Privacy Policy


01. Introduction

Welcome to privacy notice (the “Notice”) of Calamatta Cuschieri Moneybase plc and its subsidiaries Moneybase Limited, Calamatta Cuschieri Investment Services Limited & Calamatta Cuschieri Investment Management Limited.

Calamatta Cuschieri Moneybase plc (C85280), Moneybase Limited (C87193), Calamatta Cuschieri Investment Services Limited (C13729) and Calamatta Cuschieri Investment Management Limited (C 53094) , of Ewropa Business Centre, Triq Dun Karm, Birkirkara, BKR 9034, Malta (“the Group”; “we”; “us”; “our” “the Company”) respects your privacy and is committed to protecting your personal information or, as otherwise termed, your “personal data”. The purpose of this Notice is to set out the basis on which we will process your data, mainly:

  • When you visit or access the website links and (hereinafter the “Website” or the “Site”);
  • When you provide us with any application forms, change of users or details forms, stock transfer forms and any other internal forms;
  • Through calls, meetings, emails and other forms of communication;

It is important that you read this Notice together with any other policy which we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Notice supplements the other notices and is not intended to override them.

We are committed to protecting our client’s privacy and we will not collect any personal information about you unless you provide it voluntarily or unless we have a legitimate interest to do so. This Notice describes and explains how information is collected and retained by the Company. This information helps us improve our service to existing and potential customers.

Any personal information you communicate to us is kept within our own records in accordance with this Privacy Notice, the Terms and Conditions and as required by the GDPR (as defined below).

02. Important Information and who we are

i. Purpose of this Privacy Notice

We process your personal data in an appropriate and lawful manner, in accordance with the Data Protection Act (Chapter 440 of the Laws of Malta) (the “Act”), as may be amended or replaced from time to time, and the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR” or the “Regulation”).

In that respect, “personal data” means data relating to a living individual who can be identified from the information (data) we hold and/or possess. This includes, but is not limited to, your name and surname (including maiden surname where applicable), address, date of birth, nationality, gender, civil status, tax status, spouse’s name, identity card number & passport number, contact details (including mobile and home phone number and personal email address), bank account details as well as online identifiers. The term ‘personal information’, where and when used in this Notice, shall be taken to have the same meaning as personal data.

This Notice aims to give information on how the Company collects and processes your personal data in the scenarios outlined above namely, through the processes outlined above, including any data that you may provide to us, or which we may receive about you. It is imperative that the personal data we hold about you is accurate and current at all times. Otherwise, this will impair our ability to provide you with our Services which you have requested (amongst other potential and salient issues). Please keep us informed if your personal data changes during your relationship with us.

It is important that you read this Notice together with any other privacy notice or policy which we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Notice supplements the other notices and is not intended to override them.

The Company does not sell your Personal Information, although this information may be shared between the Group companies (composed of Calamatta Cuschieri Moneybase plc (C85280) and/or any of its subsidiaries) and other third parties, including service providers in the rendering of our services to you. These third parties have been carefully scrutinized to assess that they use appropriate security measures to protect the confidentiality and security of Personal Information.

This version of the Privacy Notice was last updated on the 23 May 2024.

ii. Controller

The Company is the controller and responsible for your personal data.

We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this Notice and our processing activities in general. If you have any questions or requests, including any requests to exercise your legal rights as a data subject, please contact the DPO using the details set out below.

Contact details

Our full details are:

Full name of legal entity: Calamatta Cuschieri Moneybase plc

Email address: [email protected][email protected]

Postal address: Level 0, Ewropa Business Centre, Triq Dun Karm, Birkirkara, BKR9034, Malta

Telephone number: +356 25 688 688

You have the right to lodge a complaint at any time with a competent supervisory authority on data protection matters (for example, with the supervisory authority in your place of habitual residence). In the case of Malta, this would be the Office of the Information and Data Protection Commissioner ( We would, however, appreciate the opportunity to deal with your concerns before you approach that supervisory authority, so please contact us in the first instance.

iii. Third-party links

The Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy notices, statements or policies.

We encourage you to read the privacy notice of every website you visit.

03. Personal Data

Personal data, or personal information, means any information about an individual from which that person can be identified (as stated above). It does not include data where the identity has been removed (anonymous data).

In the course of our relationship (including during account registration and opening stage), we may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identification Data: includes your first name, maiden name (where applicable), last name, address, company name and registration number, username or similar identifier, marital status, title, nationality, date of birth, gender, identity document type and identity document number, tax domicile, employment status, employer and occupation.
  • Contact Information: includes your billing address, email address and contact number (telephone and/or mobile).
  • Account, statement and portfolio data: refers to your portfolio, e-wallet statement and account information.
  • Financial Data: includes any linked bank accounts and bank account details.
  • Transaction Data: includes details about:

    1. transactions as per the account e-wallet statement;
    2. orders, such as the nature of the order (e.g. whether it is an order to buy or an order to sell), the order volume, price, value and, where applicable, the proceeds derived; and
    3. trading and transactional history

  • Payment Data: includes details about the payments that you receive through us (e.g. withdrawals) or which we receive, or otherwise, any charges applied.
  • Onboarding and Risk Data: for example, copies of I.D. card or passport, proof of address, source of wealth, source of funds, criminal records check or police conduct, company incorporation documentation, audited financials, ‘suitability’ and ‘appropriateness’.
  • Technical Data: includes IP address, your login data to your online account (in such instances where you have a Moneybase account or web access to your trading account), device type, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and other technology on the devices you use to access the Site as the case may be.
  • Usage Data: includes information about how you use the Site.
  • Marketing and Communications Data: includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific feature of the Site. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

We collect special categories of personal data about you, primarily as a result of the documentation and information that we collect and process in terms of regulatory onboarding and periodic account maintenance data. In essence, “special categories of personal data” or, as otherwise termed, “sensitive personal data”, refers to and includes information about a person’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health or condition, or about the commission of, or proceedings for, any offence committed or alleged to have been committed by that person, the disposal of such proceedings or the sentence of any court in such proceedings.

The collection and processing of this sensitive personal data about you is necessary for us to be able to, amongst other things to conduct our internal KYC checks and due diligence on you.

Where we need to collect personal data about you:

  • by law; or
  • under the terms of, or in connection with, the contract that we have with you (as outlined above); or
  • as part of our legitimate business interests to verify the identity of our applicants and/or clients, mitigate against risks (such as potential or suspected fraud) and in particular, to assess your onboarding with us (as subject to our internal client acceptance criteria and policies).

and you either fail to provide that data when requested, or else provide insufficient or unsatisfactory data, we may not be able to perform or conclude the contract that we have with you or which we are otherwise trying to enter into with you (namely, regarding account openings with us).

iii. Retention

The Company shall retain the information and documentation provided as required by law and as a minimum of 5 years period. In certain circumstances the company may be required to keep records for a longer period of time but not exceeding a maximum of 10 years period (if required due to any regulatory reasons). Personal and sensitive data shall not be retained for period longer than necessary in compliance with the latter regulatory obligations.

iv. Right of access

Pursuant to the transparency principle, you have rights relating to your personal data as follows:

  • the right to be informed in relation to usage of your personal data, the type of data kept, if your data is transferred to any third – parties as well as rationale for such transfer, and the period for which your data will be kept;
  • the right to access to your personal data in order to understand if your data is being processed or stored;
  • the right to rectify your personal data by stating clearly which data is inaccurate or incomplete with any respective evidence so that the data controller will be able to correct it;
  • the right to get your personal data deleted in those instances where the organisation is no longer legally obliged to keep hold of your data;
  • the right to object to the processing of your personal data;
  • the right of data portability to receive your data in a structured format, which you have the right to transmit to another data controller without hindrance.
Don’t miss a beat. Sign up for our newsletter