top of page

Privacy Policy


Last updated: April 2021


On point (“On point” or “we” or “us”) respects your privacy. In light of this, we constantly strive to protect your personal data in the best possible way and to comply with all applicable laws and regulations for the protection of personal data.

The EU General Data Protection Regulation 2016/679 (“GDPR”), which came into force on 25th May 2018, provides rights to individuals and requires organisations to provide information about their processing in a clear and transparent way. In this respect, we have published this Privacy Policy to take into account these requirements and to explain how we collect, store and use the personal data we obtain through this website, in accordance with the standing legislation.

Any personal data provided by you voluntarily through our website  or through your communications via email with us will be processed in accordance with the Data Protection Act (Chapter 586 of the Laws of Malta), the GDPR and any other relevant data protection legislation, as may be amended from time to time.


  • ‘Personal Data’ refers to any information relating to an identified or identifiable natural person (‘data subject’). This includes any identifiable material relating to their physical, physiological, mental, economic, cultural or social identity and includes but are not limited to physical files, identification numbers, location data and images or records of individuals.

  • ‘Processing’ makes reference to any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  • ‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

  • ‘Processor’ refers to a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

  • ‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

  • ‘Third party’ makes reference to a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

  • ‘Personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.


On Point Ltd., reg. no. C81670, is a software company in terms of the Maltese law.

For the purpose of the GDPR, On Point is the Data Controller. Should you wish to contact us with regards to the processing of your personal data, please do so on .Our postal address is: 8, 24 Church Street, Zebbug, Malta.


The data that we may collect about you includes:

  • Your name and surname

  • Mobile/Phone number

  • Company name

  • Your email address

  • Your IP addresses

  • Any personal data that you may provide to us through our website

  • Any personal data that you may provide to us through your communication with us (through meetings, calls and emails).

  • Registering with an account


  • We will process personal data on the basis of:

  • Necessity in order to take steps at your request prior to entering into a contract (for example to provide you with a quote);

  • Necessity for the performance of a contract which we have agreed to enter into at your request (for example to provide a specific software);

  • Our legitimate interests (for example, to ensure we are providing you with the best possible service, to manage our customer database efficiently and for debt collection).

  • Additional basis


Through a Data Processing Agreement (DPA) the terms of the processing and management of the personal information will be established. With the main purpose of ensuring the protection of customer’s personal data and the compliance of the GDPR laws, your personal data will be stored on our website. In baser of that DPA, the customer acknowledges and agrees the process of their personal data on their behalf.

The site-visitors’ data may be stored in different locations, but the laws of the jurisdictions on which it operates in case must always be respected.


As site-owner, we will be considered the Controller of our site-visitors’ data, deciding the data that will be collected from the site-visitors and how it will be handled. We will ensure the maintenance of a clear and comprehensive privacy policy for our customers’ website in accordance with both GDPR and local privacy regulations.

We will be responsible for notifying our site-visitors’ about the how their information is collected, processed and used, and they would also be informed whenever they information will be transferred.


We will not share any of your personal data with third parties without your permission, except where this is strictly required for us to provide you with a service you have engaged us to provide.

We may share your personal data with the following categories of entities as necessary:

  • Internal staff (IT team/marketing from On Point Ltd.).

  • Hosting and website maintenance (kindly refer to our Cookie Policy section below; and

  • Upon your request to do so, we may divulge your information to other third parties and Authorities in Malta.

If we ever have to share your personal data with an entity outside the EU, we will do so in accordance with the requirements of the GDPR and any other applicable law.


On Point may process your personal data outside of the European Union (‘EU’) and the European Economic Area (EEA). Shall your personal data be processed outside the EU/EEA, then we will make sure that such processing is respecting appropriate safeguards that ensure that your rights are protected or based on another ground for such transfer in accordance with GDPR.



You have the right to access all the personal data held and processed by the Company. You may also request a copy of this personal data. To exercise this right, you can contact us through our email address or postal address referred to above under the Data Controller clause.

In order to process this request, we will require proof of your identity. We will do our best to process the request as soon as possible, and in no longer than 14 days from hearing from you.


You have the right to request modification of all the personal data held and processed by the Company. If you think we may hold details about you that are inaccurate or out of date, please contact us at the email or postal address referred to above under the Data Controller clause in order to amended or update this information.


You have the right to request that we delete the personal data held and processed by the Company by contacting us at the email or postal address referred to above under the Data Controller clause.

This right is not absolute, and we may be justified in keeping certain personal data, for instance when we are legally obliged to do so or if such data may be necessary for us to defend a legal claim.


You have the right to request limitation of the processing of your personal data, with the exception for storage.

Limitation of processing can be requested for example if you object to the accuracy of the personal data or if you consider the processing of your personal data to be unlawful.


You have the right to object to the processing of your personal data, including where such processing takes place for the Company’s legitimate interests, and you may request to withdraw from all future activities and the removal of all personal data held and processed by us by contacting us at the email or postal address to above under the Data Controller clause.

Where personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning such marketing, which includes profiling to the extent that is related to such direct marketing.


You have the right to move, copy or transfer your personal data from one controller to another, and you have the right to request from us a copy of your personal data in a structured, commonly used and machine-readable format, which we may provide to you or another controller at your request. This process shall be based on a consent or an agreement.

Should you require our assistance with this, please contact us at the email or postal address referred to above under the Data Controller clause.


All Data Protection enquiries/complaints should be sent to

You also have the right to lodge a complaint with the Information and Data Protection Commissioner in Malta as the data protection supervisory authority:

Information and Data Protection Commissioner

Floor 2, Airways House
Triq il-Kbira,
Sliema SLM 1549
Tel: (+356) 2328 7100


You will not be required to pay a fee to access your data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.


We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights referred to above.

This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.


We take the security of your personal data very seriously and have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed, so as to safeguard its integrity and confidentiality.

The security measures we have implemented to ensure safe transmission and storage of personal data include:

  • Use of secure servers;

  • Use of firewalls;

  • Use of encryption;

  • Physical access controls at data centres;

  • Information access controls;

  • Use of back-up systems;

We also regularly review and, where practicable, improve upon these security measures.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

While we do our utmost to safeguard your personal data, no data transmission over the internet can be totally secure and therefore we cannot guarantee or warrant that no unauthorised access will occur.


We try to respond to all legitimate requests within one week.  Occasionally it could take us longer than a week if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.


We will not store personal data for longer than is necessary keeping in mind the purpose/s for which we first collected that data. We may also need to keep some of your personal data where we are obliged to do so in terms of legal, regulatory, tax or accounting requirements, or in order to protect ourselves against legal claims usually for a specified amount of time as set out in the relevant law.

As a general rule we will retain your personal data as long as you remain a client of ours, or until you ask us to stop communicating with you, unless we have a valid reason to keep the information for a longer time.

For more information about our retention policy, please contact us at the postal or email address referred to above under the Data Controller clause.


We reserve the right to amend and update this Policy at any time. This may be necessary in order to fulfil the requirements established in the applicable laws and regulations or due to changes set in OnPoint’s operations.

It is your responsibility to access the ‘Privacy Policy’ page frequently in order to be aware of any changes that may be implemented by us from time to time.


This Policy shall be governed by Maltese Law. Any dispute arising from, or related to, such Policy shall be subject to the exclusive jurisdiction of the courts of Malta.

bottom of page