Willingness
← Back to home

Privacy Policy

Last updated: 2 April 2026

1. Who We Are

This registration platform is operated by Willingness, a mental health services organisation based in Malta. Our registered address is Mikielang Sapiano Street, Zebbug ZBG 1807, Malta. When we refer to "we", "us", or "our" in this policy, we mean Willingness.

2. What Data We Collect

When you use this platform to register for our events or camps, we collect:

  • Parent / guardian details: full name, email address, phone number, and ID card number
  • Children's details: full name, date of birth, school, medical conditions, allergies, and dietary requirements
  • Emergency contact information (if different from the parent)
  • Uploaded documents: medical certificates, vaccination records, or ID copies where required
  • Payment information: transaction references and payment status (card details are handled directly by our payment provider and are never stored on our systems)
  • Consent records: your responses to photo/video consent and terms acceptance

3. Why We Collect Your Data

We use your personal data to:

  • Process and manage your event or camp registration
  • Collect payments for the services you have registered for
  • Communicate with you about your registration, including confirmations and reminders
  • Ensure the safety and wellbeing of children during our programmes (e.g. medical and allergy information)
  • Issue invoices and maintain accounting records
  • Comply with legal and regulatory obligations

4. Legal Basis

Under the General Data Protection Regulation (GDPR), we process your data on the following legal bases:

  • Contract performance (Article 6(1)(b)): processing is necessary to fulfil your registration and provide the services you have signed up for.
  • Legitimate interest (Article 6(1)(f)): we have a legitimate interest in maintaining accurate records, preventing fraud, and improving our services.
  • Legal obligation (Article 6(1)(c)): we are required to keep certain records for tax, accounting, and regulatory purposes under Maltese law.

5. Who We Share Your Data With

We do not sell your personal data. We share it only with the following third-party service providers who help us operate this platform:

  • Supabase (cloud database and file storage) -- stores registration data and uploaded documents securely
  • Revolut (payment processing) -- processes card payments on our behalf
  • Xero (accounting software) -- used to generate invoices and maintain financial records
  • Brevo (email service) -- sends confirmation emails and registration reminders

Each of these providers processes data in accordance with their own privacy policies and applicable data protection laws.

6. Data Retention

We retain your personal data for as long as necessary to provide the services you registered for, and afterwards for as long as required to meet our legal obligations (such as tax and accounting requirements under Maltese law). When your data is no longer needed for any of these purposes, we will securely delete or anonymise it.

7. Your Rights

Under the GDPR, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Erase your data (subject to legal retention requirements)
  • Restrict or object to certain processing
  • Data portability -- receive your data in a structured, commonly used format
  • Lodge a complaint with the Information and Data Protection Commissioner (IDPC) in Malta if you believe your rights have been violated

The IDPC can be contacted at idpc.org.mt.

8. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. This includes encrypted connections (HTTPS), access controls, and secure cloud infrastructure.

9. Contact Us

If you have any questions about this privacy policy or wish to exercise any of your rights, please contact us: