Skip to content

Tax Compliance Health Check Service Privacy Notice


In this Privacy Notice, the below terms shall have the following meanings:

  1. “Personal Data” means any information relating to an identified or identifiable natural person;
  2. “Data Subject” means any identified or identifiable natural person to whom Personal Data relates;
  3. “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  4. “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
  5. “DP Act” shall mean Chapter 586 of the Laws of Malta (the Data Protection Act) and the subsidiary legislation thereunder, as may be amended from time to time;
  6. “Applicable Laws” shall mean the GDPR and the DP Act;
  7. “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of your Personal Data;
  8. “Processor” means the natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of the Controller; and
  9. “Consent” means any freely given, specific, informed and unambiguous indication of your wishes by which you (by a statement or by a clear affirmative action) signify agreement to the Processing of your Personal Data.


NM Group (Malta) Ltd (C53302) (“NM Group”, the “Company”, “We”, “Us” or “Our”) offers a free Tax Compliance Health Check service which enables NM Group to inform you of any outstanding balances currently listed within your MTCA Portal (the “Service”). In order to provide you with the Service, We are required to Process your Personal Data. This Privacy Notice applies with respect to the Processing of Your Personal Data by the Company pursuant or in relation to its provision of the Service and provides information regarding the manner in which the Company Processes your Personal Data, in accordance with the Applicable Laws.


The Controller of Your Personal Data is NM Group (Malta) Ltd (C53302), having its registered office situated at Northlink Business Centre, Level 2, Burmarrad Road, Naxxar NXR 6345, Malta.

Should you wish to contact Us for any reason with respect to Our Processing of Your Personal Data, you may do so using the below details.


Email:          [email protected]

Phone:        +356 2137 2462

Address:    Northlink Business Centre, Level 2, Burmarrad Road, Naxxar NXR 6345, Malta.


In the context of this Privacy Notice, We may Process the following Personal Data pertaining to you:

  1. First name and surname;
  2. Income tax number;
  3. VAT number;
  4. Permission to Employer (PE) number;
  5. Identity card number;
  6. Email address; and
  7. Mobile number.

We collect the Personal Data set out above directly from you through the Tax Compliance Health Check Service Form which you must submit in order to receive the Service from Us.


We shall Process the Personal Data set out under section (IV) above in order for Us to submit a CFR02 form on your behalf to gain access to your profile within the MTCA Portal, so as to provide you with the Service. We shall only access your profile for the purpose of checking the ‘My Balances’ section within your profile and informing you of any current outstanding balances. The lawful basis for Our Processing of this Personal Data is that of necessity for the performance of Our contract with You, namely the Tax Compliance Health Check Service Form you submitted in order to procure the Service from Us. Failure to provide us with this Personal Data will preclude us from providing you with the Service.

In the event that you have provided your Consent through the Tax Compliance Health Check Service Form, We shall also Process your email address for the purpose of marketing Our services to you. The lawful basis for this Processing of Your email address is your Consent.

We shall not Process your Personal Data other than for the purposes set out above, unless We are required to do so in accordance with any applicable laws or you have requested additional services from Us which require further Processing of Your Personal Data. In the latter case, We shall inform you of any such further Processing of Your Personal Data at the time when you engage Us for such additional services.  


We do not use your Personal Data in order to carry out any automated decision-making or profiling. In the event that We decide to carry out any such automated decision-making or profiling in the future, We shall inform you prior to making any such use of Your Personal Data.


In the course of Our business, We work with third parties, typically Our service providers or subcontractors, who may also be Our Processors.

We will, in usual circumstances, only disclose Personal Data to the Commissioner for Tax and Customs for the purpose of providing you with the Service and to no other third parties without your Consent. There may, however, be times where We may need to do disclose your Personal Data to third parties even if We do not have your Consent, such as when abiding by a court order, and We shall only do so in accordance with the law, particularly the Applicable Laws.

We require all third parties with whom We share Personal Data to respect the security of such Personal Data and to treat it in accordance with relevant law, including the Applicable Laws.

We do not allow Our Processors to use Your Personal Data for their own purposes and only permit them to Process Your Personal Data for specified purposes and in accordance with Our instructions.


We do not generally transfer your Personal Data to persons or entities outside the EU and the European Economic Area (the “EEA”).

In the event of any such transfer of Your Personal Data to countries which are outside the EU/EEA, We shall ensure that a lawful basis for this exists and that appropriate safeguards are implemented for the protection of your Personal Data, in accordance with the Applicable Laws.


We retain your Personal Data only for as long as We have a valid reason to do so. To determine the appropriate retention period for Personal Data, We consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of Your Personal Data, the purposes for which We Process your Personal Data and whether We can achieve those purposes through other means, and the applicable legal requirements.

Our standard practice is to determine whether there are any specific laws permitting or obliging us to keep certain Personal Data for a certain period of time, in which case We will typically keep the Personal Data for the maximum period indicated by any such law.

With prejudice to the hereunder, We would also determine whether there are any laws and/or contracts that may be invoked against Us by you and/or third parties and if so, what the prescriptive periods for such actions are. These periods are usually of two or five years. In such cases, We will keep any relevant Personal Data that We may need to defend ourselves against any claims, challenges or other such actions by you and/or third parties for such time as is necessary.

We generally retain the Personal Data set out under section (IV) of this Privacy Notice for a period of 90 days from Our receipt of the Tax Compliance Health Check Service Form from you, unless you specifically request Us to retain it for a longer period. In the event that it transpires that you have outstanding tax balances and you wish to engage Our services to assist you with settling the same, We may retain your Personal Data for a longer period in order to be able to provide you with these additional services.

In the event that you have provided your Consent to Our Processing of your email address for marketing purposes, We shall retain the email address indefinitely unless and until you withdraw such Consent.


In terms of the Applicable Laws, as a Data Subject and for as long as We retain Your Personal Data, you have the following rights in relation to such Personal Data:

  1. Access – You have the right to request access to Your Personal Data and information related to the Processing thereof, as well as obtain a copy thereof;
  2. Rectification – You have the right to request the rectification of any inaccuracies or any missing Personal Data of yours;
  3. Erasure – You have the right to request the erasure of your Personal Data;
  4. Restriction – You have the right to request the restriction of the Processing of your Personal Data in cases explicitly provided for by law, including if you believe that We are unlawfully Processing your Personal Data or that the Personal Data that We hold about you is inaccurate;
  5. Portability – You have the right to request that We provide You with Personal Data which We hold about you in a structured, commonly used and machine-readable format (except where such Personal Data was provided to Us in handwritten format, in which case, upon your request, such Personal Data will be provided to you in such handwritten format). Where technically feasible, you may also request that We transmit such Personal Data to a third-party Controller indicated by you;
  6. Objection – You have the right to object to the Processing of your Personal Data where We are relying on Our legitimate interests (or those of a third party) for such Processing;
  7. Automated decision-making and profiling – You have the right to object to a decision taken solely on the basis of automated Processing, including profiling, which has an impact on you or significantly affects you;
  8. Withdrawal of Consent – if you have provided Consent for the Processing of your Personal Data, you have the right to withdraw that Consent at any time, which will not affect the lawfulness of the Processing carried out prior to such withdrawal; and
  9. Information about the source – where the Personal Data We hold about you was not provided to Us directly by you, you also have the right to receive any available information as to the source of such Personal Data.

Any of the above requests should be addressed in writing to [email protected].

You will not have to pay to exercise any of the above-listed rights. However, We may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.

Please note that none of above-listed rights are absolute and such rights must generally be weighed against Our own legal obligations and legitimate interests. If We are permitted, and if a decision is taken to override your Data Subject request, We shall inform you accordingly.


We strive to be receptive to your concerns and would appreciate it if you would contact Us in the first instance should you have any complaints or believe that We have breached any privacy rules.

Nonetheless, should you feel wronged by Our data protection practices, you may file a complaint with the data protection supervisory authority of your country of residence. In Malta, this would be the Office for the Information and Data Protection Commissioner, the contact details of which are as follows:


Email:          [email protected]

Phone:        +356 2328 7100

Address:    Floor 2, Airways House, Triq il-Kbira, Tas-Sliema SLM 1549, Malta


We have implemented appropriate security measures to the Personal Data that We hold, in order to prevent it from being accidentally lost, altered or disclosed in an unauthorised manner. These include IT security measures, such as authentication measures, encryption, appropriate data backup measures, and anti-malware and anti-virus software, as well as physical security measures, such as the installation of fire and intruder alarms at Our premises.

We also carry out periodical reviews of Our data security measures and regularly perform vulnerability scans and penetration testing on our IT systems, in order to ensure that Our IT security is constantly up to standard.

In addition, We limit access to your Personal Data to those employees and third parties who have business need to access such data. These persons are only allowed to Process your Personal Data on Our instructions and are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of such a breach where We are legally required to do so.


You acknowledge that, when providing your Personal Data to the Company, you are required to provide your actual, accurate and complete data. Furthermore, you must inform Us of any changes to the Personal Data We hold about you, so as to ensure that it is kept up-to-date and accurate.


This Privacy Notice is governed by and construed in accordance with the laws of Malta and relevant EU legislation. 

Contact Us

If you have any questions about this Privacy Policy, please contact us:

COOKIE POLICY. This website uses cookies to ensure you get the best experience on our website.