Privacy Policy
Last updated: 3 July 2026
Gozo Sightseeing Ltd. (“we”, “us”, “our”) is committed to protecting your privacy. This policy explains what personal data we collect, why we collect it, and how we handle it when you use our website or book one of our hop-on hop-off tours. We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and Maltese data protection law.
1. Who we are
The data controller responsible for your personal data is Gozo Sightseeing Ltd., located at Gozo, Malta. If you have any questions about this policy or how we handle your data, you can reach us at [email protected] or by phone on +356 7909 3696.
2. Data we collect
We collect the following categories of personal data:
- Booking details — your name, email address, phone number, party size, travel date and any accessibility requirements you share with us.
- Payment information — card payments are processed securely by our payment provider, Stripe. We do not store your full card number on our systems.
- Contact enquiries — the information you provide when you complete our contact form or email us directly.
- Technical data — IP address, browser type, device information and usage data collected through cookies and similar technologies.
3. How and why we use your data
We use your personal data on the following legal bases:
- To perform our contract with you — processing your booking, taking payment, issuing tickets and providing customer support.
- To comply with legal obligations — such as tax, accounting and consumer-protection requirements.
- For our legitimate interests — improving our website and services, preventing fraud and keeping our platform secure.
- With your consent — where required, for example non-essential cookies or marketing communications. You may withdraw consent at any time.
4. Sharing your data
We do not sell your personal data. We share it only with trusted service providers who help us operate our business, including our payment processor (Stripe), our hosting and infrastructure providers, and email delivery services. These providers act on our instructions and are bound by confidentiality and data-protection obligations. We may also disclose data where required by law or to protect our legal rights.
5. How long we keep your data
We keep booking and payment records for as long as necessary to fulfil the purposes described in this policy and to meet our legal and accounting obligations (typically up to ten years for financial records). Contact enquiries are retained for as long as needed to resolve your query and for a reasonable period afterwards.
6. Your rights
Under the GDPR you have the right to:
- access the personal data we hold about you;
- request correction of inaccurate or incomplete data;
- request erasure of your data in certain circumstances;
- object to or restrict our processing of your data;
- request portability of the data you provided to us;
- withdraw consent where processing is based on consent.
To exercise any of these rights, contact us at [email protected]. You also have the right to lodge a complaint with the Information and Data Protection Commissioner (IDPC) in Malta.
7. Data security
We use appropriate technical and organisational measures to protect your personal data against unauthorised access, loss or misuse. Payments are encrypted in transit and handled by PCI-DSS compliant providers.
8. Changes to this policy
We may update this policy from time to time. Any changes will be posted on this page with a revised “last updated” date. Please review it periodically.
