Legal

Privacy Policy

Last updated: 12 June 2026

Who we are

Żibel is a Registered Voluntary Organisation and environmental NGO based in Malta (VO 1465), operating since 2017. We are the data controller for the personal data described in this policy. For any privacy question or to exercise your rights, contact us at hello@zibel.org.

What data we collect and why

  • Analytics data. If you accept cookies, our analytics provider collects usage data (pages visited, device, approximate region) so we can improve the site. Analytics do not run until you consent. Lawful basis: your consent.
  • Contact & enquiry forms. Our sponsorship and ghost-net report forms are hosted by a third-party forms provider. When you submit one, the details you provide (such as name, email and your message) are sent to us. Lawful basis: our legitimate interest in responding to you.
  • Mailing list. If you sign up for clean-up updates, your email is stored by our mailing-list provider until you unsubscribe. Lawful basis: your consent. You can unsubscribe at any time using the link in any email.
  • Donations. Donations are handled by our payment provider. We receive the information they share with us about a donation (such as name and amount); your card details are handled by the provider, not by us. Lawful basis: performing the donation you requested and our legitimate interest in acknowledging it.
  • Direct contact. If you email us or message our WhatsApp group, we process what you send in order to reply. Lawful basis: our legitimate interest in responding.

Who we share it with

We do not sell your personal data. We rely on a small number of trusted third-party providers to run the site and our activities, each under their own privacy terms:

  • an analytics provider (only after you consent)
  • a forms provider, for our contact and report forms
  • a mailing-list provider, for clean-up updates
  • a payment provider, for donations
  • messaging platform providers, if you contact us through them
  • hosting and infrastructure providers

Some of these providers are based outside the EU/EEA. Where that is the case, transfers are covered by the safeguards those providers put in place (such as the EU Standard Contractual Clauses).

How long we keep it

We keep personal data only for as long as needed for the purpose it was collected, or as required by law. Mailing-list data is kept until you unsubscribe; enquiry and contact data is kept while we handle your request and for up to 24 months after it is closed.

Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected, or your data erased;
  • object to or restrict our processing, and withdraw consent at any time;
  • receive your data in a portable format.

To exercise any of these, email hello@zibel.org. You also have the right to lodge a complaint with Malta’s Information and Data Protection Commissioner (IDPC) at idpc.org.mt.

Cookies

For details of the cookies we use and how to change your choice, see our Cookie Policy.

Changes

We may update this policy from time to time. The date at the top shows when it was last changed.