Please read the following terms and conditions carefully before using this site (the "Terms").

1. Introduction and who we are

We, Habits Limited (C 92617) of 171, Old Bakery Street, Valletta VLT 1455, Malta ("we"; "us"; "our" or the "Company") respect your privacy and are wholly committed to protecting your personal data. We process personal data in strict confidentiality in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and applicable data protection legislation, including the Maltese Data Protection Act (Chapter 586 of the laws of Malta), as may be updated or amended from time to time.

This Privacy Policy (the “Policy”) sets out and explains: (1) what personal data we will collect about you in connection with your use of our website; (2) the basis on which we will process your personal data; (3) our obligations in regard to processing your personal data; and (3) your data protection rights as a data subject.

For the purposes of the GDPR and other applicable data protection legislation, we are the operator of the website: and the controller of your personal data.


Full name of legal entity: Habits Limited (C 92617)

Email address:

Postal address: 171, Old Bakery Street, Valletta VLT 1455, Malta

2. Personal data which we collect about you

Personal data which we collect about you:

  1. Information you give us. This is information that you give us by filling in forms on the Site, or by corresponding with us by phone, e-mail or otherwise (e.g. complaints or customer feedback).

  2. Information we collect about you. Each time you visit the Site, we automatically log and collect the following information:

  3. technical information, including the Internet protocol (“IP”) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;

    information about your visit, including the full Uniform Resource Locators (“URL”), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.

  4. Information we receive from other sources. This is information we receive about you if you use any of the other websites we operate or other services we provide. We are also working closely with third parties, such as analytics providers, search information providers and SEO providers.

3. Use of your personal data

We will use your personal data for any one or more of the following purposes:

  • in order to operate the Site and make it available to you

  • to provide you with information about the Site;

  • to administer the Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;

  • to improve the Site and to ensure that its content is presented in the most effective manner for you and for your computer;

  • to allow you to participate in interactive features of the Site, when you choose to do so;

  • as part of our efforts to keep the Site safe and secure;

  • to measure or understand the effectiveness of advertising we serve to you via the Site;

  • to deliver relevant advertising to you through the Site;

  • to notify you about changes to the Site;

We will use your personal data strictly for the purposes described in this Policy.

Where we require your consent to process your personal data, we will only process that personal data for:

  • as long as such consent remains in force and has not been withdrawn; and

  • the specific purpose for which we have requested your consent.

4. Retention of your personal data

We will only retain your personal data for as long as necessary to fulfil the purposes for which we originally collected it and thereafter:

  • to satisfy any legal, accounting, tax or reporting obligations to which we may be subject;

  • to the extent that we may also need to retain your personal data to be able to assert, exercise or defend possible legal claims against or otherwise involving you.

Once we no longer require your personal data for the purposes described above, we will remove it from our systems and securely erase records containing such data. Alternatively, we will take steps to properly anonymise that personal data so that you can no longer be identified from it.

Kindly contact us at for further details about the retention periods that we apply.

5. Disclosure of your personal data

We will share your personal data with third parties where:

  • required by law;

  • it is necessary to administer a contract or other agreement which we have with you; or

  • we have another legitimate interest to do so.

In particular, we may share your data, without requiring your consent, with regulatory authorities or other third parties pursuant to a court order, or where otherwise required by law or legal process.

All our third-party service providers are required to take appropriate security measures to protect your personal data in line with our company policies and standards. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes, in accordance with our written instructions.

6. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally or unlawfully lost or destroyed, or altered, disclosed, used or accessed in an unauthorized way. We also regularly review and, where practicable, improve upon these security measures.

We also limit access to your personal data on a strictly ‘need to know’ basis. Our employees will only access and process your personal data on our instructions and are subject to strict duties of confidentiality. All of our employees have received appropriate training on data protection duties and responsibilities.

We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

7. Data Subject Rights

You have the right to:
  1. Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are processing it in a lawful manner.

    You may send an email to requesting information as the personal data which we process. You shall receive one copy free of charge via email of the personal data which is undergoing processing. Any further copies of the information processed shall incur a charge of €10.00.

  2. Request correction or rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected and/or updated, though we may need to verify the accuracy of the new data you provide to us.

  3. Request erasure of your personal data.

This enables you to ask us to delete or remove personal data where:

  • you have objected to the processing (other than in relation to objections to direct marketing) and there are no overriding legitimate grounds to justify that processing;

  • the personal data is no longer needed for the purpose for which it was collected or processed;

  • you withdraw consent and there are no other grounds for the processing;

  • the personal data is unlawfully processed; and/or

  • there is a legal obligation under EU or Member State law to erase the personal data.

    Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. Most commonly, this will be where further processing of the personal data is required by us to:

  • comply with a legal obligation to which we are subject;

  • assert, exercise or defence of legal claims (including possible future claims).

4. Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which causes you to object to processing on this ground as you feel it impacts your fundamental rights and freedoms.

In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal information that override your rights and freedoms.

5. Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

you have objected to the processing and the Company is considering whether there are overriding legitimate grounds that justify continued processing;

the processing is no longer necessary, but retention of the data is needed by you to deal with legal claims;

the processing is unlawful, but you have requested that the processing of the data be restricted as opposed to being erased;

the accuracy of the personal data is being contested, and the Company is in the process of verifying that data.

Request the transfer (data portability)of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note however that this right only applies:

  • where our processing is based on consent or the performance of a contract;

  • where our processing is carried out by automated means (therefore this right does not cover or apply to "paper files");

  • to personal data concerning you;

  • to personal data which the Company holds about you.

7. Withdraw your consent at any time where we are relying on consent to process your personal data (which will generally not be the case). This will not however affect the lawfulness of any processing which we carried out before you withdrew your consent. Any processing activities that are not based on your consent will remain unaffected.

If you want to request the exercise of any your data subject rights, please contact us in writing at We may need to request specific information from you to help us confirm your identity and ensure your right to access the data in question (or to exercise any other right).

Kindly note that none of these data subject rights are absolute and must generally be weighed against our own legal obligations and legitimate interests. If a decision is taken to override your data subject request, you will be informed of this along with the reasons for our decision.

8. Complaints

If you have any questions about this Policy or how we handle your personal data and information, please contact us in writing at

You have the right to lodge a complaint at any time to a competent supervisory authority on data protection matters, such as the supervisory authority in the place of your habitual residence or place of work. In the case of Malta, this is the Information and Data Protection Commissioner (“IDPC”), whose website can be accessed through the following link:

We would, however, appreciate the opportunity to deal with your concerns internally before you approach the supervisory authority, so please bring the matter to our attention at the first instance.

9. Changes to this privacy notice

We reserve the right to update this Policy at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.