Privacy Policy

Challenge Holdings (thereafter referred to as the “Company”, “we” or the “Organization”) is committed to protecting your personal data in accordance with the General Data Protection Regulation EU 2016/679 (“GDPR” or “Regulation”) and any other applicable data protection laws, which may be amended from time to time.

This privacy policy (the “Privacy Policy” or the “Policy”) applies to users or visitors (together “You”) of our website (the “Website” or the “Site”) and explains how we collect and process your personal data through the Site, including what are your rights, the third parties we share your data with and how long we keep Your data.

1. Data controller

This Policy is issued on behalf of Challenge Holdings, which is the controller (“Controller”).

Challenge Holdings is part of Challenge Group (thereafter referred to as the “Group”), with central offices located at SkyParks Business Centre, Level 5, Malta International Airport, Luqa LQA 4000 – Malta, and all its subsidiaries, operating affiliates and branch offices. The competent Leading Supervisory Authority under the meaning of the GDPR is the Maltese Information Data Protection Commissioner (IDPC).

We have appointed a Group Data Protection Officer. If you have any questions regarding the processing of your personal data or any complaint, you can contact the Data Protection Officer at any time using the following contact: dpo@challenge-group.com

2. How Your data is collected

Your data is collected from you directly when you contact us by phone and/or email and/or when you access and use our website.

3. What personal data we collect, why we collect it, and what is the legal basis

Activity Personal Data Purposes and lawful basis of the processing
When you access our Website
  • IP address
  • Pages Viewed
  • Duration Website Visits
  • Site Usage
  • User’s Operating System

We collect and use your data to better understand our users’ needs, to continuously improve our website and to enable users to access the website, for purposes of (network) security, to measure and improve the effectiveness of this web site, to help diagnose problems with our server, to administer this web site, to see where web site traffic is coming from and to identify our users.

Lawful basis: art. 6 (1) (f) of GDPR, the process is necessary to fulfil our legitimate interests.

Contact us by mail or by phone call

 
  • Name and Surname
  • Company and role
  • Email Address
  • Phone number
  • Country
  • Other applicable information

We collect your data for the purpose of processing your request, to provide you with the information requested, to respond to your questions/queries, to provide support and assistance.

Art. 6 (1) (f) of GDPR. The processing is necessary for our legitimate interests of conducting our business objectives, replying to queries, complaints or concerns.

Art. 6 (1) (b) of GDPR. The processing is necessary for the performance of a contract to which You are a party or in order to take steps following Your request prior to entering into a contract.

Art. 6 (1) (a) of GDPR: Consent, if appropriate and according to the applicable law.

In relation to the legal basis of our legitimate interest under art. 6 (1) (f) GDPR, in addition to the purposes listed above, we might process your data also for the purposes of preventing fraud, ensuring network and information security, reporting of criminal acts or threats to public security, exercise of legal rights of the Company.

Where we process your personal data in reliance with our legitimate interest, we ensure that it does not override your interests or fundamental rights and freedoms.

4. If You fail to provide Your personal data

The provision of personal data is not a statutory or a contractual requirement. However, if you do not provide the requested personal data, we may not be able to provide you with the requested services.

5. Security

We have implemented appropriate technical, organizational and security measures designed to reduce the risk of accidental destruction or loss, or unauthorized disclosure or access to such personal data, according to the nature and context of the type of data and processing carried out.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any personal data breach and will notify you and the competent authority of a breach where we are legally required to do so.

6. How we share Your personal data

We may share your personal data with the following categories of third parties, only to the extent required for the specific purpose(s) outlined in this Policy:

  • to the extent necessary, with regulators, to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies or if required to do so by court order;
  • to professional advisers or consultants where needed;
  • within the Group, we may disclose personal data processed to other companies within the Group in accordance with our internal processing agreement;
  • Trusted service providers that help us provide the services described in this Policy and who may process such data on our behalf to support the Site and our services such as mailing house, hosting or software services.
  • In the event that we are acquired by or merged with a third-party entity, or in the event of bankruptcy or a comparable event, we reserve the right to transfer, or assign personal data in connection with the foregoing events, when allowed or imposed by applicable law and in compliance with legal and regulatory requirements.

7. Transfer of personal data

To fulfil the objectives outlined in this Policy, it may be necessary for us to transfer, store, or process your personal data in countries that may not provide the same level of protection as mandated by the GDPR and where the European Commission has not issued an adequacy decision (Art. 45 GDPR). In such instances, We ensure that the transfer of data is conducted with appropriate safeguards in place, such as the use of  EU standard contractual clauses (SCC. )For information on EU standard contractual clauses, please visit:  https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en

Where we receive requests for Personal Data from law enforcement or regulators we carefully validate these requests before any personal data is disclosed.

8. Your rights

According to GDPR, you have the following rights:

  1. Request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
  2. Request rectification of personal data that we hold about you.
  3. Request erasure of your personal data (where applicable). This enables you to ask the Organization to delete or remove personal information where there is no good reason for us continuing to process it.
  4. Object to the processing of your personal data (where applicable) where we are relying on a legitimate interest (or those of a third party) and if there is something about your particular situation which makes you want to object to processing on this ground. If personal data that relates to you is processed for direct marketing or profiling purposes, you have the right to object at any time to the processing of your personal data for such purposes.
  5. Request the transfer of your personal data to you or to a third party. We will provide you, or a third party of your choice, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  6. Request the restriction of processing of your personal information.
  7. Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

The above rights are not absolute and can be subject to specific legal requirements or exemptions and therefore may not always be applicable.

If you wish to exercise your rights or if you have any questions you can directly contact us at dpo@challenge-group.com.

We respond to legitimate requests within timeframe set by law. Occasionally it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

There is no charge for the provision of this information except in circumstances where the request is manifestly unfounded or excessive.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

9.Right to complain

You have a right to lodge a complaint with the Privacy Protection Authority, the Israeli supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the Authority so please contact us any time at dpo@challenge-group.com.

10.Retention of Your Personal Data.

We will only retain Your personal data for as long as necessary to fulfil the purposes for which data has been collected.  To determine the appropriate retention period for personal data, we  take into consideration several factors and criteria, which includes but is not limited to any retention period set out by legal or regulatory requirements, the time periods established by law, regulations and directives to exercise legal actions and to defend any rights. Thereafter, personal data shall be immediately and irrevocably erased.

We might retain your data for a longer period of time based on our legitimate interest to comply with our legal obligation and record keeping duties, in case of legal proceeding/audit or inspection form authorities.

For further details on data retention periods, please contact us at dpo@challenge-group.com.

11. Third party technologies and Cookies

We might use website tracking technologies, such as cookies, which are used by site owners or third parties to collect information about you as well as your device for different purposes, in order to enhance your navigation on our services, improve our services’ performance and customise your experience on our services. We also use this information to collect statistics about the usage of our services. For further information on what cookies are, which cookies we use, how and why we use cookies, and how you can control cookies, please read our Cookie policy.

12. Social networks and other plugins

We may also use in our website the so-called plug-ins from social networks, such as YouTube, LinkedIn or Facebook. This is visible to you typically via corresponding icons. If you activate them (by clicking on them), the operators of the social network might collect and process Your data. In these instances, please note that the processing of your personal data is then under the responsibility of the related operator so please refer to the privacy policy of the respective Social Networks.

12. Changes to privacy notice

We may update this Policy from time to time in order to reflect changes to our practices or for other operational, legal, or regulatory reasons. This version was last updated on [DATE] and previous versions can be obtained by contacting us.

13. Disclaimer and limitations of these data protection notices

Please note that this Policy applies only to the processing of personal data carried out through our Website https://www.challenge-holdings.com/ and does not apply to other third-party websites, which provide their own privacy policy.

Last updated: 15/07/2024