General Privacy Notice – A2CO Group
1.0 Introduction
This Privacy Notice is related to companies within the A2CO Group of Companies all having their registered address at Quad Central, Q3, Level 1, Central Business District, Birkirkara, Malta, namely, A2CO Malta Ltd, A2CO Advisory Ltd, A2CO Corporate Ltd, A2CO Technologies Ltd and A2CO Compliance Ltd (‘Group’, ‘Company’, ‘we’, ‘us’, ‘our’). We are committed to safeguarding the privacy of our clients using our services (‘user’, or ‘you’, ‘your’). The Group has a separate Privacy Policy for the usage of its website, namely, www.a2co.com.
This Privacy Notice explains how we collect, use, disclose, and safeguard and treat your personal information when you are seeking to become a client, and/or you are a client of A2CO Group, whether through an ongoing business relationship or an occasional transaction (collectively, ‘Services’).
By utilising, or receiving, our services, you agree with the terms of this Privacy Notice. By providing us with your personal information, you acknowledge to the Company processing your personal data/personal information in accordance with this Notice and the applicable EU laws and regulations.
2.0 What type of personal information will we hold on you and why?
We may collect, store and use the following kinds of personal information:
-
Personal details as per our ‘Know Your Customer’ (KYC) forms and/or through our centralised KYC Portal system. Details will include your name, surname, address, identification details, date of birth, the service we are providing you, citizenship, nationality and similar information about you.
-
We will keep a copy of your identification document(s) such as ID card, driving license, residency card, passport or any other identification document available to fulfil our obligations under the 6th AML Directive, the Prevention of Money Laundering & funding of terrorism regulations, the implementing procedures and other rules or regulations (hereinafter referred to as “AML Regulations”) and/or legitimate interest we may have to get to know with whom we are dealing.
-
We will keep a copy of information or documentation to proof residency of your address such as bank statement, bank reference, utility bill, fix telephone line bill, lease agreement or similar documentation. This is to fulfil our obligations in line with AML Regulations and/or our legitimate interest.
-
We will keep a copy of name checks, google searches, AI Searches and passport checks on you. Such ‘name screening’ or ‘background check’ is performed to prevent fraud, money laundering, sanctions, funding of terrorism, financial crime or any other type of crime. We utilise AI tools such as ChatGPT to analyse any adverse media you may have on you in a more effective and efficient manner. This is also in line with AML Regulations and/or internal risk-based policy of the Group. Such screening services are performed when the relationship with the client or prospect has initiated and on an ongoing basis apply a risk-based approach.
-
We will keep a record on whether you are a Politically Exposed Person (PEP), including your confirmation via a declaration, open sources and through our name screening platform ‘Lexis Nexis’, and through a google search and through an AI search using ChatGPT.
-
We shall use your personal data to perform, in a manual or automated manner, a risk classification/profiling which would classify you as ‘low risk’, ‘medium risk’ or ‘high risk’ in order to fulfil our AML obligations. Such classification will affect the level of ongoing monitoring we perform on you and/or the level of documentation we request. You may request further information on how such risk classification is performed by contacting the Data Protection Officer on dpo@a2co.com or by calling us on +356 21332100.
-
We will keep a copy of your communication with us, such as emails and letters, in line with our AML Regulations or due to a legitimate interest.
-
We may send you a link to our “SumSub” tool which would verify your identity and documentation through digital means, including through the means of biometrics and integrated AI. We perform this when we do not meet with you face-to-face in order to mitigate Money Laundering (specifically identify fraud) risk, as noted to us through AML Regulations and related guidance notes issued by Authorities.
-
We may also process and hold information about your wealth, such as the value of your assets; details of bank accounts, inheritance information and similar related information to your global net worth. We shall use such information in line with our AML Regulations.
-
We shall process and hold certain declarations that we may ask you to provide, mostly referred to as ‘Client Onboarding Questionnaire’, in line with our AML obligations. The name of the questionnaire may differ depending on different circumstances and professional positions you may hold in relation to our client.
-
We may hold and process any other information or documentation we provide to you to complete, whether in physical or digital format, in line with our legal obligations and/or internal risk-based approach policy.
-
We may also ask for a copy of your employment contract as a supporting documentation on your source of wealth or funds, on a risk-sensitive basis. Other employment data may also be processed if these provide any value in terms of ML/FT risk mitigation.
3.0 When do we need your consent?
We shall need your consent in the following circumstances:
-
When sending you direct marketing material or promotions regarding our services, unless there is a clear and tested legitimate interest for you to receive such material;
-
When sharing your personal information outside the Group, unless we are required to do so by law such as providing information to police, court of law or a competent authority, or when we are sending your data to date processors in order to be able to provide you with a service. Please see section 5 for more details. We may also share your data outside the group without your consent if we are sharing it with our processors to help us provide you with a service; and
-
When processing your personal information without having one of the other legal basis found in section 4 below.
Please note that you can withdraw your consent at any time, unless there is another legal basis that allows us to process your data as per the below section.
3.1 Sending of non-marketing information
From time to time we may send you non-marketing material such as general information about matters that may concern you. Such material is usually sent by email. This is performed after ensuring that our legitimate interest to send you such non-marketing material would not affect in a negative manner your privacy. We shall always provide you with an option to unsubscribe from such informative material. Should you unsubscribe, we shall not send you further non-marketing material. The same would apply if you have requested or shall request that no material whatsoever is sent to you.
Examples of such non-marketing material are found below:
-
Information about tax incentives published by a Government;
-
Information about new regulations;
-
Information about your rights under any regulation or legislation;
-
Information about an investment aid issued by a Government;
-
Information about any other topic which may be of personal interest for you.
4.0 When can we process your personal data?
Apart from the ‘consent’ noted in section 3 above, we may also process your data if we have the following legal basis:
-
Contractual obligation or necessity;
-
Legal obligation;
-
Member-state law;
-
Vital interest of the data subject;
-
When processing the data is in the best interest of the public; and
-
Legitimate interest.
It is the nature of our business to process your data mostly due to a contractual necessity, legal obligation or due to a legitimate interest. When neither of these apply, it is likely that we will process your data based upon your consent. That said, A2CO Group may process data according to regulations listed within the General Data Protection Regulation (“GDPR”).
5.0 How and when do we disclose your personal information to third parties?
We may disclose your personal information:
-
To the extent that we are required to do so by law;
-
In connection with any ongoing or prospective legal proceedings;
-
In order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
-
To any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information;
-
To any of our employees, officers, insurers, professional advisers, bankers, agents, suppliers, IT service providers or subcontractors insofar as reasonably necessary for the purposes set out in this notice (also known as Processors and sub-processors);
-
To any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes set out in this notice. If the Company is merged, acquired, or sold, or in the event of a transfer of some, or all, of our assets or equity, we may disclose or transfer Personal Information and usage data in connection with such transaction;
-
In all other circumstances where you would have given your consent.
We will not, without your express consent, supply your personal information to any third party for the purpose of their, or any other third party’s direct marketing.
Personal information that you publish on our website or submit for publication on our website may be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others.
6.0 Where is your data stored and how is it protected?
Your data may be stored in one or more of the following locations:
-
Physical files which may be held under lock and key in our office;
-
A server located in our office which is in a locked and protected environment; and
-
On Cloud which is located within the European Union.
6.1 How is your personal data protected?
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. We maintain physical, electronic, and procedural safeguards to protect the confidentiality and security of Personal Information and other information transmitted to us.
You acknowledge that the transmission of information over the internet is inherently insecure and while we strive to protect information transmitted on or through the Site or Services, we cannot, and do not, guarantee the security of any information you transmit on, or through, the Site or Services, and you do so at your own risk.
That said, when information reaches our company, we shall take the necessary steps to protect such information. This is done by one or more of the below:
-
Ensuring the data is safeguarded by the use of any of the following: firewalls, encryptions, access restrictions and/or passwords;
-
In case of physical copies of your personal information or data, precaution shall be taken to ensure such data is accessible only to individuals within the Group that require to access your data to perform their duties and/or to provide you with a service;
-
The Group shall ensure that proper backups are taken to prevent the data from being lost; and
-
Without prejudice to section 6 above, your data saved in digital format on our servers, cloud or on our KYC Portal system shall be accessible by individuals that are required to access your data to perform their duties and or to provide you with a service. Relevant authorities may request to access your data at any time. This includes, but is not limited to, the following authorities or entities: the Police, Court of Law, Magistrates and Court experts, Malta Financial Services Authority MFSA, the Financial Intelligence Analysis Unit FIAU and or the Commissioner for Data Protection.
7.0 For how long shall we keep your data?
Personal data will be retained by A2CO Group for as long as it is necessary for the purposes of processing such data. Thus, the Group will keep data for as long as it is obliged to by law, or need to keep a record of, a relationship with a client. We shall not keep your data for more than 10 years following completion of service or termination of our business relationship with you. As a minimum, we shall keep your data for 5 years following the completion of service or termination of our business relationship with you.
7.1 How shall we destroy your data after the retention period is over?
We shall destroy your data in a safe and reliable manner. Physical files shall be destroyed by means of shredding. Shredding services may be outsourced to third parties. A2CO Group shall ensure that if shredding is outsourced to third parties, the Group shall review their data privacy procedures and safeguard the interest of the data subjects through ways and means such as through a contractual agreement between A2CO Group as data controller and the shredding company as data processors in line with Article 28 of the General Data Protection Regulation. For the removal of any doubt, this would only apply if A2CO group provides non-shredded data to the shredding service provider. If shredding is done in-house, then the shredding service provider will not be considered as a data processor.
In the case of data stored in digital format, such data shall be permanently deleted. This would include any backups held on servers and/or cloud.
Communication between the client and the Group shall be deleted or destroyed.
Should the Group be required to change one or more of its hard disks where data is, or was previously stored, the Group shall ensure that such hard disk is disposed of in a professional manner and in a way that data cannot be retrieved from it in the future.
1.0 Introduction
This Privacy Notice is related to companies within the A2CO Group of Companies all having their registered address at Quad Central, Q3, Level 1, Central Business District, Birkirkara, Malta, namely, A2CO Malta Ltd, A2CO Advisory Ltd, A2CO Corporate Ltd, A2CO Technologies Ltd and A2CO Compliance Ltd (‘Group’, ‘Company’, ‘we’, ‘us’, ‘our’). We are committed to safeguarding the privacy of our clients using our services (‘user’, or ‘you’, ‘your’). The Group has a separate Privacy Policy for the usage of its website, namely, www.a2co.com.
This Privacy Notice explains how we collect, use, disclose, and safeguard and treat your personal information when you are seeking to become a client, and/or you are a client of A2CO Group, whether through an ongoing business relationship or an occasional transaction (collectively, ‘Services’).
By utilising, or receiving, our services, you agree with the terms of this Privacy Notice. By providing us with your personal information, you acknowledge to the Company processing your personal data/personal information in accordance with this Notice and the applicable EU laws and regulations.
2.0 What type of personal information will we hold on you and why?
We may collect, store and use the following kinds of personal information:
-
Personal details as per our ‘Know Your Customer’ (KYC) forms and/or through our centralised KYC Portal system. Details will include your name, surname, address, identification details, date of birth, the service we are providing you, citizenship, nationality and similar information about you.
-
We will keep a copy of your identification document(s) such as ID card, driving license, residency card, passport or any other identification document available to fulfil our obligations under the 6th AML Directive, the Prevention of Money Laundering & funding of terrorism regulations, the implementing procedures and other rules or regulations (hereinafter referred to as “AML Regulations”) and/or legitimate interest we may have to get to know with whom we are dealing.
-
We will keep a copy of information or documentation to proof residency of your address such as bank statement, bank reference, utility bill, fix telephone line bill, lease agreement or similar documentation. This is to fulfil our obligations in line with AML Regulations and/or our legitimate interest.
-
We will keep a copy of name checks, google searches, AI Searches and passport checks on you. Such ‘name screening’ or ‘background check’ is performed to prevent fraud, money laundering, sanctions, funding of terrorism, financial crime or any other type of crime. We utilise AI tools such as ChatGPT to analyse any adverse media you may have on you in a more effective and efficient manner. This is also in line with AML Regulations and/or internal risk-based policy of the Group. Such screening services are performed when the relationship with the client or prospect has initiated and on an ongoing basis apply a risk-based approach.
-
We will keep a record on whether you are a Politically Exposed Person (PEP), including your confirmation via a declaration, open sources and through our name screening platform ‘Lexis Nexis’, and through a google search and through an AI search using ChatGPT.
-
We shall use your personal data to perform, in a manual or automated manner, a risk classification/profiling which would classify you as ‘low risk’, ‘medium risk’ or ‘high risk’ in order to fulfil our AML obligations. Such classification will affect the level of ongoing monitoring we perform on you and/or the level of documentation we request. You may request further information on how such risk classification is performed by contacting the Data Protection Officer on dpo@a2co.com or by calling us on +356 21332100.
-
We will keep a copy of your communication with us, such as emails and letters, in line with our AML Regulations or due to a legitimate interest.
-
We may send you a link to our “SumSub” tool which would verify your identity and documentation through digital means, including through the means of biometrics and integrated AI. We perform this when we do not meet with you face-to-face in order to mitigate Money Laundering (specifically identify fraud) risk, as noted to us through AML Regulations and related guidance notes issued by Authorities.
-
We may also process and hold information about your wealth, such as the value of your assets; details of bank accounts, inheritance information and similar related information to your global net worth. We shall use such information in line with our AML Regulations.
-
We shall process and hold certain declarations that we may ask you to provide, mostly referred to as ‘Client Onboarding Questionnaire’, in line with our AML obligations. The name of the questionnaire may differ depending on different circumstances and professional positions you may hold in relation to our client.
-
We may hold and process any other information or documentation we provide to you to complete, whether in physical or digital format, in line with our legal obligations and/or internal risk-based approach policy.
-
We may also ask for a copy of your employment contract as a supporting documentation on your source of wealth or funds, on a risk-sensitive basis. Other employment data may also be processed if these provide any value in terms of ML/FT risk mitigation.
3.0 When do we need your consent?
We shall need your consent in the following circumstances:
-
When sending you direct marketing material or promotions regarding our services, unless there is a clear and tested legitimate interest for you to receive such material;
-
When sharing your personal information outside the Group, unless we are required to do so by law such as providing information to police, court of law or a competent authority, or when we are sending your data to date processors in order to be able to provide you with a service. Please see section 5 for more details. We may also share your data outside the group without your consent if we are sharing it with our processors to help us provide you with a service; and
-
When processing your personal information without having one of the other legal basis found in section 4 below.
Please note that you can withdraw your consent at any time, unless there is another legal basis that allows us to process your data as per the below section.
3.1 Sending of non-marketing information
From time to time we may send you non-marketing material such as general information about matters that may concern you. Such material is usually sent by email. This is performed after ensuring that our legitimate interest to send you such non-marketing material would not affect in a negative manner your privacy. We shall always provide you with an option to unsubscribe from such informative material. Should you unsubscribe, we shall not send you further non-marketing material. The same would apply if you have requested or shall request that no material whatsoever is sent to you.
Examples of such non-marketing material are found below:
-
Information about tax incentives published by a Government;
-
Information about new regulations;
-
Information about your rights under any regulation or legislation;
-
Information about an investment aid issued by a Government;
-
Information about any other topic which may be of personal interest for you.
4.0 When can we process your personal data?
Apart from the ‘consent’ noted in section 3 above, we may also process your data if we have the following legal basis:
-
Contractual obligation or necessity;
-
Legal obligation;
-
Member-state law;
-
Vital interest of the data subject;
-
When processing the data is in the best interest of the public; and
-
Legitimate interest.
It is the nature of our business to process your data mostly due to a contractual necessity, legal obligation or due to a legitimate interest. When neither of these apply, it is likely that we will process your data based upon your consent. That said, A2CO Group may process data according to regulations listed within the General Data Protection Regulation (“GDPR”).
5.0 How and when do we disclose your personal information to third parties?
We may disclose your personal information:
-
To the extent that we are required to do so by law;
-
In connection with any ongoing or prospective legal proceedings;
-
In order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
-
To any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information;
-
To any of our employees, officers, insurers, professional advisers, bankers, agents, suppliers, IT service providers or subcontractors insofar as reasonably necessary for the purposes set out in this notice (also known as Processors and sub-processors);
-
To any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes set out in this notice. If the Company is merged, acquired, or sold, or in the event of a transfer of some, or all, of our assets or equity, we may disclose or transfer Personal Information and usage data in connection with such transaction;
-
In all other circumstances where you would have given your consent.
We will not, without your express consent, supply your personal information to any third party for the purpose of their, or any other third party’s direct marketing.
Personal information that you publish on our website or submit for publication on our website may be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others.
6.0 Where is your data stored and how is it protected?
Your data may be stored in one or more of the following locations:
-
Physical files which may be held under lock and key in our office;
-
A server located in our office which is in a locked and protected environment; and
-
On Cloud which is located within the European Union.
6.1 How is your personal data protected?
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. We maintain physical, electronic, and procedural safeguards to protect the confidentiality and security of Personal Information and other information transmitted to us.
You acknowledge that the transmission of information over the internet is inherently insecure and while we strive to protect information transmitted on or through the Site or Services, we cannot, and do not, guarantee the security of any information you transmit on, or through, the Site or Services, and you do so at your own risk.
That said, when information reaches our company, we shall take the necessary steps to protect such information. This is done by one or more of the below:
-
Ensuring the data is safeguarded by the use of any of the following: firewalls, encryptions, access restrictions and/or passwords;
-
In case of physical copies of your personal information or data, precaution shall be taken to ensure such data is accessible only to individuals within the Group that require to access your data to perform their duties and/or to provide you with a service;
-
The Group shall ensure that proper backups are taken to prevent the data from being lost; and
-
Without prejudice to section 6 above, your data saved in digital format on our servers, cloud or on our KYC Portal system shall be accessible by individuals that are required to access your data to perform their duties and or to provide you with a service. Relevant authorities may request to access your data at any time. This includes, but is not limited to, the following authorities or entities: the Police, Court of Law, Magistrates and Court experts, Malta Financial Services Authority MFSA, the Financial Intelligence Analysis Unit FIAU and or the Commissioner for Data Protection.
7.0 For how long shall we keep your data?
Personal data will be retained by A2CO Group for as long as it is necessary for the purposes of processing such data. Thus, the Group will keep data for as long as it is obliged to by law, or need to keep a record of, a relationship with a client. We shall not keep your data for more than 10 years following completion of service or termination of our business relationship with you. As a minimum, we shall keep your data for 5 years following the completion of service or termination of our business relationship with you.
7.1 How shall we destroy your data after the retention period is over?
We shall destroy your data in a safe and reliable manner. Physical files shall be destroyed by means of shredding. Shredding services may be outsourced to third parties. A2CO Group shall ensure that if shredding is outsourced to third parties, the Group shall review their data privacy procedures and safeguard the interest of the data subjects through ways and means such as through a contractual agreement between A2CO Group as data controller and the shredding company as data processors in line with Article 28 of the General Data Protection Regulation. For the removal of any doubt, this would only apply if A2CO group provides non-shredded data to the shredding service provider. If shredding is done in-house, then the shredding service provider will not be considered as a data processor.
In the case of data stored in digital format, such data shall be permanently deleted. This would include any backups held on servers and/or cloud.
Communication between the client and the Group shall be deleted or destroyed.
Should the Group be required to change one or more of its hard disks where data is, or was previously stored, the Group shall ensure that such hard disk is disposed of in a professional manner and in a way that data cannot be retrieved from it in the future.
Your Rights
8.0 What are your Rights?
-
You can obtain information regarding the processing of your personal information and access to the personal information which we hold about you by contacting our Data Protection Officer.
-
You may request that any personal information be rectified by sending an e-mail notification on dpo@a2co.com.
-
You have the right to request that we erase your personal information if it is inaccurate or incomplete. There may be circumstances where you ask us to erase your personal information, but we are legally obliged to retain it.
-
You may object to, and request the processing of, your personal information in certain circumstances. There might be circumstances where you object to, or ask us to restrict, our processing of your personal information but we are legally entitled to refuse that request.
-
You may instruct us at any time not to process your personal information for marketing purposes.
-
You may withdraw your consent given under this Policy at any time by sending an e-mail notification. Our details are listed hereunder.
-
Your personal information may only be stored unless further processing is brought about by individual consent and the necessity for the establishment of legal claims for the protection of the rights of another natural/legal person or for the public interest.
-
You have a right to lodge a complaint to the supervisory authority of the jurisdiction in which the personal information is being provided.
-
You may request one printed copy of this Privacy Notice free of charge.
9.0 Where can you complain if you have an issue related to Data Privacy?
We value our customers’ comments and we are committed to ensure that all our clients’ data is safeguarded and in line with regulation and our internal policies. Should you feel the need to complain about, or raise your objections, to how we are handling your personal data, then you may contact our Data Protection Officer using the following contact details.
9.1 Contacting the Data Protection Officer
Our Data Protection Officer (DPO) may be contacted by the following methods:
-
By post, to The DPO, A2CO Group, Quad Central, Q3, Level 1, Triq L-Esportaturi, Central Business District, Birkirkara, Malta CBD1040
-
By telephone on +356 21332100
-
By sending an email on dpo@a2co.com
The Group will do its utmost to ensure that complaints are handled and settled internally in an efficient and professional manner.
9.2 Contacting the Maltese Data Commissioner
You may also contact the Office of the Data Commissioner as follows:
- You may file a complaint with the Maltese Data Protection Commissioner through the following link: https://idpc.org.mt/file-a-complaint/
- Alternatively, you may contact the office of the Maltese Data Commissioner by phone on +356 23287100 or by post using the below address:
The Commissioner
Mr Ian Deguara
Level 2, Airways House
High Street
Sliema
SLM 1549
10.0 Can we modify this Privacy Notice?
From time to time, we may change this Privacy notice. If we change this Privacy notice, we will upload the updated privacy notice on our website, or by posting a notice on our homepage stating that a change has occurred. We shall write to you should there be a ‘material change’ in the Privacy notice which affects your rights.
This Privacy Policy is in conformity with applicable EU laws and regulations. The Company is liable only to the extent of the provisions set out under the applicable EU laws and regulations. Last updated in November 2025.
**End of Privacy Notice**
8.0 What are your Rights?
-
You can obtain information regarding the processing of your personal information and access to the personal information which we hold about you by contacting our Data Protection Officer.
-
You may request that any personal information be rectified by sending an e-mail notification on dpo@a2co.com.
-
You have the right to request that we erase your personal information if it is inaccurate or incomplete. There may be circumstances where you ask us to erase your personal information, but we are legally obliged to retain it.
-
You may object to, and request the processing of, your personal information in certain circumstances. There might be circumstances where you object to, or ask us to restrict, our processing of your personal information but we are legally entitled to refuse that request.
-
You may instruct us at any time not to process your personal information for marketing purposes.
-
You may withdraw your consent given under this Policy at any time by sending an e-mail notification. Our details are listed hereunder.
-
Your personal information may only be stored unless further processing is brought about by individual consent and the necessity for the establishment of legal claims for the protection of the rights of another natural/legal person or for the public interest.
-
You have a right to lodge a complaint to the supervisory authority of the jurisdiction in which the personal information is being provided.
-
You may request one printed copy of this Privacy Notice free of charge.
9.0 Where can you complain if you have an issue related to Data Privacy?
We value our customers’ comments and we are committed to ensure that all our clients’ data is safeguarded and in line with regulation and our internal policies. Should you feel the need to complain about, or raise your objections, to how we are handling your personal data, then you may contact our Data Protection Officer using the following contact details.
9.1 Contacting the Data Protection Officer
Our Data Protection Officer (DPO) may be contacted by the following methods:
-
By post, to The DPO, A2CO Group, Quad Central, Q3, Level 1, Triq L-Esportaturi, Central Business District, Birkirkara, Malta CBD1040
-
By telephone on +356 21332100
-
By sending an email on dpo@a2co.com
The Group will do its utmost to ensure that complaints are handled and settled internally in an efficient and professional manner.
9.2 Contacting the Maltese Data Commissioner
You may also contact the Office of the Data Commissioner as follows:
- You may file a complaint with the Maltese Data Protection Commissioner through the following link: https://idpc.org.mt/file-a-complaint/
- Alternatively, you may contact the office of the Maltese Data Commissioner by phone on +356 23287100 or by post using the below address:
The Commissioner
Mr Ian Deguara
Level 2, Airways House
High Street
Sliema
SLM 1549
10.0 Can we modify this Privacy Notice?
From time to time, we may change this Privacy notice. If we change this Privacy notice, we will upload the updated privacy notice on our website, or by posting a notice on our homepage stating that a change has occurred. We shall write to you should there be a ‘material change’ in the Privacy notice which affects your rights.
This Privacy Policy is in conformity with applicable EU laws and regulations. The Company is liable only to the extent of the provisions set out under the applicable EU laws and regulations. Last updated in November 2025.
**End of Privacy Notice**