Last updated: 5th November 2025
Website: popp.mt / market.popp.mt
Email: market@popp.mt
Controller: POPP (the “Company”, “we”, “us”)
We respect your privacy and are committed to protecting your personal data.
This Privacy Policy explains what information we collect, how we use it, and your rights under GDPR (Regulation (EU) 2016/679).
By submitting an application through our website, you agree to this Privacy Policy.
During your application we collect:
First name, last name
Email address
Phone number
Business name (optional)
Street address
Town / Postcode
Country
Card details (processed securely via our payment provider — we do not store card numbers)
Authorization status (pending / approved / released)
Stall or service preferences
Any information provided in application notes or attachments
IP address
Device type / browser type
Cookies (functional, session, analytics — if applicable)
| Purpose | Legal Basis |
|---|---|
| To process your application and communicate with you | Performance of a contract (Art. 6(1)(b)) |
| To place a payment authorisation hold on your card | Legitimate interest (Art. 6(1)(f)) |
| To issue a confirmation or cancellation receipt | Legal obligation (invoicing & tax law) |
| To improve the website or application process | Legitimate interest (analytics & optimisation) |
We do not sell or share your information with third parties for marketing.
When you submit the application:
A temporary payment authorization hold is placed on your card
No payment is taken at this stage
If your application is not approved, the hold is released
All card details are handled by our secure payment provider.
We do not have access to full card numbers.
Payment provider: (Stripe / WooCommerce Payments — adjust based on your setup)
We implement technical and organizational security measures including:
Encrypted data transfer (HTTPS / SSL)
Encrypted payment processing via Stripe
Restricted staff access on a need-to-know basis
Secure hosting within the EU (where applicable)
Data is stored on:
Our website platform (WooCommerce)
Email system for communication (Google Workspace / similar)
| Type of data | Retention period |
|---|---|
| Application & billing info | Up to 24 months from submission |
| Financial records (for approved applications) | 5 years (legal requirement) |
| Unsuccessful applications | Removed after the authorization is released |
You may request earlier deletion at any time (see rights below).
We only share data with essential service providers:
Payment processors (e.g., Stripe)
Website hosting / CRM / email automation providers
These providers act as data processors under GDPR and may only process data according to our instructions.
We do not sell or trade personal data to third parties.
You have the right to:
| Your Right | What It Means |
|---|---|
| Access | Request a copy of your data |
| Rectification | Correct incorrect or incomplete data |
| Erasure (“right to be forgotten”) | Request deletion of your data |
| Restrict processing | Ask us to stop processing temporarily |
| Data portability | Request data in a downloadable format |
| Object | Withdraw consent for non-essential processing |
To exercise these rights, contact us at: market@popp.mt
You also have the right to lodge a complaint with the Office of the Information and Data Protection Commissioner (IDPC), Malta.
We may update this Privacy Policy from time to time.
The latest version will always be available on this page.
POPP Market – Data Protection
📩 Email: market@popp.mt
🌍 Website: popp.mt
