Privacy Policy

We process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “GDPR”) and the Data Protection Act (Chapter 586 of the Laws of Malta). The security of your personal data and its lawful processing is a top priority for us. Below you will find information on how we process your personal data and how we ensure its security.

MY DETAILS

Who are we?
Personal data is processed by:

Full name: Rebeka Kubackova
Email: info@designbyrebeka.com
(hereinafter referred to as the “controller”).

CATEGORIES OF PERSONAL DATA, PURPOSE, LEGAL BASIS, AND RETENTION PERIOD

What personal data do we process, for what purpose, on what legal basis, and for how long?
We process only the personal data necessary to achieve specific purposes. Personal data is processed for the following purposes:

Accounting Records

We process customer data for accounting purposes in the scope of: name, billing address, bank account number, payment data, email, phone number, and invoice details in order to comply with legal obligations under tax and accounting laws.

  • Legal basis: Compliance with legal obligations
  • Retention period: 5 years from the end of the relevant fiscal year

Provision of Services

Personal data of clients is processed in the scope of: name, email, phone number, address (if invoicing is required), order or project details, and payment information for the purposes of:

  • Pre-contractual communication
  • Acceptance of orders
  • Provision of services and fulfilment of contracts
  • Issuing invoices
  • Communication during project delivery
  • Maintaining project records
  • Legal basis: Contract performance
  • Retention period: 5 years after the last service was delivered

Contact Form

Personal data submitted through the contact form is processed in the scope of: name, email, phone number, subject and content of the message, for the purpose of answering inquiries.

  • Legal basis: Pre-contractual steps or legitimate interest
  • Retention period: 6 months

Testimonials

Clients who provide testimonials may have their data processed in the scope of: name, photo, review content, email, or phone number, for the purpose of publishing the testimonial on the website or social media.

  • Legal basis: Consent
  • Retention period: For the duration of consent
    The data subject may withdraw their consent at any time by sending an email.

The client agrees that the testimonial, including their name and review, may be published on the website www.[yourdomain].com even without additional consent. If the client does not wish their testimonial to be published, they may notify the controller by email and the testimonial will be removed or anonymised within 14 days of the request.

Newsletter

Personal data of individuals subscribed to the newsletter is processed in the scope of: name, email address.

  • Legal basis: Consent, or legitimate interest (in the case of existing clients)
  • Retention period: Until unsubscribed or for up to 10 years
    You may unsubscribe at any time using the link at the bottom of each newsletter or by contacting us via email.

Cookies

Cookies are used to ensure the functionality of the website, for easier navigation, and for marketing purposes.

  • Legal basis: Consent
  • Retention period: Up to 15 months
    You can manage or revoke cookie consent via your browser settings.

CONSENT

In the above-mentioned cases, we process your personal data on the legal basis of your consent, i.e. only with your permission. You may withdraw your consent at any time by sending an email, clicking the unsubscribe link in a newsletter, or changing your browser settings for cookies.

RECIPIENTS

Who do we share your personal data with?
We only share personal data with third parties if required by law or necessary for contract performance. This may include:

  • Public authorities or tax offices
  • Hosting providers (e.g., for this website)
  • Accounting or tax professionals
  • Newsletter or marketing platform providers
  • Web analytics tools (with anonymisation where applicable)

We only work with providers that offer sufficient guarantees of GDPR compliance and security. Where required, we have signed data processing agreements.

THIRD COUNTRIES

Do we transfer your data outside the EU?
Yes. Some services (e.g. mailing tools or webinar platforms) may involve transfers to third countries, such as the USA. These transfers are protected by appropriate safeguards, such as Standard Contractual Clauses (SCCs) or adequacy decisions, ensuring a level of protection equivalent to that in the EU.

COMPLAINTS

Not satisfied?
If you are not satisfied with how we process your personal data, you may contact us by email. You also have the right to lodge a complaint with the supervisory authority:

Information and Data Protection Commissioner (IDPC)
Level 2, Airways House, Triq Il-Kbira, Sliema SLM1549, Malta
📧 Email: idpc.info@idpc.org.mt
🌐 Website: www.idpc.org.mt

HOW WE PROCESS YOUR PERSONAL DATA

Personal data is processed in both electronic and written form. We do not use any automated decision-making or profiling.

We maintain records of all processing activities and implement appropriate technical and organisational measures to ensure data security. These include:

  • Antivirus protection
  • Strong password policy
  • Data encryption
  • Regular backups
  • Confidentiality obligations for anyone who processes data on our behalf

DATA SUBJECT RIGHTS

What rights do you have under GDPR?
Depending on the legal basis, you may have the following rights:

Right of Access

You have the right to request confirmation of whether we process your personal data and obtain a copy of the data.

Right to Rectification

You have the right to correct inaccurate or outdated personal data.

Right to Erasure

You may request the deletion of your data if:

  • It is no longer needed
  • You withdraw your consent
  • You object to processing
  • The data is processed unlawfully
  • Erasure is required by law
  • You are a child (or the parent of one) who consented to online data processing

Right to Restriction of Processing

You may request restricted processing if:

  • You contest the accuracy of the data
  • Processing is unlawful, but you oppose deletion
  • You need the data to establish or defend legal claims
  • You object to processing and await verification of overriding legitimate interests

Right to Data Portability

If applicable, you have the right to receive your data in a structured, commonly used format and transmit it to another controller.

Right to Object

You may object to processing based on legitimate interest. If we cannot prove overriding legitimate grounds, we will stop processing your data.

To exercise your rights, you can contact us by email or post using the details above. We will process your request and inform you of the outcome within one month.

FINAL PROVISIONS

This Privacy Policy is valid from 7.8.2025.
We reserve the right to modify this policy in case of changes to personal data processing.