Last updated: 24 September 2021.
Protection of your privacy and the security of your personal data are very important to Gobalsky Labs Limited.
By using our website, providing personal information and/or using any of our services, you agree that:
- if you have provided personal information to us relating to any other person, you:
- (i) have a right to provide that information;
- (iii) have secured the agreement of each such person to these terms.
If we determine the purposes and means of processing your personal data, then we are a “controller”, and anyone who acts on our instructions in respect of such processing is a “processor”. There may be times where we act as controller and processor.
We are based in Gibraltar, which is no longer part of the European Union (“EU”). Gibraltar has its own data protection laws that apply certain EU laws, with such modifications as are necessary. This is referred to as the “Data Protection Legislation”, which includes:
- The Data Protection Act 2004 (as amended)(“DPA 2004”), and regulations made under that Act; and
- The “Gibraltar GDPR”, which is essentially the EU’s General Data Protection Regulation or (Regulation (EU) 2016/679, or the “EU GDPR”) as it forms part of Gibraltar law. This basically means it is read slightly differently to the EU GDPR but still offers privacy protections and guarantees in a similar manner. For more information visit:
If you live or work outside Gibraltar, other laws (including the EU GDPR) may be applicable to your individual circumstances.
For general web-browsing of this website, your personal data is not revealed to us, although certain statistical information is available to us via our internet service provider as well as through the use of special tracking technologies. Such information tells us about the pages you are clicking on or the hardware you are using, but not your name, age, address or anything we can use to identify you personally.
We collect your personal data in the following manner:
- Information you provide to us directly when contacting us or meeting us;
- Information we receive from third parties, such as third party service providers, government agencies/departments and other firms, financial services institutions or regulatory authorities;
- Information acquired by us during the course of our relationship and dealings with you;
- Information collected through the use by you of our website, platforms and applications;
- Information gathered from publicly available sources.
We always ensure we respect your privacy rights. This means we can only collect your personal data if we have a lawful basis for doing so.
In most cases, we collect personal data that you choose to provide to us. The relevant information is then used by us to communicate with you.
Your information may be used:
- to verify your identity when you are dealing with us, so we may satisfy our obligations with respect to crime prevention and detection (including tax evasion), anti-money laundering and due diligence, as well as any other relevant legal or regulatory obligations we may be subject to;
- to provide you with the information and services that you have requested from us;
- as permitted by law or regulation, and as required by law or regulation, or as requested by government or regulatory authorities, for the protection of persons or property or to establish or exercise our legal rights or defend against legal claims, including to comply with anti-money laundering obligations;
- to ensure that content from our website is presented in the most effective manner for you and for your device(s); and/or
- to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, or otherwise as part of our efforts to keep our website safe and secure.
Your information may also be used to provide you with information about the Vega software, otherwise known as ‘Direct Marketing’. To this end, we may use your information to:
- allow you to participate in interactive features of our services, when you choose to do so;
- inform you about and manage your involvement with our services and events, including educational or corporate hospitality events
- measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you, including making suggestions and
- provide you with updates about the Vega software.
If we do not have an existing relationship with you, marketing our materials, events and services (or those of others) to you shall be subject to your consent which shall be requested at the latest on our first communication to you, where you will be given the option to elect to receive such information by checking the appropriate boxes on the forms we use to collect your data or in links provided within our email communications.
You may also opt-out at any time by contacting us on the below details.
If you wish to be removed, we will retain your details in our marketing database(s) specifically for the purposes of suppressing your details from inclusion in all future marketing campaigns.
In connection with the provision of our services, personal data may also be transferred outside of Gibraltar. This may include countries or territories outside of the United Kingdom or the European Economic Area (“EEA”) where necessary. The EEA includes countries in the European Union, Iceland, Liechtenstein and Norway. Under the Data Protection Legislation, personal data can flow fairly freely from Gibraltar to the United Kingdom or to the EEA. However, certain restrictions exist where personal data is being transferred to a ‘third country’ outside the EEA or the United Kingdom and these are referred to as “restricted transfers”.
Generally, we will only perform restricted transfers where the transfer will be adequately protected by measures such as the following:
- where the transfer is to a territory that has been deemed ‘adequate’ under the Data Protection Legislation, through applicable adequacy regulations;
- where ‘appropriate safeguards’ are provided such as:
- (i) binding corporate rules;
- (ii) standard data protection clauses specified in regulations made under the Data Protection Legislation;
- (iii) approved codes of conduct; or
- (iv) approved certification mechanisms,
In the absence of adequate regulations or appropriate safeguards, we may also rely on derogations for specific situations as set forth in Article 49 of the Gibraltar GDPR. In particular, we may collect and transfer your personal data outside the EEA:
- with your explicit consent;
- to perform a contract we may have with you (or for taking pre-contractual steps).
Communicating via the Internet and sending information to you by other means necessarily involves your personal information passing through or being handled by third-parties, but we do not sell or distribute without your permission your personal information to third parties. Any information we share with marketing companies, data analytics companies, website developers, and similar service providers and their affiliates is for the sole purpose of developing, hosting, managing, operating and supporting the content on our website. We ensure that in such cases, the information cannot be used to identify you and is anonymised and ‘de-identified’.
Securing Your Information
We are committed to taking appropriate measures designed to keep your personal data secure. Our technical, administrative and physical procedures are designed to protect personal data and non-personal data from loss, theft, misuse and accidental, unlawful or unauthorised access, disclosure, alteration, use and destruction. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. We implement security measures across the firm to ensure our clients’ data is protected. We may also keep hard copy records of this personal information in physical storage facilities with access restricted solely to our personnel. We also take steps to monitor access to and modification of your information by our contractors, advisers, consultants and staff members, and ensure that they are aware of and properly trained in their obligations for managing your privacy.
We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information.
We use reasonable physical, electronic, and procedural safeguards to protect the personal information that we obtain from you from loss, misuse, and unauthorised access, disclosure, alteration, and destruction. Please note that we are not responsible for the security of any data you are transmitting over the Internet, or any data you are storing, posting, or providing directly to a third party’s website, which is governed by that party’s policies. Please note that no method of transmission over the Internet or method of electronic storage is 100% secure and we cannot ensure or warrant the security of any information you transmit to us. Transfer of your data via these means is therefore at your own risk.
The accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data is known as a “data breach”. The Gibraltar GDPR imposes requirements on businesses to identify, assess and report breaches in a timely manner (within 72 hours). We undertake to inform you if your personal data is compromised and there is a high risk to your rights and freedoms as a result.
Gibraltar GDPR and EU GDPR Rights
As noted above, Gibraltar has its own data protection laws that apply certain EU laws, with such modifications as are necessary. Depending on your particular circumstances, you may also have additional rights if you live or work outside of Gibraltar. For example, the EU GDPR may apply to you if you are based in the EEA.
Under the Data Protection Legislation in Gibraltar, if you are a natural person (in other words, a human being and not a company), you have the right to:
- obtain access to the personal data held about you;
- ask for incorrect, inaccurate or incomplete personal data to be corrected (‘rectification’);
- request, in certain cases, that personal data be erased when it’s no longer needed or if processing it is unlawful (‘right to be forgotten’);
- object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation;
- request the restriction of the processing of your personal data in specific cases;
- receive your personal data in a structured, commonly used and machine-readable format, or ask us to send it to another person (‘data portability’);
- request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers. You also have the right in this case to express your point of view and to contest the decision. We do not use automatic decision-making or profiling when processing personal data. If this changes, we will inform you and provide meaningful information about the logic involved, as well as the significance and the envisaged consequences for you;
- withdraw consent you have given to processing of your personal data; and
- freedom from Direct Marketing (‘opting-out’).
You also have a right to lodge a complaint with the Information Commissioner under the DPA 2004. This is the Gibraltar Regulatory Authority, whose details are provided below. Please note different rights may apply under the EU GDPR or other relevant legislation if you are outside Gibraltar. The DPA 2004 also gives you the right to bring legal actions in the Gibraltar courts.
Limits on Your Rights
In addition, note that your right to information under Art. 13 and 14 of the Gibraltar GDPR is limited in certain cases. The requirements on us to give information do not apply insofar as:
- obtaining or disclosure is expressly laid down by Gibraltar law which we are subject and which provides appropriate measures to protect your legitimate interests;
- the personal data must remain confidential subject to an obligation of professional secrecy regulated by Gibraltar law (such as statutory obligations of secrecy); or
- you already have the information.
Enforcement of Your Rights
There may be cases where we are unable to provide the information you request, such as where it would interfere with the privacy of others or result in a breach of confidentiality. In these cases, we will let you know why we cannot comply with your request.
In addition, you can enforce your right to object to direct marketing as described above by contacting us or using ‘unsubscribe’ or other opt-out mechanisms we provide our marketing communications.
We want to ensure that your personal information is accurate and up to date. If any of the information that you have provided to us changes, for example if you change your email address or name, please let us know the correct details by contacting us on the details below. You may ask us, or we may ask you, to correct information you or we think is inaccurate, and you may also ask us to remove information which is inaccurate. Even if you do not request access to and/or correct your personal information held by us, if we are satisfied that, having regard to the reasons for which we hold your personal information, that personal information is inaccurate, incomplete, out-of-date, irrelevant or misleading, we may take reasonable steps to correct that information.
GOBALSKY LABS LIMITED
Suite 23, Portland House
Your Right To Complain
If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved to your satisfaction, you are entitled to make a complaint to the Information Commissioner under the Data Protection Act, which is presently the Gibraltar Regulatory Authority (“GRA”). The GRA is responsible for ensuring that your rights and obligations are respected. The GRA is also competent to hear your complaints and may prohibit or restrict the processing of your personal data in certain cases. You may contact the GRA on the below details:
Gibraltar Regulatory Authority
2nd Floor, Eurotowers 4
1 Europort Road
Governing Law and Jurisdiction
Privacy Protections for Children Using the Internet
We do not collect or maintain information on our website from those we actually know are under the age of 16, nor is any part of our website targeted to attract anyone under 16. We request that all visitors to our website who are under 16 not disclose or provide any personal data and discontinue use of our website.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. After you have agreed, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. The data is retained for 26 months.
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”).
We use Google Analytics to identify popular sections of our website. Use of Google Analytics in this way, enables us to adapt the content of our website more specifically to your needs and thereby improve what we can offer to you.
Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
In particular Google Analytics tells us
- your IP address (last 3 digits are masked);
- the number of pages visited;
- the time and duration of the visit;
- your location;
- the website you came from (if any);
- the type of hardware you use (i.e. whether you are browsing from a desktop or a mobile device);
- the software used (type of browser);
- your general interaction with our website; and
- your search history (if you decide to use the search bar at the top of our page).
Cookie-related information is not used to identify you personally, and what is compiled is only aggregate data that tells us, for example, popular locations, but not that you live in a particular country or your precise location when you visited our website (this is because we have only half the information - we know the country the person is browsing from, but not the name of the person). In such an example Google will analyse the number of users for us, but the relevant cookies do not reveal their identities.
By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. Google Analytics, its purpose and function is further explained on the Google Analytics website.