Privacy Policy

Born Digital ("we", "us", or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect information when you visit our website (born.mt) or engage with our services.

We are a data controller registered in Malta and operate in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), Malta's Data Protection Act (Cap. 586), and any subsidiary legislation enacted thereunder.

By using our website or submitting information to us, you acknowledge that you have read and understood this Privacy Policy.

1. Information We Collect

We may collect and process the following categories of personal data:

1.1 Information You Provide Directly

• Contact details: name, email address, telephone number, and company name when you submit a contact form or request a proposal.
• Project information: business type, project type, budget range, timeline, and project description provided through our enquiry forms.
• Communications: any correspondence or messages you send to us via email or other channels.

1.2 Information Collected Automatically

• Technical data: IP address, browser type and version, operating system, device type, screen resolution, and referring URL.
• Usage data: pages visited, time spent on pages, click patterns, and navigation paths through our website.
• Cookie data: information collected through cookies and similar tracking technologies (see Section 7 below).

1.3 Information from Third Parties

We may receive information about you from third-party services such as analytics providers, advertising platforms, and publicly available business directories, solely for the purposes outlined in this policy.

2. How We Use Your Information

We use the personal data we collect for the following purposes:

• Responding to enquiries: to process your contact form submissions and respond to your requests for proposals or information about our services.
• Service delivery: to deliver, maintain, and improve the digital products and services we provide to clients under contract.
• Communication: to send you relevant updates, project communications, and -- where you have opted in -- marketing materials about our services and insights.
• Website improvement: to analyse how visitors use our website so we can improve its content, functionality, and user experience.
• Legal compliance: to comply with applicable legal and regulatory obligations, including those under Maltese and EU law.
• Fraud prevention: to detect and prevent fraudulent or malicious activity on our website and services.

3. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data on the following legal bases:

• Consent (Article 6(1)(a)): where you have given clear consent for us to process your personal data for a specific purpose, such as subscribing to our newsletter or submitting a contact form with the consent checkbox selected.
• Contractual necessity (Article 6(1)(b)): where processing is necessary for the performance of a contract with you, or to take steps at your request before entering into a contract.
• Legitimate interests (Article 6(1)(f)): where processing is necessary for our legitimate business interests (such as improving our website and services), provided those interests are not overridden by your fundamental rights and freedoms.
• Legal obligation (Article 6(1)(c)): where processing is necessary to comply with a legal obligation to which we are subject under Maltese or EU law.

4. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our standard retention periods are:

• Contact form submissions: retained for up to 24 months from the date of submission, unless a contractual relationship is established.
• Client project data: retained for the duration of the client relationship and for up to 7 years thereafter, as required by Maltese commercial and tax legislation.
• Website analytics data: retained for up to 26 months in aggregated, anonymised form.
• Marketing communications: retained until you withdraw your consent or unsubscribe.

When personal data is no longer required, we will securely delete or anonymise it in accordance with our data retention procedures.

5. Your Rights

Under the GDPR and Malta's Data Protection Act, you have the following rights in relation to your personal data:

• Right of access: you may request a copy of the personal data we hold about you.
• Right to rectification: you may request that we correct any inaccurate or incomplete personal data.
• Right to erasure: you may request that we delete your personal data, subject to certain legal exceptions.
• Right to restriction: you may request that we restrict the processing of your personal data in certain circumstances.
• Right to data portability: you may request to receive your personal data in a structured, commonly used, machine-readable format.
• Right to object: you may object to the processing of your personal data where we rely on legitimate interests as our legal basis.
• Right to withdraw consent: where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one calendar month.

You also have the right to lodge a complaint with the Information and Data Protection Commissioner (IDPC) of Malta if you believe your rights have been infringed. The IDPC can be reached at idpc.org.mt.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS/SSL) and at rest.
• Access controls limiting data access to authorised personnel on a need-to-know basis.
• Regular security assessments and vulnerability testing.
• Secure hosting infrastructure with reputable, GDPR-compliant cloud providers.

Whilst we take every reasonable precaution to protect your data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

7. Cookies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and to collect analytical data. Cookies are small text files stored on your device by your web browser.

Types of cookies we use

• Essential cookies: required for the basic functionality of our website. These cannot be disabled.
• Analytics cookies: help us understand how visitors interact with our website by collecting information in an anonymised form. We use Google Analytics for this purpose.
• Functional cookies: enable enhanced functionality and personalisation, such as remembering your preferences.
• Marketing cookies: used to track visitors across websites and display relevant advertisements. These are only set with your explicit consent.

You can manage your cookie preferences through your browser settings or through our cookie consent banner when you first visit our website. Disabling certain cookies may affect the functionality of our site.

8. Third-Party Services

We may share your personal data with trusted third-party service providers who assist us in operating our website and delivering our services. These include:

• Hosting providers: for website hosting and infrastructure (e.g., Cloudflare, Vercel).
• Analytics providers: for website usage analysis (e.g., Google Analytics).
• Email service providers: for transactional and marketing email delivery.
• Customer relationship management (CRM): for managing client relationships and communications.
• Payment processors: for processing client payments securely.

All third-party service providers are contractually obligated to process personal data only on our behalf and in compliance with the GDPR. We do not sell your personal data to third parties.

International Data Transfers

Some of our third-party providers may process data outside the European Economic Area (EEA). Where this occurs, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or transfers to countries that have received an adequacy decision.

9. Children's Privacy

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe that we have inadvertently collected data from a child, please contact us immediately at [email protected] and we will take steps to delete the information.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically. For material changes, we will provide prominent notice on our website.

11. Contact for Data Requests

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how we handle your personal data, please contact us:

For complaints, you may also contact the Office of the Information and Data Protection Commissioner (IDPC), Floor 2, Airways House, Triq il-Kbira, Birkirkara BKR 9033, Malta.