Privacy Notice


Deguara Farrugia Advocates (“DF Advocates”/”we”/”us”/”our”) are committed to protecting and respecting your privacy. We are pleased to provide you with our privacy policy and request you to read it carefully.

We have created this privacy policy to explain to you:

  1. how we use any personal data that we receive from you or may collect about you, and
  2. your privacy rights under applicable privacy laws.

Our use of your personal data is subject to your instructions, the EU General Data Protection Regulation (“GDPR”), other relevant Maltese and EU legislation and our professional duty of confidentiality.

For the purposes of the GDPR, the Data Controller is:

Deguara Farrugia Advocates of Il Piazzetta, A, Suite 52, Level 5, Tower Road, Sliema, SLM 1607, Malta.

If you wish to request any clarification or additional information in relation to this privacy policy, or you may wish to exercise any of your rights in relation to your personal data, please send us an email on privacy@dfadvocates.com

In the event that we modify this privacy policy, we will post a clear notice of this update in the homepage of our website and we will inform you via email.


Data Controller: The person that determines the purposes and means of the processing of personal data;

Personal data: Any information relating to an identified or identifiable natural person;

Processing: any operation which is performed on personal data such as collection, storage, use and erasure;

Sensitive Personal Data: Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, Genetic and biometric data, Data concerning health, sex life or sexual orientation; 


The personal data we collect and process about you depends on your relationship with us. Most of the information we process is given to us by you directly. This includes information that you input via our website, provide us with during meetings, telephone, email and other electronic communications. However, we may also collect information about you from other sources:

  • public accessible sources – e.g. Registry of Companies, Malta Financial Services Authority, Public Registry, Planning Authority, Court Registry
  • directly from a third party – e.g. due diligence providers, credit reference agencies
  • form a third party with your consent – e.g. your bank or other financial institution.

We can only use your personal date if we have a lawful reason for doing so. Under data protection laws we may process your personal data if you have given us you consent or it is necessary:

  • to comply with a legal obligation, or
  • for the performance of a contract, or
  • for our legitimate interests.

We process your personal data on the ground of legitimate interest when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

However, with respect to sensitive data we will only process such data upon your explicit consent.

Below you may find the types of personal data that we may process, what we may use it for and our legal bases, that is our reasons for processing:

A) Activity:    Making use of our website

Personal data we may process:

  • Contact details that you provide to us in the contact form via our website, these include name, address, and contact number.

What we may use your personal data for:

  • To respond to your communications with us, such as any questions, comments, complaints or requests.
  • Updating and enhancing our contacts/client base.

Our legal bases:

  1. For our legitimate interests:
  • Getting to know the relative contact person who could include potential client/ employee.
  • Managing business communications.
  • Responding to your communications with us.

B) Activity:     Your request for the provision of legal service

 Personal data we may process:

  • Information to enable us to check and verify your identity, such as your name, date of birth, residential address, passport details or other identification document.
  • Electronic contact details, such as your email address and mobile phone number.
  • Information on the matter on which you are seeking our services and which relates to you as an individual.
  • Financial information, such as bank details so far as relevant to your instructions.
  • Any other personal data that you may disclose to us during your relationship with us.

What we may use your personal data for:

  • To provide legal services to you.
  • To conduct checks to identify you and verify your identity as our client.

Our legal bases:

  1. Performance of contract:
  • Performance of our contract with you or to take the necessary steps at your request before entering into a contract.

       2. Performance of a legal obligation:

  • To comply with our legal and regulatory obligations, particularly our obligations under the anti-money laundering regulations.

C) Activity:    Promotional communications such as legal updates, event invitations, or other marketing materials

Personal data we may process:

  • Contact details that enable us to provide you with our communications, these include name, address, email address and contact number.
  • Any other personal data you may disclose to us.

 What we may use your personal data for:

  • To create and send out personalised communications that are relevant to you.
  • To market our services to existing and former clients and third parties who have previously expressed an interest in our services.

Our legal bases:

  1. For our legitimate interests:
  • Develop our professional networks.
  • Share relevant content and promote our services with our clients, former or third parties who have previously expressed an interest in our services.

      2. Consent:

  • On the basis of the consent that you have provided us, where this is required.

 D) Activity:     Your application for a job or internship at DF Advocates

Personal data we may process: 

  • Name, address, gender, date of birth. Contact details such as personal email address, mobile phone number.
  • Applicant’s qualifications and references.
  • Results of background checks including social media and to the extent permitted by law, criminal background checks.
  • Curriculum Vitae, including all information provided therein.
  • Special conditions (which may relate to disability, learning, specific learning difficulty, health issue).
  • Any other data that you may provide to us through the application process.

What we may use your personal data for:

  • To process and follow up on your job application

Our legal bases:

  1. For our legitimate interests:
  • Satisfy our staffing requirements.
  • Getting to know employees/potential employees.
  • Making sure any potential recruit is suitably qualified for the position.

       2. Consent:

  • You are consenting us to process your personal data upon the submission of your personal data in the context of your application, which would include conducting necessary checks to satisfy our legitimate interests.
  • Performance of a legal obligation:
  • In satisfaction of our obligation to verify whether a candidate has the right to work in Malta.

Our services are directed solely to adults. Please do not provide us with any of your personal data if you are under the age of sixteen.


We do not share your data with third parties, except with the following persons and in the indicated circumstances:

  • service providers – we may disclose your personal data to third-party service providers that provide us with services. These include cloud storage providers, website hosting providers consultants, accountants, tax advisors and legal service providers in other countries.
  • other third parties – where necessary to carry out your instructions, eg. Registry of Companies, Malta Financial Services Authority, Public Registry.
  • our group entities – where this is required to provide you with a service.
  • our bank – where this is required in relation to the provision of a service.

We may also disclose your personal data in response to any requests made from law enforcement agencies, government entities or public authorities, to comply with court orders, to obtain legal remedies and/or limit our damages, to protect your rights as well as our rights and the rights of our employees and where we deem necessary or appropriate under applicable laws and regulations.

We may also share your personal data with other parties in the event of a corporate reorganisation and/or disposition of our business, such as potential buyers of all or part of our business.


 We hold your personal data at our offices and those of our third-party service providers as described in clause 5 above. Some of these service providers may be located outside the EEA. Any such transfers will be processed in accordance with specific EU and Maltese data protection laws as also provided in clause 7 below. 


 Transfers out of personal data outside the EEA are subject to specific EU and Maltese data protection laws.

We may share your personal data outside the European Economic Area (EEA) for the purposes of providing you a service. This may occur where we share data with your or our service providers located outside the EEA or if you are based outside the EEA.


 We will retain your personal data even after the completion of our services to you. We will need to keep your personal data after we have finished advising or assisting you in order to comply with our record-keeping requirements in terms of the law and to be able to respond to any questions, complaints or claims made by you or on your behalf.

We will not collect more data than we require or retain your data for longer than necessary to fulfill the purposes outlined in this policy. 


You have the following rights if you reside in the EU:

Right of Access:

The right to access and be provided with a copy of your personal data.

Right to Rectification:

The right to require us to correct any inaccurate personal data about you.

Right to be forgotten:

The right to require us to delete your personal data in certain circumstances.

Right to restriction of processing:

The right to require us to restrict processing your personal data in certain circumstances.

Right to data portability:

The right to receive your personal data which you provided to us, in a structured, commonly used and machine-readable format and the right to transmit that data to another data controller in certain circumstances.

Right to object:

The right to object to the processing of your personal data in certain circumstances which include processing for direct marketing purposes and continued processing of your data carried out for the purpose of our legitimate interests.

Right not to be subject to automated processing:

The right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or significantly affects you.

Should you require any further information on each of the above rights or would like to exercise any of them, please contact us on privacy@dfadvocates.com.


We have implemented security measures to protect your personal data that we collect from being used or accessed unlawfully or accidentally lost. We only grant access to your personal data to those persons who have a genuine need to access it. Those processing your personal data are subject to the duty of confidentiality.


 We would like to resolve any concern that you may have about the processing of your personal data directly with you. However, you have the right to lodge a complaint with a supervisory authority, in particular in the EU state in which you work, reside or where the alleged infringement of data protection laws took place. The supervisory authority in Malta is the Office of the Information and Data Protection Commissioner which may be contacted at https://idpc.org.mt/en/Pages/contact/complaints.aspx


Ranked in