Back to Marketplace

Legal

Privacy Policy

Last Updated: April 2026GDPR Compliant

01

Introduction

Welcome to Nomadly, a travel and lifestyle marketplace connecting travelers, students, expats, and modern nomads with curated local businesses across Malta and Europe.

This Privacy Policy explains:

  • What personal data we collect
  • Why we collect it and how it is used
  • How we protect your data
  • Your rights as a user

By using Nomadly, you consent to the practices described in this policy. We are committed to transparency and your right to privacy.

02

Who We Are (Data Controller)

Nomadly Travel & Lifestyle Marketplace — based in Malta, operating across Europe.

As the data controller, Nomadly is responsible for the lawful collection, processing, and storage of personal data in accordance with applicable EU and Maltese data protection legislation.

[email protected]

03

Data We Collect

We collect two categories of personal data:

Data You Provide

  • Full name
  • Email address
  • Country / location
  • Booking or enquiry details
  • Profile information
  • Messages sent through the platform

Collected Automatically

  • Device information
  • IP address
  • Pages visited
  • Clicks and interactions
  • Session and usage data

04

Third-Party Tools We Use

Nomadly works with the following trusted providers to operate the platform securely and efficiently. Each may process limited data as part of their service:

Google
Analytics & Tag Manager — platform performance and user behaviour insights
Firebase
App infrastructure, authentication & database — secure platform operations
Stripe
Payment processing & transaction security — PCI-DSS compliant

These providers are bound by their own privacy policies and data processing agreements. They do not use your data for purposes beyond those described here.

05

How We Use Your Data

We use your personal data to:

  • Provide and operate the Nomadly platform
  • Process bookings and enquiries with Partners
  • Improve user experience and platform features
  • Communicate updates, support, or service changes
  • Detect and prevent fraud or misuse
  • Enable the NomadCoins rewards system

We only use your data for the purposes described above. We do not sell your data to third parties for advertising or marketing purposes.

06

Payments & Security

  • Payments are processed via Stripe, a PCI-DSS certified payment provider
  • Nomadly does not store full card details on its own servers
  • All payment transactions are secured by Stripe's encrypted infrastructure

Your financial data is handled exclusively by our certified payment partner. Nomadly only receives confirmation of successful or failed transactions.

07

Data Sharing

We may share limited personal data with:

  • Partners (businesses) — only to fulfill a booking or enquiry you have initiated
  • Service providers — hosting, analytics, and payment infrastructure providers
  • Authorities — where required by law or regulation

We Do Not Sell Your Data

Nomadly does not sell, rent, or trade your personal information to third parties for commercial purposes.

08

Cookies & Tracking

Nomadly uses cookies and tracking technologies to:

  • Improve platform functionality and performance
  • Analyze traffic and usage patterns
  • Personalise your experience

You can manage or disable cookies at any time through your browser settings. Note that disabling certain cookies may affect platform functionality.

09

Data Retention

We retain your personal data only for as long as necessary to:

  • Provide the services you have requested
  • Comply with legal and regulatory obligations
  • Resolve disputes and enforce agreements

After this period, data is securely deleted or anonymised in accordance with applicable law.

10

Your Rights (GDPR)

If you are located in the EU, you have the following rights under GDPR:

Access your personal data
Correct inaccurate data
Request deletion ("right to be forgotten")
Restrict or object to processing
Request data portability
Withdraw consent at any time

To exercise any of these rights, contact us at:

[email protected]

11

Data Transfers

Your data may be processed outside your country — for example, via Google or Stripe infrastructure hosted internationally.

Where such transfers occur, Nomadly ensures:

  • Appropriate safeguards are in place (e.g. Standard Contractual Clauses)
  • All processing remains GDPR-compliant
  • Your rights are protected regardless of where data is processed

12

Security

We take reasonable and appropriate technical measures to protect your data, including:

  • Secure, encrypted server infrastructure
  • Encrypted data connections (HTTPS/TLS)
  • Controlled access with role-based permissions

No system is 100% secure. While we take every precaution, we cannot guarantee absolute security. Please safeguard your account credentials and notify us of any suspected breach.

13

Changes to This Policy

We may update this Privacy Policy at any time to reflect changes in law, technology, or our services.

  • Updates will be posted on this page with a revised date
  • Where changes are significant, we will notify users directly
  • Continued use of the platform constitutes acceptance of the updated policy

14

Contact

For any privacy-related questions, data requests, or concerns:

[email protected]

15

Key Note

Platform Note

Nomadly is a platform connecting users with independent businesses. Partners are responsible for their own services and data handling where applicable. Nomadly does not control Partner data practices beyond what is outlined in our Partner agreement.

Nomadly respects your privacy the same way we design our experiences — simple, transparent, and built for trust.