Menu Close

Privacy Policy

We attach great importance to the protection of your personal data. For this reason, we strictly adhere to the General Data Protection Regulation (“GDPR”) which requires us to inform you about the processing of your personal data on our website (together referred to as “CabsMalta or “We”) in a generally understandable form.

This Privacy set of statements sets out the use of any personal information you provide to us via phone or text, by email, or by any other correspondence. In order to provide you with our exclusive services, we sometimes need, or even required to collect information about you. We are committed to protecting your personal information and processing it solely in accordance with the principles set forth below and in compliance with applicable privacy laws.


Personal data

When using our website and services, data is collected. However, not all data collected by us falls under the personal data categorisation. Personal data is considered all data that relates in any way to your person. Some examples of personal information include your name, address, e-mail address, and how you behave on our website, such as your IP address.

Via our website you or third parties can get cab rides and airport transfers from us. To provide these services, therefore, further personal information is processed when you enter the ordering process. This data concerns the start and the destination of the trip, information about your smartphone or other device as well as your encrypted password. Your name, telephone number, location and pickup and destination locations (both as address and as geo coordinates) are transmitted to your driver.

The mentioned geo-data is needed by the driver, so that he can pick you up and bring you to your destination. The name of the driver is used to identify them. The driver can call you on their phone number after he has accepted the job, for example if he cannot find you or if he is late due to a traffic jam. The legal basis for this processing is Art. 6 (1) sentence 1 lit. b GDPR.

The website is hosted on a server located in a data centre in the European Union. We have concluded a contract with the service provider, an United Kingdom registered company, pursuant to Section 28. We secure our website and other systems through technical and organizational measures against loss, destruction, unauthorised access, and alteration of data. Your data will only be transmitted encrypted. We use the coding system SSL.


Creation of a user account (registration) and login

To use our services through our website, you can book as a guest or create a user account and, if you have already done so, login. We use your access data (e-mail address and password) to grant you access to and manage your user account. However, to fully use our Website, you will need to provide additional information to complete your user profile. Mandatory information is your full name and telephone number. If you do not provide this information, you will not be able to create a user account and will not use features of our services.

We use your e-mail address and password to authenticate you at login and to investigate requests to reset your password. The information you enter when registering or login is processed and used by us to determine your eligibility to manage the User Account, to enforce CabsMalta Terms of Use and all associated rights and obligations, to you to book our services to allow you to contact you for technical or legal advice, updates, status alerts about your current booking process, costs incurred in your last booking, security alerts, or other messages concerning, for example, the administration of the user account.

Voluntary information (such as special requests to the driver) will be used to display it according to your settings made on the website and to make it available to other users, the drivers, as requested.

This data processing is justified by the fact that the processing we have a legitimate interest in making our website as user-friendly as possible and to ensure the correct operation of the services. In this respect, our interest predominates here your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) lit. f GDPR.


Google maps

Our Website uses Google Maps. This allows us to show you interactive maps directly on the website, allowing you to conveniently use the map feature.

By visiting the website, Google receives the information that you have accessed the corresponding subpage of the website or the map function of it. In addition, your current location, the pick-up location and the destination location (both as an address and as geo coordinates) will be transmitted to Google. This happens regardless of whether you own a user account on Google that you are logged in to or not. When you’re logged in to Google, your data will be assigned directly to your account. A deactivation of the transmission is not possible, since this data processing is necessary for the rendering of our service. The legal basis is Art. 6 (1) sentence 1 lit. b GDPR. Google stores your data as usage profiles and uses them for purposes of advertising, market research and / or custom design of its website. Such an evaluation will be made (even for non-logged-in users) to provide on-demand advertising and to inform other Google users about your activity on our website. You have a right to object to the formation of these user profiles. Please contact Google to do so.

For more information on the purpose and scope of Google’s data collection and processing, please see its privacy policy. There you will also find further information about your rights and settings options for the protection of your privacy. Google also processes your personal information in the United States and has submitted to the EU-US Privacy Shield, Framework.


Payment service

On our website we offer Payment via PayPal. Provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).

Likewise, you can pay through the service provider Stripe (Stripe Inc., 510 Townsend Street, 94103, San Francisco, United States).

If you select the payment via PayPal or Stripe, the payment data you have entered will be transmitted to the respective service provider. The transmission of your data to PayPal and Stripe is based on Art. 6 (1) lit. b GDPR (processing to fulfill a contract).

The extent to which Paypal and Stripe process your personal data purely for payment processing and for marketing purposes. If you want to know how our payment service providers handle personal information, we refer you to their privacy policy. The privacy policy of PayPal can be found here, by Stripe here.

PayPal and Stripe may store cookies on your computer. We have no control over it. You can change the privacy settings of your browser so that it does not accept all or certain cookies. However, if you decline certain necessary cookies, you may be unable to use certain parts of our website for technical reasons.

Both companies are located outside the European Economic Area in the USA. It can therefore not be ruled out that your data will also be processed outside the European Economic Area (EEA) in the course of payment processing. However, both PayPal and Stripe are certified under the EU-US Privacy Shield, giving a data protection standard comparable to that of the EEA. We have entered into a contract processing contract with both companies which complies with the strict standards of Art. 28 GDPR.


Data processing when used for information only

If you visit our website merely to obtain information and do not actively submit data, for example via the contact form or upon registration, we will in any case process the following data that your browser automatically transmits to our server.

These are the following data:

IP address

Date and time of the request

Time zone difference to Greenwich Mean Time (GMT)

Content of the request (concrete page)

Access Status / HTTP status code

Each transferred amount of data

Website from which the request comes


Operating system and its interface

Language and version of the app or browser software

We need this information because otherwise we cannot display our website for technical reasons. We also use this information to ensure the stability and security of our website. After two months at the latest, this data will be deleted automatically. The legal basis of this processing is Art. 6 (1) sentence 1 lit. f GDPR, as our legitimate interest in the stable and secure provision of our website outweighs your interest in the protection of your personal data here.


E-mails for discount promotions and news

With your permission, you can subscribe to discount promotions and news emails to let you know about new features, products and promotions, or to contact you for service purposes.

To register for these e-mails, we use the so-called “double opt-in procedure”. This means that after you have registered, we will send you an e-mail to the e-mail address specified in which we ask you to confirm that you wish to receive such e-mails. If you do not confirm your registration within 48 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and times of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to inform you about possible misuse of your personal data. The legal basis in this respect are Art. 6 (1) lit. a and lit. c GDPR.

Obligatory indication for sending the e-mails is your e-mail address alone. The specification of additional, separately marked data is voluntary and will be used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you these e-mails. The legal basis is Art. 6 (1) sentence 1 lit. a GDPR.

You can revoke your consent to the sending of emails for discount campaigns and news at any time and unsubscribe from such emails. You can declare the cancellation by clicking on the link provided in each e-mail, by e-mail to or by sending a message to the contact details stated in the imprint.


Use of cookies

Cookies are small text files placed on your computer by websites you visit. They are widely used in order to make websites work, or work more efficiently, as well as provide information to the owners of the website. Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit

This website uses two types of cookies, which we would like to briefly explain to you:

On the one hand, we use cookies that are automatically deleted as soon as you close your browser after visiting the website (so-called “transient cookies”). These include in particular session cookies. These store a so-called “session ID”, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. The session cookies are deleted when you log out of us or close the browser.

In addition, we use cookies that are not deleted every time you close your browser, but still delete themselves after a specified period of time (so-called “persistent cookies”). The exact amount of time may vary depending on the cookie, but they never stay on your machine for more than two months. On the Internet, there are always attacks on websites. We therefore use these cookies to detect and ward off such attacks. The legal basis of the processing is Art. 6 (1) sentence 1 lit. f GDPR, as our interest in the secure provision of the website outweighs your interest in the protection of your personal data. You can delete the cookies in the privacy settings of your browser at any time.


Disclosure of the data

A disclosure of your personal data without your prior consent will be only be made, in addition to the cases explicitly stated in this Privacy Policy, if it is permitted or required by law. This can be the case when processing is necessary to protect the vital interests of the user or other natural persons.


If required to investigate any unlawful or improper use of the Website or for the prosecution, personal data will be forwarded to law enforcement agencies or other authorities and, as appropriate, to injured third parties or legal advisors. However, this only happens if there are indications of unlawful or abusive behavior. A transfer may also take place if this serves the enforcement of terms of use or other legal rights. We are also required by law to provide information to certain public authorities upon request. These are law enforcement agencies, authorities prosecuting fines and the tax authorities.

Any transfer of personal data is justified by the fact that (1) the processing is necessary to fulfill a legal obligation, which we have to fulfill in accordance with Art. 6 (1) lit. f GDPR or (2) we have a legitimate interest in disclosing the data to us if any indications of improper conduct or the enforcement of our Terms of Use, other terms or legal rights, and your rights exist and interests in the protection of your personal data within the meaning of Art. 6 (1) lit. f GDPR do not prevail.

Further development of the website

As our business evolves, the structure of our business may change, changing its legal form, establishing, buying or selling subsidiaries, parts of companies or components. In such transactions, the customer information may be shared with the part of the business to be transferred. Each time we disclose personal information to third parties to the extent described above, we will ensure that it is done in accordance with this Privacy Policy and applicable data protection law.

Any transfer of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form as required by economic and legal circumstances and protecting your rights and interests in the protection of your personal data in accordance with Art. 6 (1) lit. f GDPR do not prevail.

Period of data storage

We will delete or anonymize your personal information as soon as it is no longer necessary for the purposes for which we collected or used it in accordance with the preceding paragraphs. As a rule, we store your personal data for the duration of the use or the contractual relationship via the Website plus a period of seven days, during which we retain backup copies after the deletion, insofar as this data is not used for the prosecution or for securing, Assertion or enforcement of legal claims will be required longer.

Specific information in this Privacy Policy or legal requirements for the storage and deletion of personal data, especially those that we have to keep for tax reasons, remain unaffected.


Disclosure of the data

The basic data protection regulation of the European Union gives you various important rights in connection with your personal data, which we would like to comply with. In detail, this is the:

Right to information

Right to rectification or deletion

Right to restriction of processing

Right to object to the processing

Rigth to data portability

To assert these rights is free of charge for you. We mentioned that earlier, but we would like to point out once again: If you want to assert your rights, just get in touch with us. The quickest way to help you is to make it clear in the subject matter that this is a privacy concern.

We make every effort to ensure that you have no reason to do so, but you also have the right to complain to us about the processing of your personal data by a data protection supervisory authority.


Opposition and revocation against the processing of your data

If you have consented to the processing of your data on the Website, you can of course revoke this consent at any time. Such revocation will affect the admissibility of the processing of your personal data after you have given it to us.

In some cases, we base the processing of your personal data on a balance of interests. This is especially the case if we have good reasons to process the data, but processing is not absolutely necessary to fulfill a contract with you. In these cases, you can object to the processing. In the event of such a disagreement, we ask you to explain the reasons why we should not process your personal data as we have done. In the case of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or point out to you our compelling legitimate reasons on which we continue the processing.

Of course, you may object to the processing of your personal data for advertising and data analysis purposes at any time. About your advertising conflict you can inform us under the following contact details:


Contact us

Responsible for the data within the meaning of Art. 4 (7) GDPR we are Cabs Malta (Eurosaver, Triq Censu Tanti, San Pawl il-Baħar, SPB 3020). All questions, complaints and concerns about data protection on the website can be addressed in writing to this address. Of course, you can also reach us by e-mail at or via our on website contact form. If you give an indication in the subject line that it concerns a privacy concern, we can process this a little faster.


Changes to the Policy

This Privacy Policy may be updated from time to time so you may wish to check it each time you submit personal information to us. The date of the most recent revisions will appear on this page.

As of: 12th of September, 2020


Cabs Malta