1.     The Policy

This Privacy Policy explains how personal data is collected, used, stored and shared in connection with the operation of the INQDEJT online platform (the “Platform”). 

This Privacy Policy should be read together with the Platform’s Terms and Conditions. Unless otherwise defined in this Privacy Policy, capitalised terms used herein shall have the meanings assigned to them in the Terms and Conditions. The Terms and Conditions set out the rules governing access to and use of the Platform.

The Platform is owned and operated by Karl Grech, trading as INQDEJT, with Maltese VAT number 2809-7119, hereinafter referred to “INQDEJT”, “we”, “us” or “our”.

We take your privacy seriously and are committed to safeguarding your personal data in accordance with the General Data Protection Regulation 2016/679 (hereinafter referred to as the “GDPR”) and applicable Maltese data protection legislation. INQDEJT acts as Data Controller in respect of personal data processed through the Platform and is responsible for determining how and why such personal data is processed. 

This Privacy Policy describes the principles and practices we follow to ensure that personal data is processed lawfully, fairly and transparently. This Policy applies to the following categories of individuals: 

This Policy applies to processing of personal data relating to: 

• Individuals and Patrons who access the Platform or submit Reviews; 
• Businesses and professionals listed on the Platform;
• Representatives of Businesses who create or claim Business Profiles; 
• Visitors to the Platform website; and 
• Individuals who contact us in relation to the Platform’s services. 

The Platform enables Patrons to publish Reviews relating to businesses and service providers operating in Malta. In doing so, the Platform processes personal data necessary to operate the service, including data relating to Patron accounts, published Reviews, Business Profiles, verification processes and complaints handling.

In certain circumstances, Business Profiles may be generated using publicly available business information in order to enable Patrons to submit Reviews and facilitate discoverability of Businesses on the Platform. Where this occurs, the Platform processes such information in accordance with applicable data protection laws.

All processing activities are carried out in a manner that respects the rights of individuals and is consistent with applicable legal obligations.

2.     Data Controller

A.  Data Controller

For the purposes of this Policy, the term “Data Controller” refers to the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, as defined in Article 4(7) of the GDPR. 

The Data Controller responsible for your personal data processed through the Platform is: 

Name:  Karl Grech, trading as INQDEJT 

VAT Number: 2809-7119 

Email Address: info@inqdejt.com

INQDEJT acts as a Data Controller when processing personal data in connection with the operation of the Platform. This includes personal data processed in relation to account registration and account management, submission and publications of Reviews and comments or responses to Reviews, the creation and management of Business Profiles, the verification of Businesses claiming profiles, communication with Patrons and Businesses and the handling of complaints, disputes or removal requests. 

As Data Controller, INQDEJT is responsible for ensuring that personal data is processed in accordance with applicable data protection laws and that appropriate technical and organisational measures are implemented to protect personal data.

Individuals who wish to exercise their rights under applicable data protection laws or who have questions regarding the processing of their personal data may contact the Operator using the contact details above.

3.     Information We Collect

The types of personal data processed through the Platform depend on how individuals interact with the Platform. Personal data may be collected when Patrons create accounts, submit Reviews, interact with Business Profiles, communicate with the Operator, or otherwise use the Platform. 

The categories of personal data processed may include the following:  

1. Account and Identification Data: Information provided when creating or maintaining a Patron account, such as name, username, email address and account verification information.
2. Review and Contact Data: Information contained in Reviews, comments or responses submitted through the Platform. This may include written opinions, ratings, feedback and any other information voluntarily included by Patrons in connection with their experience with a Business.
3. Business Profile Information: Information relating to Businesses listed on the Platform, including business names, contact details, addresses, descriptions, categories, images or branding materials. Such information may be provided directly by the Business, submitted by Patrons, or obtained from publicly available sources.
4. Verification Data: Information provided when a Business representative seeks to claim or verify a Business Profile. This may include contact details, verification emails, business domain information, or other documentation reasonably requested to confirm authority to represent the Business.
5. Communication Data: Information provided when individuals contact the Platform, including through email, contact forms, complaints submissions or other communications. This may include names, contact details and the content of the communication.
6. Complaints and Moderation Data: Information submitted in connection with complaints, reporting of content, or moderation processes, including supporting documentation, explanations provided by Patrons or Businesses, and records of actions taken by the Platform in response to such reports.
7. Technical and Usage Data: Certain technical information collected automatically when individuals access or use the Platform, such as IP address, device type, browser information, timestamps, and usage data relating to interaction with the Platform.
8. Billing and Transaction Data: Information relating to payments or commercial arrangements between the Platform and Businesses, including billing contact details, invoicing information, payment confirmations and transaction records relating to sponsored listings, advertising or other paid services. Payment details may be processed through third-party payment service providers and are not stored directly by the Platform where external payment processors are used.

Personal data processed through the Platform may be provided directly by Patrons or Businesses, collected automatically through the use of the Platform, or obtained from publicly available sources where necessary to generate or maintain Business Profiles. 

Where Reviews contain personal data relating to identifiable individuals, the Platform may take reasonable steps to moderate, redact or remove such data where its publication appears excessive, unlawful or unrelated to the purpose of the Platform.

4.     Where Do We Get Your Information From?

Personal data processed through the Platform may be obtained from a number of sources depending on how individuals interact with the Platform.

These sources of personal data may include the following:

1. Directly From You

Personal data may be provided directly by you when you interact with the Platform, including for example: 

• When you create or register an account as a Patron; 
• When you submit a Review, comment or response through the Platform; 
• When you create or claim a Business Profile; 
• When you update or provide information relating to a Business Profile; 
• When you contact us through email, contact forms or other communications channels available on the Platform; 
• When you submit a complaint, report content or otherwise communicate with the Operator. 

• From Businesses or their Representatives 

Where a Business Profile is created or claimed, personal data may be provided by the Business or its authorised representatives. This may include business contact details, professional information, branding materials or other information submitted for the purpose of managing the Business Profile.

• From Publicly Available Sources

In certain circumstances, Business Profiles may be generated using information obtained from publicly available sources. This may include business names, publicly available contact details, addresses or other professional information relating to businesses operating in Malta.

Such information is used solely for the purpose of enabling Patrons to submit Reviews and facilitating the visibility and discoverability of Businesses on the Platform. Businesses may contact the Platform to request correction, verification or removal of such information where appropriate.

• From Other Patrons of the Platform 

Personal data may also be provided by other Patrons of the Platform where they refer to or describe a Business or professional in a Review or comment based on their personal experience.

• Automatically Through the Use of the Platform 

Certain technical and usage data may be collected automatically when you access or interact with the Platform. This may include information such as IP address, device type, browser information, timestamps and other technical identifiers generated through the use of the Platform.

Where personal data is provided by third parties, including through Reviews or other content submitted to the Platform, the Platform reasonably relies on the person submitting such information to ensure that they have the lawful basis or authority to provide that data. The Operator reserves the right to review, remove or restrict such content where it appears to infringe applicable data protection laws or the rights of any individual.

5.     How We Use The Information

INQDEJT is committed to ensuring that personal data is processed transparently and only for legitimate purposes connected with the operation of the Platform.

As the Platform allows Patrons to publish Reviews and comments relating to Businesses and their services, certain personal data submitted by Patrons or Businesses may become publicly visible on the Platform. The publication of such content forms part of the core functionality of the Platform and is carried out in accordance with applicable data protection laws and the Platform’s Terms and Conditions.

Patrons and Businesses should therefore be aware that information voluntarily submitted to the Platform for publication, including Reviews, comments or responses, may be publicly accessible and viewable by other users of the Platform and by visitors to the website. Patrons and Businesses should therefore avoid including unnecessary personal data, particularly private contact details or sensitive personal information, unless such information is strictly relevant and lawful.

Personal data is processed only where a lawful basis exists under the GDPR. The table below sets out the main purposes for which personal data may be processed together with the corresponding legal basis.

	Purpose for Processing	Legal Basis
1	To create and manage Patrons’ accounts and enable access to the Platform’s features, including submitting Reviews and interacting with Business Profiles.	Article 6(1)(b) GDPR – Processing necessary for the performance of a contract (use of the Platform) or steps prior to entering into such contract.
2	To publish, display and manage Reviews, comments and other content on the Platform.	Article 6(1)(f) GDPR – Legitimate interest in operating a review platform that allows Patrons to share experiences and information about Businesses.
3	To generate and maintain Business Profiles on the Platform, including profiles created using publicly available information.	Article 6(1)(f) GDPR – Legitimate interest in facilitating the discoverability of Businesses and enabling Patrons to share Reviews.
4	To verify the identity and authority of individuals claiming or managing Business Profiles.	Article 6(1)(f) GDPR – Legitimate interest in preventing fraud, impersonation and misuse of Business Profiles.
5	To manage communications with Patrons and Businesses, including responding to enquiries, feedback, complaints or requests for removal of content.	Article 6(1)(f) GDPR – Legitimate interest in ensuring proper operation of the Platform and handling Patron interactions.
6	To monitor, moderate and enforce the Platform’s Terms and Conditions, including detecting misuse, manipulation of Reviews or unlawful content.	Article 6(1)(f) GDPR – Legitimate interest in protecting the integrity, reputation and lawful operation of the Platform.
7	To operate sponsored listings, advertising placements or other paid promotional features.	Article 6(1)(b) GDPR – Performance of a contract with the relevant Business; and/or Article 6(1)(f) GDPR – Legitimate interest in operating a sustainable business model for the Platform.
8	To send marketing communications, promotional updates, or information about new features or services offered through the Platform.	Article 6(1)(a) GDPR – Consent. Individuals may opt in to receive such communications and may withdraw their consent at any time.
9	To maintain the security, functionality and technical performance of the Platform, including preventing fraud, abuse or cyber-security risks.	Article 6(1)(f) GDPR – Legitimate interest in ensuring the security and reliability of the Platform.
10	To comply with applicable legal obligations, including responding to lawful requests from courts, regulators or public authorities.	Article 6(1)(c) GDPR – Processing necessary for compliance with a legal obligation.
11	To establish, exercise or defend legal claims where necessary.	Article 6(1)(f) GDPR – Legitimate interest in protecting the legal rights and interests of the Platform.

INQDEJT ensures that personal data is processed lawfully, fairly and transparently. Processing is limited to what is necessary and proportionate for the purposes described above. Where processing is based on consent, such consent may be withdrawn at any time without affecting the lawfulness of processing carried out prior to withdrawal. Processing activities are reviewed periodically to ensure continued compliance with applicable data protection laws.

6.     Sharing & Disclosing of Personal Data

INQDEJT does not sell, rent or trade personal data to third parties for marketing purposes. Personal data is only shared where necessary for the operation of the Platform, compliance with legal obligations, or the protection of legitimate interests.

Personal data may be disclosed in the following circumstances:

1. Service Providers and Technical Partners 

The Platform may engage third-party service providers who assist in operating the Platform and supporting its functionality. These may include providers of:

• website hosting and cloud infrastructure
• email communication systems
• website analytics or technical monitoring tools
• IT support and security services

Such providers process personal data only on behalf of INQDEJT and are required to implement appropriate confidentiality and security safeguards. 

• Payment Service Providers 

Where Businesses purchase sponsored listings, promotional placements or other paid services, payment information may be processed by third-party payment service providers. INQDEJT does not store full payment card details where external payment processors are used.

• Businesses Listed on the Platform 

Where a Patron submits a Review, comment or other content relating to a Business, that content may be publicly visible on the Platform and accessible to the relevant Business. Businesses that have claimed their profile may also respond to Reviews or interact with Patrons through the Platform.

• Legal and Regulatory Authorities

Personal data may be disclosed where required to comply with applicable laws, regulations, court orders or requests from competent public authorities.

• Protection of Legal Rights and Professional Advisers 

Personal data may be disclosed where necessary to establish, exercise or defend legal claims, investigate suspected misconduct, or protect the rights, property or safety of the Platform, its Patrons, Businesses or third parties. In such circumstances, personal data may be shared with professional advisors, including legal advisors, where reasonably necessary for the provision of legal advice or the handling of disputes.

• Business Transfers 

If the Platform or its operations are transferred, sold, reorganised or otherwise subject to a corporate restructuring, personal data may be transferred to the acquiring entity or successor operator, provided that appropriate safeguards are maintained.

7.     Transferring Personal Data Outside the EEA

INQDEJT primarily stores and processes personal data within the European Economic Area (EEA). However, in certain circumstances personal data may be transferred to, stored in, or accessed from countries outside the EEA where this is necessary for the operation of the Platform or the provision of services by trusted third-party providers.

Where such transfers occur, INQDEJT ensures that appropriate safeguards are implemented in accordance with applicable data protection laws. These safeguards may include:

• transfers to countries recognised by the European Commission as providing an adequate level of data protection;
• the use of Standard Contractual Clauses (SCCs) approved by the European Commission; or
• other lawful transfer mechanisms permitted under the GDPR.

Where personal data is transferred outside the EEA, INQDEJT takes reasonable steps to ensure that the data remains protected and that appropriate security measures are in place.

Individuals may request further information regarding the safeguards applied to international transfers by contacting the Operator using the contact details provided in this Privacy Policy.

8.     Data Retention

INQDEJT retains personal data only for as long as necessary to fulfil the purposes for which it was collected and processed, including the operation of the Platform, compliance with legal obligations, and the protection of legitimate interests.

Retention periods may vary depending on the nature of the data and the purpose for which it is processed. In particular:

•  Patrons’ account data may be retained for as long as the account remains active and for a reasonable period thereafter where necessary to manage disputes, complaints or legal claims.

• Reviews, comments and other user-generated content may remain published on the Platform for as long as the content continues to serve the purpose of the Platform, unless removal is requested and justified under applicable law or the Platform’s Terms and Conditions.

• Business Profile information, including profiles generated using publicly available information, may be retained for as long as the Business remains listed on the Platform or until removal is requested and justified.

• Verification data relating to claimed Business Profiles may be retained for as long as necessary to confirm the legitimacy of the claim and to prevent misuse of the Platform.

• Complaints and moderation records may be retained for a reasonable period in order to manage disputes, enforce the Platform’s Terms, and protect the legal rights of the Operator.

• Billing and transaction data relating to sponsored listings or paid services may be retained for the period required under applicable accounting, tax and financial regulations.

Where personal data is processed on the basis of consent (for example, where optional communications are sent), such data shall be retained only for as long as consent remains valid and may be deleted upon withdrawal of consent.

Request data deletion here – https://inqdejt.com/data-deletion/

At the end of the applicable retention period, INQDEJT shall take reasonable steps to ensure that personal data is securely deleted or anonymised in accordance with the principles of data minimisation and storage limitation under Article 5(1)(e) of the GDPR.

9.     Cookies & Similar Technologies

When you access or use the Platform, certain information about your interaction with the website may be collected through the use of cookies or similar technologies. Cookies are small text files that are stored on your device (such as a computer, smartphone or tablet) by your web browser.

Cookies may be used for purposes such as:

• ensuring that the Platform functions correctly;
• improving website performance and user experience;
• remembering user preferences; and
• collecting analytical information about how visitors interact with the Platform.

Some cookies are strictly necessary for the operation of the Platform and cannot be disabled. Other cookies may be optional and used for analytics or performance monitoring.

Where cookies involve the processing of personal data, such processing shall be carried out in accordance with applicable data protection laws, including the GDPR.

Individuals accessing the Platform shall be presented with a cookie consent banner that allows them to accept or reject optional cookies. Such users may also manage or disable cookies at any time through their browser settings.

Please note that disabling certain cookies may affect the functionality of the Platform and limit the availability of certain features.

10.   Data Security

INQDEJT takes the security of personal data seriously and is committed to protecting personal data against unauthorised access, unlawful processing, accidental loss, destruction or damage.

Appropriate technical and organisational measures are implemented to safeguard personal data processed through the Platform, taking into account the nature of the data processed and the risks associated with online services and user-generated content.

Such measures may include:

• the use of secure systems and password protection;
• restricting access to personal data to authorised persons who require such access for operational purposes;
• implementing safeguards designed to prevent unauthorised access to Platform systems; and
• ensuring that individuals who have access to personal data are subject to appropriate confidentiality obligations.

While reasonable steps are taken to protect personal data, no method of transmission over the internet or method of electronic storage can be guaranteed to be completely secure. Users therefore acknowledge that the transmission of information through online platforms involves inherent risks.

In the event of a personal data breach, INQDEJT shall take appropriate action in accordance with applicable data protection laws, including notifying the competent supervisory authority and affected individuals where required under the GDPR.

11.   Your Rights

Individuals whose personal data is processed through the Platform have a number of rights under GDPR and applicable Maltese data protection legislation. These rights apply subject to certain legal limitations and exceptions.

1. Right to be Informed: You have the right to receive clear, accessible information about how we collect and use your personal data.

1. Right to Access: You have the right to request confirmation as to whether personal data concerning you is being processed and, where that is the case, to obtain access to that personal data together with certain supplementary information relating to the processing.

1. Right to Rectification: You have the right to request the correction of inaccurate personal data and the completion of incomplete personal data where appropriate.

1. Right to Erasure: You may request the deletion of personal data where, for example, the data is no longer necessary for the purposes for which it was collected, where consent is withdrawn, or where the data has been unlawfully processed. This right may not apply where the processing is necessary for compliance with legal obligations, for the establishment, exercise or defence of legal claims, or where continued retention is necessary for the legitimate operation of the Platform.

In certain circumstances, the removal of personal data may not automatically result in the deletion of Reviews or other content where such removal would undermine the integrity of the Platform or the context of published content. In such cases, personal data may instead be anonymised where appropriate.

• Right to Restriction of Processing: You may request the restriction of processing of your personal data in certain circumstances, such as where the accuracy of the data is contested or where the processing is unlawful but you oppose deletion.

• Right to Object: Where personal data is processed on the basis of legitimate interests, you have the right to object to such processing on grounds relating to your particular situation. INQDEJT may continue processing where compelling legitimate grounds exist or where processing is necessary for legal claims.

• Right To Data Portability: Where personal data is processed on the basis of consent or the performance of a contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine-readable format, where technically feasible.

• Rights Related to Automated Decision–Making: You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects. The Platform does not rely on fully automated decision-making of this nature.

1. Right to Lodge a Complaint: If you have any questions or concerns regarding the processing of your personal data, you may contact the Operator using the contact details provided in this Privacy Policy.

If you are not satisfied with the response, you have the right to lodge a complaint with the Office of the Information and Data Protection Commissioner (IDPC) in Malta, which is the competent supervisory authority for data protection matters. You also have the right to seek a judicial remedy where you believe that your data protection rights have been infringed.

To exercise your rights, you may contact INQDEJT by email at info@inqdejt.com. Requests should include sufficient information to enable identification of the individual making the request and locate the relevant data. INQDEJT may request proof of identity before acting on a request in order to prevent unauthorised disclosure of personal data.

Requests shall be handled within the timeframes required under applicable data protection legislation.

12.   Third Party Websites

The Platform may contain links to third-party websites or services. These websites are not operated or controlled by INQDEJT. INQDEJT is not responsible for the privacy practices, policies or content of such external websites. Users who access third-party websites through links available on the Platform are encouraged to review the privacy policies of those websites before providing any personal data.

13.   Amendments To This Privacy Policy

INQDEJT may update this Privacy Policy from time to time to reflect changes in applicable laws, regulatory guidance, the operation of the Platform, or technological developments.

Where changes are material in nature, reasonable steps shall be taken to inform Patrons and Businesses of the updated Privacy Policy. Such notification may be provided through the Platform, including by means of a notice, banner or other appropriate communication.

The most recent version of this Privacy Policy shall always be available on the Platform and shall indicate the date on which it was last updated.

This Privacy Policy was last updated on 14/05/26. 

14.   Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, you may contact the Operator using the contact details provided in Section 2 (Data Controller) of this Privacy Policy.