Last updated: May 14th, 2026
We are committed to protecting and respecting the privacy of your personal information.
This Privacy Policy (hereafter referred to as the “Privacy Policy”) relates to the website https://imin-malta.com/ (hereafter referred to as the “website” or the “site”), the services provided by IMMIGRANT INVEST (the owner and operator of the Site), and any related software applications (“Apps”) where personal data relating to you is processed by the same (via the Site, any of our Apps or otherwise).
IMMIGRANT INVEST is an international company that provides clients with residence and citizenship planning services.
IMMIGRANT INVEST comprises different legal entities, the details of which can be found at https://imin-malta.com/. This Privacy Policy is issued on behalf of IMMIGRANT INVEST and its affiliates, so when it mentions “IMMIGRANT INVEST”, “We”, “Us” or “Our” in this Privacy Policy, we are referring to the relevant entity in IMMIGRANT INVEST responsible for processing your data. We will let you know which entity will be the data controller for your data when you obtain any of our services.
In the Privacy Policy, “You”, “Your” and “User” refer to an identified or identifiable natural person being the user of the Site and/or client (or prospective client) of any of our Services. Our full details, including contact details, can be read below.
This Policy outlines the manner in which IMMIGRANT INVEST handles the information and personal data which you have provided to us and which enables us to be able to manage the relationship which you have with us effectively.
We are committed to respecting and protecting your privacy at all times. IMMIGRANT INVEST will not sell, rent, transfer, or otherwise make available to others any information about any person visiting our Website except as expressly provided for in this Privacy Policy.
The purpose of this Privacy Policy is to:
All processing of personal data performed by IMMIGRANT INVEST as envisaged in this Privacy Policy shall be carried out in line with:
This Privacy Policy should be read in conjunction with our Cookie Policy and any other privacy notices we may provide on specific occasions when we are collecting or processing personal data about you.
IMIN Malta Limited (company registration number C 76982), of Malta, is the data controller and is responsible for this Website. We are also the data controller of any personal data we collect or receive and process in connection with the Services and/or the Website. Our associated corporate entities may be data controllers of your personal data in their own right, whether jointly or as entirely separate data controllers.
Full name of legal entity: IMIN Malta Limited
Postal address: 8/2, Portomaso Business Tower, 1 Church Street, St Julian’s, STJ 4011, Malta
Telephone: +356-2033-01-78
Email for data protection enquiries: [email protected]
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We will collect and process the following personal data about you:
a) Identity Data
Including first name, maiden name, last name, title, identity document number, gender, nationality, employment status, organisation, occupation, e-mail address and phone number.
b) Contact Data
Including billing address, mailing address, email address and contact numbers.
c) Compliance Data (AML and KYC)
Includes the following due diligence information and documentation relating to our clients, or their respective UBO, shareholders, founders, beneficiaries, directors, where a client is a legal person: copy of identity document, ‘KYC’ (database) checks and any other documentation which may be mandated from time to time by the Prevention of Money Laundering Act (Chapter 373 of the Laws of Malta) (“PMLA”), the Prevention of Money Laundering and Funding of Terrorism Regulations (“PMLFTR”), the Financial Intelligence Analysis Unit (“FIAU”) and/or any other competent authority or related legislation.
To the extent that copies of identity documents (including passport scans and other government-issued identification) reveal information relating to your racial or ethnic origin or include biometric features used for unique identification (where applicable), such information constitutes a special category of personal data within the meaning of Article 9 of the GDPR. We process such data only where one of the conditions under Article 9(2) GDPR applies, in particular processing which is necessary for reasons of substantial public interest under Union or Maltese law in the area of the prevention of money laundering and terrorist financing, on the basis of the PMLA, the PMLFTR and related legislation.
d) Assistance Data
e) Financial Data
Includes the bank account details of the client together with details about any payment methods used by the client to settle our invoices and, as may be necessary under the particular circumstances, the financial status and creditworthiness of the client.
f) Transaction Data
Includes details about invoices issued to the client (including date of settlement and means of settlement), payments made to and from the client and any outstanding invoices due by the client.
g) Technical Data
Includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, as well as other information regarding your experience on our Website such as page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
h) Marketing and Communications Data
Includes your preferences in receiving marketing from us and our third parties or associated entities, and your communication preferences.
You may provide such information in the following circumstances:
We shall use this information:
We shall only process your personal data insofar as this is necessary for us to provide the services we offer and/or for the purposes indicated in this Privacy Policy.
We may also process your personal data on the basis of any legitimate interest or to comply with any legal obligations. These interests and obligations may include the exercise or defence of legal claims or compliance with an order of any court, tribunal, authority, or disclosure to a government or regulatory entity.
Generally, we do not rely on consent as a legal basis for processing your personal data. However, where your consent is required, we will provide you with a form requesting explicit consent to do so.
Where you have provided your prior, freely given, specific, informed and unambiguous consent through our website (for example by ticking an opt-in box on a form), we will send you marketing communications about our activities, offers, or other information that we believe would be of interest to you. The legal basis for such processing is Article 6(1)(a) GDPR (consent).
Where we have entered into a business relationship (a contract) with you, we may also send you marketing communications about products and services that are similar to those you have already received from us. The legal basis for this processing is Article 6(1)(f) GDPR (our legitimate interest in maintaining and developing the commercial relationship with our existing clients).
Before relying on legitimate interest as a legal basis for direct marketing, we conduct a Legitimate Interests Assessment (“LIA”) in which we balance our legitimate interests against your rights and freedoms. You may, at any time and free of charge, object to processing based on legitimate interest, including for profiling purposes related to such marketing. Once you object, we will stop processing your personal data for that purpose.
Without your explicit consent, we will not share your personal data with any third party for marketing purposes.
You have the right to withdraw consent or to object to receiving marketing information at any time by contacting [email protected] or by clicking the unsubscribe button. Once you have withdrawn your consent or objected to any of the purposes listed herein, we will stop sending you marketing communications.
We may disclose your personal data to any of our international offices or the companies that form part of IMMIGRANT INVEST that may act as joint data controllers or data processors. These offices or companies will be the data controller for your data when you obtain our services, and/or they may provide administration, controls, and reporting services. All IMMIGRANT INVEST companies respect and protect the security of your personal data in ccordance with the applicable law (including the GDPR) and apply security measures and safeguards.
We may need to share personal data with government agencies and authorities in the country where you seek to obtain residence or citizenship. We shall only provide the necessary information to perform services under our contract with you.
We may be required to share your data with local agents or other service suppliers (in their capacity as data processors), which is necessary for us to provide the services you request. These local agents and suppliers store and process your data based on strict confidentiality and are subject to appropriate security measures and safeguards.
We may also share your data with other third parties in their capacity as data controllers, such as legal, tax, real estate, immigration or other advisors and consultants, (international) banks for payment details, or third parties providing other or additional services or goods to you such as real estate agencies, owners or developers. These third parties will process your data in their own right as data controllers.
We may also disclose or share your data if we are under a duty to do so to comply with any legal obligation or judgment or under an order from a court, tribunal or authority. This includes exchanging information with other companies and organisations for the purposes of anti-money laundering or KYC checks, compliance with anti-bribery or corruption laws, and/or fraud protection.
Where we share your personal data with internal or external third parties, this may involve transferring your data outside the European Economic Area (EEA), including to our offices and partners in the United Kingdom, the United States, Turkey and other jurisdictions.
Where the European Commission has issued an adequacy decision in respect of the recipient country, transfers take place on the basis of that decision.
Where no adequacy decision applies, we transfer personal data on the basis of appropriate safeguards within the meaning of Article 46 GDPR, in particular the Standard Contractual Clauses adopted by the European Commission in Commission Implementing Decision (EU) 2021/914 of 4 June 2021 (the “SCCs”).
In light of the judgement of the Court of Justice of the European Union in Case C-311/18 (“Schrems II”), where personal data is transferred to a country that does not provide an essentially equivalent level of protection, we conduct a Transfer Impact Assessment (“TIA”) on the legal regime of the importing country and, where required, implement supplementary measures (technical, contractual and organisational) before any transfer takes place. You may request a copy of the relevant safeguards by writing to [email protected] with “Data Protection” in the subject line.
IMIN Malta Limited acts as the EU data representative of all our offices located outside the EEA. You may address any issues, queries or concerns that you may have with IMMIGRANT INVEST by sending an e-mail with “Data protection” in the subject line to: [email protected].
We work closely with third parties to provide you with the services you request on our Website. These third parties include cloud storage providers, analytics providers and search engine information providers. We will only work with third-party providers that comply with applicable laws in the jurisdictions in which we operate and abide by the GDPR (and, where applicable, the UK GDPR and other applicable laws) to adequately protect and safeguard your personal data.
We will ensure that appropriate security measures are taken against unlawful or unauthorised processing of personal data and the accidental loss of or damage to personal data. In addition, we limit access to your personal data to those employees, agents, contractors and other professional third parties who strictly need to know this information. They will only process your personal data on our instructions and are subject to a duty of confidentiality.
The transfer of information between our Website and your device is protected with transport layer security (TLS) certificates. All personal data is stored in a secure server environment that uses a firewall and other advanced technology to protect against interference or unauthorised access. No data transmission method is 100% secure, and absolute security cannot be guaranteed.
We shall only store your data as long as it is strictly necessary for the purposes for which it was collected. By and large, our retention of your personal data shall not exceed the period of six (6) years from the termination of your engagement with IMMIGRANT INVEST. This retention period enables us to use your personal data for potential AML reporting obligations to the FIAU (a legal obligation) and/or for the assertion, filing or defence of possible legal claims by or against you.
Whenever and to the extent possible, we anonymise the data that we hold about you when it is no longer necessary to identify you from that data.
You are entitled to exercise the following rights under the GDPR (and the equivalent rights under the UK GDPR, where applicable):
1. The right to access information.
2. The right to object.
3. The right to correction (rectification).
4. The right to erasure (“right to be forgotten”).
5. The right to restriction of processing.
6. The right to data portability.
7. The right to withdraw consent.
To exercise any of these rights, please contact [email protected].
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
For data processed by IMIN Malta Limited as controller, the lead supervisory authority is the Office of the Information and Data Protection Commissioner of Malta (“IDPC”), Level 2, Airways House, High Street, Sliema SLM 1549, Malta, https://idpc.org.mt/.
If you are located in the United Kingdom, you may lodge a complaint with the Information Commissioner’s Office (“ICO”), https://ico.org.uk/.
We do not take decisions concerning you based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affect you within the meaning of Article 22(1) GDPR.
We do use automated processing for limited purposes such as audience segmentation and the delivery of relevant marketing content through advertising and analytics technologies (including those referred to in our Cookie Policy). Such processing does not produce legal effects on you and is carried out only after you have given your consent through our cookie banner or where it is otherwise permitted by law. You may object to such processing at any time as described in the Marketing section and in our Cookie Policy.
The Website and our marketing services are not directed at minors and we do not knowingly collect personal data from individuals under the age of 16 through the Website without verifiable parental or guardian consent.
Where we provide residence or citizenship advisory services to a family, applications submitted on behalf of minor dependants are processed on the legal basis of performance of a contract (Article 6(1)(b) GDPR) and/or compliance with a legal obligation (Article 6(1)(c) GDPR) under the relevant immigration legislation. Information about minor dependants (including identity documents, where required by the relevant programme) is collected from the parent or legal guardian, who is responsible for ensuring that they are entitled to provide such information on the minor’s behalf.
We apply the same security and confidentiality safeguards to personal data of minors as we apply to personal data of adults, and we retain such data only for as long as necessary for the purposes of the application and any related legal obligations.
If you are a California resident, you have specific rights under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA/CPRA”).
In the past 12 months, we may have collected the categories of personal information described in Section 4 above (Identifiers; Customer records; Commercial information; Internet or other electronic network activity; Geolocation data; Professional or employment-related information) for the business purposes described in this Privacy Policy.
We do not sell your personal information for monetary consideration. To the extent that our use of advertising cookies and similar technologies may be considered a “sale” or “sharing” of personal information under the CCPA/CPRA, you have the right to opt out of such sale or sharing. You can exercise this right by:
California residents also have the right to know what personal information we collect, the right to delete personal information, the right to correct inaccurate personal information, the right to limit use of sensitive personal information, and the right not to be discriminated against for exercising any of these rights.
The Privacy Policy and its subject matter is governed by Maltese law. You hereby agree that the courts of Malta shall have jurisdiction in relation to any claim, dispute or difference concerning the Engagement Letter and any matter arising from it, without prejudice to any mandatory consumer-protection rules that may apply to you in your country of habitual residence.
Any changes we make to this Privacy Policy in the future will be posted on this page and, where appropriate, notified to you via e-mail.
If you have any questions regarding this Privacy Policy or would like to send us your comments, please contact us via the Contact details set out in Section 3 (“Controller”).