General
Your privacy is very important to us – this is why we are committed to protecting your personal data (information that identifies you) and complying with both the General Data Protection Regulation 2016/679 (“GDPR”) and the Data Protection Act (collectively referred to as the ‘Applicable Legislation’).
This privacy policy outlines how Tallinja Technology Limited (“Tallinja Technology”, “Tallinja Tech”, “we”, “our” or “us”) will process (collect, store, and manage amongst others) your personal data through our website www.tallinjatech.com (hereinafter referred to as the ‘Website’) and through our Tallinja Application (hereinafter referred to as the ‘App’)
It is important therefore, that you take some time to read and familiarise yourself with this Privacy Policy. If you have any questions on this privacy policy or how we protect your privacy, please get in touch with us on data@tallinja.com and we will be more than happy to answer your questions.
The Data Controller
For any personal data collected in relation to our Website and the App, the Data Controller, that is, the company that determines the purposes and means of the processing of your personal data, is us – Tallinja Technology Limited (C-81766).
We can be contacted on:
- By post – Tallinja Technology Limited, Sqaq il-Fdal tal-Hadid, Triq Valletta, Luqa LQA1780 or;
- By email – data@tallinja.com.
A. For Visitors of our Website
This section sets out information tied to the processing of personal data of visitors of our Website.
Personal Data we collect
We mainly collect Personal Data in 3 ways:
- When you access and browse our website.
- When you get in touch with us (by email, phone, or post).
In the majority of the cases the information that we mainly collect about you is your name, surname, contact number and email address. These are collected for the reasons outlined below.
How we use your data and why
The purpose for which we collect and process your personal data will always be in line with this Privacy Policy and the reason for which we collected it in the first place.
We normally require your personal data for the following reasons:
- To send information to you about our services and any events that may affect them.
- Provide you with customer service and support.
- To carry out research, test our IT systems and improve our Website . In such cases we will always anonymise your data.
Grounds for Processing
In order to process your personal data, we will normally rely on the following grounds:
- To comply with our legal and contractual obligations;
- Legitimate interests – both ours and those of third parties. A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests.
- Where you have given consent – Where we apply your consent as a basis to process personal data we acknowledge that you may withdraw such consent at any time. In such case and unless there is another lawful ground which permits us to continue to process your personal data, we shall cease to process that personal data.
Sharing your information
It is not our purpose or objective to sell any of your personal data to third parties. However, there may be instances where in order to provide you with our services we would need to share your data with certain entities.
However, we may share your data with companies which form part of the same group of companies that Tallinja Tech forms part of (our ‘Subsidiaries’), where necessary for the processing of your requests or to enhance your experience, amongst others.
- Professional service providers, such as marketing agencies, website hosting companies, advertising partners who help us in the operation of our business.
In addition, there may be case where we may disclose Personal Data because we are obliged to, as set out below:
- to the extent that we are required to do so by law or by a competent authority;
- in connection with any legal proceedings or prospective legal proceedings;
- for the proper administration of justice
- to protect your vital interests
- to safeguard the integrity of the relevant website operated by us
When we do share data, we do so on an understanding with the other entities that the data is to be used only for the purposes for which we originally intended – again, we don’t want you to have any surprises.
If we ever have to share data with entities that are outside of the EEA, we will be sure to do so in a manner that complies with the requirements established by the GDPR.
Other information collected
When users navigate through our Website, we collect information about, amongst others, which sections of the website they visit and how long they stayed on each page. This information is collected through various technologies and navigational data collection methods.
This information helps us understand which web browsers our visitors prefer and the address from which they accessed our website. As a result we are able to improve and customise our website together with analysing the rends of our visitors.
Please rest assured however, that, unless you give us your consent, this technology does not identify the user personally.
Other information about how we process your personal data using the Website is contained within the General Information on Processing Section C below.
B. For Users of our App
This section sets out information tied to the processing of personal data of visitors of our App.
Our App is a multimodal journey planning platform, allowing you to search for, book and pay for trips in Malta using your chosen payment method. Our App combines different modes of transport, which services are offered through our App by various Transport Operators.
Personal Data we collect
Most of the personal information which we collect about you is collected through our registration process when you come to sign up to use the App, and this is usually limited to your name, surname, date of birth, address, email address, photo, password, country and phone number.
The “MyCards” and “Payment Method” Section on our App will also ask you for your bank card details for the purposes of affecting payments for your trips and/or topping up your Personalised and Non-Personalised Tallinja Card linked to the App.
If you chose to link your Personalised and/or Non-personalised Tallinja Cards (collectively referred to as ‘Transport Cards’) to the App, we will also process information tied to the Transport Cards, including card balance, status, and type, as well as other Transport Cards purchase history, including transport usage.
Specifically, should you decide to link your Personalised Tallinja Card, you will also give us information tied to your Peronalised Tallinja Card Customer number or card number, and ID card/ Passport as registered in relation to the Personalised Tallinja Card to identify the Personalised Tallinja Card holder. We may also process some other information tied to your usage of the App, including details tied to the bookings of services offered by Transport Operators through our App.
How we use your information & Why
We use your information in a number of different ways — what we do with it then depends on the information and the purpose for which we collected it.
The tables below set this out in detail, showing what we do, and why we do it:
| Why we process your Name & Contact Details | |
| To register you as a Tallinja App user, and be able to send you a copy of your bookings made through the Tallinja App to your registered email address. | We’ve got to do this to perform our contract with you (Article 6(1)(b), GDPR). |
| To send you service messages, including service updates (cancelled trips, changes in routes, etc). | We do this to be able to communicate to you information relating to the transport services available for purchase / booking / viewing over the App, and to communicate with you in case of emergencies, or transport service-affecting incidents. |
| To send you information by email, sms, in-App and push App notifications about our products and services, any new services and ongoing promotions and as well as providing you with a copy of receipts generated after purchasing any of our products and services through the Tallinja App. | To keep you up to date. We only send this with your permission – and you can ask us to stop at any time by opting out without any additional hurdle or cost. (This is done in terms of the E-Commerce Directive and/or S.L 586.01 of the Laws of Malta ]). |
| Fraud prevention and detection. | To prevent and detect fraud against either you or us (Article 6(1)(f)). |
| For the entire duration that the “Lottery” is in effect, to allow you to monitor how many lottery tickets you have generated with each free bus ride. | This is required to provide you with a better service which suits your needs, in both our legitimate interest as well as yours (Article 6(1)(f)). |
| Why we process your Payment Information | |
| Take payment, control your available credit, and give refunds (if and where applicable). | In order to book transport services offered by Transport Operators and purchasing said services (at the indicated fare) through the App using your preferred payment method (be it your Transport Cards or your bank card). (This is necessary for the performance of our contract with you Article 6(1)(b) GDPR)) |
| Fraud prevention and detection | To prevent and detect fraud against either you or us. (Article 6(1)(f)). |
| Why we process your Transport Usage Data | |
| To verify and record your usage of the transport services offered by Transport Operators on the App as efficiently as possible | This is required so that you are kept aware as to the use of your Transport Card and to verify the applicable fare charges made to your Transport Cards. (Necessary for the performance of our contract with you (Article 6(1)(b) GDPR, and for the legitimate interest pursued by you and the Transport Operators (Article 6(1)(f)). |
| We will also use the Transport Usage Data including which transport service you booked, from which and to which (if applicable) location you required the service,, and how much you paid on your trip to analyse your usage pattern. This will allow us to develop products and services which are beneficial to you, depending on your usage patterns. | This is required for us to provide you with a record of your transaction history as well to provide you with a better service which suits your needs, in both our legitimate interest as well as yours (Article 6(1)(f)). |
| Why we process your contact history with us | |
| Provide customer service and support | We’ve got to do this to perform our contract with you to your best satisfaction (Article 6(1)(b) GDPR) |
| Train our staff | For our team to remain up to scratch so that you get the best possible customer service. We believe this would be in our legitimate interest as well as that of our clients (Article 6(1)(f)GDPR) |
We also anonymise and aggregate personal information (so that it does not identify you) and use it for purposes including testing our IT systems, research, data analysis, improving our App, and developing new products and services. We also share this anonymised information with third parties – but don’t worry, they cannot identify you.
The Legal Basis for Processing
For some of the uses of your personal data there is a legal basis under Applicable Legislation (as described above) for us to use such personal data without having obtained your consent.
This includes, for example, where it is necessary for us to use the information to perform a contract with you or take steps at your request prior to entering into a contract with you, such as to process your order, provide customer-care and support services to you.
It also includes circumstances (such as we have described below) where we have a legitimate interest to use your data, provided that proper care is taken in relation to your rights and interests:
- to ensure that you know about any changes to the App or the terms of this Privacy Policy.
- to ensure that we organise our databases efficiently and understand how our clients may make purchases
- to carry out research and analysis of your data (including purchase information) as this helps us understand our clients better, who they are and how they interact with us;
- to improve and ensure the security of the App (for example, for statistical, testing and analytical purposes, troubleshooting).
Sharing your information
We do not, and will not, sell any of your personal data to any third party – including your name, address, email address or credit card information. It is not our business to do so – and we don’t want to lose your trust and confidence.
However, we may share your data with companies which form part of the same group of companies that Tallinja Tech forms part of (our ‘Subsidiaries’), and this only when and where strictly necessary for the processing of your requests or to enhance your experience, amongst others.
Additionally, we may share your data with the following categories of companies as an essential part of being able to provide our services to you, as set out in this statement:
- Other companies that are involved in the process of getting your purchases from us to you, such as payment service providers, data warehouses, trip management service providers, amongst others.
- Professional service providers, such as customer care agency providers, application service providers, website developers, marketing agencies, advertising partners and website hosts who service us in turn to operate our business.
- Transport Operators with whom we partner up to provide you with a more comprehensive transport service in Malta and Gozo, in their capacity as separate Data Controllers in their own right. We advise you to read through the privacy notices of relevant third-party transport service providers for more information on their privacy practices.
- Credit reference agencies, law enforcement and fraud prevention agencies, so we can help tackle fraud.
- Other companies that you may approve, such as social media sites (if you choose to link your accounts to us) or payment service providers.
In most circumstances we will not disclose personal data without consent. However there may be occasions where we might have to – e.g. with a court order, to comply with legal requirements and satisfy a legal request, for the proper administration of justice, to protect your vital interests, to fulfil your requests, to safeguard the integrity of the relevant websites operated by us or by such related entities or subsidiaries, or in the event of a corporate sale, merger, reorganisation, dissolution or similar event involving us and/or our subsidiaries and related entities.
When we do share data, we do so on an understanding with the other entities that the data is to be used only for the purposes for which we originally intended.
We may also provide third parties with aggregated but anonymised information and analytics about our customers and, before we do so, we will make sure that it does not identify you. Anonymous information means it is anonymous.
If we ever have to share data with entities that are outside of the EEA, we will be sure to do so in a manner that complies with the requirements established by the GDPR.
Other Passive Information which we collect
Apart from the information you provide us with when using our Website and App, other information is passively collected from you (without you actively furnishing such information) when you navigate through the website and App. We use various technologies and navigational data collection methods to gather such passive information for various reasons, for example to track how many visitors access our website and App, the date and time of their visit, the length of their stay and which pages they view. The passive information also aids us to determine which web browsers our visitors use and the address from which they accessed our website and App – for instance if they connect to our Website and App through clicking on one of our banner ads. This technology does not identify you personally.
Such passively collected information may be used and combined to improve our services to website and App visitors, customise the website and App based on your preferences, compile and analyse statistics and trends of our visitors and their use of the sites operated by us and our related entities or subsidiaries. Together with our related entities and subsidiaries we will use this information and share it with third parties to improve the content, functionality and administration of our websites, to better understand our customers and markets, and to improve our products and services.
We assure you that, unless you have consented, such passive information shall not be combined with personally identifiable information collected elsewhere by our Website, App or respective sites operated by our related entities or subsidiaries.
Other information about how we process your personal data using the App is contained within the General Information on Processing Section below.
C. General Information on Processing
Retention Periods
We will hold on to your information for no longer than is necessary keeping in mind the purpose/s (or compatible purposes) for which we first collected the data.
We may also keep hold of some of your information if it becomes necessary or required to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.
As a guide:
- we will keep personal data while your account with us is active or until such time as you ask us to stop communications with you, unless we need to keep the data for longer;
- we may keep certain categories of personal data for longer in order to meet any legal or regulatory requirements, or to resolve a legal dispute;
- and, we may keep different types of personal data for different lengths of time if required by law (for instance, we may need to keep certain personal data relating to purchases for 6 years in order to comply with tax/VAT reporting requirements);
You may obtain more information as to the retention periods or the criteria used by us to determine the retention periods by contacting us here [email address].
Your rights
You enjoy several rights relating to your personal information:
(i) The right to be informed about how your personal information is being used – We need to be clear with you about how we process your personal data. We do this through this Privacy Policy, which we will keep as up to date as possible.
(ii) The right to access the personal information we hold about you – You can access the personal data we hold on you by contacting us on data@tallinja.com. To process your request, we will ask you to send us proof of identity so that we can be sure we are releasing your personal data to the right person.
(iii) The right to request the correction of inaccurate personal information we hold about you – We appreciate feedback from you to ensure our records are accurate and up-to-date. If you think that the information, we hold about you is inaccurate or incomplete please ask us to correct it by sending an email to data@tallinja.com.
(iv) The right to request that we delete your data, or stop processing it or collecting it – You can ask us to delete your personal data; however, this is not an absolute right. In spite of a request for erasure, we may be justified to keep personal data which we need to keep, e.g. (a) to comply with a legal obligation (for instance, we are required by personal data for VAT reporting purposes); and (b) in relation to the exercise or defence of any legal claims. When you ask us to delete your personal data, we assume that you do not want to hear from us again. To ensure that we do not send you any special offers in the future ), we will retain just enough of your personal data solely for suppression purposes. Other than as described above, we will always comply with your request and do so promptly. We would carry out our best efforts to notify any third parties with whom we have shared your personal data about your request so that they could also comply.
(v) The right to stop direct marketing messages;
(vi) The right to object to certain processing based on legitimate interest – You have a right to object to our use of your personal information including where we use it for our legitimate interests or where we use your personal information to carry out profiling using automated means. You can do this by sending an email to data@tallinja.com
(vii) The right to request human intervention if automated processing without human intervention is used to make decisions having legal or similar effects on you;
(viii) The right to withdraw consent for other consent-based processing at any time;
(ix) The right to request that we transfer or port elements of your data either to you or another service provider – You have the right to move, copy or transfer your personal data from one organisation to another. If you do wish to transfer your personal data, we would be happy to help. If you ask for a data transfer, we will give you a copy of your personal data in a structured, commonly used and machine-readable form (e.g. a CSV file format). We can provide the personal data to you directly or, if you request, to another organisation. Please note that we are not required to adopt processing systems that are compatible with another organisation, so it may be that the recipient organisation cannot automatically use the personal data we provide. When making a transfer request, it would be helpful if you can identify exactly what personal data you wish us to transfer.
(x) The right to complain to your data protection regulator — in Malta – the Information and Data Protection Commissioner (IDPC)
If you want to exercise your rights, have a complaint, or just have questions, please send an email to data@tallinja.com.
Please appreciate that the rights must be exercised within some limitation – for example, if you ask us for information we can only give you what relates to you and not what relates to other persons. When we receive requests, we may also request that you identify yourself and provide documentation or information for verification (we would not want to disclose information to the wrong person). Unreasonable requests may be subjected to a reasonable fee or refusal to respond.
Children Under 16
If you are aged 16 or under, please get your parent/guardian’s permission before you provide any personal information to us.
We will need to process personal data relating to parents or guardians in that case – and we may also need to request for verification documentation to ensure that consent is given or authorised by the holder of parental responsibility.
Security of your Personal Data
Security of your personal data is very important to us.
Where it’s appropriate, our website uses HTTPS to help keep information about you secure. However, no data transmission over the internet can be guaranteed to be totally secure.
You may complete a registration process when you sign up to use parts of the Website and the App. This may include the creation of a username, password and/or other identification information. Any such details should be kept confidential by you and should not be disclosed to or shared with anyone.
Where you do disclose any of these details, you are solely responsible for all activities undertaken where they are used.
Whenever you create a password, then to protect your account you should choose a strong password, meaning it should be lengthy and include a mixture of letters and numbers with mix of CAPS.
We do our best to keep the information you disclose to us secure. However, we can’t guarantee or warrant the security of any information which you send to us.
Security measures which have implemented to secure information transmitted over our Website and App or stored on our systems include the following:
- Use of secure servers;
- Use of firewalls;
- Use of encryption;
- Physical access controls at data centres;
- Information access controls;
- Use of back-up systems;
Please understand, however, that no system is perfect or can guarantee that unauthorised access or theft will not occur.
Seeing our adverts online
We engage in online advertising, also to keep you aware of what we’re up to and to help you see and find our products using targeted adverts which may appear when you are on other websites and apps that offer such digital marketing services.
We use a range of advertising technologies like ad tags, cookies, and mobile identifiers, as well as specific services offered by some sites and social networks, such as Facebook’s Custom Audience service.
The banners and ads you see will be based on information we hold about you, or your previous use of our website (for example, your search history, and the content you read), our App, or on banners or ads you have previously clicked on.
Changes to how we protect your privacy
Our Website and App are continually under review – new functions and features are periodically added and improved to interface, thus changes to our privacy policy may be required from time to time.
We therefore encourage you to check our privacy policy on a frequent basis.
Links to Other Websites
This Privacy Policy does not cover the links within this site linking to other websites which are not controlled by us. We are not responsible for the collection or use of your personal information from these third-party websites.
Therefore, we encourage you to read the privacy statements on the other websites you visit.
How to contact us
We are always happy to hear from you, whether to suggest but especially if you feel we can do better.
If you have any questions about this Privacy Policy, or if you wish to make a complaint about how we have handled your personal information, please contact us at:
- By post – Tallinja Technology Limited, Sqaq il-Fdal tal-Hadid, Triq Valletta, Luqa LQA1780 or;
- By email – data@tallinja.com
We welcome your feedback and questions. If you wish to contact us, please send an email to data@tallinja.com.