Privacy policy

Rizzo Farrugia has developed this policy in line with General Data Protection Regulation (“GDPR“) requirements because it wants you to feel confident about the privacy and security of your personal information. Please read it carefully:

For the purposes of this privacy policy, the terms “us”, “we” and “our” refer to Rizzo, Farrugia & Co (Stockbrokers) Limited. The terms “you” and “your” refer to the data subject, being the person in relation to whom we hold personally identifiable information.

1. Controller Details

The controller of the personal data is Rizzo, Farrugia & Co (Stockbrokers) Limited, a limited liability company incorporated in Malta, bearing company registration number C 13102 and having its registered office at Airways House, Fourth Floor, High Street, Sliema SLM1551, Malta, hereinafter referred to as the “Company” or “Rizzo Farrugia”.

The Company may be contacted at the abovementioned address or by email at or by telephone on +356 22583000.

The Company’s Data Protection Officer may be contacted by email at and by telephone on +356 22583000.

2. Personal Data

Rizzo Farrugia only collects information, including personal data, that it believes to be relevant and required to understand a customer’s present or future financial needs, or the needs of its customers in general, and to conduct its business as required by law and regulatory obligations.

The term “personal data” refers to all personally identifiable information and includes all the information provided to the Company by you and all information which may arise that can be identified with an individual, including but not limited to the following categories of data:

  • Identification Data and other Contact Data: such as name(s), surname(s), identity reference number, date and place of birth, nationality, residential address and e-mail address, telephone numbers or any similar contact information available;
  • Transaction Data and Transaction Information: such as details of investments, details of payments, movements, statements, incoming and outgoing payments and, details of your mandate, if applicable;
  • Compliance and Know Your Customer (“KYC”) Data: such data will include information and documentation on the following: ID card or passport or driving licence, address, source of wealth, source of funds, financial, tax status, supporting documents of your profession, supporting documents if you are a director or shareholder or ultimate beneficial owner in a corporation and other information and documents as may be necessary to carry out the due diligence process as required by law, including in particular the Prevention of Money Laundering and Funding of Terrorism Regulations, Subsidiary Legislation 373.01 of the Laws of Malta (“PMLFTR”);
  • Call and other Recordings: In terms of regulations imposed on us, we are required to record all calls, meetings or encounters that may result in a transaction;
  • Court and Regulator data: this will include information about orders and/or requests received from legal bodies, government and tax authorities, regulators and the courts.
  • Other readily available data: in order to fulfil our obligations arising from applicable local and international legal and regulatory obligations, we may also collect information about our customers from internet databases or compliance related databases.

3. How do we collect your personal data 

Rizzo Farrugia will typically collect personal data in the manners outlined below:

  • As part of the client acceptance procedures employed by Rizzo Farrugia;
  • When you post a query, complaint or make contact with us through our website;
  • When you contact Rizzo Farrugia voluntarily in other circumstances such as when seeking employment or traineeship with us or seeking to attend a Company organised or sponsored event; and
  • As may have been otherwise described in Section 2 above.

Generally, you would have provided your personal data to Rizzo Farrugia. However, in some instances, Rizzo Farrugia may collect personal data about you from third party sources, such as online searches or from public registers. Third parties such as regulators, trading venues, or service providers of Rizzo Farrugia may also have provided your personal data to us.

4. Purposes of Processing

The Company will process your personal data for the following purposes:

(a) to give you statements and provide its products and services;

(b) for internal assessment and analysis;

(c) for reporting purposes arising from legal or regulatory obligations as may be imposed on Rizzo Farrugia from time to time;

(d) to develop and improve Rizzo Farrugia’s products and services;

(e) to provide you with information about the Company’s services as well as news, events, and other information connected thereto (“Marketing”) or for market research. Market research using personal data is only carried out for internal purposes, so that Rizzo Farrugia may understand its customers’ needs and business trends in order to develop and/or improve the products and services that it offers.

5. Marketing 

Marketing will be carried out primarily through the circulation of e-mails. Other means of communication may also be used, however Rizzo Farrugia shall always seek your prior consent.

You may withdraw consent to the processing of personal data for Marketing purposes at any time by sending us an e-mail on: Alternatively, you may unsubscribe to such communications by clicking the “Unsubscribe” link contained in the footer of any Marketing email you will receive from the Company. However, withdrawal of consent for Marketing communication does not affect the lawfulness of the processing of personal data based on such consent prior to its withdrawal.

6. Legal Basis

We process your personal data on the following legal basis:

  • Agreements entered into with you – in particular to provide our services, managing our relationship or receiving a service from you or your company. The consequence for not doing such processing would be that we would be unable to properly provide you with our services or enter into a client agreement or engagement letter with you;
  • Our legitimate interests – in particular legitimate interests which may arise directly or indirectly in relation to our client’s instructions, CCTV footage at our offices, and in keeping you updated with updates and events. When Rizzo Farrugia process your personal data on the basis of our legitimate interests, we ensure that the processing is necessary for the purposes of the legitimate interests pursued by us and your interest and fundamental rights and freedoms are not overridden by the legitimate interests pursued by us;
  • Your explicit consent – in which case, our processing shall be limited to the purposes specifically indicated when your consent was requested;
  • Compliance with legal and regulatory obligations imposed on Rizzo Farrugia – in particular obligations imposed on Rizzo Farrugia as a result of anti-money laundering and combating the funding of terrorism legislation, and to prevent, detect, respond or report other potential illegal activities.

On the basis of our legitimate interests or compliance with legal obligations, as applicable, we may also process your personal data for the purposes of establishing, exercising or defending legal proceedings.

7. Recipients

The recipients of the personal data are selected individuals within the Company on a need to know basis, and third parties that provide services to the Company.

The Company’s recipients of personal data are located within the European Union (EU).

Please note that your personal data may be disclosed to or exchanged with employees of Rizzo Farrugia for the above purposes only.

Rizzo Farrugia maintains strict information security policies designed to prevent unauthorised access to your information by anyone, including Rizzo Farrugia staff.

Rizzo Farrugia does not provide any third parties with any information regarding a customer’s financial transactions/accounts unless it is necessary in providing the service to the client, or obliged to do so by law, by court order or with your specific consent.

According to law, Rizzo Farrugia may be required from time to time to disclose your information to Governmental bodies, agencies or regulators, but will only do so if it has a legal obligation to do so.

8. Automated Decision-Making and Profiling

Your personal data will not be used for any automated decision-making or profiling.

9. Data Retention

Personal data that we process for any purpose(s) shall not be kept longer than is necessary for that specific purpose(s), unless other overriding regulations oblige Rizzo Farrugia to hold such data for a longer period of time.

In this respect, our retention periods are typically as follows:

  • Copies of identity cards, passports, utility bills, or other forms of documentation, information, and/or data required for the purposes of carrying out KYC due diligence, transaction monitoring and on-going monitoring of the business relationship with the client shall be kept for a period of ten years commencing on the date when the business relationship ends or when the occasional transaction is carried out, in accordance with the provisions of the PMLFTR, unless extended in accordance with the said provisions;
  • Records relating to the assessment of suitability or appropriateness or other client related record keeping obligation as may be required by the Conduct of Business Rulebook or other investment services rules issued by the MFSA shall be retained for a period of ten years unless requested by the MFSA to retain such records for longer periods;
  • Records of any disclosures made to the FIAU in accordance with Regulation 15(3) of the PMLFTR and records of any internal reports made in accordance with Regulation 15(1)(a) of the PMLFTR and records of any written determinations made in accordance with Regulation 15(1)(b) of the PMFLTR shall be kept for a period of five years commencing on the later of the following:

1. the date when the business relationships ends or the occasional transaction is carried out; or

2. the date when the report or determination is submitted or drawn up, as the case may be

Provided that the period of five years may be further extended, up to a maximum retention period of ten years in accordance with the provisions of the PMFLTR;

  • Invoices, credit notes or any other document or record relating to the services provided to you in terms of the contractual relationship entered into between you and Rizzo Farrugia shall be retained for a period of not less than nine years after the completion of the transactions, acts or operations to which they relate, in accordance with the provisions of the Income Tax Management Act, Chapter 372 of the Laws of Malta;
  • All voice recordings shall be kept for a period of ten years commencing from when the call is recorded, in accordance with the provisions of the Investment Services Act, Chapter 370 of the Laws of Malta and the IDPC guidelines.

Thereafter, all personal data shall be immediately and irrevocably erased unless we need to keep the personal data to exercise or defend any legal claim.

10. Website

When using the public portion of the website, you may be required to provide Rizzo Farrugia with your personal information, however this information is only used for the purpose for which it is collected, for example to send the requested information, unless you specifically choose otherwise. If you provide Rizzo Farrugia with your email address, Rizzo Farrugia will treat it just as securely as other personal information. Rizzo Farrugia will not send you unsolicited email messages or junk mail.

Similar to other websites, the Rizzo Farrugia website utilises a standard technology called ‘cookies’. Cookies are pieces of information that a website transfers to your computer’s hard disc for record keeping, statistical and analysis purposes. They record the number of times people visit certain pages on Rizzo Farrugia’s website. However, they are not used to access your personal information. They are a tool we use to analyse which web pages people prefer to view, in an aggregated manner. Most browsers are initially set to accept cookies. If you prefer, you can set your browser to refuse cookies, but since Rizzo Farrugia may sometimes use cookies, you may not be able to take full advantage of Rizzo Farrugia’s website if you do so.

We collect contact or feedback information on you when you complete the “Contact Us” form. We use the personal information submitted in the form to respond to your message, as well as, to correspond with you whenever the need arises unless you instruct us otherwise. If you read or download information from our site, we automatically collect and store the following non-personal information: (a) the requested web page or download; (b) whether the request was successful or not; (c) the date and time when you accessed the site; (d) the Internet address of the website or the domain name of the computer from which you accessed the site; (e) the operating system of the machine running your web browser and the type and version of your web browser. Please note that the information collected as indicated above is not shared, leased, or sold in any manner to any other organisation.

Links which we provide to third-party websites are clearly marked and Rizzo Farrugia is not responsible for the content of such websites or their privacy policies.

11. Rights

For as long as the Company holds personal data about you, you may (where applicable):

  • request the Company to inform you about the personal data held about you, and to request its correction where necessary;
  • request the erasure of your personal data;
  • object to the processing of your personal data;
  • request provision of your personal data in a structured, commonly used and machine-readable format; and
  • request transmission to yourself or another controller indicated by you.

All reasonable efforts are made to keep customer information up-to-date. Please inform Rizzo Farrugia in writing of any changes to your personal information. You may write to Rizzo Farrugia if you want to know exactly what personal information Rizzo Farrugia holds on you. If it transpires that the information held is inaccurate, Rizzo Farrugia will make the necessary amendments and confirm to you that these have been made.

Whilst Rizzo Farrugia may periodically request you to re-confirm the personal data it holds, you should inform Rizzo Farrugia immediately if such data has changed.

12. Complaints

The Company and the Data Protection Officer may be contacted on complaints regarding the processing of personal data at the details indicated above. A right to lodge a complaint with the Office of the Information and Data Protection Commissioner in Malta ( is also in place.

13. Updates

This policy may be updated by the Company at any point in time. The updated policy shall be made available on this webpage, clearly indicating the date it was last updated.

Version 01.2.2018, last updated: 19/12/2022