Privacy Policy
Introduction
This Privacy Policy describes how Instacoins Ltd, operating the Instacoins Concierge & Lifestyle service (the "Service"), collects, uses, stores, and protects personal data in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation — GDPR), and applicable EU and national data protection laws.
Instacoins Concierge & Lifestyle is a concierge and lifestyle facilitation service that assists clients with requests, arrangements, and introductions to independent third-party service providers (such as travel, hospitality, events, lifestyle, and related services).
This Policy applies to personal data collected through direct client interactions, digital communications, and the use of our website or service channels.
Instacoins shall use its reasonable endeavours to fulfil all concierge requests in a timely and professional manner. However, you acknowledge that the fulfilment of certain requests depends entirely on the availability, cooperation, and discretion of third-party suppliers. Instacoins does not guarantee the success of any request and shall not be liable for any disappointment, loss of opportunity, or indirect damages resulting from a supplier's inability to provide a service or the unavailability of a requested item.
Data Controller
The data controller for the purposes of the GDPR is Instacoins Ltd, company number C 86830, with registered address: 18, Arringo Towers, Triq Vincezo Bugeja, Floriana, FRN 1553, Malta. Instacoins Concierge & Lifestyle is a service line and trade name operated by Instacoins Ltd and does not constitute a separate legal entity.
Categories of Personal Data
Depending on the nature of the services requested, we may process the following categories of personal data:
Full name, email address, telephone number, and residential or correspondence address.
Concierge requests and instructions, lifestyle preferences and requirements, communications and correspondence, and supplier selections and arrangements.
Payment details (where required for service fees) and invoicing and billing information. Note: payment processing may be handled by third-party payment providers acting as independent controllers or processors.
IP address, device and browser information, and cookies and usage analytics.
Emails, messages, and call records or notes where applicable.
We do not intentionally collect special category data (Article 9 GDPR) unless it is strictly necessary to fulfil a specific client request, and it is provided voluntarily and knowingly by the client.
Sources of Personal Data
Personal data is collected:
- Directly from you when you contact us or request services.
- Through ongoing communications relating to your requests.
- Indirectly from third parties where a request is made on your behalf.
- Automatically through website or technical interactions.
We do not intentionally collect sensitive personal data (such as health, religion, or political affiliation) unless it is strictly necessary to fulfil a specific concierge request (for example, medical dietary requirements or disability access). By voluntarily providing such information to facilitate a request, you provide your explicit consent for Instacoins to process this data solely for that purpose.
If you choose to communicate with us via third-party platforms such as WhatsApp, Telegram, or Signal, please be aware that these services have their own privacy policies and encryption standards. While Instacoins protects your data once received, we are not responsible for the data security practices of these third-party messaging providers.
Purposes of Processing
We process personal data for the following purposes:
- To provide, manage, and coordinate concierge services.
- To communicate with you regarding requests, confirmations, changes, or updates.
- To liaise with third-party service providers at your request.
- To process payments and issue invoices where applicable.
- To improve service quality, internal processes, and client experience.
- To comply with legal, regulatory, and contractual obligations.
- To prevent fraud, misuse, or abuse of the Service.
We process your past preferences, booking history, and feedback to create a lifestyle profile. This allows us to provide highly tailored recommendations and priority access to services we believe will interest you. You have the right to object to this profiling at any time by contacting us at support@instacoins.com.
Data Sharing & Recipients
When we share your data with a supplier to facilitate a booking, that supplier becomes an independent data controller of your information. We recommend you review the privacy policies of any third-party supplier you engage with, as Instacoins is not responsible for their subsequent use of your personal data.
Travel Documentation and Insurance
It is your sole responsibility to ensure that you and any accompanying guests possess valid passports, visas, and health certificates required for any travel services arranged.
Instacoins strongly recommends that you maintain comprehensive travel insurance. Instacoins shall not be liable for any costs or losses arising from your failure to obtain adequate insurance or valid travel documentation.
Automated Personalisation and Profiling
We may use automated systems or artificial intelligence to analyse your past preferences and requests to provide more relevant lifestyle recommendations.
This profiling is conducted to enhance your experience and does not produce legal effects or similarly significant impacts. You have the right to object to such profiling or request human intervention by contacting us at support@instacoins.com.
Legal Bases for Processing
Personal data is processed on one or more of the following legal bases under Article 6 GDPR:
- Performance of a contract — where processing is necessary to provide the requested concierge services.
- Legal obligation — where processing is required under applicable laws, including accounting, tax, AML, and consumer protection.
- Legitimate interests — including service improvement, internal administration, fraud prevention, and business continuity, provided such interests are not overridden by your rights.
- Consent — where required, particularly for marketing communications or non-essential cookies.
Where processing is based on consent, you may withdraw that consent at any time.
We process identity and transaction data to meet our legal obligations regarding Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations in Malta. This may include sharing data with regulatory authorities or fraud prevention agencies where required by law.
International Data Transfers
To fulfil your requests, we may need to transfer your personal data to suppliers located outside the European Economic Area (EEA). Where such transfers occur, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or we rely on the necessity of the transfer for the performance of your requested booking.
Where personal data is transferred outside the EEA, we ensure appropriate safeguards including European Commission adequacy decisions where applicable, Standard Contractual Clauses (SCCs), and additional technical and organisational safeguards where required. Transfers are limited to what is strictly necessary to provide the requested services.
Recipients of Personal Data
We may share personal data with the following categories of recipients, strictly on a need-to-know basis:
- Third-party service providers or suppliers, solely to fulfil your specific concierge requests.
- Professional advisers, including legal, accounting, compliance, or IT service providers.
- Public or regulatory authorities, where required by law or lawful request.
We do not sell or rent personal data. All third parties are required to process personal data in accordance with GDPR, either as independent controllers or as processors under appropriate contractual safeguards.
Data Retention
Personal data is retained only for as long as necessary for the purposes for which it was collected:
- Active client data — for the duration of the service relationship.
- Contractual and financial records — up to 10 years, in accordance with legal obligations.
- Marketing data — until consent is withdrawn or the data is no longer relevant.
Retention periods may be extended where required by law or for the establishment, exercise, or defence of legal claims. Contractual, financial, and communication records are retained for a period of ten (10) years following the termination of our service relationship to comply with Maltese civil and commercial limitation periods and tax obligations. Records of high-value transactions, communications, and identity verification (KYC) documents may also be retained for up to ten (10) years.
Your Rights
You have the following rights under GDPR:
- Right of access
- Right to rectification
- Right to erasure
- Right to restriction of processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent
- Right to lodge a complaint with the Malta IDPC
Requests may be submitted to support@instacoins.com. We may require verification of identity before responding.
Cookies & Tracking Technologies
We use cookies and similar technologies to ensure website functionality, analyse usage and performance, and improve user experience. You can manage cookies through your browser settings. Disabling cookies may affect functionality.
Security Measures
We implement appropriate technical and organisational security measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Despite these measures, no system can guarantee absolute security.
Updates to This Policy
This Privacy Policy may be updated periodically to reflect changes in law, regulation, or business practices. Material changes will be communicated where appropriate.
Contact
For questions regarding this Privacy Policy or the processing of personal data, please contact support@instacoins.com.