Chat Terms and Conditions

Data protection and Privacy Policy

This Privacy Policy governs the collection and processing of personal data by Solidarity Overseas Service (SOS) Malta (a registered voluntary organisation (VO/33)) and its employees, contractors and advisors through its Kellimni service. (“Kellimni”, “us” or “we”). The Kellimni service includes inter alia the processing of personal data on (a) all pages of the website (the “Website”), found at, (b) through other voice and/or messaging platforms including What’s App, Instagram, Facebook Messenger and Telegram.

This Privacy Policy does not apply to any third-party platforms, other communication media or websites which you may access in relation to the Kellimni service. If you use any links to access or leave our Website, Kellimni is not responsible for the data protection and privacy governed by other websites and therefore caution should be exercised by you and you should ascertain the data protection and privacy policies for such websites. If you access Kellimni through a voice or messaging platform (such as Facebook, Telegram or What’s App) or other communication media, Kellimni is not responsible for the data protection and privacy of any third-party platform or other form of communication media and therefore caution should be exercised by you and you should ascertain the data protection and privacy policies for such.  

Kellimni is committed to ensuring your privacy. Kellimni does not sell any personal information that we collect. As part of using the Kellimni service you understand that third party resources are required to fulfil the provision of the service. This may result in you being subject to the privacy policy of such third parties, which include (a) Twilio, (b) Okta, (c) Amazon Web Services and (d) What’s App, which you accept. Your personal data will only be shared with our service providers for the Kellimni service. Personal information that is obtained on our website will only be kept as long as necessary to achieve the purpose for which it was collected. Your personal information will not be disclosed to third parties without prior consent unless specified in this policy or unless there is legitimate reason in disclosure (see: Legitimate Processing of Personal Data).

By using our services, you consent to the terms of this Privacy Policy. Kellimni may change the terms of this Privacy Policy from time to time and we therefore encourage you to regularly review this Privacy Policy. The date of the most recent revisions will appear on this page. If you do not agree to these changes, please do not continue to use or to submit personal information to

To contact us, please email us at


Kellimni and your personal data

The personal data that Kellimni collects about you will be adequate, relevant and limited to what is necessary for the provision of the service. We will keep this personal data accurate and up to date, and protect it from unauthorised access, illegal processing and loss.

Your data will be stored by SOS Malta for a maximum retention period of 18 months after the date of termination of the relationship, or for any other period as may be required by law, set out in this Policy  or to protect our legitimate interests (see also: Retention Periods below). It might also be retained beyond this time limit in the case of administrative or legal proceedings, for a maximum of one week after the date of conclusion of these proceedings or expiration of relative time limits.

The period for which we store your personal data will be kept to a necessary minimum depending on the circumstances for which the data was originally collected.

In any case, everybody has the right to receive a copy of their data, the right to correct and restrict their data, as well as the right to erase data. Should you wish to exercise this right, or if you have any questions about this Privacy and Cookie Policy, please contact us on


What data do we collect?

We require personal information for the following reasons:

  • Internal data recording;
  • To monitor and analyse webpage traffic and interaction and so that we can improve our Website;
  • To improve our services and identify, develop and offer new ones;

What do we use your data for?

In addition to storing basic contact details (including names, addresses, contact addresses) for business relations, processes personal data in the following ways:

(a)   Use of the Website

We use cookies to improve your experience when you visit our Website, allowing us to distinguish you from other users of our Website. A cookie is stored on your computer’s hard drive if you agree. You can configure your browser not to accept cookies. Disabling cookies in your browser will not prevent you from accessing the Website. The information collected by cookies is non-personal and allows us to statistically monitor how people are using our Website.

(b)   Use of the “Chat with Us” option 

When you use the “Chat with Us” option (through the Website or through any other voice or messaging platform or other communication media) you may be provide the following personal data:


Contact Details (e.g. telephone number, mobile number or email address)

Nickname (which may also result in us identifying you)



Language spoken

Location, including addresses and place names 

IP address and login information

Message content

Other personal data (which may include sensitive personal data) including inter alia living situation, financial situation, ethnicity, refugee status, health status and LGBTI identity

Full transcripts of all chats are stored within our database for research, evaluation, analysis and statistical purposes, for a maximum retention period of 18 months after the date entered online.

Once an enquiry or email has been received, will use the personal data in order to take the appropriate action. In very rare cases we may forward your request to other persons if we determine they are in the best position to intervene (and you hereby authorise us to do so). Any information you give us will be treated as confidential. After a request has been responded to, your data will be disposed of within 18 months after the appropriate action has been completed.

(c)   Employment and Volunteer information

When a candidate applies for a volunteering opportunity or employment at Kellimni, we collect their personal information. This information will not be used to contact the candidate for any other reason except for employment or volunteering opportunities. Personal data collected for employment or volunteer opportunities will remain confidential and shall be kept by for a period of 12 months, after termination of employment/volunteering. 


Legitimate Processing of Personal Data and the General Data Protection Regulation

Kellimni abides by the General Data Protection Regulation (“GDPR”) which states that the personal data of individuals is only legitimate in one of the many circumstances laid down in Article 6 of the GDPR. Kellimni will only process personal data if:

  • You have given consent to the processing of your personal data (including any sensitive data) for one or more specific purposes;
  • Processing is necessary for the performance of the service or any contract to which you or we are a party (including service provider agreements from our end) or in order to take steps at your request prior to entering into a contract or providing a service;
  • Processing is necessary for compliance with a legal obligation to which Kellimni is subject;
  • Processing is necessary in order to protect your vital interests or those of another natural person;
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in;
  • Processing is necessary for the purposes of the legitimate interests pursued;
  • by Kellimni in furtherance of its activities and purposes or by a third party to whom such personal data has been shared for the furtherance of such activities and purposes (including inter alia in providing the Kellimni service to you) (save where such interests may be overridden in terms of law).  

In addition, Kellimni will only process data in accordance with the terms of Articles 7 through 11 of the GDPR.


Retention Periods

We will hold on to your personal data for no longer than is necessary keeping in mind the purpose/s (or compatible purposes) for which we first collected the data and the purposes set out in this Privacy Policy. We may also keep hold of some of your information if it becomes necessary or required to meet legal obligations and requirements.

Different retention periods apply for different types of data and different criteria will apply for the determination of retention periods. The retention periods we apply take account of:

(a) Legal obligations and requirements and guidance received;

(b) Any minimum retention periods provided by law;

(c) Prescriptive limitation periods that apply in respect of taking legal action;

(d) Our ability to defend ourselves against legal claims and complaints;

(e) The operational requirements and the nature of our business;

(f) The set of circumstances relevant to nature of the service, type of data and others risk factors.


Sharing Data

We do not, and will not, sell any of your personal data to any third party save as provided in this Policy. In the course of our activities it may be necessary for us share your data with the following categories of persons/companies/entities as an essential part of our activities:

(a) Officers and employees of our organisation, on a needs basis;

(b) Professional advisors and contractors (such as professional psychiatrists or psychologists);

(c) Legal advisors whose expertise may be required;

(d) Governmental, regulatory, executive, medical or other institutions or agencies that may be involved in the process of facilitating, providing or responding pursuant to our services to you;

(e) Platform, hosting, data storage and other related service providers (solely for the purpose of enabling us to provide you with the Kellimni service)

Our service provider, which provides the platform for the Kellimni service will receive personal data from or on our behalf may process data outside the EEA. This may result in your personal data being   shared with entities that are outside of the EEA. In this respect, we have taken steps to ensure that such data is treated in a manner that complies with the requirements established by the GDPR by implementing appropriate safeguards, including for example contractual clauses and establishing the  legitimate purposes for which such data may be processed and retained.


Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed (safeguard its integrity and confidentiality). We also regularly review and, where practicable, improve upon these security measures. We have instructed our platform service provider to anonymise and/or aggregate the processed personal data which they may use for the purpose of improving their service and for their own purposes.

In addition, we limit access to your personal data to staff and other professional third parties who strictly need to know this information. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.


Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data such as: 

Request access to your personal data

This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. You may send an email to requesting information as the personal data which we process. 

Request correction (rectification) of your personal data

This enables you to have any incomplete or inaccurate data we hold about you corrected and/or updated, though we may need to verify the accuracy of the new data you provide to us.  It is in your interest to keep us informed of any changes or updates to your personal data which may occur during the course of your relationship with us, since this may otherwise impair our ability to assist you.

Request erasure of your personal data

This enables you to ask us to delete or remove personal data where: (a) there is no good reason for us continuing to process it; (b) you have successfully exercised your right to object to processing (see below); (c) we may have processed your information unlawfully; or (d) we are required to erase your personal data to comply with local law.

Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons at the time of your request. These may include instances where the retention of your personal data is necessary to: (a) comply with a legal obligation to which we are subject; or (b) establish, exercise or defend a legal claim.

Object to processing of your personal data

This may happen where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal information that override your rights and freedoms.

Request restriction of processing your personal data

This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal data, but we need to verify whether we have overriding legitimate grounds to use it.

Request transfer of your personal data

We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Right to withdraw consent

Withdraw your consent at any time where we are relying on consent to process your personal data (which will generally not be the case). This will not however affect the lawfulness of any processing which we carried out before you withdrew your consent. Any processing activities that are not based on your specific consent will remain unaffected.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests as soon as possible from the date of receiving your request. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Kindly note that none of these data subject rights are absolute, and must generally be weighed against our own legal obligations and legitimate interests. If a decision is taken to override your data subject request, you will be informed of this by our data protection team along with the reasons for our decision.



We reserve the right to make changes to this Notice in the future, which will be duly notified to you. If you have any questions regarding this Policy, or if you would like to send us your comments, please contact us using the details above.