Privacy and
Cookie Policy

Privacy Policy

This Privacy Policy explains how DARI (referred to as “we”, “us” or “our”) collects, uses and protects personal data when you visit our website, submit an enquiry or booking request, apply for a position, or sign up to receive our newsletter. We are committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act (Chapter 586 of the Laws of Malta).

Our website is not intended for minors. We do not knowingly collect personal data relating to children. If you have reason to believe that a minor has provided us with personal data, please contact us immediately at Dp*@*****om.mt and we will take steps to address this.

If you have any questions regarding this policy or how we handle your data, please contact us at: Dp*@*****om.mt.

1. Updates

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The latest version will always be available on this website. Where changes are material, we will notify you by email or by a prominent notice on the website and, where required, seek your re-acceptance of the updated policy. For all other changes, your continued use of the website after the revised date constitutes your acceptance of those changes. We encourage you to review this page periodically. This policy was last reviewed in April 2026.

2. What Amounts to Personal Data?

Personal data means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity.

We collect personal data when you interact with our website through our contact form, booking form, newsletter sign-up, or job application form. Certain technical data is also collected automatically when you visit our website.

3. How Do We Collect Personal Data?

We collect personal data through the following methods:

• Contact form: when you submit an enquiry through our contact form, you provide your name, email address and the content of your message.

• Booking form: when you submit a booking request, you provide your name, email address and phone number.

• Newsletter sign-up: when you subscribe to our newsletter via Mailchimp, you provide your email address.

• Job application form: when you apply for a position through our careers form, you provide your name, phone number, email address and a copy of your CV, which may contain additional personal data.

• Automated technologies: when you visit our website, certain data is collected automatically via cookies and similar tracking technologies, including Google Analytics, Hotjar, Google Ads, Meta (Facebook) Pixel and Cloudflare. Please refer to our Cookie Policy for full details.

• Email marketing interactions: when you open or click links in our marketing emails sent via Mailchimp, standard tracking data (open rates and click activity) is recorded via web beacons embedded in those emails.

4. What Personal Data Do We Process?

We process the following categories of personal data:

• Identity data: first name and last name.

• Contact data: email address and phone number.

• Communications data: the content of messages submitted through our contact form and any direct email correspondence with us.

• Booking data: name, email address, phone number and preferred dates submitted through our booking request form.

• Job application data: name, phone number, email address and CV content, which may include employment history, qualifications, references and other personal information provided by the applicant.

• Marketing preferences: newsletter subscription status and email engagement data (open rates and click activity) recorded via Mailchimp.

• Technical and usage data: IP address, browser type and version, device type, operating system, pages visited, session behaviour and heatmap data collected via Google Analytics, Hotjar and Cloudflare.

• Advertising interaction data: data collected via the Google Ads remarketing pixel and Meta (Facebook) Pixel relating to your interactions with our website for the purposes of targeted advertising on those platforms.

We do not process special categories of personal data (such as health, biometric, religious or ethnic data), nor do we process data relating to criminal convictions or offences.

5. How Do We Use Your Personal Data?

We use your personal data for the following purposes:

• To respond to enquiries: to review and respond to messages submitted through our contact form.

• To process booking requests: to receive, review and follow up on booking requests submitted through our booking form.

• To process job applications: to review CVs and application details submitted through our careers form and to contact applicants regarding their application.

• To send marketing communications: to send newsletters and promotional emails to opted-in subscribers via Mailchimp. You may unsubscribe at any time using the link in any of our emails.

• To display targeted advertising: to show you relevant advertisements on Google and Meta (Facebook/Instagram) based on your interactions with our website, using remarketing pixels. This processing only occurs where you have given your consent via our cookie banner.

• To analyse and improve our website: to use anonymised analytics data from Google Analytics and behavioural data from Hotjar (including heatmaps and session recordings) to understand how visitors use our website and to improve its content and performance.

We do not sell products directly through our website. We do not use your personal data for any purpose other than those stated above.

6. Legal Bases of Processing Personal Data

We rely on the following legal bases for processing your personal data:

• Legitimate interests (Article 6(1)(f) GDPR): responding to enquiries submitted through our contact form and processing booking requests are carried out on the basis of our legitimate interest in managing our business relationships and providing our services. We have assessed that these interests do not override your fundamental rights and freedoms.

• Consent (Article 6(1)(a) GDPR): we rely on consent for: newsletter subscriptions via Mailchimp; the placement of analytics cookies (Google Analytics, Hotjar); advertising and remarketing cookies (Google Ads, Meta Pixel); and email open/click tracking via Mailchimp web beacons. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

• Legitimate interests (Article 6(1)(f) GDPR): job applications; processing job applications is carried out on the basis of our legitimate interest in recruiting suitable candidates. Applicants are free to withdraw their application at any time by contacting us.

7. Recipients

We share your personal data with the following third-party recipients:

• Mailchimp (Intuit Inc.): email marketing platform. Mailchimp processes subscriber email addresses and delivers our newsletters and marketing campaigns. Mailchimp also records email open and click activity via web beacons. Mailchimp is based in the United States.

• Google LLC: provider of Google Analytics, Google Search Console and Google Ads remarketing. Google receives anonymised analytics data about visits to our website and advertising interaction data via the Google Ads pixel. Google is based in the United States.

• Meta Platforms, Inc.: provider of the Meta (Facebook) Pixel, which collects data about your interactions with our website for the purposes of targeted advertising on Facebook and Instagram. Meta is based in the United States and acts as an independent data controller in respect of data collected through its pixel.

• Hotjar Ltd: provider of heatmapping and session recording services. Hotjar records anonymised visitor behaviour on our website including mouse movements, clicks and scrolling. Hotjar is based in Malta but processes data on servers in the European Union and the United States.

• Cloudflare, Inc.: provider of content delivery network and security services. Cloudflare processes connection data to route traffic and protect our website. Cloudflare is based in the United States.

• Google reCAPTCHA (Google LLC): bot detection and anti-spam service embedded in our website forms. reCAPTCHA processes interaction data to distinguish human users from automated bots. Google is based in the United States.

• CleanTalk: anti-spam and firewall solution used to protect our website forms from automated spam submissions. CleanTalk processes form interaction data and device information for spam detection and security purposes.

• YouTube (Google LLC): embedded video platform. Where YouTube videos are embedded on our website, YouTube may set cookies on your device when you interact with the video player. YouTube is operated by Google LLC and is based in the United States.

• PixelYourSite: plugin used to manage and coordinate analytics and tracking pixel events on our website, including the firing of Google Analytics and Meta Pixel tags.

• Stape: server-side tag management platform used to process and relay analytics and tracking data. Stape operates server-side infrastructure to facilitate compliant data collection.

We do not sell, rent or share your personal data with any other third parties for their own purposes. In the event of a corporate merger, acquisition or sale of assets, your personal data may be transferred to any successor entity, which will be required to honour the commitments made in this Privacy Policy.

8. Automated Decision-Making and Profiling

We do not carry out any automated decision-making or profiling that produces legal or similarly significant effects on you.

Meta and Google may use data collected via their respective advertising pixels to create audience profiles and determine which advertisements to show you on their platforms. This processing is carried out by those platforms acting as independent data controllers and is governed by their respective privacy policies.

9. Data Retention

We retain personal data only for as long as is necessary for the purposes for which it was collected. When personal data is no longer required, it is securely deleted or anonymised.

• Enquiry and contact form data: retained for a maximum of two years from the date of the enquiry.

• Booking request data: retained for a maximum of two years from the date of the request, or for such longer period as may be necessary for the resolution of a dispute.

• Job application data: retained for a maximum of two years from the date of submission. If the applicant is appointed, their data will be retained as part of their employment record in accordance with applicable employment law.

• Newsletter and marketing data: retained for as long as you remain subscribed. Marketing data is reviewed annually and deleted upon unsubscription or withdrawal of consent.

• Website analytics and behavioural data: Google Analytics user-level data is retained for 14 months by default. Hotjar session recordings are retained in accordance with Hotjar’s own data retention settings.

10. Your Rights

Under the GDPR, you have the following rights in relation to your personal data:

• Right of access: you may request a copy of the personal data we hold about you.

• Right to rectification: you may request that we correct any inaccurate or incomplete data we hold about you.

• Right to erasure: you may request that we delete your personal data where there is no longer a legitimate reason for us to retain it. Please note that this right is not absolute and may be limited where we are required to retain data to comply with a legal obligation or to establish, exercise or defend legal claims.

• Right to restriction of processing: you may request that we restrict the processing of your data in certain circumstances, for example while the accuracy of your data is being verified.

• Right to data portability: you may request that we transfer your personal data to you or to another organisation in a structured, commonly used and machine-readable format, where processing is based on contract or consent and carried out by automated means.

• Right to object: you may object to our processing of your personal data where we rely on legitimate interests as our legal basis. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests. You have an absolute right to object to processing for direct marketing purposes.

• Right to withdraw consent: where we rely on consent as a legal basis, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

• Right to human intervention: where any decision is made by solely automated means and produces legal or similarly significant effects on you, you have the right to request human review of that decision.

To exercise any of the above rights, please contact us at dp*@*****om.mt. We will respond to all legitimate requests without undue delay and in any event within one month of receipt. We may need to verify your identity before processing your request. Where a request is made on your behalf by a third party, we may also ask for proof of authorisation.

You also have the right to lodge a complaint with the supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement. See Section 12 for details of our Lead Supervisory Authority.

11. Keeping Your Data Secure

We take appropriate technical and organisational measures to protect your personal data from accidental loss, unauthorised access, use, alteration or disclosure. Access to personal data is restricted to authorised personnel only. Our website is protected by Cloudflare’s security and content delivery services.

CVs and job application data submitted through our careers form are treated with particular care and are only accessible to those directly involved in the recruitment process.

Please note that the transmission of information over the internet is never completely secure. While we take all reasonable steps to protect your data, we cannot guarantee the security of data transmitted to our website.

We have adopted procedures to deal with any actual or suspected personal data breach. Where a breach is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by applicable law.

12. Complaints

If you have a concern about the way we handle your personal data, we encourage you to contact us in the first instance at Dp*@*****om.mt so that we may address your concern directly.

You also have the right to lodge a complaint with our Lead Supervisory Authority, the Information and Data Protection Commissioner (IDPC), which is the Maltese authority responsible for data protection matters:

Address: Level 2, Airways House, High Street, Sliema, Malta

Email: id*******@******rg.mt

Website: https://idpc.org.mt

Telephone: +356 2328 7100

13. Provision of Personal Data Relating to Third Party Data Subjects

If you provide us with personal data relating to another individual, for example, in the context of a booking or referral, you confirm that you are authorised to share that data on their behalf and that you have informed them of how their data will be used in accordance with this Privacy Policy. We will process such data only for the purposes for which it was provided.

International Transfers

Several of our third-party service providers are based in the United States, which has not been the subject of a general adequacy decision by the European Commission. The transfer of personal data to these organisations is carried out on the basis of Standard Contractual Clauses approved by the European Commission, which provide appropriate safeguards for the protection of your personal data. For further information on countries recognised by the European Commission as providing an adequate level of data protection, please refer to the European Commission’s list of adequate countries.

The relevant providers and their privacy policies are as follows:

• Mailchimp: mailchimp.com/legal/privacy

• Google Analytics / Google Ads: policies.google.com/privacy

• Meta (Facebook): facebook.com/privacy/policy

• Hotjar: hotjar.com/legal/privacy

• Cloudflare: cloudflare.com/privacypolicy

Cookie Policy

Last updated: April 2026

1. What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work correctly, remember your preferences, and provide information to the website owner about how the site is being used.

This Cookie Policy explains what cookies we use on this website, why we use them, and how you can control them. It should be read alongside our Privacy Policy, which sets out how we handle your personal data more broadly.

2. How We Use Cookies

We use cookies across four categories: to ensure our website functions correctly; to understand how visitors use our site; to display relevant advertising on third-party platforms; and to track engagement with our marketing emails.

When you first visit our website, a cookie consent banner will appear. Necessary cookies are set automatically as they are essential to the operation of the site. All other cookies are only set with your prior consent.

You can change your cookie preferences at any time by clicking the cookie settings option on our website.

3. Necessary Cookies

These cookies are essential for the website to function correctly and cannot be switched off. They do not require your consent, but we are required to inform you of their use.

Cookie Name	Provider	Type	Purpose	Expiry
__cky_uuid	CookieYes	Necessary	Assigns a unique ID to the visitor to remember their cookie consent preferences.	1 year
cookieyes-consent	CookieYes	Necessary	Stores the visitor’s cookie consent state for the current domain.	1 year
__cky_opt_out	CookieYes	Necessary	Records whether the visitor has opted out of non-essential cookies.	1 year
__cf_bm	Cloudflare	Necessary	Distinguishes between humans and automated bots to protect the website from malicious traffic.	30 minutes
_cfuvid	Cloudflare	Necessary	Used for rate limiting helping to distinguish individual users sharing the same IP address to prevent abuse.	Session
wordpress_test_cookie	WordPress	Necessary	Checks whether the browser accepts cookies required for core WordPress functionality.	Session
wp-settings-*	WordPress	Necessary	Stores interface preferences for logged-in users of the WordPress admin area.	1 year
wordpress_test_cookie	WordPress	Necessary	Checks whether the browser accepts cookies. Required for core WordPress functionality.	Session
wp_lang	WordPress	Necessary	Stores the WordPress language preference (en_GB) to display the site in the correct language.	Session
elementor	Elementor	Necessary	Stores the visitor’s Elementor page builder version to ensure correct page rendering.	Never
wpEmojiSettingsSupports	WordPress	Necessary	Checks and stores whether the visitor’s browser supportsemoji rendering.	Session
rc::a	Google reCAPTCHA	Necessary	Used by Google reCAPTCHA to distinguish humans from bots. Persistent cookie.	Persistent
rc::c	Google reCAPTCHA	Necessary	Used by Google reCAPTCHA to distinguish humans from bots. Session cookie.	Session
ct_pointer_data	CleanTalk	Necessary	Used by CleanTalkanti-spam to detect automated bot activity.	Session
apbct_page_hits	CleanTalk	Necessary	Used by CleanTalkto count page hits for bot detection purposes.	Session
ct_timezone	CleanTalk	Necessary	Stores the visitor’s timezone for CleanTalk anti-spam verification.	Session
ct_has_scrolled	CleanTalk	Necessary	Detects whether the visitor has scrolled the page. Used for bot detection.	Session
apbct_visible_fields	CleanTalk	Necessary	Used by CleanTalkanti-spam firewall to detect visible form fields.	Session
apbct_headless	CleanTalk	Necessary	Detects headless browsers for CleanTalk spam detection and security.	Session
VISITOR_PRIVACY_METADATA	YouTube	Necessary	Stores cookie consent state for YouTube embedded content.	6 months

4. Analytics Cookies

These cookies help us understand how visitors interact with our website. The data collected is used to improve the website’s content and performance. These cookies are only set with your prior consent.

Cookie Name	Provider	Type	Purpose	Expiry
_ga	Google Analytics	Analytics	Registers a unique ID used to generate statistical data on how you use the website.	2 years
_ga_*	Google Analytics	Analytics	Used by Google Analytics 4 to persist session state and measure site engagement.	2 years
_gid	Google Analytics	Analytics	Registers a unique ID used to generate statistical data on how you use the website.	24 hours
_gat	Google Analytics	Analytics	Used to throttle the rate of requests to Google Analytics servers.	1 minute
_hjSessionUser_*	Hotjar	Analytics	Assigns a unique Hotjar user ID to the visitor. Used for heatmapping and session recording.	1 year
_hjSession_*	Hotjar	Analytics	Holds current session data. Ensures subsequent requests are attributed to the same session.	30 minutes
_hjFirstSeen	Hotjar	Analytics	Identifies whether this is the visitor’s first session used for Hotjar analytics reporting.	Session
_hjIncludedInSessionSample_*	Hotjar	Analytics	Determines whether the visitor’s session is included in the session recording sample.	2 minutes
_hjAbsoluteSessionInProgress	Hotjar	Analytics	Detects the first pageview session of the visitor used to limit data collection frequency.	30 minutes
ct_screen_info	CleanTalk	Functional	Stores screen information used by CleanTalk anti-spam firewall.	Session
ct_checkjs	CleanTalk	Functional	Used by CleanTalkto verify JavaScript execution. Prevents form spam.	Session
ct_ps_timestamp	CleanTalk	Functional	Records a timestamp used by CleanTalk for form spam prevention.	Session
ct_fkp_timestamp	CleanTalk	Functional	Records a timestamp used by CleanTalk for form spam prevention.	Session
ct_checked_emails	CleanTalk	Functional	Stores checked email addresses to prevent repeated spam submissions.	Session
VISITOR_INFO1_LIVE	YouTube	Functional	Used by YouTube to estimate bandwidth and adjust the player interface for embedded videos.	6 months
yt-remote-connected-devices	YouTube	Functional	Stores information about connected devices for YouTube video preferences.	Persistent
yt-remote-device-id	YouTube	Functional	Stores a remote device ID for YouTube video preference settings.	Persistent
ytidb::LAST_RESULT_ENTRY_KEY	YouTube	Functional	Stores the last search result entry key for YouTube player functionality.	Persistent
yt-remote-session-name	YouTube	Functional	Stores YouTube player session preferences.	Session
yt-remote-fast-check-period	YouTube	Functional	Stores YouTube player fast-check period preferences.	Session
yt-remote-session-app	YouTube	Functional	Stores YouTube player session app preferences.	Session
yt-remote-cast-available	YouTube	Functional	Stores whether casting is available for the YouTube player.	Session
yt-remote-cast-installed	YouTube	Functional	Stores whether a casting device is installed for the YouTube player.	Session
__Secure-ROLLOUT_TOKEN	YouTube	Functional	YouTube rollout token cookie. Requires script URL pattern configuration in CookieYes.	6 months
__Secure-YEC	YouTube	Functional	YouTube functional cookie. Requires script URL pattern configuration in CookieYes.	Persistent

5. Marketing and Advertising Cookies

These cookies are used to show you relevant advertisements on third-party platforms such as Google and Meta (Facebook/Instagram) based on your interactions with our website. They track browsing activity across sites to build a profile of your interests. These cookies are only set with your prior consent.

Cookie Name	Provider	Type	Purpose	Expiry
_gcl_au	Google Ads	Marketing	Used by Google Ads to store and track conversions from ad clicks. Helps measure the effectiveness of advertising campaigns.	3 months
_fbp	Meta (Facebook)	Marketing	Used by Meta to deliver, measure and improve the relevance of advertisements on Facebook and Instagram.	3 months
_fbc	Meta (Facebook)	Marketing	Stores the last Facebook click ID used to attribute conversions to specific ad clicks.	3 months
YSC	YouTube	Analytics	Registers a unique ID to track views of embedded YouTube videos on the website.	Session
pys_session_limit	PixelYourSite	Analytics	Used by PixelYourSite to manage analytical services and session tracking.	1 hour
pys_start_session	PixelYourSite	Analytics	Used by PixelYourSite to mark the start of an analytical session.	Session
cee	Stape	Analytics	Used by Stape for server-side tracking and analytics data collection.	3 months

6. Third-Party Embedded Content

Our website includes embedded Google Maps. When you interact with an embedded map, Google may set its own cookies on your device. These cookies are subject to Google’s own privacy policy and are set regardless of your cookie preferences for our website.

Cookie Name	Provider	Type	Purpose	Expiry
NID	Google Maps	Marketing	Used by Google to store user preferences and track visits for advertising purposes when interacting with embedded maps.	6 months
CONSENT	Google Maps	Necessary	Stores the user’s cookie consent state for Google services.	2 years
1P_JAR	Google Maps	Marketing	Used by Google to collect website statistics and track conversion rates for ads shown on Google Maps.	1 month

We recommend reviewing Google’s Privacy Policy at policies.google.com/privacy for full details of how Google uses data collected through embedded maps.

7. Email Tracking

In addition to cookies on our website, we use standard tracking technologies in our marketing emails sent via Mailchimp. These include web beacons (small invisible images embedded in emails) which allow us to see whether an email has been opened, and which links have been clicked.

This tracking only takes place within our marketing emails, not on our website. It applies only to subscribers who have opted in to receive our newsletter. You may opt out at any time by unsubscribing using the link in any of our emails or by contacting us directly.

8. Managing Your Cookie Preferences

You can manage or withdraw your consent to non-essential cookies at any time by clicking the cookie settings option on our website. Withdrawing consent will not affect the lawfulness of any processing that took place before you withdrew it.

You can also control cookies directly through your browser settings. Most browsers allow you to refuse, delete or be notified when a cookie is set. Please note that disabling certain cookies may affect how the website functions. For guidance on managing cookies in your browser, visit www.aboutcookies.org.

For advertising cookies set by third-party platforms, you can also manage your preferences directly through those platforms:

• Google Ads: adssettings.google.com

• Meta (Facebook/Instagram): facebook.com/ads/preferences

9. Third-Party Privacy Policies

Some cookies on this website are set by third-party providers. Their data practices are governed by their own privacy policies:

• Google Analytics / Google Ads / Google Maps: policies.google.com/privacy

• Hotjar: hotjar.com/legal/privacy

• Meta (Facebook): facebook.com/privacy/policy

• Mailchimp: mailchimp.com/legal/privacy

• Cloudflare: cloudflare.com/privacypolicy

• CookieYes: cookieyes.com/privacy-policy

10. Updates to This Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in the cookies we use or for legal or regulatory reasons. The latest version will always be available on this website. We encourage you to review this page periodically.

11. Contact Us

If you have any questions about our use of cookies, please contact us at Dp*@*****om.mt.

Privacy and Cookie Policy

Privacy Policy

Cookie Policy

Privacy and
Cookie Policy