Privacy Policy

Clear, practical privacy information for visitors, clients, and support requests.

This page explains what personal data Mediamatic collects through this website, why we use it, who helps us process it, and how you can contact us about your privacy rights.

Enquiries & consultationsSupport tickets & client portalCookies, security & email delivery
Forms

We use your details to reply to enquiries, estimate requests, and consultation bookings.

Tickets

Support requests are stored privately so we can track, reply, and resolve client issues.

Control

You can ask to access, correct, erase, or restrict personal data where the law allows.

Last updated: 6 June 2026
01 / Purpose

We collect only what we need to respond to enquiries, prepare estimates, deliver website services, and provide client support.

02 / Storage

Most enquiry forms are sent by email. Support tickets and uploaded files are stored privately inside WordPress for support follow-up.

03 / Rights

You can contact us to ask about your data, request corrections, or object to certain uses where applicable.

Who we are

This website is operated by Mediamatic, a digital agency based in Qala, Gozo, Malta. We provide website design, WordPress development, SEO, care plans, security support, content, and related digital services for businesses in Malta, Gozo, and beyond.

For this website, Mediamatic is the data controller. You can contact us at [email protected], by phone on +356 9909 9005, or by post at Triq Patri Guzepp Portelli, Qala, Gozo, Malta.

This policy applies to personal data collected through this website, including enquiry forms, consultation requests, estimate requests, partner referrals, support tickets, the client portal, and normal technical logs created when you visit the site.

What personal data we collect

The information we collect depends on how you use the website. It may include:

  • Contact details such as your name, business name, email address, phone number, and WhatsApp number.
  • Project or enquiry details such as your message, project type, budget range, website URL, preferred contact time, service interests, and business requirements.
  • Partner referral details such as the referrer's name, company, email, phone number, reward preference, introduction status, and details about the referred person or business. Referred-person details may be provided by a partner rather than collected directly from that person.
  • Support ticket details such as issue type, priority, affected website address, description, replies, uploaded screenshots or documents, ticket status, activity history, and consent record.
  • Technical details such as IP address, browser, operating system, user agent, timestamps, nonce checks, rate-limit signals, Cloudflare Turnstile challenge signals and validation results, and other security or spam-prevention data.
  • Email delivery and administration data needed to send website notifications, ticket updates, and replies.

We do not run a public comment community on this website, and the site is not intended for public account registration. WordPress login and admin cookies are used only for authorised site administrators.

How we use personal data and our lawful bases

We use personal data for clear business and service purposes. Depending on the context, our lawful basis may be consent, steps before entering into a contract, performance of a contract, legitimate interests, or legal obligations.

Responding to enquiries

We use contact form, consultation, and estimate details to reply, discuss your needs, arrange calls, and prepare useful next steps. This is usually based on your request, consent, and our legitimate interest in responding to business enquiries.

Managing partner referrals

We use referral details to assess an introduction, contact the referred business, manage attribution, prevent duplicate or misleading claims, administer rewards, and keep an appropriate programme record. This is usually based on our legitimate interests in business development and programme administration, and on steps requested by the partner or referred business.

Providing client support

We store support ticket data so we can diagnose problems, track progress, communicate updates, keep a record of actions taken, and reopen issues when needed. This is usually necessary for service delivery or our legitimate interest in managing support properly.

Website security and reliability

We use IP addresses, browser information, security checks, honeypot fields, rate limits, cache systems, backups, and technical logs to protect the website, prevent spam, troubleshoot errors, and maintain reliable service.

Legal and administrative records

We may keep records where needed for accounting, dispute resolution, compliance, security investigations, or to show that consent was recorded for a submitted form or support ticket.

Forms, estimates, support tickets, and the client portal

Contact and consultation forms

When you contact us or request a consultation, the form sends your details to Mediamatic by email. The submitted message may include your name, email address, optional phone or WhatsApp number, project type, preferred contact date or time, NDA preference, message content, IP address, browser, operating system, user agent, and submission time.

Estimate requests

The estimate request form asks for contact details and practical project information such as services needed, project name, budget range, existing website URL, page count, content needs, hosting or email needs, marketplace notes, and additional comments. A short rate-limit check may use your email address and IP address to reduce repeated automated submissions.

Support tickets and client portal

Support tickets are stored as private WordPress records. They may include your name, business name, email, phone or WhatsApp number, website URL, issue type, priority, subject, description, uploaded files, ticket status, replies, internal activity logs, submitted time, IP address, and consent record.

The client portal lets ticket clients request a private, time-limited email link to view and reply to tickets connected to their email address. Portal replies and extra attachments become part of the support ticket record.

Please avoid sending passwords, payment card details, or highly sensitive personal data through website forms. If sensitive access is needed for support work, we will agree a safer method with you.

Partner referrals and information received from other people

When a partner introduces a prospective client, we may receive the referred person's name, company, work contact details, website address, project needs, and relevant introduction notes from the partner rather than directly from the referred person. We also record who made the referral, when it was received, the referral source, qualification status, reward preference, and payment administration details.

We use this information to assess the opportunity, avoid duplicate referral claims, contact the business about the introduction, manage any resulting proposal or project, and administer an eligible partner reward. The source of the information is the referring partner or the website form through which attribution was provided.

When we first contact a referred person, we will identify Mediamatic, explain that their details were supplied through a referral, provide or link to this Privacy Policy, and explain how they can object or exercise their privacy rights. A referred person can ask us not to continue contact, subject to any records we reasonably need for legal, security, or dispute purposes.

Partners must only share information they are entitled to provide and should make a warm introduction or tell the referred person that Mediamatic may contact them wherever reasonably possible.

Cookies and similar technologies

This website may use cookies and similar technologies for essential site functions, WordPress administration, security, spam prevention, caching, form handling, and remembering technical preferences. These are used to make the website work and keep it secure. Public forms use Cloudflare Turnstile to distinguish legitimate visitors from automated abuse; Turnstile may process limited browser, device, network, interaction, and challenge data for that security purpose.

The site currently uses WordPress, Etch, LiteSpeed Cache, SEOPress, WP Mail SMTP, UpdraftPlus, Novamira, and related site-management tools. These may create technical cookies, logs, or processing records where needed for the website to function, send email, protect the site, optimise performance, maintain backups, or manage search metadata.

If analytics, advertising pixels, embedded media, or other optional tracking tools are added later, this policy should be updated and any required cookie consent controls should be configured before those tools are used.

Who helps us process data

We do not sell your personal data. We may share or process data with trusted service providers only where needed to run the website, communicate with you, deliver services, keep records, or protect the site.

  • Website hosting, caching, security, backup, and maintenance providers.
  • Email delivery services used to send form notifications and ticket updates.
  • Cloudflare Turnstile, which processes limited technical and challenge data to protect public forms from bots and abuse. See the Cloudflare Privacy Policy and Turnstile Privacy Addendum.
  • WordPress, plugin, and technical service providers that support the website and its administration.
  • Professional advisers, insurers, accountants, or legal authorities where required for compliance, claims, or legal obligations.

When a project requires third-party platforms such as hosting accounts, analytics tools, SEO tools, email systems, or client systems, we will process the relevant information as needed to provide the agreed service.

International transfers

Some service providers used to run modern websites, email delivery, backups, security, or business tools may process data outside Malta or the European Economic Area. Where this happens, we aim to use providers and safeguards that are appropriate for the nature of the service, such as EU adequacy decisions, standard contractual clauses, or equivalent contractual and technical protections.

How long we keep personal data

We keep personal data only for as long as reasonably needed for the reason it was collected, unless a longer period is required for legal, accounting, security, or dispute-resolution purposes.

  • General enquiry and consultation emails are usually kept while we handle the enquiry and for a reasonable business follow-up period.
  • Estimate requests may be kept while discussing or preparing a proposal and for a reasonable period afterwards.
  • Partner referral records may be kept while a lead is assessed, while any related project or payout remains active, and afterwards for a reasonable period to manage attribution, duplicate claims, accounting, disputes, and programme history.
  • Support tickets, replies, and attachments may be kept for as long as needed to support the client, maintain service history, handle recurring issues, and protect both parties if questions arise later.
  • Technical logs, security records, rate-limit data, and backup copies may be kept for shorter operational periods unless needed to investigate abuse, errors, or security incidents.

Your privacy rights

Under data protection law, you may have the right to request access to your personal data, ask for inaccurate data to be corrected, request erasure, restrict or object to certain processing, request data portability, and withdraw consent where processing is based on consent.

Some rights depend on the context and may be limited where we need to keep information for legal, contractual, security, or legitimate business reasons. To make a request, email [email protected] and tell us what you need. We may ask for information to confirm your identity before acting on a request.

Security

We use reasonable technical and organisational measures to protect personal data handled through the website. These include WordPress access controls, form validation, nonce checks, honeypot fields, rate limits, Cloudflare Turnstile verification, secure email delivery configuration, backups, cache/security tooling, and restricted access to support-ticket records.

Turnstile runs a browser challenge and sends a short-lived token to our server, which validates it with Cloudflare before a form is processed. We use this information only for security, fraud prevention, and abuse control.

No website or email system can be guaranteed completely secure. Please contact us directly if you believe information you sent to us may have been exposed or if you need to share sensitive access details for a support job.

Contact and complaints

For privacy questions or requests, contact Mediamatic at [email protected].

You also have the right to lodge a complaint with Malta's supervisory authority, the Office of the Information and Data Protection Commissioner. You can find more information at idpc.org.mt.

We may update this policy when the website, services, plugins, forms, or legal requirements change. The date at the top of this page shows when it was last updated.

Privacy questions

Need to ask about your data?

Send us a short message and we will help with access, correction, erasure, support-ticket records, or any other privacy question connected to Mediamatic.

Ask About Your Data