Privacy Policy
Last updated: 1/10/2025
1. Who we are
Controller: Zenco Partners Partnership, registered in Malta under partnership number P2194 with registered office at Office no. 3, JCR Offices, Commerce Street, Central Business District, CBD 3010, Malta.
Contact: info@zencopartners.com | +356 7921 2598
Office no. 3, JCR Offices, Commerce Street, Central Business District, CBD 3010, Malta
Data Protection Officer: N/A
2. Scope
This notice explains how we collect, use, disclose and safeguard personal data when you visit [www.zencopartners.com] (the “Website”), engage our services, apply for a job with us, or otherwise interact with us offline or online.
3. Categories of personal data we process
Identity & contact: name, organisation, job title, email, phone, address.
Engagement data: correspondence, engagement letters, KYC/AML information (e.g., ID documents, proof of address, beneficial ownership), billing records.
Website/technical: IP address, device identifiers, pages viewed, and cookies (see Cookies below).
Recruitment: CV/resumé, qualifications, references, right‑to‑work documentation.
Marketing preferences: opt‑in/opt‑out records for newsletters, events and updates.
4. Sources
We obtain data directly from you; from your employer or colleagues; from public sources (e.g., registries, sanctions lists); and from third‑party providers assisting with due diligence, analytics or communications.
5. Purposes and lawful bases (GDPR art. 6)
We process personal data for the purposes below under the corresponding lawful bases:
| Purpose | Lawful basis |
|---|---|
| Delivering our accounting, tax and advisory services; responding to enquiries | Contract (art. 6(1)(b)) and legitimate interests (art. 6(1)(f)) |
| Client onboarding, KYC/AML, sanctions screening | Legal obligation (art. 6(1)(c)) |
| Invoicing, accounting, record‑keeping | Legal obligation and legitimate interests |
| Website operation, security, troubleshooting | Legitimate interests |
| Marketing communications (newsletters, event invites) | Consent (art. 6(1)(a)) or legitimate interests (with opt‑out) |
| Recruitment and hiring | Contract/steps prior to contract and legal obligation |
Special categories: We do not intend to process special category data via the Website. Where such data is required (e.g., for onboarding), we will only process it under an appropriate legal basis (GDPR art. 9) and safeguards.
6. Cookies & analytics
We use cookies and similar technologies to operate the Website, understand performance and improve content. You can manage preferences via our Cookie Banner and browser settings. For analytics (e.g., Google Analytics), IP addresses may be truncated/anonymised. See our Cookie Notice for details of cookie types, providers and retention.
7. Disclosures (recipients)
We may share personal data with: Professional advisers and service providers (IT/hosting, CRM, communication tools, analytics) under contract;
Payment processors and banks; Authorities and regulators (e.g., FIAU, MFSA, Inland Revenue, courts) where required by law; and Other third parties with your consent, or where necessary to protect our rights, users or comply with legal processes.
8. International transfers
Where data is transferred outside the EEA/UK, we ensure appropriate safeguards (e.g., EU Standard Contractual Clauses and, if applicable, transfer risk assessments). Copies of safeguards are available on request (redacted as needed).
9. Retention
We retain personal data only as long as necessary for the purposes above and to meet legal, regulatory and professional obligations. Typical periods include:
| Data type | Retention example |
| Client files (including KYC/AML) | 5–10 years after engagement ends (or longer where required by law or professional rules) |
| Marketing preferences | Until you opt out + a small suppression period |
| Recruitment data | 12 months from final interaction unless hired or consent to keep on file |
| Website logs | 6–24 months, unless required for security incident investigation |
10. Your rights
Subject to conditions/exemptions under GDPR, you have the right to access, rectify, erase, restrict, object (including to direct marketing), portability, and to withdraw consent where processing is based on consent.
You also have the right to lodge a complaint with Malta’s supervisory authority: Information and Data Protection Commissioner (IDPC), Floor 2, Airways House, Triq il‑Kbira, Sliema SLM 1549, Malta | +356 2328 7100 | idpc.info@idpc.org.mt | https://idpc.org.mt.
11. Security
We implement technical and organisational measures appropriate to the risk, including access controls, encryption in transit, vulnerability management and staff training. No method of transmission or storage is 100% secure.
12. Children
Our Website and services are not directed to children under 16. If you believe a child has provided us personal data, please contact us to delete it.
13. Changes
We may update this notice from time to time. The latest version will always be available on the Website with the “Last updated” dat.
