Privacy Policy

Privacy Policy (Collection and Processing of your Personal Data)

1. Introduction

1.1. This Privacy Policy (the “Policy”) has been issued by and relates to J. Grech Ltd. (C-19079) and Superbrands Ltd. (C-61030) of Advance House, Level Three, 375, Manuel Dimech Street, Malta, (hereinafter the “Square Deal Group” or the “Group”) and sets out the Group’s policy in relation to the protection, processing and retention of your personal data and has been prepared to reflect the provisions of Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (herein after, the “General Data Protection Regulation” or “GDPR”).

1.2. For the avoidance of any doubt, references to “us”, “our” and “we” shall refer to the Square Deal Group or any one of our employees, associates, contractors, trainees or interns. Reference to “you” or “your” shall refer to the data subject to whom this Policy applies.

1.3. For the purposes of GDPR, J. Grech Ltd. (C-19079) shall be the controller of your personal data. The contact details of the controller are included below:

Email:[email protected]
Tel.:+356 2125 0888
Mail:J. Grech Ltd. Advance House Level 3,
375 Manwel Dimech Street,
Sliema SLM1058, Malta

1.4. This Policy applies to the processing by the Square Deal Group of personal data relating to any natural person who has visited our website ( and/or completed the contact form on our “Contact” ( webpage and/or any person who has visited any one of our retail outlets and supplied us with personal data either voluntarily or following a request by us, hereinafter collectively referred to as “Data Subjects”.

1.5. We always process personal data lawfully, fairly and in a transparent manner and we only collect personal data which is adequate, relevant and limited to what is necessary in relation to the purposes listed in section 4 of this Policy.

2. What is personal data?

2.1. According to the GDPR, “personal data” refers to any information relating to an identified or identifiable natural person (being the data subject), and therefore, does not include anonymous data or data relating to a legal person.

2.2. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

3. What personal data do we process and when do we collect it?

3.1. The personal data that we process includes the following

  • Name and surname;
  • Email address;
  • Contact details;
  • Date of birth;
  • Any details on your CV/Resume;
  • CCTV images from cameras located in and around our retail outlets;
  • Gender
  • Brand and product preferences;
  • Personal data included on a public profile on social media;
  • Purchase history, including full product specifications, the value of products purchased and date of purchase; and/or
  • Any other personal data you may supply to us.

3.2. The above listed personal data is typically supplied voluntarily by Data Subjects visiting our website or retail outlets, with the exception personal data included on any public profile on social media, CCTV images and other personal data we may process in pursuit of our legitimate interest as described in Section 4.

3.3. Furthermore, our website makes use of cookies. Cookies are small text files that a website may place on your computer or device when you visit a site. Cookies record your online identity and remember your online behaviour and preferences. For example, cookies may capture the following information

  1. Browser information: browser type, language, and history;
  2. Device information: IP address, device make, device model, device operating system/version, and data connection type;
  3. Internet service provider information; and
  4. Interaction information: domain name, referring website address, date/time of website visit, page view data, search keywords, referring/exit pages, platform type, date/time stamp, geolocation data, click data, types of ads viewed.

3.4. Cookies are used for a variety of purposes, such as to keep you logged in, to remember what is in your online shopping basket, to deliver you location specific information such as news and weather, to tailor advertising to your interests, and so on. This improves your experience of a website.

4. Why do we process personal data?

4.1. We typically process your personal data supplied by you through the contact form on our “Contact” ( webpage or at our retail outlets in order to contact you, to pass on to third parties (in accordance with section 5 of this Policy), to honour our legal obligations in terms of applicable legislation, to follow your instructions (including the transmission of your CV/resume to the appropriate personnel), in pursuit of our legitimate interests in seeking to detect fraud, harassment or the commission of a criminal offence (such as theft, the destruction of private or public property, etc) as well as to protect our staff, customers, the public and premises and retail outlets, and for supplying you with marketing and other offers, for remarketing purposes, information surveys, important announcements, invitations, which may be sent through e-mails, text messages, phone calls and postal mail. We may also process your personal data in order to investigate a complaint, process a return request, and/or investigate, rebut or report a suspected or actual criminal offence, contravention or irregularity.

4.2. Furthermore, as mentioned above our website makes use of cookies. We use cookies to deliver the following services on our website:

  • To recognise your device so you don’t have to give the same information repeatedly;
  • To collect, measure and analyse statistical information about website traffic and use;
  • To detect and track fraudulent, irregular or illegal activity.
  • For ad personalization, general remarketing activity and analytical purposes

4.3. Furthermore, our website relies on third party service providers (such as hosting and server co-location services, remarketing providers (such as Facebook, Google, Yahoo, etc), communications and content delivery networks (CDNs), data and cyber security services, billing and payment processing services, domain name registrars, fraud detection and prevention services, web analytics, etc), who in turn make use of their own cookies. Please note that such third-party services placing cookies or utilizing other tracking technologies through our website may have their own policies regarding how they collect and store information. Such practices are not covered by our Privacy Policy, we do not have any control over them and we shall not accept any responsibility for any deficiency in such practices

4.4. Visitors to our website should also note that we make use of Google Analytics, to provide us with statistical information about use and traffic on our website.  These services use IP addresses and other information from cookies to tell us, for example, the number of page views, number of users, what browsers users are using, and location data of users. This statistical information allows us to better understand our audience, reach our target audience and develop and customise our content and services. For analytics, we collect and process your information on the basis of our legitimate business and operational interest. For more information about how Google uses information from sites or apps that use our services please click here.

4.5. In addition to using cookies and related technologies as described above, we also may permit certain third party companies to help us tailor advertising that we think may be of interest to you and to collect and use other data about your activity on our website (e.g., to allow them to tailor ads on third party services). These companies may deliver ads that might also place cookies and track user behaviour.

5. Do we pass on personal data to third parties?

5.1. We may disclose your personal data to third parties in the following circumstances.

  • To our suppliers. We may, for example, engage a supplier to carry out professional, marketing, remarketing, administrative and/or operational work in support of our relationship with you. 
  • To government, police, regulators or law enforcement agencies. WWe will share your data with government, police, regulators or law enforcement agencies if, at our sole discretion, we consider that we are legally obliged or authorised to do so or it would be prudent to do so;
  • With a third party who is helping us develop and improve our services to you, such as analytics providers.

5.2. Where we share personal information with a third party, we require them to respect the security of your personal data and to treat it in accordance with the law. However, their own privacy policy will normally apply to how they subsequently use that information, and we are not responsible for this.

6. What if I don’t want to provide personal data?

6.1. Should you prefer not to provide us with your personal data, then we will remove you from our customer database (if applicable) and cease all marketing, remarketing and/or other communications. In addition, we will also erase any personal data you have previously supplied to us, unless we can demonstrate legitimate grounds which overrides your interest and rights or due to legal claims. For more information on how to unsubscribe please refer to clause 7.5.

6.2. With respect to cookies, you can manage or prevent cookies from being installed on your device by adjusting the settings on your browser software accordingly. You should be aware, however, that by doing so you may not be able to make full use of all the functions of our website or view all content

7. Rights of a Data Subject

7.1. Correcting and completing of personal data. We take every reasonable step to ensure that the personal data we have in our possession is accurate and kept up to date. However, it is still possible for certain personal data to be incorrect or incomplete. Should you, therefore, wish to correct or complete any inaccurate or incomplete personal data that we hold, you may do so by sending an email to the controller, highlighting the data that requires correction or completion, as the case may be, and we will update our records without undue delay and inform you once this has been done.

7.2. The right of access and the right to be forgotten. As a data subject, you have the right to access your personal data and, in certain situations, the right to request that we erase your personal data without undue delay by sending an email to [email protected]. Should you like to access your personal data that we hold on you or should you wish that we erase your personal data, you are kindly requested to send an email to the controller. It should be noted that we will erase your personal data as soon as possible, provided that such personal data are no longer necessary in relation to the purposes (as specified in section 4 of this Policy) for which they were collected or processed.

7.3. Data portability. You may also request a copy of your personal data, which will be supplied in any machine-readable format selected by us. This will be released either to yourself or, if technically feasible, to a controller designated by yourself.

7.4. Restriction of processing. You may also request that we restrict the processing of your personal data in the following situations. Should we agree to restrict the processing of your personal data pursuant to any of the of the grounds listed below, we shall inform you in writing before the restriction of processing is lifted.

  • the accuracy of the personal data is contested, for a period enabling us to verify the accuracy of the personal data;
  • the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead;
  • we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims.

7.5. Opting out. Where personal data are processed for direct marketing purposes, you have the right to object at any time to such processing. You can do this by (i) asking us to stop sending marketing communications (unsubscribe) by sending an email to [email protected] indicating you desire to unsubscribe. 

8. Can we transfer your personal data outside the EEA?

8.1. There may be situations where your personal data can be transferred and processed in one or more non-EEA countries. In any such situations, we will take steps to ensure that your personal data receives the same level of protection as if it remained within the EEA, including by entering into data transfer agreements, using the European Commission’s approved contractual clauses for data transfers to third countries, or other valid mechanisms for data transfers. You may also request information on the protective measures implemented for any third-country transfers of personal data.

9. How long do we keep your personal data?

9.1. We make every effort to ensure that personal data are kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data are processed.

9.2. We typically erase the personal data we have on record within ten (10) years from the end of our relationship with the Data Subject in question. With respect to any personal data collected via our CCTV units, the period depends on the size of storage installed on each device, but this period shall typically not exceed one (1) year from the date of recording.

9.3. With respect to cookies, these will remain installed on your device after the closing of your internet browser and will become active again when you revisit our website, until such files are removed or until expiry. Cookies can be deleted at any time by you. 

10. How will we notify you of changes to this Policy?

10.1. Certain terms in this Policy may be amended from time to time, in which case we shall publish the new policy on our website.

11. How can I complain?

11.1.If you are a Data Subject and you feel that your rights under the GDPR have been violated by Square Deal Group you have the right to lodge a complaint with the relevant supervisory authority for data protection. In Malta, this is the Data Protection Commissioner ( We would also welcome the opportunity and make every effort to satisfactorily deal with your complaint amicably before you approach any such supervisory authority.