Privacy Policy

This Privacy Policy is intended to help you comprehend what information We collect from our Users, how do We use that information and when do We use it, in order to provide our trusted Services. Our role does not just go as far as information collection; We are also entrusted to ensure the security and privacy of the collected data.


Our Cookie Policy is mentioned as a separate section towards the end of this Privacy Policy.


 

1.    Important information about who We are

   

    1.1.  Definitions

        1.1.1.      If you see an undefined term in this Privacy Policy (such as “Listing” or “Platform”), it has the same definition as in our Terms of Service (“Terms”).


        1.1.2.       “Kera,” “We,” “Us,” or “Our,” refers to Rentiteasy Ltd that is responsible for your information under this Privacy Policy (the “Data Controller”).


        1.1.3.      “Personal Data” means any information that identifies You as an individual or that relates to an identifiable individual


    1.2.  Purpose of this Privacy Policy

        1.2.1.      This Privacy Policy aims to give you information on how We collect and process your personal data through or in conjunction with your use of this Website and Our Services.


        1.2.2.      This Privacy Policy stipulates details and conditions of collecting and processing your Personal Details and provides you with information in terms of articles 12 and 13 and 20 of General Data Protection Regulation (GDPR).


        1.2.3.      This Website is not intended for children and We do not knowingly collect data relating to children (below 18 years of age).                    

 

    1.3.  Controller

        1.3.1.      Rentiteasy Ltd is the Data Controller responsible for your information under this Privacy Policy.


 1.3.2.      We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise rights please contact Us or the DPO using the details set out below.

 

    1.4.  Contact Details

1.4.1.      If You need any clarification on this Privacy Policy or a specific legal basis We are relying on to process Your Personal Data for a specific processing operation, We would be happy to provide You with any such information You may need.


        1.4.2.      General email address: [email protected]


        1.4.3.      DPO email address: [email protected]


        1.4.4.      Postal address: Rentiteasy Ltd, 21, Mons A. Bonnici Street, Msida MSD 2257, Malta.

 

    1.5.  We reserve the right, at Our complete discretion, to change, modify, add and/or remove parts or all of this Privacy Policy at any time. You shall be, in advance, informed by Us of any changes made to this Privacy Policy (as Well as Terms of Service relevant to the Site). We shall also archive and store previous versions of the Privacy Policy for Your review upon request.

 

2.    The Data We collect about You

    2.1.  Personal Data obtained from You

        2.1.1.      Wherever possible and in so far as the nature of our services allow, all personal data collected will be retained, used and processed in an anonymised format. Whenever it is not possible or feasible for Us to make use of anonymous and/or anonymised data (in a manner that does not identify any Users of the Site or customers of Our services), We are nevertheless committed to protecting Your privacy and the security of Your Personal Data at all times.


        2.1.2.      We collect from You, through interaction with You or through Your interaction with Us or our Services different kinds of personal data about you which We have grouped together as follows:

2.1.2.1.            Registration Data provided by you when you create your User Account (notably in the terms of Clause 4.1.2 of the Terms of Services) including first name, last name, username, date of birth, gender, country.

2.1.2.2.            Contact Data includes permanent address, email address and telephone numbers.

2.1.2.3.            Identification and Verification Data (Anti-Money Laundering/Due Diligence/KYC data) that includes but is not limited to images/videos, identity documents (e.g. passport, IC card or driving license), biometric facial identifiers (e.g. face images/videos).

2.1.2.4.            Transaction Data generated through your use of our Services including payments from you, as well as information pertaining to transactions such as currency, location, amount/value.

2.1.2.5.            Payments Data including your credit/debit card details.

2.1.2.6.            Log in Data includes internet protocol (IP) address, your logins (first log in, last login, last failed login), duration of log ins, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Services.

2.1.2.7.            Profile Data includes your appointment history, documents, favourite listing, payments history; and your preferences as to contact channels.

2.1.2.8.            Marketing Communications Data includes your preferences in receiving marketing from Us (opt in/opt out), as Well as your Contact and Registration Data.

2.1.2.9.            Other Communication Data provided by you in communication with Us (via recorded chats or email).

2.1.2.10.        Analytics data include various data provided by you or observed with respect to your use of our Website and Services such as your language, location, browser data, device, and payment provider. Certain information is collected using cookies and/or similar tracking technology – please see further section “Cookies”.

 

    2.2.  Personal Data from different sources

        2.2.1.      We collect information for identity verification, AML/CFT and similar purposes on the background of the Users, which We source from third party provider (private company working mostly with public sources), namely Shufti Pro Ltd and which includes information whether User is politically exposed person and whether any international and/or financial sanctions have been imposed.

 

    2.3.  If you fail to provide Personal Data

        2.3.1.      Where We need to collect personal data by law, or under the terms of a contract We have with you and you fail to provide that data when requested, We may not be able to perform the contract We have or are trying to enter into with you (for example, to provide you with Our Services).

 

 

3.    Why and How do We use your Personal data

    3.1.  We will only use your personal data when the law allows Us to.

        3.1.1.      Most commonly, We will use your personal data in the following circumstances:

 3.1.1.1.            To allow You to use our Services

 3.1.1.2.            To allow You access and use of the Website

 3.1.1.3.            For Legal and Regulatory reasons, to comply with our Legal obligations and Regulatory obligations such as Anti-Money Laundering and Combating the Funding of Terrorism.

 3.1.1.4.            For identification and verification proposes

 3.1.1.5.            For purposes that constitute a legitimate interest of Kera regarding direct marketing of its own similar goods and services via electronic mail as provided below; and

 3.1.1.6.            For analytics purposes

 

    3.2.  Detailed purposes and legal basis

We have set out below, in a table format, a description of all the ways We plan to use your personal data, and which of the main legal bases We rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that We may process your personal data for more than one lawful ground depending on the specific purpose for which We are using your data. Please Contact us if you need details about the specific Legal ground We are relying on to process your personal data where more than one ground has been set out in the table below.

 

Purpose

Data Category

Legal Basis

To register you as a new User, to identify and verify you when you access your User Account

        Registration Data

        Contact data

        Log-in Data

Performance of the contract with you

For use of services

        Registration Data

        Contact Data

Performance of the contract with you

To process and manage payments transactions in order to use our Services

        Payment and Transaction Data

Performance of the contract with you

For AML/CTF and Due Diligence purposes

        Registration Data

        Contact data

        Identification and Verification Data

 

Compliance with Legal obligations

To establish and investigate

Any suspicious behaviour in order to protect our business from any risk and fraud.

        Registration Data

        Contact data

        Identification and Verification Data

        Log-in Data

        Payment and Transaction Data

        Other Communications Data

 

Legitimate interest (detection and prevention of fraud)

Direct Marketing of our own Services (further information below in Section 3.3)

Marketing Communications Data

Legitimate interest (to promote our own Service, to develop our business and enhance relationship with)

 

Social Media Marketing

Contact Data

Legitimate interest (to promote our own Service, to develop our business and enhance relationship with you by targeted offers)

 

Commercial business analyses for the creation of standard, periodical as Well ad hoc reports

        Analytics Data

        Transaction Data

Legitimate interest (to develop our Services and grow our business)

 

Web Analytics

        Analytics Data

        Transaction Data

Legitimate interest (to develop our Services and grow our business)

 

 

    3.3.  Direct Marketing of own similar Services

        3.3.1.      In accordance with applicable Laws and in reliance on Regulation 9(2) of the Processing of Personal Data (Electronic Communication sector) Regulations (S.L. 586.01) and Recital 47 of the GDPR, Kera may be informing You, from time to time, via electronic mail (email or SMS) about its own similar Services (for example any changes on the Website, new Services). You may opt out at any time and free of charge of such service, as applicable, either by:

3.3.1.1.            Activating the relevant link at the end of such message,

3.3.1.2.            Contacting us, or

3.3.1.3.            Changing your Settings in your User Account.

 

        3.3.2.      Please note that even if You object to receiving Direct Marketing material from, from time to time We may still need to send You certain important communications from which You cannot opt-out.

 

4.    Retention

    4.1.  Criteria used to determine retention period

        4.1.1.      We will only retain your personal data for as long as necessary to fulfil the purposes We collected it for, including for the purposes of satisfying any Legal, accounting, or reporting requirements.

 

        4.1.2.      The criteria We use to determine what is ‘necessary’ depends on the nature of the particular Personal Data in question. Our normal practice is to determine whether there is/are any specific EU and/or national law(s) (for example tax or corporate laws) permitting or even obliging Us to keep certain personal data for a certain period of time (in which case We will keep the personal data for the maximum period indicated by any such law) and if not, whether there are any laws and/or contractual provisions that may be invoked against Us by You and/or third parties and if so, what the prescriptive periods for such actions are. In the latter case, We will keep any relevant personal data that We may need to defend Ourselves against any claim(s), challenge(s) or other such action(s) by You and/or third parties.

 

        4.1.3.      Where Your Personal Data is no longer required by Us, We will either securely delete or anonymise the Personal Data in question.

 

    4.2.  Details on our retention periods

 

Retention Scenario

Data Categories (High Level)

Purpose

Legal Ground

Duration

Start of the Period

1

        Registration Data

        Transaction Data

Tax & Accounting

Legal Obligation

10 years

Transaction

2

        Identification & Verification Data (KYC/AML)

        Payments Data

AML

Legal Obligation

5 years

Closure of account

3

        Registration Data

        Transaction Data

        Other Communications Data

        Profile Data

        Payments Data

Defence of legal claims brought by customers

Legitimate interest

6 years

Closure of account

4

       Registration Data

       Contract data

       Identification & Verification Data

       Payments and Transaction Data

        Other Communications Data

        Profile Data

Defence of legal claims brought by Authorities

Legitimate interest

2 years

Closure of Account

 

 

5.    Recipient of your Personal Data

    5.1.  As Kera’s business partners, suppliers or service providers are responsible for certain parts of the overall functioning or operation of the Website, and other services, Personal data are processed also by them for the above-mentioned purposes on behalf of Kera.

 

    5.2.  We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions, after thorough vetting of these partners and on the basis of strict data processing agreements

 

    5.3.  Details on the categories of the processors of the personal data:

        5.3.1.      Payment service providers to perform payment transactions;


        5.3.2.      Service providers that technically enable communication with you (via email, chat, SMS);


        5.3.3.      Technical suppliers to support functioning of the Website and Our technical systems (both front and back end);


        5.3.4.      Technical administrators of the database to maintain the functioning of the database;


        5.3.5.      AML providers providing and/or processing certain data for the purposes of compliance with our AML obligations;


        5.3.6.      Services providers regarding the booking of viewing or listing;


        5.3.7.      Service providers for the purpose of data analytics; and


        5.3.8.      Professional advisers [acting as processors or joint controllers] including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.

 

    5.4.  Joint Controllers

        5.4.1.      Certain data is shared with other parties, acting as joint controllers. This is necessary for the use of the services offered on Kera. The following are the details on the essence of the joint-controller arrangements with other parties.

 

       5.4.2.      The following data are processed with ShuftiPro (Identification and Verification services provider) as joint controllers: Registration Data; Identification and Verification Data.

5.4.2.1.            Kera collects data and informs data subjects.

5.4.2.2.            Kera responds to data subject’s request.

5.4.2.3.            Kera records and makes all notifications of personal data breaches to supervisory authorities and/or affected data subjects when required.

5.4.2.4.            Further information on ShuftiPro’s processing activities may be found here.

 

        5.4.3.      The following data are processed with Apco (Payment services provider) as joint controllers: Registration Data; Contact Data and Log in Data.

5.4.3.1.            Kera collects data and informs data subjects.

5.4.3.2.            Kera responds to data subject’s request.

5.4.3.3.            Kera records and makes all notifications of personal data breaches to supervisory authorities and/or affected data subjects when required.

5.4.3.4.            Further information on Apco’s processing activities may be found here.

 

    5.5.  Authorised disclosure

        5.5.1.      If You are suspected to have breached our Terms and Conditions or any applicable laws (for example when we suspect that a crime may have been committed), or for the purpose of preventing, detecting or surpassing fraud Kera has a right to:

5.5.1.1.            Forward Your Personal Data to the government authorities.

5.5.1.2.            Share Your Personal Data with relevant law enforcement and/or crime investigation bodies and assist the same with any type of investigation into Your actions.

5.5.1.3.            disclose in response to any Court subpoena or order or similar official request for Personal Data


 

6.    International Transfer

6.1 Data collected may be subject to an international data transfer. Such is the case for example where a third party service is offered through Kera or where services offered through Kera involve third parties established in third countries. Where an international data transfer is effected, We will ensure that there is an adequacy decision, or appropriate safeguards have been granted, or that binding corporate rules are drafted and approved, or that such transfer falls within a derogations established in Article 44 and Article 46 of the GDPR. When engaging in international data transfer we endeavour to make use of standard contractual clauses established by the European Commission Decisions and to obtain approvals from the relevant authorities and your express consent where this is required at law.


 

7.    Data Security

    7.1.  We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In order to comply with GDPR, various technical controls ensure data and information are always encrypted during transit and at rest using industry standard encryption techniques across the board. This ensures confidentiality and integrity at all times.

 

    7.2.  In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a need to know business requirement. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

 

    7.3.  In case of any suspected personal data breach, we will notify you and any applicable regulator of a breach where we are legally required to do so.

 

 

8.    Your rights under the Data Protection Laws

    8.1.  You may, at any time, with reasonable intervals, request Us to confirm whether or not We are processing personal data that concerns You and, if We are, you shall have the right to access that personal data and to the following information:

        8.1.1.      What personal data We have,

        8.1.2.      Why We process them,

        8.1.3.      Who We disclose them to,

        8.1.4.      How long We intend on keeping them for (where possible),

        8.1.5.      Whether We transfer them abroad and the safeguards We take to protect them,

        8.1.6.      What Your rights are,

        8.1.7.      How You can make a complaint, and

        8.1.8.      Where We got Your personal data from.

 

    8.2.  The easiest way to obtain the information above-mentioned in Sections 8.1.1 to 8.1.8 is to send us your request on [email protected]

 

    8.3.  The Right to Rectification

        8.3.1.      Although all reasonable efforts will be made to keep Your Personal Data updated, you are kindly requested to inform Us promptly. With respect to your residential address and phone number, you can notify us of the change by amending Your profile of any changes to Your Personal Data. If the change pertains to data that cannot be amended by changing your profile, please contact us. To this end You have the right to ask Us to rectify inaccurate personal data and to complete incomplete personal data concerning You. We may seek to verify the accuracy of the data before rectifying it.

 

    8.4.  The Right to Erasure (The Right to be Forgotten)

        8.4.1.      You have the right to ask Us to delete Your personal data. We shall comply without undue delay but only where:

8.4.1.1.            the personal data are no longer necessary for the purposes for which they were collected; or

8.4.1.2.            You have withdrawn Your consent (in those instances where We process on the basis of Your consent) and We have no other legal ground to process Your personal data; or

8.4.1.3.            You shall have successfully exercised Your right to object (as explained below);

8.4.1.4.            Your personal data shall have been processed unlawfully; or

8.4.1.5.            There exists a legal obligation to which We are subject; or

8.4.1.6.            Special circumstances exist in connection with certain children’s rights.

 

        8.4.2.      In any case, We shall not be legally bound to comply with Your erasure request if the processing of Your personal data is necessary:

8.4.2.1.            For compliance with a legal obligation to which We are subject (including but not limited to Our data retention obligations); or

8.4.2.2.            For the establishment, exercise or defence of legal claims.

8.4.2.3.            There are other legal grounds entitling Us to refuse erasure requests although the two instances above are the most likely grounds that may be invoked by Us to deny such requests. You may request the erasure by contacting us.

 

    8.5.  The Right to Data Restriction

         8.5.1.      You have the right to ask Us to restrict (that is, store but not further process) Your personal data but only where:

 8.5.1.1.            The accuracy of Your personal data is contested (see the right to data rectification above), for a period enabling Us to verify the accuracy of the personal data; or

8.5.1.2.            The processing is unlawful, and You oppose the erasure of Your personal data; or

8.5.1.3.            We no longer need the personal data for the purposes for which they were collected but You need the personal data for the establishment, exercise or defence of legal claims; or

8.5.1.4.            You exercised Your right to object and verification of Our legitimate grounds to override Your objection is pending.

 

        8.5.2.      Following Your request for restriction, except for storing Your personal data, We may only process Your personal data:

8.5.2.1.            Where We have Your consent; or

8.5.2.2.            For the establishment, exercise or defence of legal claims; or

8.5.2.3.            For the protection of the rights of another natural or legal person; or

8.5.2.4.            For reasons of important public interest.

8.5.2.5.            You may request the restriction by contacting us.

 

    8.6.  The Right to Data Portability

        8.6.1.      You have the right to ask Us to provide Your personal data (that You shall have provided to us) to You in a structured, commonly used, machine-readable format, or (where technically feasible) to have it 'ported' directly to another data controller, provided this does not adversely affect the rights and freedoms of others. This right shall only apply where:

8.6.1.1.            The processing is based on Your consent or on the performance of a contract with You; and

8.6.1.2.            The processing is carried out by automated means.

 

        8.6.2.      To a great extent, you may enact this right by contacting us.

 

    8.7.  The Right to Object to Certain Processing

        8.7.1.      In those cases where We only process Your personal data when this is 1.) necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Us or 2.) when processing is necessary for the purposes of the legitimate interests pursued by Us or by a third party (as indicated in the Table in Section 3.2 above), You shall have the right to object to processing of Your personal data by Us.

 

        8.7.2.      When Your data is processed for direct marketing purposes, You have the right to object at any time to the processing of Your personal data, which includes profiling to the extent that it is related to such direct marketing.


        8.7.3.      For the avoidance of all doubt, when We process Your personal data when this is necessary for the performance of a contract, when necessary for compliance with a legal obligation to which We are subject or when processing is necessary to protect Your vital interests or those of another natural person, this general right to object shall not subsist.

 

        8.7.4.      With respect to Direct marketing of our own goods and services incl. related profiling, You may object such processing at any time, by contacting us.

 

    8.8.  Right to withdraw consent (when we process your data on the basis of consent)

        8.8.1.      In those cases where We process on the basis of Your consent (which We will never presume but which We shall have obtained in a clear and manifest manner from You), should You exercise Your right to withdraw Your consent at any time (by writing to Us at the physical or email address below), We will determine whether at that stage an alternative legal basis exists for processing Your Personal Data (for example, on the basis of a legal obligation to which We are subject) where We would be legally authorised (or even obliged) to process Your Personal Data without needing Your consent and if so, notify You accordingly.


        8.8.2.      When We ask for such Personal Data, You may always decline, however should You decline to provide Us with necessary data that We require to provide requested services, We may not necessarily be able to provide You with such services (especially if consent is the only legal ground that is available to Us).


        8.8.3.      Just to clarify, consent is not the only ground that permits Us to process Your Personal Data. In the last preceding section above We pointed out the various grounds that We rely on when processing Your Personal Data for specific purposes.

 

    8.9.  The Right to lodge a Complaint

        8.9.1.      You also have the right to lodge complaints with the appropriate Data Protection Supervisory Authority. The competent authority in Malta is the Office of the Information and Data Protection Commissioner (OIDPC). We kindly ask that You please attempt to resolve any issues You may have with Us first (even though, as stated above, You have a right to contact the competent authority at any time).

 

    8.10.  Time Limit To Respond

        8.10.1.  We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

 

 

9.    Cookies Policy

Whenever you use our Services, including our applications, cookies and other tracking technologies can be used in various ways, such as making the Kera Site work, to analyse traffic, or for advertisement purposes. These technologies are either used by us directly, or by our business partners, including third party service providers and advertisers we work with.

 

    1.1.  What are cookies?

        9.1.1.      Cookies are small text files that are placed on your computer or mobile device when you access websites on the internet. Cookies help Users navigate around our website and allow Us to tailor the content of our site to fit the needs and preferences of Users.

        9.1.2.      None of the cookies We use collect your personal information (e.g. names, addresses, telephone numbers, email addresses) and they can’t be used to identify You as an individual. They typically collect anonymous identifiers associated with your device, browser, referring site URLs, time or usage information, Website preferences and settings, etc. (as further provided in this Section).

        9.1.3.      To learn more about cookies and how to manage or delete them, simply visit http://www.allaboutcookies.org. and the help section of your browser. In the settings for browsers such as Internet Explorer, Safari, Firefox or Chrome, you can set which cookies to accept and which to reject. Where you find these settings depends on which browser you use. Use the "Help" function in your browser to locate the settings you need.

 

    1.2.  Types of Cookies we use

        9.1.4.      Essential Cookies

These are cookies which are used only to make our website work properly; or strictly necessary for us to provide the services expected by our users:

        9.1.5.      Non-essential Cookies

These are cookies which are not required for our website to function or behave as the user would expect it to. These include cookies relating to:

9.1.5.1.            Marketing, which gather information about the user’s browsing patterns and behaviour to target them with advertisements which would be more likely to interest them

9.1.5.2.            Analytics. In order to control the collection of data for analytical purposes through Google Analytics from certain browser types, you may want to visit the following link: Google Analytics Opt-out Browser Add-on (only for desktop).




If you have any questions about this Privacy Policy, please send an email to [email protected] . Our Privacy Policy may also be amended from time to time. So visit this page regularly to keep abreast of updates.