Deal Done 21 | Citizenship | Skilled Immigration | Business Immigration


We are committed to protecting and respecting the privacy of your personal information.

Last updated on 1 JANUARY 2023.

This Privacy Policy (hereafter referred to as the “Privacy Policy”) relates to the website and/or any sub website and/or associated domains (and/or sub-domains) of (hereafter referred to as the “website” or the “site”), the services provided by DEAL DONE 21 (the owner and operator of the Site), and any related software applications (‘Apps’) where personal data relating to You is processed by the same (via the Site, any of Our Apps or otherwise).

DEAL DONE 21 is an international group of companies that provides residence and citizenship planning services to clients.

DEAL DONE 21 is made up of different legal entities. This Privacy Policy is issued on behalf of DEAL DONE 21 and its affiliates, so when it mentions “DEAL DONE 21”, “We”, “Us”, or “Our” in this Privacy Policy, We are referring to the relevant entity in DEAL DONE 21 responsible for processing your data. We will let you know which entity will be the data controller for your data when you obtain any of our services. There will be instances where your personal data would be collected, held, and processed by us in countries where local data protection laws will additionally apply. You may refer to the relevant jurisdiction below for more information on the respective local data protection laws insofar as privacy policy notification is concerned.

In the Privacy Policy, “You”, “Your” and “User” refer to an identified or identifiable natural person being the User of the Site and/or client (or prospective client) of any of Our Services. Our full details, including contact details, can be read below.

This Policy outlines the manner in which DEAL DONE 21 handles the information and personal data which you have provided to Us and which enables Us to be able to effectively manage the relationship which You have with Us.

1. Purpose of this Privacy Policy

We are committed to respecting and protecting your privacy at all times. DEAL DONE 21 will not sell, rent, transfer, or otherwise make available to others any information about any person visiting Our Website except as expressly provided for in this Privacy Policy.

The purpose of this Privacy Policy is to:

  • Set out the type of personal data DEAL DONE 21 will collect from you and how We will use your personal information 
  • Set out the basis on which any personal data is processed by DEAL DONE 21
  • Make you aware of how DEAL DONE 21 will handle your personal data
  • Clarify DEAL DONE 21 obligations under the data protection regulations with regard to processing your personal data lawfully and responsibly
  • Inform you of your data protection rights 

2. The personal data we collect from you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We have structured Our Website so that you can visit us on the internet without identifying yourself or revealing any personal information. Once you choose to provide us with personal information, we will protect such information and use it only in the ways described below.

We will collect and process the following personal data about you:

  1. a) Identity Dataincluding first name, maiden name, last name, title, identity document number, gender, nationality, employment status, organization, occupation, e-mail address, and phone number.

To the extent you engage our services or where you might apply for a job opportunity, you may be required to provide further information. Where you are a business user, we may also require further information before we enter into a commercial relationship with you.

We may also require you to provide us with information that might be needed to establish and serve as proof of your identification, such as copies of your passport or national ID card. Where you are a job applicant, you will be required to provide a copy of your up-to-date CV.

Where We are required to collect personal data by law, or under the terms of a contract We have with you and you fail to provide that data when requested, We may not be able to perform the services as agreed or We may not be able to enter into a contract with you, but We will notify you if this is the case at the time. We may have to terminate that contract with you as a result.

  1. b) Contact Dataincludes billing address, mailing address, email address and contact numbers.
  2. c) Compliance Data(AML and KYC) includes the following due diligence information and documentation relating to Our clients, or their respective UBO, shareholders, founders, beneficiaries, directors, where the client is a legal person: copy of identity document, ‘KYC’ (database) checks and any other documentation which may be mandated from time to time by the Prevention of Money Laundering Act, the Prevention of Money Laundering and Funding of Terrorism Regulations (“PMLFTR”), the Financial Intelligence Analysis Unit (“FIAU”) and/or any other competent authority or related legislation.
  3. d) Assistance Dataincludes the following information about our clients:
  • the client’s situation, plans, interests and targets or objectives;
  • The Services requested by, and provided to, the client.
  1. e) Financial Dataincludes the bank account details of the client together with details about any payment methods used by the client to settle our invoices and, as may be necessary under the particular circumstances, the financial status and creditworthiness of the client.
  2. f) Transaction Data includes details about invoices issued to the client (including date of settlement and means of settlement), payments made to and from the client and any outstanding invoices due by the client.
  3. g) Technical Dataincludes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, as well as other information regarding your experience on Our Website such as page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

Location information: We may receive information about your location and may determine your location through your IP address and, when accessing the Website through a mobile device, by using the data that we collect from that device. This includes information about the wireless networks or cell towers near your mobile device at the time of access.

Our Website uses cookies to distinguish you from other users of Our Website. This helps ensure that we provide you with a good experience when you browse Our Website and allows us to improve it. For detailed information on the cookies we use, and the purposes for which we use them, see Our Cookie Policy.

  1. h) Marketing and Communications Dataincludes your preferences in receiving marketing from us and our third parties or associated entities and your communication preferences. This may include information whether you have subscribed or unsubscribed from any of our mailing lists, attended any of our events or accepted any of our invitations.

We will also collect, use and process any other personal information that you voluntarily choose to provide or disclose to Us where relevant and necessary in order to provide the Services that you have requested from us. 

3. How is your personal data collected

Such information may be provided by you in the following circumstances:

  • Filling in an enquiry form on the Website,
  • Corresponding with Us by post, phone, e-mail, or otherwise when you apply for Our services,
  • Subscribing to Our services or publications,
  • Requesting marketing to be sent to you,
  • Giving Us some feedback,
  • Starting negotiations for or entering into a contract to supply goods and/or services to us.
  • Whenever you visit Our Website, We will automatically collect Technical data.
  • We may receive personal data about you from various third parties and publicly available sources (Google Analytics advertising features, including Google Analytics, Google AdWords, Facebook Pixel’s, Google Tag Manager, LinkedIn, and other ad hoc paid media partnerships).
  • Identity, contact, and background data from publicly available sources, compliance databases, and/or compliance and due diligence service providers within and outside the EU so we can confirm that you are a suitable client of or supplier to us.

4. How we use your personal data

We shall use this information:

  • To facilitate the provision of the services that you request and where We need to perform the contract We are about to enter into or have entered into with you,
  • Where it is necessary for Our legitimate interests (or those of a third party), and where your interests and fundamental rights do not override those interests,
  • Where We need to comply with a legal or regulatory obligation,
  • To resolve any issues that you have reported and to provide support-related services,
  • To manage the supplier relationship you have with us,
  • To administer Our Website and for internal operations, including troubleshooting, and in order to keep Our Website safe and secure,
  • To improve Our Website to ensure that content is presented most effectively for you,
  • To ensure that content displayed on the Website is presented in a user-friendly manner.

5. Legal Basis for processing

We shall only process your personal data insofar as this is necessary for us to be able to provide the services we offer and/or for the purposes indicated in this Privacy Policy.

We may also process your personal data based on any legitimate interest or in order to comply with any legal obligations. These interests and obligations may include the exercise or defense of legal claims or in order to comply with an order of any court, tribunal, or authority, or disclosure to a government or regulatory entity.

Generally, we do not rely on consent as a legal basis for processing your personal data. However, where your consent is required, we will provide you with a form requesting explicit consent to do so.

6. Marketing

You will receive marketing communication if you have requested such information from us by providing us with your details through this Website and have consented and opted-in to receiving such information. Where we have entered a business relationship (namely a contract) with you, we may inform you about our activities, offers, or other information that we believe would be useful to you in accordance with our legitimate interest.

We will not share your personal data with any third party for marketing purposes without your explicit consent.

7. Disclosure of your personal data

We may disclose your personal data to any of our international offices or the companies that form part of DEAL DONE 21 that may act as joint data controllers or data processors to the company. These offices or companies will be the data controller for your data when you obtain our services and/or they may provide administration, controls, and reporting services. All DEAL DONE 21 companies respect and protect the security of your personal data in accordance with the applicable law (including the GDPR) and apply the security measures and safeguards.

We may need to share personal data with government agencies and authorities in the country where you seek to obtain residence or citizenship. We shall only provide the necessary information in order to perform services under our contract with you.

We may be required to share your data with local agents or other service suppliers (in their capacity as data processors), which is necessary for us to provide the services you request. These local agents and suppliers store and process your data based on strict confidentiality and subject to the appropriate security measures and safeguards.

We may also share your data with other third parties in their capacity as data controllers such as legal, tax, real estate, immigration or other advisors and consultants, (international) banks for payment details, or third parties providing other or additional services or goods to you such as real estate agencies, owners, or developers who you might wish to engage with under separate terms and conditions between you and such third parties. These third parties will process your data in their own right as data controllers and their data protection policies and processes shall become applicable.

We may also disclose or share your data if we are under a duty to do so in order to comply with any legal obligation, judgment, or under an order from a court, tribunal, or authority. We may also disclose your data to enforce our terms of use, or to protect our rights, property, or safety, that of our partners or other users of Our Website. This includes exchanging information with other companies and organizations for the purposes of anti-money laundering or KYC checks, compliance with anti-bribery or corruption laws, and/or fraud protection.

8. Transfers of data to third countries

Where we share your personal data with internal or external third parties, this may involve transferring your data outside the EEA. We will transfer your personal data in accordance with standard contractual clauses to ensure that your personal data is protected and transferred securely in compliance with applicable law, including the GDPR.

9. Third party access to your personal data

We work closely with third parties to provide you with the services you request on Our Website. These third parties include cloud storage providers, analytics providers, and search engine information providers. We will only work with third-party providers that comply with applicable laws in the jurisdictions in which we operate and that abide by the GDPR to adequately protect and safeguard your personal data.

10. Data security

We will ensure that appropriate security measures are taken against unlawful or unauthorized processing of personal data, and against the accidental loss of or damage to personal data. In addition, we limit access to your personal data to those employees, agents, contractors and other professional third parties who strictly need to know this information. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. All Our employees and agents have received appropriate training on data protection.

The transfer of information between Our Website and your device is protected with transport layer security (TLS) certificates. When the Website is accessed using compatible browsers, that technology protects personal information using both server authentication and data encryption to ensure that personal information is safe and secure while in transit. 

All personal data is stored in a secure server environment that uses a firewall and other advanced technology to protect against interference or unauthorized access. Use Ames and passwords are issued to persons authorized to access the personal data, such as our employees, who are bound by confidentiality not to disclose any personal data.

No method of transmission of data is 100% secure, and absolute security cannot be guaranteed.

11. Data retention

We shall only store your data as long as is strictly necessary for the purposes for which it was collected (that is, to provide you with our services or to satisfy any legal, accounting, or reporting requirements). 

We will only retain your personal data for as long as necessary to fulfil the purposes for which We collected it (the provision of the Services and the ongoing performance of Our professional relationship with you) and, thereafter, for the purpose of satisfying any legal, accounting, tax, anti-money laundering and regulatory reporting requirements or obligations to which We may be subject and/or to the extent that We may also need to retain your personal data to be able to assert, exercise or defend possible future legal claims against or otherwise involving you.

By and large, our retention of your personal data shall not exceed the period of six (6) years from the termination of your engagement with DEAL DONE 21. This retention period enables us to make use of your personal data for potential AML reporting obligations to the FIAU (a legal obligation) and/or for the assertion, filing or defense of possible legal claims by or against you. 

12. Data minimization

Whenever and to the extent possible, we anonymize the data that we hold about you when it is no longer necessary to identify you from that data.

13. Your rights as a data subject

You are entitled to exercise the following rights under the GDPR:

  1. The right to access information
    you have the right to request information as to whether or not your personal data is being processed by DEAL DONE 21. You shall receive one electronic copy of the information free of charge via e-mail. We may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive, in which case We may also refuse to comply with your request in these circumstances.
  2. The right to object
    You may contact Us at any time to ask Us not to process your personal data, if Our legal grounds for processing is that it is necessary for a legitimate interest pursued by Us or a third party or for marketing purposes (for example, receiving information from Us about upcoming events, newsletters, and publications). In the case of your written objection, your data will no longer be processed for such purposes.
  3. The right to correction
    you have the right to obtain correction of any inaccurate personal data about you that we have processed, update any data that is out-of-date, and complete any incomplete personal data including by means of a supplementary statement.
  4. The right to erasure
    you have the right to obtain the erasure of personal data we have concerning you when it is no longer required, for cases where:
  • You withdraw your consent to Us processing your personal data on which the processing is originally based or where no other legal grounds for processing exists,
  • Your personal data is no longer necessary in relation to the purpose for which it was originally collected,
  • You object to the processing and there are no overriding legitimate grounds for the processing for marketing communication,
  • Your personal data has been unlawfully processed,
  • Your personal data must be erased to comply with a legal obligation to which we are subject.

Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. These may include instances where the retention of your personal data is necessary to comply with a legal or regulatory obligation to which we are subject; or establish, exercise or defend a legal claim.

  1. The right to restriction of processing
    you have the right to restrict our processing activities where:
  • You contest the accuracy of this personal data, for a period enabling DEAL DONE 21 to verify the accuracy of the same personal data,
  • Our processing is deemed unlawful, and you oppose the erasure of your personal data and request restriction of its use instead,
  • We no longer need your personal data for the purposes stated in this Privacy Policy, but you require it for the establishment, exercising, or defending of legal claims,
  • You have objected to our processing pending the verification of whether the legitimate grounds of our processing activities overrode those pertaining to you.
  1. The right to data portability
    we will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. 
  2. Right to withdraw consent
    Where you may have provided your consent to the collection, processing, and transfer of your personal information for a specific purpose (for example, for marketing), you have the right to withdraw your consent for that specific processing at any time, or you may withdraw your consent to this Privacy Policy. This will not affect the lawfulness of the processing we carried out on the basis of such consent before its withdrawal. Once we have received notification that you have withdrawn your consent, we will no longer process your information for that purpose unless we have another legitimate basis for doing so in law. Withdrawal of consent to this Privacy Policy will result in us having to terminate our services with you immediately.

15. Law applicable to disputes

The Privacy Policy and its subject matter is gove ed law. You hereby agree that the courts of Malta shall have exclusive jurisdiction in relation to any claim, dispute or difference concerning the Engagement Letter and any matter arising from it.  Each party irrevocably waives any right it may have to object to an action being brought in those courts, to claim that the action has been brought in an inconvenient forum, or to claim that those courts do not have jurisdiction.

16. Changes to this Privacy Policy

Any changes we make to this Privacy Policy in the future will be posted on this page, and where appropriate, notified to you via e-mail.

17. How to contact us

If you have any questions regarding this Privacy Policy, or if you would like to send us your comments, please contact us today through Contact details (see Section 3 “Controller”).

Shopping Basket