Privacy Notice

Last updated: January 2026

This privacy notice for Government of Malta (MSPC) ('We', 'Us', or 'Our'), describes how and why We might collect, store, use, and/or share ('process') your information when you use Our Service.

Service and/or Application in this case refers to the download and use of this mobile application -- RetireSmart App.

Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with Our policies and practices, please do not use Our Service. If you still have any questions or concerns, please contact us at [email protected].

Summary of Key Points

This summary provides key points from Our privacy notice. You can find a more detailed explanation about any of these topics by using Our table of contents below to find the section you are looking for.

What personal information do We process? When you use Our Service, We may process personal information depending on how you interact with the Service, the choices you make, and the information you provide.

Do We process any sensitive personal data and/or Special Categories of Personal data? Depending on the information you provide We could be processing sensitive personal information and/or Special Categories of Data.

Do We receive any information from third parties? We do not receive any information from third parties.

How do We process your information? The processing of personal data shall be conducted according to the European General Data Protection Regulation (GDPR) and the Data Protection Act (Chapter 586 of the Laws of Malta).

We process your information to provide, improve, and administer Our Service, to communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when We have a valid legal reason to do so.

We may process personal data for statistical, analytical, and reporting purposes, including to understand how Our Service are used, to monitor and improve Our Service, and to generate aggregated insights. Where possible, data used for these purposes is aggregated or anonymised and does not identify you directly. Such processing is carried out in accordance with applicable data protection laws and subject to appropriate technical and organisational safeguards. Any special category data will in any case be aggregated, and no individuals shall be singled out.

In what situations and with which parties do We share personal information? We may share information in specific situations and with specific third parties.

How do We keep your information safe? We have organisational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so We cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat Our security and improperly collect, access, steal, or modify your information.

What are your rights? Your personal data shall be retained for as long as legally required and/or reasonably necessary to satisfy the declared purposes of the Service and to satisfy any legal obligations imposed on Us. You have the right to request from the Controller access to and rectification or erasure of personal data or restriction of processing of personal data concerning yourself or to object to processing as well as the right to data portability, according to law.

You have the right to lodge a complaint with the Office of the Information and Data Protection Commissioner, or any other supervisory authority, if applicable in accordance with the Regulation.

Table of Contents

1. What Information Do We Collect?
2. How Do We Process Your Information?
3. When and With Whom Do We Share Your Personal Information?
4. How Long Do We Keep Your Information?
5. How Do We Keep Your Information Safe?
6. Do We Collect Information From Minors?
7. What Are Your Privacy Rights?
8. Do We Make Updates to This Notice?
9. How Can You Contact Us About This Privacy Notice?

1. What Information Do We Collect?

In Short: We collect personal information that you provide to Us.

We collect personal information that you voluntarily provide to Us when you use the Service.

Personal Information Provided by You

The personal information that We collect depends on the context of your interactions with Our Service, the information you input, the choices you make, and the features you use. The personal information We collect may include the following:

• Name
• Date of birth
• Your age when you started your first, full-time employment
• Your current salary
• Your employment gaps (i.e. assigned non-paid credits and the reasons for which these credits are attributable, whether they are related to study and/or voluntary work and/or child-rearing)
• Your ideal retirement lifestyle

Sensitive Personal Data / Special Categories of Personal Data

When you choose to provide personal information to Us, for example when explaining periods of absence from work such as gap years, you may voluntarily include information that could be considered special categories of personal data under Article 9 of the GDPR. This may include, by way of example, information relating to health or disability, such as details concerning the care of a child with a disability.

Where you choose to include it, We will process this information only to the extent necessary for the specific purpose for which it was provided and in accordance with applicable data protection laws. Such processing is based on your explicit consent, which you provide by voluntarily submitting this information, and is subject to appropriate technical and organizational safeguards.

Application Data

If you use Our Application, We also may collect the following information if you choose to provide Us with access or permission:

• Geolocation Information. We may request access or permission to track location-based information from your mobile device, either continuously or while you are using Our mobile Application, to provide certain location-based services. If you wish to change Our access or permissions, you may do so in your device's settings.
• Mobile Device Data. We automatically collect device information (such as your mobile device ID, model, and manufacturer), operating system, version information and system configuration information, device and application identification numbers, browser type and version, hardware model, Internet service provider and/or mobile carrier, and Internet Protocol (IP) address (or proxy server). If you are using Our Service, We may also collect information about the phone network associated with your mobile device, your mobile device's operating system or platform, the type of mobile device you use, your mobile device's unique device ID, and information about the features of Our Application you accessed.
• Push Notifications. We may send you push notifications regarding your account or certain features of the Application.

This information is primarily needed to maintain the security and operation of Our Application, for troubleshooting, and for Our internal analytics and reporting purposes.

2. How Do We Process Your Information?

In Short: The processing of personal data shall be conducted according to the GDPR and the Data Protection Act.

We process your information to provide, improve, and administer Our Service, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

We process your personal information for a variety of reasons, depending on how you interact with Our Service, including:

• To deliver and facilitate delivery of Service to the user. We may process your information to provide you with the requested Service.
• To respond to user inquiries / offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the Service.
• For statistical, analytical, and reporting purposes, including to understand how Our Services are used, to monitor and improve Our Service, and to generate aggregated insights. Where possible, data used for these purposes is aggregated or anonymised and does not identify you directly. Such processing is carried out in accordance with applicable data protection laws and subject to appropriate technical and organisational safeguards. Any special category data will in any case be aggregated, and no individuals shall be singled out.
• To send administrative information to you. We may process your information to send you details about Our products and services, changes to Our terms and policies, and other similar information.
• To enable user-to-user communications. We may process your information if you choose to use any of Our offerings that allow for communication with another user.
• To send you marketing and promotional communications. We may process the personal information you send to Us for Our marketing purposes, if this is in accordance with your marketing preferences.
• To comply with Our legal obligations. We may process your information to comply with Our legal obligations, respond to legal requests, and exercise, establish, or defend Our legal rights.

3. When and With Whom Do We Share Your Personal Information?

In Short: We may share information in specific situations described in this section and/or with the following third parties.

We may need to share your personal information in the following situations:

• We may disclose your personal information to relevant government departments where this is required by law or necessary to fulfil statutory obligations.
• We may share your personal data with third-party service providers who are contracted by Us to operate, maintain, or improve Our app, including providers of app hosting, technical maintenance, security services, and data analytics. These third parties are only allowed to process your data on Our instructions and are required to comply with applicable data protection laws and implement appropriate safeguards. Where special category data is involved, additional safeguards are applied in accordance with GDPR.

4. How Long Do We Keep Your Information?

In Short: We keep your information for as long as necessary to fulfil the purposes outlined in this privacy notice unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law. When the Personal Data is no longer required it will be disposed of in an efficient manner ensuring that such information is no longer available to Us.

5. How Do We Keep Your Information Safe?

We have implemented appropriate and reasonable technical and organisational security measures designed to protect the security of any personal information We process. However, despite Our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so We cannot guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat Our security and improperly collect, access, steal, or modify your information. Although We will do Our best to protect your personal information, transmission of personal information to and from Our Service is at your own risk.

6. Do We Collect Information From Minors?

In Short: We do not knowingly collect data from or market to minors under 18 years of age.

By using the Service, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Service. Should We learn that personal information from users less than 18 years of age has been collected, We will take reasonable measures to promptly delete such data from Our records. If you become aware of any data We may have collected from children under age 18, please contact us at [email protected].

7. What Are Your Privacy Rights?

In Short: Deleting or uninstalling the Application will not automatically delete the personal data We have collected. You can request deletion, access, or other actions regarding your personal data as described below.

If you are in Malta and believe that We are unlawfully processing your personal data, you have the right to lodge a complaint with the Office of the Information and Data Protection Commissioner, or any other applicable supervisory authority under the GDPR.

Withdrawing Your Consent

If We are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Withdrawing consent does not affect the lawfulness of processing carried out before your withdrawal, or processing conducted on another lawful basis.

Your GDPR Rights

You have the right to:

• Access your personal data
• Request correction of inaccurate or incomplete data
• Request deletion ("right to be forgotten")
• Request restriction of processing
• Object to processing
• Request data portability

How to Exercise Your Rights

To review, update, or delete your personal data, or to exercise any of the rights above, you may submit a request to Us by contacting the Controller at [email protected]. We will respond in accordance with applicable law.

8. Do We Make Updates to This Notice?

In Short: Yes, We will update this notice as necessary to stay compliant with relevant laws.

We may update this privacy notice from time to time. The updated version will be indicated by an updated 'Revised' date and the updated version will be effective as soon as it is accessible. If We make material changes to this privacy notice, We may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how We are protecting your information.

9. How Can You Contact Us About This Privacy Notice?

If you have questions or comments about this notice, you may contact the Controller by email at [email protected].