Privacy Policy


Welcome to Rutter Giappone Advocates’ privacy policy notice (the “Notice”).

Rutter Giappone Advocates of 166, Old Bakery Street, Valletta VLT 1455, Malta (“RutterGiappone”, “we”, “us”, or “our”) respect your privacy and value its importance and are wholly committed to protecting your personal data. This Notice describes RutterGiappone's current policies and practices on the basis of which RutterGiappone collects and processes your personal data when:

  • you approach and engage us to provide you with our legal and advisory services (the “Services”);
  • receive the various Services that you may request from us during the course of this engagement;
  • you visit and use our website <> (the “Website” or the “Site”), regardless of where you visit and use it from;
  • communicating with us for whatsoever reason.

This Notice informs you about the items of personal data that we may collect about you and how we will handle it, and in turn, also tells you about (i) our obligations to process your personal data responsibly, (ii) your data protection rights as a data subject and (iii) how the law protects you.

We process your data in an appropriate and lawful manner, in accordance with the Data Protection Act (Chapter 440 of the Laws of Malta) (the “Act”), as may be amended or replaced from time to time, and the General Data Protection Regulation (Regulation (EU) 2016/679) (the “Regulation” or the “GDPR”).

The term "personal data" refers to personally identifiable information about you, such as your name, birth date, e-mail address or mailing address, and any other information that is identified with you personally.

Note that personal data does not include information relating to a legal person (for example, a company or other legal entity). In that regard, information such as a company name, its company number, registered address and VAT number does not amount to personal data in terms of both the Act and the GDPR. Therefore, the collection and use of information strictly pertaining to a legal person does not give rise to data controller obligations at law. We will still naturally treat any and all such information in a confidential manner, in accordance with our standard practices and professional secrecy obligations.

Important information and who we are


RutterGiappone is associated with various corporate entities, most particularly its service company Medfinco Limited (C17175), a private limited liability company, having its registered office at 166, Old Bakery Street, Valletta, VLT 1455, Malta (“Medfinco”).

RutterGiappone is the controller and responsible for the Website.

We are also the data controller of any personal data which we collect or receive and which we process in connection with (i) the Services and/or (ii) the Website. Our associated corporate entities may be data controllers of your personal data in their own right, whether jointly with RutterGiappone or as entirely separate data controllers. For instance, Medfinco regularly assists RutterGiappone in providing corporate services for clients who initially engaged RutterGiappone, which may give rise to certain autonomous data processing activities by Medfinco. These associated corporate entities have their own separate data protection notices which will be made available to you if and when they process your personal data

RutterGiappone full details are as follows:

Full name of legal entity:

Rutter Giappone Advocates

Email address:

Postal address:

166, Old Bakery Street, Valletta VLT 1455, Malta

You have the right to lodge a complaint at any time to a competent supervisory authority on data protection matters, such as in particular the supervisory authority in the place of your habitual residence or your place of work. In the case of Malta, this is the Office of the Information and Data Protection Commissioner (the “IDPC”) ( We would, however, appreciate the opportunity to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.

Changes to the privacy notice and your duty to inform us of changes

This version was last updated on 23 May, 2018

It is imperative that the personal data we hold about you is accurate and current at all times. Otherwise, this will impair our ability to provide you with the requested Services (amongst other potential and salient issues). Please keep us informed if your personal data changes during the course of our engagement and professional relationship with you.

Third-party links

The Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. When connecting to such other websites you will no longer be subject to this policy but to the privacy policy of the new site We do not control these third-party websites and are not responsible for their privacy notice or policies. We strongly encourage you to read the privacy notice of every website you visit, particularly when leaving our Website.

The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

In the course of its engagement and professional relationship with you, RutterGiappone will need to collect, use, and sometimes, disclose various items of personal data about you for various purposes associated with the scope of the Services that we provide, as requested and directed by you or by your organisation. Given the broad spectrum of our potential Services to you or to your organisation, it is both impractical and almost impossible to exhaustively list all the items of personal data which we may need to collect, use or disclose about you.

If you fail to provide personal data

Where we need to collect personal data by law, or pursuant to our terms of business and engagement, and you fail to provide that data when requested, we may not be able to assist you or provide you with your requested Services. In certain cases, particularly where it relates to Compliance Data, we may even need to exercise our prerogative to terminate the Services and your engagement with us, or otherwise decline to enter into professional relationship with you (as applicable). We will notify you if this is the case at the time.

Special categories of personal data

We may occasionally need to collect and process certain special categories of personal data, including potentially, information relating to your criminal convictions and offences. When this data concerns you, by engaging us you will be providing us with your unambiguous consent to process the data in order to provide you with the requested services. We may also process third party special categories of data where authorised by, and in accordance with our obligations at law.

The lawyers and other advisors that form part of RutterGiappone are bound by strict professional secrecy obligations.

How is your personal data collected?

We generally use different methods to collect data from and about you including through:

  • Direct Interactions: You may give us this when completing our letter of engagement, filling in our forms (such as our ‘Contact Form’) or by;
  • Corresponding with usby post, phone, email or otherwise or during face-to-face meetings. This includes personal data you provide when you:
    • approach us to assist you on a particular matter;
    • discuss with us the assistance that you require (whether via meetings, telcos or email correspondence);
    • enter into a formal engagement with us;
    • request further assistance from us;
    • contact us with complaints or legal queries;
    • complete an enquiry form;
    • report issues;
    • submit the Compliance Data that we request;
    • request marketing to be sent to you;
    • express interest and/or attend any of our seminars or other hosted events;
    • participate in a survey or our webinars;
    • subscribe to our newsletters and updates;
    • give us some feedback.
    • through our provision of the Services to you or to your organisation.
    • during the course of dealings with you for or on behalf of your organisation or a client.
    • automated technologies or interactions. When you interact with our Website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We may collect this personal data by using cookies, server logs and other similar technologies.
    • third parties or publicly available.We may receive personal data about you from various third parties and public sources as set out below:
      • technical Data from the following parties:
        (a) analytics providers;
        (b) advertising networks; and
        (c) search information providers.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose, or we are obliged to process your data by applicable laws or court / enforceable orders.

If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without the need to obtain your consent, in compliance with the above rules, where this is required or permitted by law.

Disclosures of your personal data


  • Our associated corporate entities including Medfinco Limited (C17175), 166, Old Bakery Street, Valletta, VLT 1455, Malta;
  • Other law firms involved in the provision of the Services to you (including instructing law firms, law firms with whom we are collaborating or law firms that we have engaged for you at your request or on your behalf).
  • Suppliers and external agencies that we engage to process information on our and/or your behalf, including to provide you with the information and/or materials that you have requested.
  • Service providers, including those that provide IT support and system administration services for RutterGiappone.
  • Professional advisers such as consultants, bankers, professional indemnity insurers, brokers and auditors.
  • The Commissioner for Revenue, regulators and other authorities, including the Courts of Malta, the Financial Intelligence Analysis Unit, the Police Authorities and the Malta Financial Services Authority.
  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets (successors in title). Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Notice.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our documented instructions.

Data security

While no method of data transmission is guaranteed against unlawful third party interception or other misuse, RutterGiappone have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed (safeguard its integrity and confidentiality) and uses commercially reasonable efforts to ensure protection of your data including industry-standard encryption and offline security methods in our physical facilities.

Data retention

Please note that RutterGiappone considers its professional relationship with clients to be an ongoing and continuous engagement, until such time that it is terminated in accordance with our Letter of Engagement. We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it (the provision of the Services and the ongoing performance of our professional relationship with you) and, thereafter, for the purpose of satisfying any legal, accounting, tax, anti-money laundering and regulatory reporting requirements or obligations to which we may be subject and/or to the extent that we may also need to retain your personal data to be able to assert, exercise or defend possible future legal claims against or otherwise involving you.

By and large, our retention of your personal data shall not exceed the period of six (6) years from the termination of your engagement with RutterGiappone. This retention period enables us to make use of your personal data for potential AML reporting obligations to the FIAU (a legal obligation) and/or for the assertion, filing or defence of possible legal claims by or against you (taking into account applicable statutes of limitation and prescriptive periods). In certain cases, we may need to retain your personal data for a period of up to eleven (11) years in order to comply with applicable accounting and tax laws (this will primarily consist of your Transaction and Payment Data). There may also be instances where the need to retain personal data for longer periods is dictated by the nature of the services provided.
In some circumstances you can ask us to delete your data by contacting us on

In other circumstances, we may also anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Kindly contact us at for further details about the retention periods that we apply.

Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data, namely:

  • Request access to your personal data.
  • Request correction (rectification) of your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request transfer of your personal data.
  • Right to withdraw consent.

If you wish to exercise any of the rights set out above, please contact us on

Kindly note that none of these data subject rights are absolute and must generally be weighed against our own legal obligations and legitimate interests. If a decision is taken to override your data subject request, you will be informed of this by our data protection team along with the reasons for our decision.

Although all reasonable efforts will be made to keep your information updated, you are kindly requested to inform us of any change referring to the personal data held by RutterGiappone. In any case if you consider that certain information about you is inaccurate, you may request rectification of such data.


RutterGiappone is continually improving and adding new functionality and features to its websites and improving and adding to our existing products, services, and programs. Because of these ongoing changes, changes in the law, and the changing nature of technology, RutterGiappone 's data practices will change from time to time and RutterGiappone reserves the right to do so. If and when our data practices change, RutterGiappone will post the changes on our websites to notify you of the changes. We encourage you to check this page frequently.

If you have any questions regarding this policy, or if you would like to send us your comments, please contact us or alternatively write to us on


The materials contained in this web site are provided for general information purposes only and are not intended to provide legal or other professional advice, nor do they commit RutterGiappone to any obligation whatsoever. RutterGiappone accepts no responsibility for any direct, indirect or consequential loss or damage which may arise from reliance on information contained in this site. Users are advised to seek confirmation of statements made herein before acting upon them; specialist advice should also be sought on specific issues.