Back to home

Privacy Policy

Last updated: 24 April 2026

Autobahn Limited (trading as Autobahn Malta) (“we”, “us”, “our”) is committed to protecting your personal data. This policy explains what we collect when you use atbmalta.com (the “Site”), why we use it, the legal grounds we rely on, how long we keep it, who we use as processors, and the rights you have under the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable Maltese data protection law.

1. Data controller

The controller of your personal data is Autobahn Limited, with principal place of business at Autobahn Ltd, Triq L-Imdina, Ħaż-Żebbuġ, Malta(referred to on the Site as “Autobahn Malta”). You can contact us about privacy at info@atbmalta.com or by telephone at +356 2145 0203.

2. Data processing: what we collect, from where, and why

This section summarises the main categories of personal data we process, the main sources, and the purposes. We do not use this policy to cover processing solely in our capacity as an employer, or in purely offline contexts, unless we refer you to this page.

Forms and website enquiries

When you use the Site’s contact or enquiry forms (for example, general contact, vehicle interest, or leasing), we typically collect and process some or all of: your name, email address, phone number, the subject or context of the enquiry, and the message and any information you type into the form (including your interest in a particular vehicle or offer).

We use this data to: understand your request; respond to you by email, phone, or as you direct; follow up with relevant information; and, where a sale, lease, or other agreement may follow, to take steps at your request before possibly entering a contract. We do not use enquiry data for general marketing to you unless the law allows and you have a clear way to object or opt out (e.g. where we rely on legitimate interest) or you have consented, as applicable.

Direct contact and on-site or telephone enquiries

When you call, message (including WhatsApp), or visit us, we may process your contact details and the substance of the conversation in line with the same overall purposes: providing information, support, and progressing a possible contract.

Technical data and cookies

We may process: IP address, browser and device type, and similar technical data to secure the Site, prevent abuse, and understand aggregate usage. We set a first-party cookie (for example, to help record anonymous or deduplicated view counts on public vehicle, blog, or listing pages) with a defined lifetime. We do not use that cookie for third-party advertising.

3. Form compliance and this policy

Each web form is accompanied by a short notice explaining that we will use the information to deal with your enquiry, and by reference to the legal basis (see below). This policy is the full explanation; the inline notice is a summary. By sending a form where required fields are completed, you are actively providing the data you enter; we process it only in line with this policy and the purposes stated. If you do not want us to process the data, do not submit the form, or contact us in another way that suits you. For sensitive categories of data, avoid including them in free-text fields unless you are happy for us to receive them in order to help you.

4. Legal bases (why we are allowed to process your data)

We rely on one or more of the following, depending on the case:

  • Legitimate interests— running a dealership, answering enquiries, improving the Site, and (where proportionate) service-related communication, balanced against your rights. You may object in some cases; see “Your rights” below.
  • Taking steps at your request before entering a contract / performance of a contract— for example, progressing a vehicle sale, finance, or lease discussion after you have asked us to.
  • Consent— for example, where the law or our cookie and analytics controls require consent for non-essential cookies; you may withdraw consent and adjust preferences (including via our cookie UI where we provide it) without affecting lawfulness of processing that occurred before withdrawal.
  • Legal obligation— e.g. keeping records the law requires, or responding to a lawful request from a public authority.

5. Your data protection rights (including access, correction, and deletion)

Under the GDPR, you have the following rights, subject to the conditions in the law. You can contact us to exercise them using the contact details in section 1, with “Data protection” in the subject; we may need to verify your identity in line with the law and security.

  • Right of access— to obtain confirmation of whether we process your personal data, and a copy in many cases, together with certain other information.
  • Right to rectification (“correction”)— to have incorrect personal data corrected, or incomplete data completed.
  • Right to erasure (“deletion”)— to ask that we delete your personal data in certain situations (e.g. where it is no longer needed for the purpose, or you withdraw consent and there is no other ground, subject to exceptions such as legal claims or legal retention).
  • Right to restriction of processing— in certain cases, to request that we limit use of your data.
  • Right to data portability— where the legal conditions are met, to receive the personal data you provided in a structured, machine-readable form, or to have it transmitted to another controller where technically feasible.
  • Right to object— to processing based on legitimate interests, or to direct marketing (including profiling for marketing) where applicable. If we process for direct marketing, you have a right to object at any time to that processing.
  • Automated decision-making— you have rights in relation to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects, when the law applies. We will tell you if we use such systems in a way that affects you.
  • Withdrawal of consent— where we rely on consent, you can withdraw it at any time, without affecting the lawfulness of processing that took place before withdrawal, where applicable.
  • Lodge a complaint with a supervisory authority. In Malta, the Office of the Information and Data Protection Commissioner (IDPC) — see idpc.org.mt.

6. How long we keep your data (retention)

Retention depends on the type of data and why we process it. Indicative periods (subject to our ongoing review and to legal, regulatory, and dispute needs):

  • General website enquiries and contact form submissions that do not lead to a full contract with us— often up to 24–36 months after the last substantial contact, unless we need a longer period for a valid reason (for example, an open dispute, or where we are establishing or defending a claim).
  • Data linked to a vehicle purchase, lease, service, or similar contract— for as long as is necessary to perform the contract, honour warranties, and to meet legal, tax, and accounting record-keeping requirements, which in some cases may be several years (exact periods are set by applicable law and our document retention policy).
  • Server and security logs— typically a limited period appropriate for incident investigation and security (often a matter of weeks to months unless a longer hold is required for a specific event).
  • First-party view / visitor cookies(such as our deduplication cookie) — in line with the setting we apply (e.g. up to one year unless you clear cookies, as described in the cookie or browser information we provide). After expiry, a new visit may result in a new identifier.
  • Analytics (where you have consented to analytics tools)— governed also by the relevant provider’s data retention; we configure and use such tools in line with this policy and your choices.

7. Third parties, processors, hosting, and analytics

We do not sell your personal data. We work with processors and service providers who act on our instructions in connection with the Site, our business systems, or communications, including in the following areas (the exact providers may change; we will seek to require appropriate contracts and safeguards):

  • Website hosting, deployment, and infrastructure— the servers, edge network, and related services on which the Site and related applications run (so your data in interactions with the Site is processed in that environment, which may be in the EEA, the UK, or, where a transfer is needed, on the basis of an approved mechanism such as the EU Commission’s standard contractual clauses, unless another exception under Chapter V GDPR applies).
  • Database, email, and business systems— storage and processing of enquiries, client records, and our operational tools.
  • Analytics and measurement tools (optional)— where you have accepted analytics in our cookie or consent settings, we or our scripts may use tools such as Google Analytics 4 (GA4) and/or similar services provided via Google Tag Manager (GTM) or a comparable stack. When enabled, those providers (for example, Google) may process data such as device, approximate location, and on-site activity for reporting; they act as independent controllers or processors under their public terms. If no analytics ID is configured, or you have not consented, we do not load these scripts for you in that mode.
  • Professional and regulatory— e.g. lawyers, accountants, or insurance partners where the law or our agreement with you requires.

Where a processor is in a country that does not have an adequacy decision, we use appropriate safeguards as required by GDPR, such as the Standard Contractual Clauses or other approved mechanisms, unless a derogation applies in a specific case (e.g. a one-off non-repetitive transfer, where applicable).

8. Security

We use appropriate technical and organisational measures to protect your personal data. No method of transmission over the internet is completely secure; we work to follow good industry practice to reduce risk.

9. Children

The Site is not directed at children. We do not knowingly collect data from children under 16. If you believe a child has provided us personal data, please contact us and we will take steps to address it in line with the law.

10. Third-party websites

Links to third parties (e.g. maps, manufacturers, or social media) are not covered by this policy. Read their privacy notices before you submit your data to them.

11. Changes to this policy

We may update this Privacy Policy. The “Last updated” date at the top of this page will change when we do, and in some cases we will give additional notice. Continued use of the Site after a material change, where the law does not require a different step, may constitute acknowledgment of the update.

Need help? Chat on WhatsApp.

WhatsApp