LAG CONSULTING LTD – PRIVACY POLICY
Effective Date: 1st October 2025 | Version: 1.0
This Privacy Policy is provided for general information purposes only and does not constitute legal advice.
1. Who We Are
LAG Consulting Ltd (“we”, “our”, “us”) is a Private Exempt Single-Member Limited Liability Company registered in Malta (Company No. C113479).
We provide consulting and concierge services and act as an independent data controller for the personal data we process. We comply with the EU General Data Protection Regulation (EU 2016/679) and the Maltese Data Protection Act (Cap. 586).
2. Data Protection Contact
Email: info@lag-consulting.com
We have not appointed a Data Protection Officer as our activities do not require one under Articles 37–39 GDPR. Privacy compliance is overseen at senior management level.
3. Scope of this Policy
This Policy applies to personal data we process when you interact with us (e.g., via our website, email, phone, or social media) and during the delivery of our services.
4. Personal Data We Collect
We may collect the following categories of personal data:
• Contact details
• Business information
• Communications and enquiry records
• Marketing preferences
• Website and technical data (e.g., IP address, browser type, pages visited)
We may receive personal data from referrals, networking engagements, partners, or publicly available sources (e.g., LinkedIn, company websites, business registries).
We do not seek special-category data (such as health or biometric data). If such data is required for a specific engagement, we will process it only with your explicit consent or another lawful basis under Article 9 GDPR, with appropriate safeguards.
5. Purposes and Legal Bases
We process personal data for the following purposes with the corresponding legal basis:
Purpose: Provide and manage our services; respond to enquiries
Legal Basis: Contract (Art 6(1)(b)) or Legitimate Interests (Art 6(1)(f))
Purpose: Business administration and record-keeping
Legal Basis: Legitimate Interests (Art 6(1)(f))
Purpose: Legal and regulatory compliance
Legal Basis: Legal Obligation (Art 6(1)(c))
Purpose: Marketing communications
Legal Basis: Consent (Art 6(1)(a)) or Legitimate Interests (Art 6(1)(f))
Purpose: Making an introduction to a Partner at your request or where relevant to your enquiry
Legal Basis: Legitimate Interests (Art 6(1)(f))
Purpose: Website operation and analytics
Legal Basis: Legitimate Interests (Art 6(1)(f)); Consent for non-essential cookies
We rely on legitimate interests only where the impact on your privacy is minimal and you would reasonably expect such use. You may object at any time.
6. Cookies and Tracking
We use essential cookies for website functionality and non-essential cookies (e.g., analytics, marketing) only with your consent.
Our Cookie Policy explains cookie types, purposes, and retention. A cookie banner allows you to Accept all / Reject all / Customise. You can change preferences at any time via the Cookie Policy page or footer link.
Link: https://lag-consulting.com/cookie-policy
7. Sharing Your Data
We share personal data only with:
• Partners (for introductions)
• Professional advisers (e.g., legal, compliance, technical)
• Service providers under contract
• Regulators, authorities, or courts (where legally required)
• Potential buyers or investors subject to confidentiality
References to ‘Partners’ in this Policy mean third parties with whom we collaborate for the purpose of providing or facilitating services.
We act as an independent data controller when making introductions to Partners. They are responsible for providing their own privacy notice and for their own processing of your data.
We never sell your data or share it for unrelated marketing purposes.
8. International Transfers
Transfers outside the EEA are protected by Standard Contractual Clauses (SCCs) or adequacy decisions.
You may request a copy of these safeguards by contacting us. Where applicable, our service providers may include US-based cloud and CRM vendors.
9. Data Retention
• Client records: up to 7 years after last interaction
• General enquiries: 12–24 months from last contact
• Marketing data: until you unsubscribe (suppression lists retained thereafter)
• Website analytics: per Cookie Policy (typically ≤ 14 months)
Data no longer required will be securely deleted or anonymised.
10. Your Rights
You may request access, rectification, erasure, restriction, portability, or object to processing, or withdraw consent.
Requests are free unless manifestly unfounded or excessive. We respond within one month and may verify your identity.
You may object to direct marketing at any time and we will stop immediately.
Complaints may be lodged with:
IDPC – Office of the Information and Data Protection Commissioner
Airways House, High Street, Sliema SLM 1549, Malta | idpc.info@idpc.org.mt | https://idpc.org.mt
11. Children’s Data
Our services are intended for adults (18+). For information society services, Malta sets the digital consent age at 13.
We do not knowingly collect data from children under 13. Contact us if you believe such data has been provided and we will delete it.
12. Automated Decision-Making
We do not carry out automated decision-making or profiling that produces legal or similarly significant effects.
13. Data Security
We implement appropriate technical and organisational measures including access controls, encryption, secure backups, patch management, and staff training.
If a personal data breach may impact you, we will notify you without undue delay, and notify the IDPC within 72 hours where required by law.
14. Accountability & Review
We maintain records of processing (Art 30 GDPR), conduct DPIAs where necessary, and review this Policy annually.
The latest review date appears at the top of this document.
15. Changes to this Policy
Updates will be posted on our website with the new effective date. Significant changes will be notified where required by law.
16. Contact Us
LAG Consulting Ltd
Email: info@lag-consulting.com
Registered in Malta under Company No. C113479
Privacy Policy