The EU General Data Protection Regulation (GDPR), which came into force on 25 May 2018, provides new rights to individuals and requires organisations to provide information about their processing in a clear and transparent way. This Privacy Policy takes into account these requirements and explains how Mushroom and Mushroom (“we” or “us”) collects, stores and uses personal data we obtain through this website.

Any personal data provided by you voluntarily through our website or through your communications via email with us will be processed in accordance with the Data Protection Act (Chapter 586 of the Laws of Malta), the GDPR, and any other relevant data protection legislation, as may be applicable from time to time.

We are committed to protecting our visitors’ privacy and we will not collect any personal information about you as a visitor unless you provide it voluntarily. Any personal information you communicate to us is kept within the Mushroom and Mushroom itself in accordance with the Data Protection Act 2001 and General Data Protection Regulation and Data Protection Act 2018.

We have a legal duty to respect and protect any personal information collected. All necessary safeguards will be taken to prevent unauthorized access and any collected details will not be passed to any third party unless you give us your consent to do so.

By using our website you hereby consent to our Privacy Policy and agree to its terms.


“event” means Santa’s World Malta, an event to be organised by the organiser involving but not limited to the creation of a Santa’s village at the MFCC Grounds Ta’Qali over a number of days throughout the months of December 2022 and January 2023.

“Controller” refers to the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“organiser” means any company and individuals employed therein who are responsible for the organising and holding of the event.

“Personal Data” refers to any information relating to an identified or identifiable natural person. This includes any identifiable material relating to their physical, physiological, mental, economic, cultural, or social identity and includes but is not limited to physical files, identification numbers, location data and images or records of individuals.

“Processing” is used to refer to any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

“Processor” refers to a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

“Third party” means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

“Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.


As a visitor, we collect three types of information on you:

  • Personal details from forms, such as contact forms and mailing list;



We use the information we collect in various ways, including to:

  • Organise the event to give you the best possible experience
  • Provide, operate, and maintain our website;
  • Improve, personalize, and expand our website;
  • Understand and analyse how you use our website;
  • Develop new products, services, features, and functionality;
  • Improve, personalize, and expand our website;
  • Communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the website, and for marketing and promotional purposes.


When you create a log-in user, we use the personal information submitted in the form only to enhance your experience in the event and coordinate the provision of the product purchased with the tickets bought, process the purchase of the product, and respond to your message with personalized or automated response/s, if any. This personal information will not be kept longer than necessary and will be deleted once the event is over.


If you read or download information from our site, we automatically collect and store the following non-personal information:

  • The requested web page or download;






Please note that this information is strictly for the sole use of the organiser, and it is not shared, leased, or sold in any manner to any other organization.


As is common practice with almost all professional websites this site uses cookies, which are tiny files that are downloaded to your computer, to improve your experience.

You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of this site. Therefore, it is recommended that you do not disable cookies.


We may post links to other web sites which are operated by companies that are outside of our control, and your activities at those sites will be governed by the policies, practices and laws of those third-party operators. We encourage you to review the privacy practices of these third parties as we are not responsible for the privacy practices of those sites.


We take the security of your personal data very seriously and have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed, so as to safeguard its integrity and confidentiality.

While we do our utmost to safeguard your personal data, no data transmission over the internet can be totally secure and therefore we cannot guarantee or warrant that no unauthorised access will occur.



You have the right to access all your personal data held and processed by us. To exercise this right, you can contact us at the email or postal address at the bottom of this page.

In order to process this request, we will require proof of your identity. We will do our best to process the request as soon as possible, and in no event not longer than sixty days from hearing from you.


You have the right to request modification of all the personal data held and processed by us. If you think we may hold details about you that are inaccurate or out of date, please contact us at the email or postal address at the bottom of this page.


You have the right to request that we delete the personal data held and processed by us by contacting us at the email or postal address at the bottom of this page.


This right is not absolute, and we may be justified in keeping certain personal data, for instance when we are legally obliged to do so or if such data may be necessary for us to defend a legal claim.


You have the right to object to the processing of your personal data, including where such processing takes place for our legitimate interests, and you may request to withdraw from all future activities and the removal of all personal data held and processed by us by contacting us at the email or postal address at the bottom of this page.


You have the right to move, copy or transfer your personal data from one organisation to another, and you have the right to request from us a copy of your personal data in a structured, commonly used and machine-readable format, which we may provide to you or another organisation at your request. If you would like us to assist you with this, please contact us at the email or postal address at the bottom of this page.


You also have the right to lodge a complaint with the Information and Data Protection Commissioner in Malta as Malta‘s data protection supervisory authority.


You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.


We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.


We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.


We will not store personal data for longer than is necessary keeping in mind the purpose/s (or compatible purposes) for which we first collected that data. We may also need to keep some of your personal data where we are obliged to do so in terms of legal, regulatory, tax or accounting requirements, or in order to protect ourselves against legal claims usually for a specified amount of time as set out in the relevant law.

As a general rule we will retain your personal data until the eighth (8th) of January 2023 or after the last day of the event, whichever is the latest, and this is as necessary for the organisation of this event, or until you ask us to stop communicating with you, unless we have a valid reason to keep the information for a longer time.


We may update this Policy from time to time and we will replace this policy with an updated version. It is your responsibility to access the “Privacy Policy” page frequently so that you will be aware of any changes that may be implemented by us from time to time.


This Policy shall be governed by Maltese Law. Any dispute arising from, or related to, such Policy shall be subject to the exclusive jurisdiction of the courts of Malta.


If you have any queries, contact us on the following email address