Privacy Policy

Privacy Notice


The aim of this Notice is to ensure that you are fully informed on how Shaw Legal will collect and process your personal data in the circumstances indicated hereunder.

Shaw Legal of 35, Valletta Road, Attard Malta (“SL”; “we”; “us”; “our”) respects your privacy and values its importance and is committed towards protecting your personal data. The purpose of this Privacy Policy is to set out the basis on which we will process your personal data when:

  • you approach and engage us to provide you with our legal and advisory services (the “Services”);
  • receive the various Services that you may request from us during the course of this engagement; and/or
  • you visit and use our website (the “Website” or the “Site”), regardless of where you visit and use it from.

This Notice informs you about the items of personal data that we may collect about you and how we will handle it, and in turn, also tells you about (i) our obligations to process your personal data responsibly, (ii) your data protection rights as a data subject and (iii) how the law protects you.

We process your data in an appropriate and lawful manner, in accordance with the Data Protection Act (Chapter 586 of the Laws of Malta) (the “Act”), as may be amended or replaced from time to time, and the General Data Protection Regulation (Regulation (EU) 2016/679) (the “Regulation” or the “GDPR”).

  1. Important information

The Website is not intended for minors, and we do not expressly collect data relating to minors except and unless where it is necessary in order to provide you with the Services that you may request from us (most commonly, where the requested Services concern your family, including your children). We will treat any information relating to minors which is disclosed to us in connection with the Services in a sensitive manner and with the utmost confidentiality.

We are the data controllers as defined by the current relevant data protection laws and regulations. We control any personal data which we collect or receive and which we process in connection with (i) the Services and/or (ii) the Website.

You have the right to file a complaint at any time to the competent supervisory authority on data protection matters, the Office of the Information and Data Protection Commissioner (the “IDPC”) ( We would, however, appreciate the opportunity to deal with your concerns before you approach the supervisory authority, so please contact our Data Protection Officer on in the first instance.

Changes to the privacy notice and your duty to inform us of changes

This version was last updated on 04 September 2020.

It is important that the personal data we hold about you is correct at all times as otherwise this will impair our ability to provide you with the Services. Please inform us of any changes to your personal data.

Third-party links

The Website may include links to third-party websites, plug-ins and applications. Clicking on these links or enabling those connections may allow third parties to collect or share your personal data. These third-party websites are not controlled by us and we are not responsible for their privacy policy or notices. We therefore strongly recommend that you read the privacy policy of every website you visit, particularly when leaving our Website.

  1. The information we collect about you

In order to provide you with Our Services, We will need to collect, use and sometimes disclose various items of personal data about you for various purposes associated with the scope of the Services that we provide, as requested and directed by you or by your organisation.

The information we collect, store and use may include:

  • Basic information such as your name, the company you work for, your position and your relationship to a person;
  • Contact information such as your address, email address and telephone number(s);
  • Financial information, such as payment related information;
  • Identification and background information provided by you or collected as part of our business acceptance process, where relevant;
  • Due Diligence data and any other documentation which may be requested to collect, process and retain from time to time by the Prevention of Money Laundering Act (Chapter 373 of the Laws of Malta) (“PMLA”), the Prevention of Money Laundering and Funding of Terrorism Regulations (“PMLFTR”), the Financial Intelligence Analysis Unit (“FIAU”) and/or any other competent authority or related legislation in order to carry out our compliance duties.
  • Special categories of personal information, such as information about of sensitive personal data relating to your criminal convictions and offences in relation to the Services you requested and also in accordance with our obligations at law;
  • Any other personal information relating to you or other third parties which you may provide to us for the purpose of receiving our Services;
  • Data collected when visiting our website including the internet protocol (IP) address, browser type and version, time zone setting and location;
  • Any other personal information that you voluntarily choose to provide to us.

Failure to provide personal data

If you fail to provide certain information when requested, we may not be in a position to perform the Services requested or we may be prevented from complying with our legal obligations.

  1. How is your personal data collected

We may collect personal data about you from different sources, including the following:

  • Data given to us directly by yourself;
  • Data collected automatically when you use Our website;
  • Data collected from other publicly available sources such as public court documents, anti-fraud databases and other third-party databases as may be required.
  1. How we use your personal data

We will only use your personal data when the law allows us to and mainly in the following circumstances:

  • To verify your identity;
  • To provide you with the requested Services;
  • To maintain and manage our business relationship;
  • To fulfil our internal compliance function and to comply with the obligations under the PMLA and PMLFTR, other rules, laws and regulations applicable to us, including our professional duties to the Courts of Malta;
  • To assist and cooperate in any criminal or regulatory investigation against you.

Note that we may process your personal data pursuant to more than one lawful ground or basis, depending on the specific purpose for which we are using your data.


  1. Sharing of data:

We may disclose your personal data to the following categories of recipients:

  • To any competent law enforcement body, regulator, government agency, court, tribunal, or other third party where we believe disclosure is necessary: (a) as a matter of applicable law or regulation; (ii) to exercise, establish or defend our legal rights; or (iii) to protect your vital interests or those of any other person;
  • To a person you have given us your consent to disclose to.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our documented instructions.

  1. Processing of your data

Your personal data may be processed both inside and outside the European Economic Area (“EEA”), in order to provide you with the requested Services, fulfil our contractual obligations to you or exercise our contractual obligations against you, comply with our legal or regulatory obligations or assert, file or exercise a legal claim.

  1. Security

We use appropriate technical and organisational measures to protect the personal information that we collect and process about you.  The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. 

  1. Retention of Data

We will retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal requirements). 

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), we will securely store your personal information and isolate it from any further processing until deletion is possible. We will generally keep your personal data for a maximum period of eleven (11) years from date of termination of the client relationship, after which time it will be destroyed if it is no longer required for the lawful purpose(s) for which it was obtained.

We may on exception retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from the courts or an investigation by law enforcement agencies or our regulators.

  1. Your rights

You have the following rights in relation to your personal data:

  • If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by sending an email to;
  • You have a right to ask for a transfer of your personal data back to you or transferred to another controller. When doing so, the personal data must be provided or transferred in a machine-readable electronic format;
  • You can object to the processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. You can exercise these rights by contacting us by email at
  • If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent;
  • You have the right to complain to a data protection authority about our collection and use of your personal information.

We respond to all requests received from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

  1. Conclusion

We reserve the right to make changes to this Notice in the future. If you have any questions regarding this Notice, or if you would like to send us your comments, please contact us on

Legal Notices

The information on this website is not intended to constitute the provision of any legal service or advice. While Shaw Legal makes every effort to maintain the accuracy of the information on this website it cannot accept any responsibility for any loss or damage which may occur from the use of such information. Shaw Legal does not provide quality control of external links. The inclusion of any other person’s or entity’s name within the pages of this website should not be construed as an endorsement or recommendation of that person or entity for any purpose whatsoever, nor do we provide any assurance in respect of the accuracy of the information contained on external links.