
CY4’s contact details are as follows:
Address:
CY4 Ltd, Level 4, 86/88,
Mill Street, Zone 5,
Central Business District,
Qormi,
QRM 3101
Telephone: +356 2705 0741 or +356 9911 0152
For general contact please send us an email on [email protected]
Data Protection Officer
The Company has appointed a Data Protection Officer (‘DPO’) who is responsible for matters relating to privacy and data protection. The Company’s DPO can be reached by sending an email at [email protected].
What is Personal Data?
Personal Data refers to any information that can identify a natural living individual, known as a ‘Data Subject’. This includes data that can identify someone directly or indirectly, such as their name, identification number, location data, online identifiers, or other details about their physical, physiological, genetic, mental, economic, cultural, or social identity. Information that has been anonymised so that the individual can no longer be identified is not considered personal data.
Special category data involves sensitive information such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data used for unique identification, health information, and details about a person’s sex life or sexual orientation. The Company processes special category data only under stringent conditions and with a valid legal basis.
We handle Personal Data for the following groups:
- Suppliers, Partners and service providers
- Customers and Clients
- Advisers, consultants, and professional experts
- Agents and representatives
- Job Applicants and Employees
- Internet Users who access our website
Principles
This Policy represents how the Company protects Personal Identifiable Information in terms of the applicable Data Protection Legislation .
When processing any Personal Data the Company shall keep in mind and comply with the following Data Protection Principles:
1. Lawfulness, Fairness, and Transparency – In compliance with the Applicable Data Protection Legislation, the Data Controller must inform the Data Subject about how their Personal Data is being processed. This information should be clear, transparent, and easy to understand. It should be presented separately from other agreements between the Data Controller and the Data Subject, using simple and straightforward language. To maintain transparency, the Data Subject should be kept informed before their Personal Data is collected and processed, and also whenever any changes to the Processing occur.
2. Purpose Limitation – Personal Data should only be Processed for the specific purpose for which it was initially collected. If there is a need to Process the Personal Data for a different purpose later on, additional legal permission or the Data Subject’s consent must be obtained, unless the new purpose is closely related to the original one. Factors to consider include the connection to the original purpose, the context of Personal Data collection, the nature of the Personal Data, potential impacts on the Data Subject, and whether appropriate safeguards are in place.
3. Data Minimisation – The Data Controller must ensure that only the Personal Data necessary for each specific purpose is Processed. This includes limiting the amount of Personal Data processed, the scope of Processing, the duration of storage, and who has access to the Personal Data. Under applicable Data Protection Legislation, Personal Data must be adequate, relevant, and limited to what is necessary for the intended purpose. The Data Controller should avoid collecting Personal Data that exceeds the requirements of the intended Processing purpose.
4. Accuracy – Personal Data must be kept accurate and up-to-date. Any Personal Data that is inaccurate or outdated must be corrected or deleted. The Data Controller is responsible for taking reasonable steps to ensure this principle is upheld.
5. Storage Limitation – Once Personal Data is no longer needed for its original purpose, the Data Controller must ensure that it is deleted. If the Personal Data needs to be retained for future use, the Controller must have valid grounds for doing so. The Data Subject must be informed about the full extent of Processing and . Regular reviews and systematic Personal Data cleansing should be conducted to ensure compliance.
6. Integrity and Confidentiality – Personal Data must be safeguarded against unauthorised access through appropriate organisational and technical measures. Protecting individuals’ privacy is paramount. Data Controllers and Processors must assess risks, implement suitable security controls, and regularly check that the Personal Data is accurate and secure. Failing to do so could lead to a Data Breach, which is subject to strict penalties under applicable applicable Data Protection Legislation.
7. Accountability – The Data Controller must be able to demonstrate compliance with data protection principles. The Company should have a comprehensive data protection governance structure that includes but is not limited to inventories of Personal Data sets, data protection policies and procedures, privacy notices, organisational and technical measures to ensure Personal Data security and conducting Data Privacy Impact Assessments when necessary.
The Personal Data we collect and how we use it
We collect and process your Personal Data in connection with your use of this website and our relationship with you. This includes when we provide services to you or our clients, or when you interact with the website. We may gather Personal Data from your interactions with us, including through cookies and web beacons used to improve your experience and ensure the website functions effectively. More information on our use of cookies and tracking technologies, as well as your control over them, can be found below.
The Personal Data we process may include:
- Data related to customers, partners, consultants, service providers, and other entities involved in managing customer information, depending on the services provided.
- Job applicant information, including full name, contact details, work experience, education, and referees.
- Employee data related to their employment with the Company.
- Information you provide or we collect through your use of the website, such as IP address, browser type, language, and access times.
- Details submitted through inquiries or complaints.
- Data related to visits to our premises, such as full name, company name, mobile number, visitor pass details, and CCTV footage, in accordance with Company policies.
If you choose not to provide, or object to the processing of, this information, we may be unable to process your instructions or continue offering certain services.
We will obtain your explicit consent where necessary for collecting and using your data.
We do not collect personal information about your activities across third-party websites or online services, nor do we allow third parties to collect such data when you use our website.
Failure to provide the information
In most cases, the provision of Personal Data arises either from statutory requirements or contractual provisions. Where applicable, failure of the provision thereof will prevent the Company from complying with its legal or regulatory obligations as well as concluding contracts and delivering the services requested.
Your responsibility to inform us of changes
It is important that all Personal Data that we hold about you is accurate and current. You need to keep us informed if your Personal Data changes, for example, a change of surname, signature, address, and/or identity card number.
Data Retention
We will retain personal data only for as long as necessary to fulfill the purposes outlined above. Your data will be kept for as long as required to comply with legal obligations, enforce agreements, and, if applicable, to establish, exercise, or defend legal claims. We regularly review the Personal Data we process and store, and will securely delete or anonymize it when it is no longer needed for legal, business, or customer purposes.
In cases where we cannot specify retention periods in advance, we will determine the duration based on factors such as:
- The purpose for which the data was collected
- Any statutory obligations requiring continued processing
- Legal grounds for processing, including consent
- The value of the information
- Industry practices regarding retention
- Risk, cost, and liability considerations
- Any other relevant circumstances.
For more information on data retention, you can contact us at [email protected].
Data Subject Rights
- Right to be informed: You have the right to know how and why your Personal Data is collected and used.
- Right to be forgotten: You can request that your Personal Data be erased.
- Right to access: You can ask to see what Personal Data is held about you and find out who it’s been shared with.
- Right to rectification of processing: If your Personal Data is incorrect or incomplete, you can ask for it to be corrected.
- Right to limit processing: You can request that the use of your Personal Data be restricted or suppressed.
- Right to data portability: You can obtain and reuse your Personal Data across different services, and easily move, copy, or transfer it from one organisation to another securely.
- Right to object: You can object to your Personal Data being Processed for certain reasons, including marketing, public interest tasks, or research.
- Rights related to automated decisions: You can ask to be informed about how automated decisions are made that affect you and have the right not to be subject to significant decisions made only by automated processes.
- Right to free service: Generally, you shouldn’t be charged for accessing your Personal Data, unless your request is clearly unfounded, excessive, or repetitive.
- Right to be informed about data breaches: If a Data Breach happens that could seriously affect your rights and freedoms, you have the right to be notified promptly.
- Right to make a complaint to the Supervisory Authority: If you are dissatisfied with the way the Company has handled your complaint or request, you have the right to contact the Supervisory Authority to seek redress fro your complaint or request.
If you wish to exercise your rights, please email your request to [email protected]. The Company will consider and respond within the legally required timeframes, typically within one (1) month, with the possibility of extending to three (3) months for complex requests. We will notify you of any extensions.
Proof of identity may be required to ensure data is not disclosed to unauthorized parties, and additional information may be requested to expedite processing. The Company reserves the right to withhold data if its disclosure would affect the rights of others.
Exercising your rights is generally free, but a reasonable fee may apply if the request is unfounded, repetitive, or excessive.
Disclosing your personal data
Except as described in this Privacy Notice, we will not intentionally disclose the personal data that we collect or store to third parties without your prior explicit consent. If the Company is requested to or discloses any Personal Data or information to third parties in connection with the above mentioned purposes, the Company shall ensure compliance with the Applicable Data Protection Legislation.
All of our third-party service providers are required to implement appropriate security measures to protect your personal data in accordance with our policies. Additionally, they are only permitted to process your personal data for specified purposes and in compliance with our legally binding agreements.
Security
We implement appropriate security measures to protect your information from loss, misuse, unauthorized access, alteration, disclosure, or destruction. The Company ensures the confidentiality, integrity, availability, and resilience of systems and services processing Personal Data, and will promptly restore access to information in case of a physical or technical incident.
While we strive to safeguard your information, no method of transmission or electronic storage is entirely secure, and we cannot guarantee absolute security. Information you transmit to us is done at your own risk, and we cannot ensure that such data won’t be accessed, disclosed, altered, or destroyed due to a breach in our safeguards.
All staff processing Personal Data receive regular training in information security practices. We have procedures in place to address suspected data breaches and will notify regulators if legally required. In certain cases, we will inform you as the affected data subject and provide guidance on protecting your rights.
If you believe your data has been compromised, please contact the Company’s Data Protection Officer at [email protected].
Updates to this Privacy Notice
This Privacy Notice may be updated periodically. If any changes impact how we use your personal data, we will inform you of the options available to you. Additionally, a notice will be posted to inform you of any updates to this Privacy Notice.
Links to Other Websites
The Company is not responsible for the actions or omissions of other websites and accepts no liability in this regard. This Privacy Notice does not apply to how other organisations process your Personal Data when we provide links to their websites. We encourage you to review the privacy notices of any external websites you visit.
Cookies Policy
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
The Company (hereafter also referred to as “us”, “we”, or “our”) uses cookies on the https://cy4.mt/ Website (the “website”).
Our Cookie Policy explains what cookies are, why we use and how we use cookies, how third parties we may partner with may use cookies on the Website, your choices regarding cookies and further information about cookies.
What are cookies?
A cookie is a small text file, typically consisting of numbers and letters, that is downloaded to your device (e.g., computer or smartphone) when you access a website. These cookies are sent back to the originating website on each subsequent visit, allowing the site to recognize your device and store information about your preferences or past actions.
Some cookies are essential for transmitting communications over an electronic network or providing internet services and must be used. Other cookies, aimed at enhancing your experience, will only be used with your consent.
How we use cookies
We use cookies to enhance the user experience, differentiate between visitors and their locations, improve website functionality, and enable key features such as navigation and access to secure areas. Cookies also help us gather statistics about website traffic and usage, allowing us to develop and optimise the website.
Cookies can be “session cookies,” which are automatically deleted when you close your browser, or “permanent cookies,” which remain on your device for future visits and are deleted after a specified period of time.
What cookies do we use?
The following table lists the types of cookies that are placed on the website, their function, and the purposes for which the data is collected and for how long it is retained. Please note that the names of the cookies may change over time.
| Cookie Name | Expiration of the Cookie | Purpose of the Cookie | Is the Cookie essential for the website to work? | Who controls or has access to the Cookie’s information? |
|---|---|---|---|---|
| _ga | 2026-05-21T13:44:23.702Z | Google Analytics | Yes | Website Owner |
| cookieyes-consent | 2026-04-16T15:37:08.000Z | GDPR | Yes | Website Owner |
Cookie Name Expiration of the Cookie Purpose of the Cookie Is the Cookie essential for the website to work? Who controls or has access to the Cookie’s information?
What are your choices regarding cookies?
When you visit the website, you will be prompted to accept cookies or manage your cookie settings. We are allowed to store cookies on your device if they are strictly necessary for the website’s operation. However, for all other types of cookies, we require your consent.
You may change your mind at any time by deleting, blocking, or refusing to accept cookies. Please note that doing so may limit your ability to use the full functionality of the website, prevent certain features from working, or affect the proper display of some pages.
How to control cookies
You can control and/or delete cookies as you wish. For details on how to control and/or delete cookies, please see:
Delete Cookies in Microsoft Internet Explorer
Delete Cookies in Mozilla Firefox browser
Delete Cookies in Google Chrome browser
Delete flash cookies (all browsers)
Changes to this Policy
We may update this Cookies Policy periodically. If any significant changes are made, we will post a notice on the website. However, we recommend regularly reviewing this Policy to stay informed about the most current version.