Skip to content
RBTech IT Services & Consulting

Privacy Policy

Last updated: June 2026

1. Data Controller

MRB Ocean Limited trading as RBTech ("we", "us", "our") is the data controller responsible for your personal data. We are registered in Gibraltar and operate in accordance with the General Data Protection Regulation (EU) 2016/679 as retained in Gibraltar law, and the Gibraltar Data Protection Act 2004 (as amended).

Contact details:
MRB Ocean Limited trading as RBTech
Gibraltar
Email: [email protected]
Phone: +350 54097680

2. Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identity data: name, job title
  • Contact data: email address, telephone number, company name
  • Correspondence data: content of messages sent via our contact form or email
  • Technical data: IP address, browser type and version, time zone setting, operating system, device type
  • Usage data: we do not currently collect website usage analytics. If we enable privacy-focused, consent-based analytics in future, this may include pages visited, time spent on pages and navigation paths.

We do not collect any special categories of personal data (e.g. data revealing racial or ethnic origin, political opinions, health data, biometric data).

3. Lawful Basis for Processing

We process personal data on the following lawful bases under Article 6 of the GDPR:

  • Consent (Art. 6(1)(a)): Where you have given clear consent for us to process your personal data for a specific purpose, such as subscribing to communications.
  • Contract (Art. 6(1)(b)): Where processing is necessary for the performance of a contract with you, or to take steps at your request prior to entering into a contract (e.g. responding to a service enquiry).
  • Legitimate interests (Art. 6(1)(f)): Where processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. This includes service improvement and business administration.
  • Consent (Art. 6(1)(a)) for analytics: We do not currently use website analytics. If privacy-focused analytics is introduced in future, it will only be enabled where you have actively accepted it through our cookie banner, and you may withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)): Where processing is necessary to comply with a legal obligation to which we are subject.

4. How We Use Your Personal Data

We use your personal data to:

  • Respond to enquiries submitted via our contact form or email
  • Provide, administer and deliver our IT services
  • Communicate with you about services, including changes or updates
  • Maintain and improve our website functionality and user experience
  • Analyse website usage patterns to improve content and performance (only if consent-based analytics is enabled in future)
  • Comply with legal and regulatory obligations
  • Protect our legitimate business interests and legal rights

5. Data Sharing

We do not sell, rent or trade your personal data to third parties. We may share personal data with:

  • Service providers: trusted third-party providers who assist in operating our website and delivering services (e.g. hosting and, if enabled in future, privacy-focused analytics), bound by contractual obligations to keep personal data confidential and secure.
  • Legal authorities: where required by law, regulation, legal process or enforceable governmental request.
  • Professional advisers: lawyers, accountants and insurers where necessary for the establishment, exercise or defence of legal claims.

6. International Transfers

Where we transfer personal data outside Gibraltar or the UK/EEA, we ensure appropriate safeguards are in place in accordance with GDPR requirements. These safeguards may include:

  • Transfers to countries with an adequacy decision
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Other legally recognised transfer mechanisms

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting or reporting requirements.

  • Contact form enquiries: retained for up to 24 months from last communication, unless a service relationship is established.
  • Client service data: retained for the duration of the service relationship plus 6 years to comply with legal and contractual obligations.
  • Website analytics data: none is currently collected. If consent-based, privacy-focused analytics is enabled in future, any individual-level data would be retained for no longer than 12 months.

When personal data is no longer required, it is securely deleted or anonymised.

8. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction or damage. These measures include encryption in transit (TLS/HTTPS), access controls, regular security reviews and secure hosting infrastructure.

9. Your Rights Under GDPR

Under the GDPR and Gibraltar data protection law, you have the following rights in relation to your personal data:

  • Right of access (Art. 15): request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): request correction of inaccurate or incomplete personal data.
  • Right to erasure (Art. 17): request deletion of your personal data where there is no compelling reason for its continued processing.
  • Right to restrict processing (Art. 18): request that we limit the processing of your personal data in certain circumstances.
  • Right to data portability (Art. 20): request transfer of your personal data to you or a third party in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21): object to processing based on legitimate interests, including profiling.
  • Right to withdraw consent: where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise any of these rights, please contact us at [email protected] or call +350 54097680. We will respond to your request within one month.

10. Cookies

Our website uses cookies. For detailed information about the cookies we use, their purposes and how to manage them, please see our Cookie Policy.

11. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Gibraltar Regulatory Authority (GRA), which is the supervisory authority for data protection in Gibraltar:

Gibraltar Regulatory Authority
2nd Floor, Eurotowers 4
1 Europort Road
Gibraltar
Website: www.gra.gi

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

13. Contact Us

For any questions, concerns or requests regarding this Privacy Policy or our data processing practices, please contact us:

Email: [email protected]
Phone: +350 54097680