Privacy Policy


Gamma Capital Markets Ltd, 259 Saint Paul’s Street, Valletta VLT 1213, Malta (“GCM”; “we”; “us”; “our”) respects your privacy and values its importance and is wholly committed to protecting your personal data. 

All personal data provided to us are processed in accordance with the Data Protection Act (Chapter 440 of the Laws of Malta – “the Act”), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – “the Regulation”) and any other European Union (“EU”) and national law in relation thereto.

Information we collect about you

In the course of its engagement and professional relationship with you, GCM will need to collect, use, and sometimes, disclose various items of personal data about you for various purposes associated with the scope of the Services that we provide, as requested and directed by you or by your organisation.

It is both impractical and almost impossible to exhaustively list all the items of personal data which we may need to collect, use or disclose about you. However, to ensure transparency, we have made an attempt to group and categorise below the different kinds of personal data about our clients that we may generally need to collect, process, use, share and store. The list below is not exhaustive:

  • Identity Data includes first name, maiden name, last name, title, identity document number, gender, nationality, employment status, organisation and occupation.

In the context of our corporate clients and the other legal entities that we assist, we may collect Identity and Contact Data about the following persons:

  • directors;
  • legal and judicial representatives;
  • company secretary and other officers
  • shareholders and ultimate beneficial owners (UBOs);
  • founders and board of administrators in the case of Foundation;
  • settlors, beneficiaries, protectors and trustees in the case of a Trust.
  • Contact Data includes billing address, mailing address, email address and contact numbers.
  • Anti-Money Laundering Data includes the following due diligence information and documentation relating to our clients, or their respective UBO, shareholders, founders, beneficiaries, directors, representatives and/or administrators (as applicable) where the client is a legal person: (i) copy of identity document, (ii) copy of a recently issued utility bill, (iii) professional references, (iv) ‘KYC’ (database) checks and (iv) any other documentation which may be mandated from time to time by the Prevention of Money Laundering Act (Chapter 373 of the Laws of Malta) (“PMLA”), the Prevention of Money Laundering and Funding of Terrorism Regulations (“PMLFTR”), the Financial Intelligence Analysis Unit (“FIAU”) and/or any other competent authority or related legislation.
  • Financial Data includes:
  • Information about the Assets and Liabilities of the Client necessary to perform the suitability assessment when providing Portfolio Management Services or Investment Advisory Services.
  • The bank account details of the client together with details about any payment methods used by the client to settle our invoices and, as may be necessary under the particular circumstances, the financial status and creditworthiness of the client.
  • Transaction Data includes:
  • Details about the Transactions and Trades Carried out on the account of the clients with respect to the Investment Management and Investment Advice Services provided to the clients.
  • Details about invoices issued to the client, payments made to and from the client and any outstanding invoices due by the client.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties or associated entities and your communication preferences. This may include information whether you have subscribed or unsubscribed from any of our mailing lists, attended any of our events or accepted any of our invitations.

How personal information is collected

We generally use different methods to collect data from and about you, including through:

  • Direct Interactions: You may give us your Identity, Contact, AML, completing and filling in our forms (such as CCFF, Terms of Business, Agreements),or by corresponding with us by post, phone, email or otherwise or during face-to-face meetings.
  • Publicly available sources: The Malta Registry of Companies, and from electronic data searches, online search tools (which may be subscription or license based), anti-fraud databases and other third-party databases, sanctions list and general searches carried out via online search engines (e.g. Google).
  • Banks and Custodian with respect of Transaction and Financial data necessary for us to provide you with the relevant Investment Services.
  • Fund Administrators and Transfer Agent who collects data of Investors in the Funds managed by us.

How we use your information

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where you wish to formally engage us;
  • Where we are providing you with your requested Services;
  • Where we need to comply with our legal and professional obligations to third parties (this includes our professional duties to regulators)

Therefore, we do not generally rely on consent as a legal basis for processing your personal data, other than in relation to sending direct marketing communications. We will only send you our marketing communications where you have expressly consented to receive them from us. You have the right to withdraw consent to such marketing at any time by contacting us.

How we share your information with 3rd Parties

We may have to grant access to, disclose or share your personal data with the parties set out below only for the purposes of providing you with your requested Services and complying with our legal obligations.

  • Regulators and other authorities, including the Financial Intelligence Analysis Unit, the Police Authorities, the Malta Financial Services Authority and the Consob.
  • Custodian, Administrators and other Service Providers necessary to provide the Investment Services.
  • Other service providers, including those that provide IT support and system administration services for GCM.

How long and how we store your information and keep it safe?

We will only retain your personal data for as long as necessary to fulfil our services to you and, thereafter, for the purpose of satisfying any legal, anti-money laundering and regulatory reporting requirements or obligations to which we may be subject and/or to the extent that we may also need to retain your personal data to be able to assert, exercise or defend possible future legal claims against or otherwise involving you.

By and large, our retention of your personal data shall not exceed the period of six years from the termination of your engagement with us. In certain cases, we may need to retain your personal data for a period of up to eleven years to comply with applicable Rules.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed (safeguard its integrity and confidentiality).

We also regularly review and, where practicable, improve upon these security measures.

In addition, we limit access to your personal data to those employees, agents, contractors and other professional third parties who strictly need to know this information. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

How you can access and control your information

7.1 In this Section 7, we have summarised the rights that you have under the EU General Data Protection Regulation (GDPR).

7.2 Your principal rights under EU General Data Protection Regulation are:

(a)     the right to access;

(b)     the right to rectification;

(c)     the right to erasure;

(d)     the right to restrict processing;

(e)     the right to object to processing;

(f)     the right to data portability;

(g)     the right to complain to a supervisory authority; and

(h)    the right to withdraw consent.

7.3 You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.

7.4 You have the right to have inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

7.5 In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.

7.6 In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful, but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

7.7 You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.

7.8 You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

7.9 To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

7.10 You have the right to lodge a complaint at any time to a competent supervisory authority on data protection matters, such as in particular the supervisory authority in the place of your habitual residence or your place of work. In the case of Malta, this is the Office of the Information and Data Protection Commissioner (the “IDPC”) ( We would, however, appreciate the opportunity to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.

7.11 You may exercise any of your rights in relation to your personal data by email or written notice to us.

Data Breaches

In the event of any data breaches discovered by us that involve the loss or unauthorised access or change to any personal information, we will notify you within 72 hours of the discovery. In the event any data breach is likely to result in a risk to personal rights and freedom, we will report to the Information and Data Protection Commissioner.

Other Information

This version was last updated on May, 2018.

We may change this privacy policy from time to time.  We will post any privacy policy changes on this page. We encourage you to review our privacy policy whenever you use our services to stay informed about our information practices and the ways you can help protect your privacy.

Contact Details

Full name of legal entity: Gamma Capital Markets Ltd

Email address:

Postal address: 259 Saint Paul’s Street, Valletta VLT 1213, Malta