core plus » privacy policy

**Last updated:** 14 April 2026

This Privacy Policy explains how New Front Ltd collects, uses, stores, and protects personal data when you visit http://www.coreplus.com.mt(https://www. and core.com.mt), core or corplus or contact us through the Website.

This document is intended to support transparency under the **General Data Protection Regulation (EU) 2016/679 (GDPR)** and applicable Maltese data protection law.[1][2][3]

1. Data Controller

The data controller responsible for the processing of personal data through this Website is:[4][1][5]

New Front Ltd
core
Triq Mannarino, Birkirkara BKR 9085, Malta
info@core.com.mt
+356 2144 3449

If you have any questions about this Privacy Policy or about how personal data is handled, you may contact us using the details above.

2. What Data Is Collected

Depending on how you interact with the Website, the following categories of personal data may be collected:[1][6][7]

Contact form data
When you submit an enquiry through the contact form, personal data may include:
– Name
– Email address
– Telephone number (if requested in the form)
– Message content
– Any other information you choose to provide

Technical and server log data
When you browse the Website, certain technical data may be processed automatically, such as:[7][8][9]
– IP address
– Browser type and version
– Device and operating system information
– Date and time of access
– Referring URL
– Requested pages or files

Administrative access data
If administrative users log in to WordPress or related website systems, technical and account-related information may be processed for security and access-control purposes.

3. How Personal Data Is Collected

Personal data is collected in the following ways:
– Directly from you, when you fill in and submit the contact form
– Automatically, through server logs and standard website infrastructure
– Through administrative login activity where relevant for website management and security

4. Purpose of Processing

Personal data is processed only where necessary and for legitimate business or legal purposes, including:[1][2][3]
– Responding to enquiries submitted through the Website
– Communicating with prospective clients, partners, or suppliers
– Maintaining the security, integrity, and availability of the Website
– Detecting technical problems, abuse, or unauthorized access attempts
– Complying with applicable legal obligations

5. Legal Bases for Processing

Personal data is processed on one or more of the following legal bases under Article 6 GDPR:[1][6][3]
– **Article 6(1)(b) GDPR** – processing necessary to take steps at your request before entering into a contract or to respond to your enquiry
– **Article 6(1)(c) GDPR** – processing necessary for compliance with a legal obligation
– **Article 6(1)(f) GDPR** – processing necessary for the purposes of our legitimate interests, particularly website security, system administration, and communication management, provided such interests are not overridden by your rights and freedoms

If a specific form or process relies on consent, this will be stated clearly at the point of collection.

6. Data Retention

Personal data is kept only for as long as necessary for the purposes described in this Privacy Policy.[1][6][8]

Suggested retention framework to review and adapt internally:
– Contact form submissions: 12 month
– Routine server logs: 60 days
– Administrative security logs: 6 month
– Data required for legal or evidentiary purposes: retained for as long as necessary to comply with applicable law or defend legal claims

7. Recipients of Personal Data

Personal data may be accessed only by authorized persons who need it for the operation, administration, or security of the Website.[2][10]

Depending on your setup, data may also be processed by carefully selected service providers acting on your behalf, such as:
– Web hosting providers
– Website developers or technical maintenance providers
– Email service providers
– Security or backup service providers

Where third-party service providers process personal data on behalf of the Company, they should do so under appropriate contractual and confidentiality obligations.

8. International Data Transfers

Personal data is generally processed within the European Economic Area (EEA). If this changes, this Privacy Policy should be updated accordingly.

9. Cookies and Tracking

At present, the Website **does not use tracking or marketing cookies**. If this changes in the future, this Privacy Policy and any required cookie notice or consent mechanism should be updated accordingly.[7][5]

The Website may still rely on strictly necessary technical functions required for basic operation, security, or hosting.

10. Data Security

Appropriate technical and organizational measures should be used to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.[2][3]

These measures may include secure hosting, restricted admin access, software updates, backups, SSL/TLS encryption, and security monitoring, depending on the final technical setup.

11. Your Rights Under GDPR

Under the GDPR, data subjects may have the following rights, subject to the conditions and limitations set by law:[1][2][11]
– The right of access
– The right to rectification
– The right to erasure
– The right to restriction of processing
– The right to object to processing
– The right to data portability, where applicable
– The right to withdraw consent at any time, where processing is based on consent
– The right to lodge a complaint with a competent supervisory authority

To exercise any of these rights, please contact info@core.com.mt.

12. Complaints

If you believe that personal data has been processed unlawfully, you may contact us first so that the matter can be reviewed. You also have the right to lodge a complaint with the competent supervisory authority in Malta, namely the **Office of the Information and Data Protection Commissioner (IDPC / OIDPC)**.[10][3]

**Office of the Information and Data Protection Commissioner (Malta)**
Website: core.com.mt and coreplus.com.mt

13. Third-Party Links

The Website may contain links to external websites. This Privacy Policy does not apply to third-party websites or services, and users should review the privacy notices of those websites separately.[6]

## 14. Changes to This Privacy Policy

This Privacy Policy may be updated from time to time to reflect legal, technical, or operational changes. The most current version should always be published on this page, together with the effective date.