Privacy Policy

Last Updated: April 7, 2026

1. Introduction

Karl Mallia, operating as Karlito’s Way Travel Operation (“We”, “Us”, “Our”), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website www.karlitosway.com or use our travel consultancy services.

We process personal data in accordance with the Maltese Data Protection Act (Chapter 586 of the Laws of Malta) and the General Data Protection Regulation (EU) 2016/679 (GDPR).

2. The Data We Collect

As a travel operator, we collect the following to fulfill your bookings:

  • Identity Data: Full name, date of birth, gender, and nationality.
  • Travel Documents: Passport or ID card details (required for international travel and MTA compliance).
  • Contact Data: Email address, telephone number, and residential address.
  • Financial & Transaction Data: This includes payment card details (processed via encrypted third-party providers) or bank account details (for payments made via bank transfer).
  • Special Category Data: With your explicit consent, we may collect information regarding health conditions, disabilities, or dietary requirements to ensure your safety and comfort during travel.

3. How We Collect Your Data

  • Direct Interaction: When you fill out booking forms, contact us via email, or subscribe to our newsletter.
  • Automated Technologies: As you interact with our site, we may automatically collect Technical Data (IP address, browser type) via cookies. You may read our Cookie Policy on www.karlitosway.com/cookies.

4. Legal Basis for Processing

  • Performance of a Contract: Necessary to book your flights, hotels, and tours.
  • Legal Obligation: To comply with Malta Tourism Authority (MTA) licensing.
  • Consent: For marketing or processing “Special Category” health data.
  • Legitimate Interests: For website security and service improvement.

5. Disclosure and International Transfers

To fulfill your travel arrangements, we share your data with:

  • Service Providers: Airlines, hotels, and local tour operators.
  • Regulatory Bodies: The Malta Tourism Authority or other government agencies.
  • Global Service Providers: We use service providers that may be located outside the European Economic Area (EEA), such as Google (Google Workspace, Analytics) and other cloud-based tools.

6. Payment Processing

We offer multiple ways to pay for our services:

  • Electronic Payments: Processed through secure third-party gateways.
  • Bank Transfers: If you choose to pay via bank transfer, we will process your bank account details and transaction reference solely for the purpose of verifying and reconciling your payment.

7. Data Security & Retention

We have implemented SSL encryption and secure internal protocols to prevent unauthorized access. We retain your data for as long as necessary to fulfill the purposes we collected it for.

8. Your Legal Rights

Under GDPR, you have the right to access, correct, or erase your data, as well as the right to object to processing. To exercise these rights, contact admin@karlitosway.com.

9. Complaints

You have the right to lodge a complaint with the Office of the Information and Data Protection Commissioner (IDPC) in Malta (www.idpc.org.mt).