Privacy Policy. Gatekick Labs

1. Who we are

Gatekick Labs Limited is the data controller responsible for your personal data. Our registered address is Tigne Towers 90/1, Tigne Street, Sliema, Malta. We are a company registered in Malta, a member state of the European Union. This privacy policy explains how we collect, use, store, and protect personal data when you visit gatekick.com or interact with us.

When this policy refers to "Gatekick Labs," "we," "us," or "our," it means Gatekick Labs Limited.

Our supervisory authority for data protection matters is the Office of the Information and Data Protection Commissioner (IDPC) in Malta.

2. What data we collect

We collect a limited amount of personal data. The specific categories depend on how you interact with our website.

Contact form submissions

When you use the contact form on our website, we collect the following information that you voluntarily provide.

Your name
Your email address
Your company name
Your message

Career inquiries

If you contact us about career opportunities by emailing [email protected], we may collect your email address and any background information you choose to include in your message.

Analytics data

We use Google Analytics 4 (property ID G-MT4FY4HL0C) to understand how visitors use our website. Google Analytics collects the following data automatically.

IP address (anonymized by Google Analytics 4 by default)
Browser type and version
Operating system
Referring website
Pages visited, time spent on pages, and navigation paths
Device type and screen resolution
Approximate geographic location (derived from anonymized IP)

Security and bot protection data

We use Cloudflare Turnstile on our contact form to protect against automated abuse. Cloudflare Turnstile may collect the following data.

IP address
Browser metadata and interaction signals
Challenge completion tokens

Cloudflare processes this data to determine whether a visitor is a real person. No CAPTCHAs or visual puzzles are shown in most cases. You can read more in Cloudflare's privacy policy.

Data we do not collect

We do not operate user accounts on this website. We do not collect payment or financial information through this website. We do not run a newsletter or mailing list at this time.

3. How we use your data

We use the personal data we collect for the following purposes.

Responding to inquiries. When you submit the contact form, we use your name, email, company, and message to respond to your inquiry and discuss potential projects.
Evaluating career interest. When you email us about career opportunities, we use the information you provide to assess whether there may be a fit.
Website analytics. We use Google Analytics to understand traffic patterns, identify popular content, and improve the website experience. We do not use analytics data to identify individual visitors.
Security and abuse prevention. We use Cloudflare Turnstile to prevent automated spam and abuse through our contact form.

4. Legal basis for processing

Under the General Data Protection Regulation (GDPR), we must have a valid legal basis for processing your personal data. The legal bases we rely on depend on the type of processing.

Processing activity	Legal basis (GDPR Article 6(1))
Responding to contact form submissions	Taking steps before entering into a contract at your request (Article 6(1)(b)), and our legitimate interest in communicating with prospective clients (Article 6(1)(f))
Processing career inquiries	Our legitimate interest in evaluating potential candidates (Article 6(1)(f)), and your consent by voluntarily sending us your information (Article 6(1)(a))
Google Analytics	Your consent, provided through our cookie consent mechanism (Article 6(1)(a))
Cloudflare Turnstile	Our legitimate interest in protecting the website from automated abuse (Article 6(1)(f))

Where we rely on legitimate interest, we have conducted a balancing test to ensure that our interests do not override your fundamental rights and freedoms. You have the right to object to processing based on legitimate interest at any time.

5. Cookies and tracking

Our website uses cookies and similar technologies. Google Analytics 4 sets cookies to distinguish unique visitors and track session information. Cloudflare may set cookies related to security and bot detection.

We do not use cookies for advertising, retargeting, or user profiling. We do not use cookies for login or authentication because this website does not have user accounts.

For full details on the cookies used, their purpose, and how to manage them, please see our cookie policy.

We do not sell, rent, or trade your personal data. We share data only with the following third party service providers, who process data on our behalf.

Provider	Purpose	Data shared
Google LLC (Google Analytics 4)	Website analytics	Anonymized IP address, browser and device information, pages visited, session data
Cloudflare, Inc. (Turnstile)	Bot protection on contact form	IP address, browser metadata, interaction signals

These providers act as data processors under agreements that comply with GDPR Article 28. They are contractually obligated to process your data only for the purposes we specify and in accordance with applicable data protection law.

We may also disclose personal data if required to do so by law or in response to a valid legal request from a competent authority.

7. International transfers

Google LLC and Cloudflare, Inc. are companies headquartered in the United States. When your data is processed by these providers, it may be transferred outside the European Economic Area (EEA).

These transfers are safeguarded by appropriate mechanisms as required by GDPR Article 46. Both Google and Cloudflare rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure that your data receives an adequate level of protection when transferred outside the EEA.

You can find more information about these safeguards in each provider's documentation.

8. Data retention

We retain personal data only for as long as necessary to fulfill the purpose for which it was collected, or as required by law.

Contact form submissions. We retain your name, email, company, and message for up to 24 months after your inquiry, unless an ongoing business relationship requires longer retention.
Career inquiries. We retain candidate information for up to 12 months after your last communication with us, unless you ask us to delete it sooner.
Google Analytics data. Analytics data is retained in Google Analytics for 14 months, after which it is automatically deleted. Anonymized, aggregated data may be retained longer.
Cloudflare Turnstile data. Cloudflare retains security logs in accordance with its own data retention policies, typically for a limited period necessary for security purposes.

When the retention period expires, we securely delete or anonymize the data so that it can no longer be associated with you.

9. Your rights under the GDPR

Under the General Data Protection Regulation and the Malta Data Protection Act (Cap. 586), you have the following rights regarding your personal data.

Right of access (Article 15). You can request a copy of the personal data we hold about you.
Right to rectification (Article 16). You can ask us to correct any personal data that is inaccurate or incomplete.
Right to erasure (Article 17). You can ask us to delete your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected.
Right to restriction of processing (Article 18). You can ask us to temporarily stop processing your data in certain circumstances, such as while we verify its accuracy.
Right to data portability (Article 20). You can request that we provide your personal data in a structured, commonly used, and machine readable format so that you can transfer it to another controller.
Right to object (Article 21). You can object to processing based on our legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.
Right to withdraw consent (Article 7(3)). Where we process data based on your consent, you can withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing that occurred before you withdrew consent.

To exercise any of these rights, contact us at the email address listed in section 10 below. We will respond to your request within 30 days, as required by Article 12(3) of the GDPR. If your request is complex or we receive a large number of requests, we may extend this period by up to 60 additional days. We will notify you if an extension is necessary.

There is no fee for exercising your rights in most cases. If a request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse the request, as permitted by Article 12(5) of the GDPR.

Right to lodge a complaint

If you believe that we have not handled your personal data properly, you have the right to lodge a complaint with our supervisory authority.

Office of the Information and Data Protection Commissioner (IDPC)
2 Airways House, High Street
Sliema SLM 1549, Malta
idpc.org.mt

We encourage you to contact us first so that we can try to resolve your concern directly.

10. How to contact us

If you have any questions about this privacy policy, want to exercise your data protection rights, or have a concern about how we handle personal data, you can reach us at the following address.

Gatekick Labs Limited
hello@gatekick.com

We aim to respond to all data protection inquiries within 30 days.

11. Changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Effective" date at the top of this page.

If we make material changes that significantly affect how we process your personal data, we will make reasonable efforts to notify you, such as by posting a prominent notice on our website.

We encourage you to review this page periodically to stay informed about how we protect your data.

Privacy policy.