Privacy Policy


Your privacy is very important to us – this is why we are committed to protecting your personal data (information that identifies you) and complying with the EU General Data Protection Regulation 2016/679 (“GDPR”), and the Data Protection Act (Chapter 586 of the Laws of Malta) and all relevant subsidiary laws, including S.L. 586.01 which implements the EU Directive 2002/58/EC on privacy and electronic -communications (collectively referred to as the ‘Applicable Legislation’).

This privacy policy outlines how Tallinja Technology Limited (“Tallinja Technology”, “Tallinja Tech”, “we”, “our” or “us”) will process (collect, store, manage and share, amongst others) your personal data through our website (  (hereinafter referred to as the ‘Website’) and through our Tallinja Application (hereinafter referred to as the ‘App’)

It is important therefore, that you take some time to read and familiarise yourself with this Privacy Policy. If you have any questions on this privacy policy or how we protect your privacy, please get in touch with us on and we will be more than happy to answer your questions.

This Policy was last updated on the 15th February 2024. We keep our privacy policy under regular review. It may change and if it does, these changes will be posted on this page and, where appropriate, notified to you by email or when you next start the App. The new policy may be displayed on-screen and you may be required to read and accept the changes to continue your use of the App or the services offered via the App.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.

The Data Controller

For any personal data collected in relation to our Website and the App, the Data Controller, that is, the company that determines the purposes and means of the processing of your personal data, is us – Tallinja Technology Limited (C-81766). 

We can be contacted on:

      By post – Tallinja Technology Limited, Sqaq il-Fdal tal-Hadid, Triq Valletta, Luqa LQA1780 or;

     By email –

A.          For Visitors of our Website

This section sets out information tied to the processing of personal data of visitors of our Website.

Personal Data we collect

We mainly collect Personal Data in 3 ways:

  • When you access and browse our website.
  • When you get in touch with us (by email, phone, or post).
  • In the majority of the cases the information that we mainly collect about you is your name, surname, contact number and email address. These are collected for the reasons outlined below.

How we use your data and why

The purpose for which we collect and process your personal data will always be in line with this Privacy Policy and the reason for which we collected it in the first place.

We normally require your personal data for the following reasons:

  • To send information to you about our services and any events that may affect
  • Provide you with customer service and

To carry out research, test our IT systems and improve our Website . In such cases we will always anonymise your data.

Grounds for Processing

In order to process your personal data, we will normally rely on the following grounds:

  • To comply with our legal and contractual obligations;
  • Legitimate interests – both ours and those of third A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests.
  • Where you have given consent – Where we apply your consent as a basis to process personal data we acknowledge that you may withdraw such consent at any In such case and unless there is another lawful ground which permits us to continue to process your personal data, we shall cease to process that personal data. 

Sharing your information

It is not our purpose or objective to sell any of your personal data to third parties.

However, there may be instances where in order to provide you with our services, or to facilitate and/or enhance the services we deliver to you, we would need to share your personal data with certain entities, amongst others:

  • Professional service providers, such as marketing agencies, website hosting companies, advertising partners, who help us in the operation of our business.

We may share your personal data with companies which form part of the same group of companies that Tallinja forms part of (our ‘Related Entities’), where necessary for the processing of your requests or to enhance your experience, amongst others.

In addition, there may be cases where we may disclose Personal Data because we are obliged to, as set out below:

  • to the extent that we are required to do so by law or by a competent authority;
  • in connection with any legal proceedings or prospective legal proceedings;
  • for the proper administration of justice;
  • to protect your vital interests;
  • to safeguard the integrity of the relevant website operated by us;

When we do share data, we do so on an understanding with the other entities that the data is to be used only for the purposes for which we originally intended.

If we ever have to share personal data with entities that are outside of the EEA, we will be sure to do so in a manner that complies with the requirements established by the GDPR.

Other information collected

When users navigate through our Website, we collect information about, amongst others, which sections of the website they visit and how long they stayed on each page. This information is collected through various technologies and navigational data collection methods.

This information helps us understand which web browsers our visitors prefer and the address from which they accessed our website. As a result we are able to improve and customise our website together with analysing the trends of our visitors.

Please rest assured however, that, unless you give us your consent, this technology does not identify the user personally;

Your consent is not always required. If the technical storage or access to information (e.g. by means of an essential cookie or pixel placed on your terminal equipment) is intended (a) for the sole purpose of carrying out or facilitating the transmission of a communication over an e-communications network or (b) is strictly necessary in order for us to provide an information society service explicitly requested by you (as the subscriber or user) to provide the service. In other words, if cookies are strictly needed to ensure that the service you request is delivered to you, we will not need to ask you to consent to use the cookie. For all other cookies, we will ask you for your consent.

Other information about how we process your personal data using the Website is contained within the General Information on Processing Section C below.

B.        For Users of our App

This section sets out information tied to the processing of personal data of visitors of our App.

Our App is a multimodal journey planning platform, allowing you to search for, book and pay for trips in Malta using your chosen payment method. Our App combines different modes of transport, which services are offered through our App by various Transport Operators. 

Personal Data we collect

Most of the personal data which we collect about you is collected through our registration process when you sign up to use the App, and this is primarily limited to your name, surname, date of birth, address, email address, photo, password, country and phone number.

The “MyCards” and “Payment Method” Section on our App will also ask you for your bank card details for the purposes of affecting payments for your trips and/or topping up your Personalised and Non-Personalised Tallinja Card linked to the App.

If you chose to link your Personalised and/or Non-personalised Tallinja Cards (collectively referred to as ‘Transport Cards’) to the App, we will also process information tied to the Transport Cards, including card balance, status, and type, as well as other Transport Cards purchase history, including transport usage.

Specifically, should you decide to link your Personalised Tallinja Card, you will also give us information tied to your Peronalised Tallinja Card Customer number or card number, and ID card/ Passport as registered in relation to the Personalised Tallinja Card to identify the Personalised Tallinja Card holder. We may also process some other information tied to your usage of the App, including details tied to the bookings of services offered by Transport Operators through our App.


The App will only process your geolocation data with your consent. When using the App you will be asked to allow the App to access your location when this is required as part of the services. Initially the App will not use your location data until you choose otherwise. You may choose for the App to ask each time or when you “share” (in which case your then current location will be displayed on the map and used for directions, nearby search results and estimated travel times).  Alternatively, you may opt to allow the App to allow location access only ‘while using the App’.

How we use your information & Why

We use your information in a number of different ways — what we do with it then depends on the information and the purpose for which we collected it.

The tables below set this out in detail, showing what we do, and why we do it:

To register you as a Tallinja App user, and be able to send you a copy of your bookings made through the Tallinja App to your registered email address. 


We’ve got to do this to perform our contract with you (Article 6(1)(b), GDPR).



To send you service messages, including service updates (cancelled trips, changes in routes, etc).

We do this to be able to communicate to you information relating to the transport services available for purchase / booking / viewing over the App, and to communicate with you in case of emergencies, or transport service-affecting incidents.
To send you information by email, sms, in-App and push App notifications about our products and services, any new services and ongoing promotions and as well as providing you with a copy of receipts generated after purchasing any of our products and services through the Tallinja App. 

To keep you up to date. We only send this with your permission – and you can ask us to stop at any time by opting out without any additional hurdle or cost. (This is done in terms of the E-Commerce Directive and/or S.L

586.01 of the Laws of Malta ]).


Fraud prevention and detection.

To prevent and detect fraud against either you or us (Article 6(1)(f)).
For the entire duration that the “Lottery” is in effect, to allow you to monitor how many lottery tickets you have generated with each free bus ride.This is required to provide you with a better service which suits your needs, in both our legitimate interest as well as yours (Article 6(1) (f)).
Why we process your Payment Information




Take payment, control your available credit, and give refunds (if and where applicable).

In order to book transport services offered by Transport Operators and purchasing said services (at the indicated fare) through the App using your preferred payment method (be it your Transport Cards or your bank card). (This is necessary for the performance of our contract with you Article 6(1)(b) GDPR))

Fraud prevention and detection

To prevent and detect fraud against either you or us. (Article 6(1)(f)).
Why we process your Transport Usage Data






To verify and record your usage of the transport services offered by Transport Operators on the App as efficiently as possible

This is required so that you are kept aware as to the use of your Transport Card and to verify the applicable fare charges made to your Transport Cards. (Necessary for the performance of our contract with you (Article 6(1)(b) GDPR, and for the legitimate interest pursued by you and the Transport Operators (Article 6(1)(f)).
We will also use the Transport Usage Data including which transport service you booked, from which and to which (if applicable) location you required the service,, and how much you paid on your trip to analyse your usage pattern. This will allow us to develop products and services which are beneficial to you, depending on your usage patterns. 


This is required for us to provide you with a record of your transaction history as well to provide you with a better service which suits your needs, in both our legitimate interest as well as yours (Article 6(1)(f)).

Why we process your contact history with us


Provide customer service and support

We’ve got to do this to perform our contract with you to your best satisfaction (Article 6(1)

(b) GDPR)




Train our staff

For our team to remain up to scratch so that you get the best possible customer service. We believe this would be in our legitimate interest as well as that of our clients (Article 6(1) (f)GDPR)

We also anonymise and aggregate personal information (so that it does not identify you) and use it for purposes including testing our IT systems, research, data analysis, improving our App, and developing new products and services. We also share this anonymised information with third parties – but don’t worry, they cannot identify you.

The Legal Basis for Processing

For some of the uses of your personal data there is a legal basis under Applicable Legislation (as described above) for us to use such personal data without having obtained your consent.

This includes, for example, where it is necessary for us to use the information to perform a contract with you or take steps at your request prior to entering into a contract with you, such as to process your order, provide customer-care and support services to you.

It also includes circumstances (such as we have described below) where we have a legitimate interest to use your data, provided that proper care is taken in relation to your rights and interests:

  • to ensure that you know about any changes to the App or the terms of this Privacy Policy.
  • to ensure that we organise our databases efficiently and understand how our clients may make purchases
  • to carry out research and analysis of your data (including purchase information) as this helps us understand our clients better, who they are and how they interact with us;
  • to improve and ensure the security of the App (for example, for statistical, testing and analytical purposes, troubleshooting).

Sharing your information

We do not, and will not, sell any of your personal data to any third party – including your name, address, email address or credit card information. It is not our business to do so – and we don’t want to lose your trust and confidence.

However, we may share your data with companies which form part of the same group of companies that Tallinja Tech forms part of or companies who partner up with Tallinja Technology  to provide the services on the App (our ‘Related Entities’), and this only when and where strictly necessary for the processing of your requests or to enhance your experience, amongst others.

Therefore we may share your data with the following categories of companies as an essential part of being able to provide our services to you, as set out in this statement:

  • Other companies that are involved in the process of getting your purchases from us to you, such as payment service providers, data warehouses, trip management service providers, amongst
  • Professional service providers, such as customer care agency providers, application service providers, website developers, marketing agencies, advertising partners and website hosts who service us in turn to operate our business.
  • Transport Operators with whom we partner up to provide you with a more comprehensive transport service in Malta and Gozo, in their capacity as separate Data Controllers in their own We advise you to read through the privacy notices of relevant third-party transport service providers for more information on their privacy practices.
  • Credit reference agencies, law enforcement and fraud prevention agencies, so we can help tackle
  • Other companies that you may approve, such as social media sites (if you choose to link your accounts to us) or payment service providers.

In most circumstances we will not disclose personal data without consent. However there may be occasions where we might have to – e.g. with a court order, to comply with legal requirements and satisfy a legal request, for the proper administration of justice, to protect your vital interests, to fulfil your requests, to safeguard the integrity of the relevant websites operated by us or by such related entities or Related Entities, or in the event of a corporate sale, merger, reorganisation, dissolution or similar event involving us and/or our Related Entities and related entities.

When we do share data, we do so on an understanding with the other entities that the data is to be used only for the purposes for which we originally intended.

We may also provide third parties with aggregated but anonymised information and analytics about our customers and, before we do so, we will make sure that it does not identify you. Anonymous information means it is anonymous.

If we ever have to share data with entities that are outside of the EEA, we will be sure to do so in a manner that complies with the requirements established by the GDPR.

Other Passive Information which we collect

Apart from the information you provide us with when using our Website and App, other information is passively collected from you (without you actively furnishing such information) when you navigate through the website and App.

We use various technologies and navigational data collection methods to gather such passive information for various reasons, for example to track how many visitors access our website and App, the date and time of their visit, the length of their stay and which pages they view. The passive information also aids us to determine which web browsers our visitors use and the address from which they accessed our website and App – for instance if they connect to our Website and App through clicking on one of our banner ads. This technology does not identify you personally.

Such passively collected information may be used and combined to improve our services to website and App visitors, customise the website and App based on your preferences, compile and analyse statistics and trends of our visitors and their use of the sites operated by us and our related entities or Related Entities. Together with our Related Entities we will use this information and share it with third parties to improve the content, functionality and administration of our websites, to better understand our customers and markets, and to improve our products and services.

We assure you that, unless you have consented, such passive information shall not be combined with personal data collected elsewhere by our Website, App or respective sites operated by our Related Entities.

Other information about how we process your personal data using the App is contained within the General Information on Processing Section below.

C.        General Information on Processing

Retention Periods

We will hold on to your information for no longer than is necessary keeping in mind the purpose/s (or compatible purposes) for which we first collected the data.

We may also keep hold of some of your information if it becomes necessary or required to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.

As a guide:

  • we will keep personal data while your account with us is active or until such time as you ask us to stop communications with you, unless we need to keep the data for longer;
  • we may keep certain categories of personal data for longer in order to meet any legal or regulatory requirements, or to resolve a legal dispute;
  • and, we may keep different types of personal data for different lengths of time if required by law (for instance, we may need to keep certain personal data relating to purchases for 6 years in order to comply with tax/VAT reporting requirements);

You may obtain more information as to the retention periods or the criteria used by us to determine the retention periods by contacting us here [email address].

Your rights

You enjoy several rights relating to your personal information:

  • The right to be informed about how your personal information is being used – We need to be clear with you about how we process your personal We do this through this Privacy Policy, which we will keep as up to date as possible.
  • The right to access the personal information we hold about you – You can access the personal data we hold on you by contacting us on To process your request, we will ask you to send us proof of identity so that we can be sure we are releasing your personal data to the right
  • The right to request the correction of inaccurate personal information we hold about you – We appreciate feedback from you to ensure our records are accurate and up-to-date. If you think that the information, we hold about you is inaccurate or incomplete please ask us to correct it by sending an email to
  • The right to request that we delete your data, or stop processing it or collecting it – You can ask us to delete your personal data; however, this is not an absolute right. In spite of a request for erasure, we may be justified to keep personal data which we need to keep, g. (a) to comply with a legal obligation (for instance, we are required by personal data for VAT reporting purposes); and (b) in relation to the exercise or defence of any legal claims. When you ask us to delete your personal data, we assume that you do not want to hear from us again. To ensure that we do not send you any special offers in the future ), we will retain just enough of your personal data solely for suppression purposes. Other than as described above, we will always comply with your request and do so promptly. We would carry out our best efforts to notify any third parties with whom we have shared your personal data about your request so that they could also comply.
  • The right to stop direct marketing messages;
  • The right to object to certain processing based on legitimate interest – You have a right to object to our use of your personal information including where we use it for our legitimate interests or where we use your personal information to carry out profiling using automated You can do this by sending an email to
  • The right to request human intervention if automated processing without human intervention is used to make decisions having legal or similar effects on you;
  • The right to withdraw consent for other consent-based processing at any time;
  • The right to request that we transfer or port elements of your data either to you or another service provider – You have the right to move, copy or transfer your personal data from one organisation to If you do wish to transfer your personal data, we would be happy to help. If you ask for a data transfer, we will give you a copy of your personal data in a structured, commonly used and machine-readable form (e.g. a CSV file format). We can provide the personal data to you directly or, if you request, to another organisation. Please note that we are not required to adopt processing systems that are compatible with another organisation, so it may be that the recipient organisation cannot automatically use the personal data we provide. When making a transfer request, it would be helpful if you can identify exactly what personal data you wish us to transfer.
  • The right to complain to your data protection regulator — in Malta – the Information and Data Protection Commissioner (IDPC)

If you want to exercise your rights, have a complaint, or just have questions, please send an email to

Please appreciate that the rights must be exercised within some limitation – for example, if you ask us for information we can only give you what relates to you and not what relates to other persons. When we receive requests, we may also request that you identify yourself and provide documentation or information for verification (we would not want to disclose information to the wrong person).

Unreasonable requests may be subjected to a reasonable fee or refusal to respond.

Children Under 16

If you are aged 16 or under, please get your parent/guardian’s permission before you provide any personal information to us.

We will need to process personal data relating to parents or guardians in that case – and we may also need to request for verification documentation to ensure that consent is given or authorised by the holder of parental responsibility.

Security of your Personal Data

Security of your personal data is very important to us.

Where it’s appropriate, our website uses HTTPS to help keep information about you secure. However, no data transmission over the internet can be guaranteed to be totally secure.

You may complete a registration process when you sign up to use parts of the Website and the App. This may include the creation of a username, password and/or other identification information. Any such details should be kept confidential by you and should not be disclosed to or shared with anyone.

Where you do disclose any of these details, you are solely responsible for all activities undertaken where they are used.

Whenever you create a password, then to protect your account you should choose a strong password, meaning it should be lengthy and include a mixture of letters and numbers with mix of CAPS.

We do our best to keep the information you disclose to us secure. However, we can’t guarantee or warrant the security of any information which you send to us.

Security measures which have implemented to secure information transmitted over our Website and App or stored on our systems include the following:

  • Use of secure servers;
  • Use of firewalls;
  • Use of encryption;
  • Physical access controls at data centres;
  • Information access controls;
  • Use of back-up systems;

Please understand, however, that no system is perfect or can guarantee that unauthorised access or theft will not occur.

The Use of Cookies, & Seeing adverts on our Website & App

We give you a choice. Learn how you can select or amend your preferences here.

Cookies are small data files that most website and/or app operators place on the browser or hard drive of a user’s computer or other device (e.g. mobile, tablet, tv). Cookies may gather information about the user’s use of the website or app or enable them to recognise the user. We use cookies and/or other tracking technologies for different purposes including

  • To distinguish you from other users of the App, our website, or the distribution platform (Appstore)
  • To remember your preferences.
  • To offer tailored services/information/adverts to you.
  • To monitor/prevent fraudulent activity;
  • To monitor how our website/App is working, and to fix errors and test new ideas;
  • to provide you with a good experience when you use the App or browse any of our websites and also allows us to improve the App and our websites.

Some cookies are “essential” (necessary for us to provide you with the services you request via our Website or App) and therefore, when using our Website or App, you cannot opt out of these. Others are non-essential cookies, which we place only if you consent. For detailed information on the cookies we use, the purposes for which we use them and how you can exercise your choices regarding our use of your cookies, see our cookie policy, open the Tallinja App>Click on user icon>Go to Personal data permissions.

Our App is made available to users for free. We would like to ensure sustainability to continue to provide an App which is useful to users, as well as current to the needs and expectations of users.  The App includes an advertising feature, which we rely on as a means of funding, including for our research and development initiatives, as well as to advertise services which we believe may be of interest to App users. As a user, you may choose for ads to be tailored to you on an individual basis, based on your personal preferences, so that adverts would be more relevant to your interests and choices (based on, for instance, your location, travel options etc.). The App will ask whether you consent to have personalized ads sent to you. If you do consent, you will be able to change your preference at any time. For this functionality to be enabled, the App uses first-party (our) and third-party cookies and similar technologies. You may find out more in our cookie notice [LINK]. If this page is blocked by a cookie pop-up please allow essential cookies to then see this page.

Changes to how we protect your privacy

Our Website and App are continually under review – new functions and features are periodically added and improved to interface, thus changes to our privacy policy may be required from time to time.

We therefore encourage you to check our privacy policy on a frequent basis.

Links to Other Websites

This Privacy Policy does not cover the links within this site linking to other websites which are not controlled by us. We are not responsible for the collection or use of your personal information from these third-party websites.

Therefore, we encourage you to read the privacy statements on the other websites you visit.

How to contact us

We are always happy to hear from you, whether to suggest but especially if you feel we can do better.

If you have any questions about this Privacy Policy, or if you wish to make a complaint about how we have handled your personal information, please contact us at:

  • By post – Tallinja Technology Limited, Sqaq il-Fdal tal-Hadid, Triq Valletta, Luqa LQA1780 or;
  • By email –

We welcome your feedback and questions. If you wish to contact us, please send an email to

Contact Us

Give us a call or fill in the form below and we will contact you as soon as possible.