Privacy Policy

Effective date: 10 April 2026. Last updated: 10 April 2026.

This Privacy Policy explains how Lab33 Ltd ("Lab33", "we", "us", or "our"), a limited liability company registered in Malta, collects, uses, and protects personal data when you visit the website at lab33.dev (the "Website") or otherwise interact with us. Lab33 is the data controller in respect of personal data collected through the Website.

We process personal data in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679) (the "GDPR"), the Maltese Data Protection Act, and any other applicable data protection legislation.

We collect personal data in two ways: information you provide to us directly, and information collected automatically when you use the Website.

Information you provide directly includes any data you submit through the contact form or by emailing us. This typically includes your name, email address, company name, phone number (optional), and the content of your enquiry. If you request a demo, a quote, or any other follow-up, we will also record our correspondence with you.

Information collected automatically includes technical data necessary for the Website to function and, where applicable, basic analytics. This may include your IP address, browser type and version, device type, operating system, the pages you visit, the referring URL, and the date and time of your visit. We keep automatic collection to the minimum needed to operate and secure the Website.

Lab33 does not knowingly collect personal data from children under the age of 16 through the Website. If you believe we have inadvertently collected such data, please contact us so we can delete it.

We process personal data only for specific, legitimate purposes, including: responding to your enquiries and providing the information, demos, or quotes you request; managing our correspondence and the business relationship that follows from it; operating, securing, and improving the Website; complying with our legal and regulatory obligations; and defending our legal rights where necessary.

We will not use your personal data for any new purpose that is incompatible with the purposes set out above without first giving you notice and, where required, obtaining your consent.

Under the GDPR, we rely on one or more of the following legal bases for processing personal data: your consent, where you have voluntarily provided information (for example, by submitting the contact form); the performance of a contract or taking steps at your request prior to entering into a contract; our legitimate interests in running and securing our business, provided those interests are not overridden by your rights and freedoms; and compliance with a legal obligation to which Lab33 is subject.

Lab33 does not sell personal data and does not share it with third parties for their own marketing purposes. We may share personal data with carefully selected service providers who process data on our behalf under written data processing agreements, such as cloud hosting providers, email delivery services, and productivity tools necessary to operate our business.

Where our service providers are located outside the European Economic Area (EEA), we put appropriate safeguards in place, such as the European Commission\u2019s Standard Contractual Clauses, to ensure that your personal data receives an equivalent level of protection.

We may also disclose personal data where required to do so by law, by a court order, or by a competent authority, or where necessary to protect our rights, property, or the safety of others.

The Website uses only the cookies and similar technologies that are strictly necessary for it to function correctly, such as maintaining a session or remembering your preferences. We do not currently use advertising, profiling, or cross-site tracking cookies on the Website.

If and when Lab33 introduces any non-essential cookies (for example, for analytics), we will first obtain your consent through a clearly presented cookie banner, in line with the ePrivacy rules and the GDPR.

Most browsers allow you to manage or block cookies through their settings. Blocking strictly necessary cookies may affect the functionality of the Website.

We retain personal data only for as long as is necessary for the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. Contact form submissions and related correspondence are typically retained for the duration of our relationship with you and for a reasonable period afterwards to enable us to respond to follow-up enquiries and to demonstrate compliance with our legal obligations. Once personal data is no longer needed, we either delete it securely or anonymise it so that it can no longer be associated with you.

Lab33 implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure. These measures include encryption in transit (HTTPS across the Website), access controls, principle of least privilege for internal systems, structured audit logging, and regular review of our security practices.

No method of transmission over the internet or method of electronic storage is completely secure, however, and we cannot guarantee absolute security. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, affected individuals in accordance with the GDPR.

Under the GDPR, you have the following rights in respect of your personal data: the right to access the personal data we hold about you; the right to rectification of inaccurate or incomplete data; the right to erasure ("right to be forgotten") in certain circumstances; the right to restrict or object to our processing; the right to data portability, where applicable; the right to withdraw consent at any time, where processing is based on consent; and the right to lodge a complaint with the Information and Data Protection Commissioner in Malta or your local supervisory authority.

To exercise any of these rights, or if you have any questions about how Lab33 handles your personal data, please contact us by email at [email protected]. We will respond to your request within the timeframes required by law, typically within one month.

The Website may contain links to third-party websites. This Privacy Policy applies only to lab33.dev. We are not responsible for the privacy practices or the content of third-party websites, and we encourage you to read their privacy policies before providing any personal data.

Lab33 may update this Privacy Policy from time to time to reflect changes in our practices, in the services we offer, or in applicable law. The updated version will be published on this page with a new "Last updated" date. Where changes are material, we will take reasonable steps to bring them to your attention. Your continued use of the Website after a revised version has been published constitutes your acknowledgment of the updated Privacy Policy.

If you have any questions about this Privacy Policy or about how Lab33 handles your personal data, please contact us: Lab33 Ltd, by email at [email protected], or through the contact form on lab33.dev.

If you are not satisfied with how we have handled your personal data, you have the right to lodge a complaint with the Office of the Information and Data Protection Commissioner in Malta, which is the Maltese supervisory authority for data protection matters.