Privacy Policy - Malta Public Transport


  1. We will only use your data to improve your experience
  2. We will protect your data like it’s our own
  3. You decide what and how you hear from us
  4. If we don’t need it, we’ll delete it
  5. Your privacy is our priority

Protecting Your Privacy

Malta Public Transport Services (Operations) Limited (“ Malta Public Transport”) strongly values the privacy of its clients and is committed to protect your personal data (i.e. information that identifies you) as though it were our own.

If you have any questions about how we protect your privacy, get in touch here:

One of your rights under EU law - the GDPR - is that you must be informed when your personal data - also known as personal information - is processed (collected, used, stored) by any organisation. You also have the right to know the details and purpose of that processing.

This privacy policy describes our practices related to the processing of personal data, including that relating to the personal data of Cardholders who have registered for their Tallinja Card, a plastic intelligent card which electronically stores pay-as-you-go Travel Credit.

For all services related to the Tallinja Card, the Data Controller – i.e. the company that’s responsible for your privacy — is Malta Public Transport Services (Operations) Limited (C 48875) with its address at Malta Public Transport Services (Operations) Limited , Triq Valletta, Luqa, LQA 1780.

We assure you that we will only use and disclose any personal data collected from you in accordance with the manner set out in this policy.


Navigating this Privacy Policy

  1. Information which we collect
  2. How & Why we use your information
  3. Children Under 16
  4. Sharing your information
  5. Marketing Messages
  6. Seeing our adverts online
  7. Cookies
  8. Your rights
  9. Security of your Personal Data
  10. Changes to how we protect your privacy
  11. Links to other websites
  12. How to contact us


Information we collect

Most of the personal information which we collect about you is collected through our registration process in order for us to provide you with your Tallinja Card, which Tallinja Card you will need to use to benefit from reduced fares when paying for transport services on one our buses.

Such personal information will be requested from you when you fill in the registration form physically or online through our website

The registration form will also ask you to allow Malta Public Transport to access personal information from the National Identity Card Database or the Driving License Database to obtain your photo from the system. If you do not consent, you will need to supply us with your photo for us to be in a position to issue a new Tallinja Cad. This does not apply in the case of Child Cards.

The “Top Up” Section on our website will also ask you for your bank card details for the purposes of topping up your Tallinja Card if you opt to top up your card using a bank card.

We also process your personal data for billing purposes every time you validate your card upon boarding a bus. This is done to charge you for the public transport service being offered through our Tallinja Card.

Some other information is given to us because you accessed this website (e.g. logs, recorded through cookies). This is explained in the Cookies section below.

We will also process your personal data when you use our website, when you use the Tallinja App on a smartphone, when you contact us directly for any one of our services, when you contact us for information or to lodge a complaint or if you are one of our trusted business partners.

If you send us emails, then the personal data we process will depend on what you send us in the email.

The information we collect from you normally includes the following:

  1. Name and Surname;
  2. Maltese ID Card number or Residence Card number or Passport number
  3. Email address
  4. Date of Birth
  5. Mobile number
  6. Landline number
  7. Address
  8. Student status – And proof of attendance of a course for a minimum of three months
  9. Special KNPD ID Card (Disability card)
  10. Nationality
  11. Credit card and billing details
  12. Photos
  13. CCTV Footage

Please read the following sections to understand how and why we use this information.

Go Back to Top   


How & Why we use your information

We use your information in a number of different ways — what we do with it then depends on the information and the purpose for which we collected it.

The tables below set this out in detail, showing what we do, and why we do it.

  1. Your name and contact details

    How we use your Personal Data


    Name, Surname, Contact Details provided to us through the Tallinja Card Registration Form


    To register you as a Tallinja Card Holder and provide you with a physical Tallinja Card for you to use on our buses

    We’ve got to do this to perform our contract with you (to give you reduced fares when using the public transport service) (Article 6(1)(b), GDPR)

    To verify your identity whenever you use your Tallinja Card

    We’ve got to do this to verify your identity whenever someone uses your Tallinja Card. This is necessary for the performance of a contract with you (to give you public transport services at a fee) (Article 6(1)(b) GDPR)

    To send you service messages

    We do this to be able to communicate with you in case of emergencies, accidents on our buses, or other service-affecting incidents

    To send you information by email, about our products and services

    To keep you up to date. We only send this with your permission – and you can ask us to stop at any time by opting out without any additional hurdle or cost. (This is done in terms of the E-Commerce Directive and/or S.L 440.01 of the Laws of Malta ]).

    Fraud prevention and detection

    To prevent and detect fraud against either you or us (Article 6(1)(f)

  2. Your date of birth information

    How we use your date of birth provided through the Tallinja Card Registration Form


    To verify your age

    We need to know your age to charge you the applicable fee for the provision of our transport services (to give you public transport services at a fee) (Article 6(1)(b), GDPR)

  3. Your payment information

    How we use your payment information including your credit card details


    Take payment, control your available credit, and give refunds

    In order to use your Tallinja Card, it is necessary for it to be loaded with Travel Credit. Travel Credit is deducted at the relevant fare every time you tap the card on the machine on the bus to validate your card (necessary for the performance of our contract with you Article 6(1)(b) GDPR)

    Fraud prevention and detection

    To prevent and detect fraud against either you or us. (Article 6(1)(f)

  4. Your Bus Usage Data

    How we use your Bus Usage Data information


    To verify and record your usage of our public transport services as efficiently as possible, to deduct the applicable charges from your Tallinja Card credit and to cap the fees charged from your card in line with our T&Cs

    This is required to charge you for the public transport services we provide you with (necessary for the performance of our contract with you Article 6(1)(b) GDPR)

    We will also use Usage Data including when you use the bus, from which bus stop you boarded the bus, and how much you paid on your trip to analyse your usage pattern.

    This will allow us to develop products and services which are beneficial to you, depending on your usage patterns.

    This is required for us to provide you with a better service which suits your needs, in both our legitimate interest as well as yours (Article 6(1)(f)). This is also required in the public interest (Article 6(1)(e) to allow us to provide the best and most efficient public transport service and products for the general public at large.

  5. Your contact history with us

    What you’ve said to us — for example, over email or contact forms.

    How we use your contact history


    Provide customer service and support

    We’ve got to do this to perform our contract with you to your best satisfaction (Article 6(1)(b) GDPR)

    Train our staff

    For our team to remain up to scratch so that you get the best possible customer service. We believe this would be in our legitimate interest as well as that of our clients (Article 6(1)(f)GDPR)

  6. CCTV Footage

    How we use your personal data captured in CCTV Footage


    For security purposes in our buses

    We record CCTV footage in all our buses and in our sales offices because we are obliged to do this to follow our legal obligations at law (Article 6(1)(c). We also do this for our drivers’ security as well as yours, in terms of our legitimate business interest and in your safety interest  (Article 6(1)(f) GDPR)

  7. Your responses to surveys, competitions and promotions

    How we use your responses to surveys, competitions and promotions


    Run the survey, competition or promotion

    We’ve got to do this to perform our contract with you once you participate.(Article 6(1)(b)

    • You don’t have to give us any of this personal information but if you don’t, you will not be issued with a Tallinja Card and will not benefit from reduced fares when using the public transport buses.
    • We also anonymise and aggregate personal information (so that it does not identify you) and use it for purposes including testing our IT systems, research, data analysis, improving our site and app, and developing new products and services. We also share this anonymised information with third parties – but don’t worry, they cannot identify you.

    The Legal Basis for Processing

    • For some of the uses of your personal data (as described above) there is a legal basis under applicable data protection laws for us to use such personal data without having obtained your consent.

    This includes, for example, where it is necessary for us to use the information to perform a contract with you or take steps at your request prior to entering into a contract with you, such as to process your order, provide customer-care and support services to you.

    It also includes circumstances (such as we have described below) where we have a legitimate interest to use your data, provided that proper care is taken in relation to your rights and interests:

    • to ensure that you know about any changes to the website or the terms of this Privacy Policy.
    • to ensure that we organise our databases efficiently and understand how our clients may make purchases
    • to carry out research and analysis of your data (including purchase information) as this helps us understand our clients better, who they are and how they interact with us;
    • to improve and ensure the security of the website (for example, for statistical, testing and analytical purposes, troubleshooting).

    Retention Periods

    • We will hold on to your information for no longer than is necessary keeping in mind the purpose/s (or compatible purposes) for which we first collected the data.
    • We may also keep hold of some of your information if it becomes necessary or required to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.
    • As a guide:
      • we will keep personal data while your Tallinja Card with us is active or until such time as you ask us to stop communications with you, unless we need to keep the data for longer;
      • we may keep certain categories of personal data for longer in order to meet any legal or regulatory requirements, or to resolve a legal dispute;
      • and, we may keep different types of personal data for different lengths of time if required by law (for instance, we may need to keep certain personal data relating to purchases for 6 years in order to comply with tax/VAT reporting requirements);
    • You may obtain more information as to the retention periods or the criteria used by us to determine the retention periods by contacting us here

Go Back to Top   

Children Under 16

If you are aged 16 or under, please get your parent/guardian's permission before you provide any personal information to us.

We will need to process personal data relating to parents or guardians in that case – and we may also need to request for verification documentation to ensure that consent is given or authorised by the holder of parental responsibility.

Go Back to Top   

Sharing your information

We do not, and will not, sell any of your personal data to any third party – including your name, address, email address or credit card information. It is not our business to do so – and we don’t want to lose your trust and confidence.

  1. However, we share your data with the following categories of companies as an essential part of being able to provide our services to you, as set out in this statement:
    • Companies in the group to which Malta Public Transport belongs - related entities and subsidiaries use the information collected to help us improve the content and functionality of our websites; to better understand our customers and markets; and to improve our products and services. Members of the group vary from time to time.
    • Transport Malta as the regulator for transport in Malta requires specific sets of data to control schemes which are in effect managed by the central Government of Malta, such as, for example the scheme granting free travel to Tallinja Card holders who are 16 to 20 years old.
    • Other companies that are involved in the process of getting your purchases from us to you, such as payment service providers, data warehouses, order packers, card printing services and delivery companies.
    • Professional service providers, such as customer care agency providers, application service providers, website developers, marketing agencies, advertising partners and website hosts who service us in turn to operate our business.
    • Other third-party transport service providers with whom we partner up to provide you with a more comprehensive transport service in Malta and Gozo and where the tallinja card can be used to pay for their services and/or to obtain exclusive discounts. In such instances, and unless outlined otherwise in this Privacy Policy, Malta Public Transport will only provide these third party transport service providers with confirmation that the tallinja card used for payment is valid.
    • Credit reference agencies, law enforcement and fraud prevention agencies, so we can help tackle fraud.
    • Other companies that you may approve, such as social media sites (if you choose to link your accounts to us) or payment service providers.
  2. In most circumstances we will not disclose personal data without consent. However there may be occasions where we might have to – e.g. with a court order, to comply with legal requirements and satisfy a legal request, for the proper administration of justice, to protect your vital interests, to fulfil your requests, to safeguard the integrity of the relevant websites operated by us or by such related entities or subsidiaries, or in the event of a corporate sale, merger, reorganisation, dissolution or similar event involving us and/or our subsidiaries and related entities.
  3. When we do share data, we do so on an understanding with the other entities that the data is to be used only for the purposes for which we originally intended.
  4. We may also provide third parties with aggregated but anonymised information and analytics about our customers and, before we do so, we will make sure that it does not identify you. Anonymous information means it is anonymous.
  5. If we ever have to share data with entities that are outside of the EEA, we will be sure to do so in a manner that complies with the requirements established by the GDPR.

Go Back to Top   

Marketing Messages

We would normally communicate to you about products or services in which you have shown interest or which you are already buying from us – we understand that you would be interested in receiving this information as it is of use with the product or service. But rest assured, you can ask us to stop whenever you want by hitting the “unsubscribe” button.

How to stop marketing messages from us

You can stop receiving marketing messages from us at any time through any of the following methods:

  1. By clicking on the ‘unsubscribe’ link in any email we send you
  2. By contacting our

Customer Care team

Once you do this, we will update your profile to ensure that you don’t receive further marketing messages. Please note that, it might take a few days for all our systems to be updated, so you might get messages from us while we process your request.

If you ask us to stop marketing messages this will not stop service communications (such as order updates). This may be necessary of us to communicate to you as part of our services from our contract.

Go Back to Top   

Seeing our adverts online

We engage in online advertising, also to keep you aware of what we’re up to and to help you see and find our products using targeted adverts which may appear when you are on other websites and apps that offer such digital marketing services.

We use a range of advertising technologies like ad tags, cookies, and mobile identifiers, as well as specific services offered by some sites and social networks, such as Facebook’s Custom Audience service.

The banners and ads you see will be based on information we hold about you, or your previous use of our website (for example, your search history, and the content you read) or on banners or ads you have previously clicked on.

Go Back to Top   


What are cookies?

A cookie is a small text file (typically numbers and letters) that is downloaded onto ‘terminal equipment’ (e.g. your computer or smartphone) when you (or someone else) access a website using that device. Cookies are then sent back to originating website on each subsequent visit – and they are useful because they allow a website to recognize a user’s device and store some information about your preferences or past actions.

Some cookies are needed for the sole purpose of carrying out the transmission of a communication over an electronic communications network - others may be necessary for the provision of a service over the internet, in which case they have to be used.

Other cookies may be desirable to improve your experience, in which case we will ask you for your consent to use them.

What cookies do we use?

The cookies we use are the following:

Cookie Name

Cookie Domain




Marketing & Tracking

Double Click
by Google


Marketing & Tracking

Double Click
by Google


Marketing & Tracking

Double Click
by Google


Marketing & Tracking

Double Click
by Google


Marketing & Tracking



Marketing & Tracking



Marketing & Tracking



Marketing & Tracking



Marketing & Tracking



Marketing & Tracking



Marketing & Tracking



Marketing & Tracking



Marketing & Tracking



Marketing & Tracking




Google Analytics



Google Analytics



Google Analytics


Cookie generated and used by survey platform

Survey Monkey


Cookie generated and used by survey platform

Survey Monkey


Cookie generated and used by survey platform

Survey Monkey


Cookie generated and used by survey platform

Survey Monkey


Cookie generated and used by survey platform

Survey Monkey








To track whether user answered survey



Tracking of cookie preference



User session tracking - limited to when
the user accesses the website



Marketing & Tracking


How do you change your cookie settings?

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit or

Other Passive Information which we collect

Apart from the information you provide us with when using our Website, other information is passively collected from you (without you actively furnishing such information) when you navigate through the website. We use various technologies and navigational data collection methods to gather such passive information for various reasons, for example to track how many visitors access our website, the date and time of their visit, the length of their stay and which pages they view. The passive information also aids us to determine which web browsers our visitors use and the address from which they accessed our website – for instance if they connect to our Website through clicking on one of our banner ads. This technology does not identify you personally.

Such passively collected information may be used and combined to improve our services to website visitors, customise the website based on your preferences, compile and analyse statistics and trends of our visitors and their use of the sites operated by us and our related entities or subsidiaries. Together with our related entities and subsidiaries we will use this information and share it with third parties to improve the content, functionality and administration of our websites, to better understand our customers and markets, and to improve our products and services.

We assure you that, unless you have consented, such passive information shall not be combined with personally identifiable information collected elsewhere by our website or respective sites operated by our related entities or subsidiaries.

Go Back to Top   

Your rights

You enjoy several rights relating to your personal information:

(i) The right to be informed about how your personal information is being used;

We need to be clear with you about how we process your personal data. We do this through this Privacy Policy, which we will keep as up to date as possible.

(ii) The right to access the personal information we hold about you;

You can access the personal data we hold on you by contacting us

To process your request, we will ask you to send us proof of identity so that we can be sure we are releasing your personal data to the right person.

We will carry out our best efforts to process your request within one month or, if the request is particularly complex, two months. We can provide you with a copy of your personal data in electronic format or hard copy.

If we consider the frequency of your requests as being unreasonable, we may refuse to comply with your request. In those circumstances, if you disagree, you can complain to the data protection authority – in Malta, the Information and Data Protection Commissioner.

(iii) The right to request the correction of inaccurate personal information we hold about you;

We appreciate feedback from you to ensure our records are accurate and up-to-date.

If you think that the information we hold about you is inaccurate or incomplete please ask us to correct it by sending an email to

(iv) The right to request that we delete your data, or stop processing it or collecting it;

You can ask us to delete your personal data; however, this is not an absolute right.

In spite of a request for erasure, we may be justified to keep personal data which we need to keep, e.g. (i) to comply with a legal obligation (for instance, we are required by personal data for VAT reporting purposes); and (ii) in relation to the exercise or defence of any legal claims.

When you ask us to delete your personal data, we assume that you do not want to hear from us again. To ensure that we do not send you any special offers in the future (for example, if we purchased your details from a third party list), we will retain just enough of your personal data solely for suppression purposes.

Other than as described above, we will always comply with your request and do so promptly. We would carry out our best efforts to notify any third parties with whom we have shared your personal data about your request so that they could also comply.

(v) The right to stop direct marketing messages;
(vi) The right to object to certain processing based on legitimate interest;

You have a right to object to our use of your personal information including where we use it for our legitimate interests or where we use your personal information to carry out profiling using automated means. You can do this by sending an email to

(vii) The right to request human intervention if automated processing without human intervention is used to make decisions having legal or similar effects on you;
(viii) The right to withdraw consent for other consent-based processing at any time;
(ix) The right to request that we transfer or port elements of your data either to you or another service provider;

You have the right to move, copy or transfer your personal data from one organisation to another. If you do wish to transfer your personal data we would be happy to help.

If you ask for a data transfer, we will give you a copy of your personal data in a structured, commonly used and machine-readable form (e.g. a CSV file format). We can provide the personal data to you directly or, if you request, to another organisation

Please note that we are not required to adopt processing systems that are compatible with another organisation, so it may be that the recipient organisation cannot automatically use the personal data we provide.

When making a transfer request, it would be helpful if you can identify exactly what personal data you wish us to transfer.

(x) The right to complain to your data protection regulator — in Malta – the Information and Data Protection Commissioner (IDPC)

If you want to exercise your rights, have a complaint, or just have questions, please send an email to

Please appreciate that the rights must be exercised within some limitation – for example, if you ask us for information we can only give you what relates to you and not what relates to other persons. When we receive requests, we may also request that you identify yourself and provide documentation or information for verification (we would not want to disclose information to the wrong person). Unreasonable requests may be subjected to a reasonable fee or refusal to respond.

Go Back to Top   

Security of your Personal Data

Security of your personal data is very important to us.

Where it’s appropriate, our website uses HTTPS to help keep information about you secure. However, no data transmission over the internet can be guaranteed to be totally secure.

You may complete a registration process when you sign up to use parts of the websites. This may include the creation of a username, password and/or other identification information. Any such details should be kept confidential by you and should not be disclosed to or shared with anyone.

Where you do disclose any of these details, you are solely responsible for all activities undertaken where they are used.

Whenever you create a password, then to protect your account you should choose a strong password, meaning it should be lengthy and include a mixture of letters and numbers with mix of CAPS.

We do our best to keep the information you disclose to us secure. However, we can't guarantee or warrant the security of any information which you send to us.

Security measures which have implemented to secure information transmitted over our website or stored on our systems include the following:

  1. Use of secure servers;
  2. Use of firewalls;
  3. Use of encryption;
  4. Physical access controls at data centres;
  5. Information access controls;
  6. Use of back-up systems;

Please understand, however, that no system is perfect or can guarantee that unauthorised access or theft will not occur.

Go Back to Top   

Changes to how we protect your privacy

Our website is continually under review – new functions and features are periodically added and improved to interface, thus changes to our privacy policy may be required from time to time.

We therefore encourage you to check our privacy policy on a frequent basis.

Go Back to Top   

This privacy notice does not cover the links within this site linking to other websites which are not controlled by us. We are not responsible for the collection or use of your personal information from these third-party websites.

Therefore, we encourage you to read the privacy statements on the other websites you visit.

Go Back to Top   

How to contact us

We are always happy to hear from you, whether to make a suggestion but especially if you feel we can do better.

If you have any questions about this Privacy Policy, or if you wish to make a complaint about how we have handled your personal information, please contact us at:

Malta Public Transport Services (Operations) Limited
Triq Valletta, Luqa LQA 1780

We have appointed a Data Protection Officer who may be contacted here:

We welcome your feedback and questions. If you wish to contact us, please send an email to

Go Back to Top