Skip to main content


Last Updated:  17th May 2019


The following provisions constitute the current Privacy Policy issued by 230 Works. Your privacy is important to us and we are committed to ensure confidentiality, accuracy and security of your personal data that we collect about you (hereinafter referred to as “you,” “your” or “user”).

All references in this Policy to “230 Works”, “we”, “us”,“our” and like terms should be interpreted accordingly.

Any information you provide to us shall be collected and processed in accordance with the relevant data protection and privacy laws and regulations applicable from time to time, including but not limited to the Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Data Protection Act, Chapter 586 of the Laws of Malta and any subsidiary legislation thereto, as may be amended.

The Data Controller

The Controller of your Personal Data is ZD BOX Limited (Registration Number C78389) and with registered address at 230, 2nd Floor, Eucharistic Congress Road Mosta as the operational company of 230 Works.

What is Personal Data?

Personal data refers to any information relating to an identified or identifiable natural person, whom the latter can be identified, directly or indirectly, in particular by reference to an identifier. This personal information may be processed. Such processing refers to any operation which is performed on personal data such as collection, recording, organisation, structuring and storage.

Legal Basis for Processing Personal Information

We have the following lawful basis to process your personal information:

  • To provide you with our services: the legal basis for processing your personal information is the execution of the service/s requested from us or the execution of any agreement which you have with us;
  • To comply with our legal and regulatory obligations: We may be subject to a legal or regulatory obligation to which we have to comply;
  • For the establishment, exercise or defence of legal claims or proceedings;
  • Your consent: When you provide us with personal data to provide you with our services, we consider that you are implying your consent for us to use that personal data for that specific reason. However, in certain instances we may ask for your consent for specific matters, such as for marketing purposes. In such case, we will either ask you directly or provide you with an opportunity to do so. You may opt out at any time and withdraw your consent by sending us by unsubscribing or send us an email at [email protected]

How do we collect your Personal Data?

Your personal data may be collected or accessed in a number of ways including:

  • Directly from yourself in the course of our business with you or your organisation;
  • Through the use of our services provided to yourself;
  • Generated by us in correspondence when you communicate with us to request information, or when you send us a query, a CV or a complaint
  • Through the use of our website and through the use of cookies on our website.

Your Rights at law:

The rights afforded to yourself in connection to your personal data are the following:

  • Right of Access – the right to obtain for us confirmation as whether or not personal data concerning you is being processed, and where that is the case, access to the personal data and the additional information as outlined in the regulations. Limitations to this right will only be applicable if provided in terms of law.
  • Right to Rectification – the right to request for your personal data to be amended or updated where it is inaccurate or incomplete;
  • Right to Erasure (“Right to be Forgotten”) – the right to request that we delete your personal data, subject to legal, compliance and regulatory obligations which we may be subject to including anti-money laundering regulations.
  • Right to Restrict – the right to request that we stop processing all or some of your personal data;
  • Right to Object – the right to object at any time, to object to us processing your personal data on grounds relating to your particular situation and the right to object to your personal data being processed for direct marketing purposes;
  • Right to Data Portability – the right to request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service; and
  • Right not to be subject to Automated Decision-making – the right to not be subject to a decision based solely on automated decision making, including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.

Personal Data collected:

When you visit our website, we may collect the following information when you use the forms present on our website:

  • Name & surname
  • Email address

We may also collect the following information through your correspondence with us:

  • Telephone phone and/or mobile number
  • Proof of identification such as identity card number
  • Business information necessarily processed in the context of the data subject’s contractual relationship with us
  • Bank details including information about your bank account and other banking information
  • Resumes and/or applications
  • Letters of offers and letters of acceptance
  • Print logs
  • Other information provided voluntarily to us
  • Emails

When you browse our website, we automatically receive your computer’s IP address which enables us to learn about your browsing experience and operating system.

What do we use your Personal Data for?

We may use your Personal Data for the following reasons:

  • To provide you with our services
  • To contact you if required in relation to our services provided to yourself and/or to reply to any communications that you might send to us from time to time.
  • To provide you with suggestions and advice on products and services
  • To provide you with highest level of customer care we possibly can
  • To verify your identity
  • To keep our client records updated
  • To comply with our legal and regulatory obligations
  • For the establishment, exercise and/or defence of legal proceedings or claims
  • For employment purposes
  • For operational purposes including but not limited to health and safety

Disclosure of Personal Data

230 Works will disclose your personal data to its employees who are assigned to carry out the functions to provide you with our services. Your personal data may also be disclosed to third party service providers, for example contracted IT consultants, which may require such information in order to be able to assist us in handling the relationship which we have with you. When we share your personal information with such third parties, we make sure that such parties make use of this data in a manner which ensures safety and security to your personal data. We may further disclose your personal data to companies approved by yourself such as social media sites. However, we will not sell or rent your personal information to third parties for marketing purposes to any third parties.

We may disclose your Personal Data if we are required to comply with any applicable law, a summons, a warrant, a court or regulatory order, or other statutory requirement. In the case we have reason to suspect any form of illegal interaction with the website and/or usage of our services to yourself we also reserve the right to, on a voluntary ex officio basis, share your Personal data with relevant law enforcement agencies.

We may provide non-identifiable data to third parties regarding the number of unique users who visit our website, the demographic breakdown of users of our website, or the activities of users on our website. There are a lot of useful things to be learned from this information.

Retention Period of Personal Data

We will retain your personal data for as long as necessary to fulfil the purposes for which the personal data was collected and, will not be kept for longer than is necessary except as otherwise allowed or required by applicable laws and regulatory requirements and, for any legitimate and essential business purpose such as support-related reporting.

Upon your request, we will delete or anonymise your personal data so that it no longer identifies you. However, this may be limited as there are instances in which we are legally obliged by law to retain your personal data. These may include situations where there is an unresolved issue/claim/dispute relating to yourself and where it is necessary for our business legitimate interests such as fraud prevention.


What are cookies?

Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognizes that cookie. Cookies are useful because they allow a website to recognize a user’s device.

There are two types of cookies:

Persistent Cookies remain on a user’s device for a set period of tie specified in the cookie. They are activated each time that the user visits the website that created that particular cookie.

Session Cookies are temporary. They allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Once you close the browser, all session cookies are deleted.

The Cookies that we use are the following cookies:

  1. Default cookies generated by WordPress including session cookies set when a user logs in to the website and WordPress plugins to show personalised opt-in forms based on user’s past behaviour
  2. Google Tag Manager – these cookies are used for marketing and advertising purposes through the use of marketing tags ie. snippets of codes or tracking pixels from third-party tools.

Should you choose to disable, reject or block our cookies, some parts of our websites will not function fully, or in some cases, our website will not be accessible at all.

For more information on how to control your cookie settings and browser settings, or how to delete cookies on your hard drive, please visit

Age of Consent

If you are aged 18 or under, please get your parent/guardian’s permission before you provide any personal information to us. We may need to process personal data relating to parents or guardians in that case – and we may also need to request for verification documentation to ensure that consent is given or authorised by the holder of parental responsibility.

Securing Your Personal Data

We will take all the necessary precautions to ensure that your personal data is safeguarded and that such data is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

Job Applicants

As part of our recruitment process, or in case you send us a CV in connection to a job application through our website, we may collect and process personal data relating to job applicants. If your application is unsuccessful, we may keep this information on file for up to two years in case of any future employment opportunities for which you may be suited. We will ask for your consent before we keep your data for this purpose, and you are free to withdraw your consent at any time.

Changes to this Policy

Please note that this policy may change from time to time. All updates will be published on the Website. Each version of this policy will be identifiable at the top of this document by its effective date and version number. We encourage you to refer to this policy periodically.

Links to other Websites

Kindly note that when you access other third-party websites from hyperlinks on our website, we will have no control over the content of those websites. These websites have their own privacy policies to which accept no responsibility or liability for.

Complaints and Concerns

If you have any concerns with regards to our privacy methods and processes, you have the right to contact us by email to [email protected]

In case you are not satisfied with our response, you may contact the Information and Data Protection Commissioner of Level 2, Airways house, High Street Sliema SLM 1549 on their website at