Privacy Policy

1. Who we are

Events Malta ("we", "us") operates eventsmalta.org, a public events discovery platform for Malta and Gozo. This policy explains what personal data we collect when you visit the site or create an account, why we collect it, and what your rights are under the Maltese Data Protection Act and the EU General Data Protection Regulation (GDPR).

For privacy-related questions, contact us at admin@eventsmalta.org.

About event listings. Event details belong to their respective organisers. Please check official event pages for latest updates.

2. What we collect

We collect the minimum data needed to run the service:

• Account data — email address, optional display name and avatar, account creation date.
• Authentication metadata — if you sign in with Google, we receive your name and email from Google. We do not receive your password.
• Event submissions — content you submit when posting an event (title, description, location, images, ticket information).
• Saved events — the events you bookmark, linked to your account.
• Technical data — IP address, browser type, and pages visited, collected by our hosting provider for security and uptime purposes.

We do not collect payment information, location data beyond what you submit, or data from third-party trackers.

3. Why we collect it (legal basis)

• Contract — to provide the account, event-posting, and saved-events features you sign up for.
• Legitimate interest — to keep the service secure, prevent abuse, and improve content moderation.
• Consent — for any optional features such as email notifications about your events.

4. Who we share it with

We use a small number of service providers (data processors) to operate the site. They access only what they need and are contractually bound to protect your data:

• Supabase — database and authentication hosting (EU data centres available).
• Vercel — application hosting and global content delivery.
• Resend — transactional email delivery (review confirmations, status updates).
• Google (Sign-in) — only if you choose "Sign in with Google".
• Google Analytics (GA4) — only if you accept analytics cookies. See section 5 for what is collected and your opt-out options.

We do not sell your personal data. We do not share it with advertisers. We do not use cross-site tracking or behavioural advertising.

5. Cookies and similar technologies

When you first visit the site we ask for your cookie preferences. Cookies fall into two categories:

Strictly necessary (always on)

These are required for the site to function and cannot be disabled:

• Authentication token — a first-party token stored in your browser's local storage to keep you logged in.
• Cookie consent record — your cookie preferences themselves, stored in local storage so we don't ask again on every visit. Expires after 365 days.

Analytics (opt-in, off by default)

If — and only if — you click Accept all or enable Analytics in the cookie banner, we load Google Analytics 4 (GA4). This collects:

• Pages you visit and how long you spend on each
• Approximate location (country/region only — your IP is anonymised before storage)
• Device type, browser, screen size
• How you arrived at the site (search engine, direct, referral)

GA4 is operated by Google Ireland Ltd. Data is processed by Google with standard contractual clauses for any transfer outside the EEA. We do not use GA4 for advertising, remarketing, or cross-site tracking — only to understand aggregate usage of Events Malta.

Changing or withdrawing consent

You can change your cookie choices at any time using the Cookie settings link in the footer. Withdrawing consent stops further data collection immediately; previously collected analytics data can be deleted by contacting us.

What we do not use

We do not use marketing or advertising cookies, social media trackers, fingerprinting, or any other behavioural tracking technology.

6. How long we keep it

• Account data — for as long as your account exists, plus up to 30 days after deletion in encrypted backups.
• Event data — published events stay live until they have ended; rejected or unpublished drafts are removed within 90 days.
• Server logs — up to 30 days, then automatically purged.

7. Your rights

Under the GDPR you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your account and data (right to be forgotten)
• Export your data in a portable format
• Object to or restrict our processing
• Lodge a complaint with the Office of the Information and Data Protection Commissioner (Malta) — idpc.org.mt

Email admin@eventsmalta.org with any of these requests and we will respond within 30 days.

8. Children

Events Malta is not directed at children under 16. If you believe a child has created an account, contact us and we will remove it.

9. Changes to this policy

We may update this policy as the service evolves. Material changes will be announced on the site at least 14 days before they take effect. The date at the top of this page reflects the latest revision.