1. Introduction
This Privacy Policy describes how RBW Tech ("we", "us", "our") collects, uses, and protects personal information in the course of providing remote IT services. We are committed to handling personal information in line with the EU General Data Protection Regulation (GDPR) where it applies and with Indonesia's Personal Data Protection Law (UU PDP) for customers in Indonesia.
The data controller is the owner of RBW Tech, based in Yogyakarta, Indonesia. You can reach us about any privacy matter at [email protected].
2. Information We Collect
We collect only the information we need to deliver the Services you have requested. This typically includes: (a) contact details you provide, such as your name, email address, WhatsApp number, and country; (b) engagement details, such as the device model, operating system version, and a description of the issue; (c) device identifiers shared with us during diagnostics, such as the device name and software version; and (d) session logs from the remote session tooling, which capture the duration and connection details of the session.
We do not collect special-category personal data and we ask you not to share any during an Engagement.
3. How We Use Information
We use the information we collect to: (a) deliver the Services you have requested; (b) issue invoices and process refunds through the payment processor; (c) provide post-service support during the seven-day support window; (d) respond to your enquiries; and (e) meet our legal and tax obligations.
We do not use your information for advertising and we do not sell your information to any third party.
4. Lawful Basis
Where GDPR applies, we rely on the following lawful bases: (a) performance of a contract, for everything we do to deliver an accepted Engagement; (b) consent, where you voluntarily provide additional information, such as photos or screenshots; (c) legitimate interest, for keeping minimal records to defend against fraud and to operate the business; and (d) legal obligation, for tax records and similar statutory requirements.
5. Data Sharing
We share information only with the parties strictly necessary to deliver the Services: (a) the payment processor, which handles your payment under its own terms and privacy notice; (b) the remote session tooling provider, which handles the live connection during the Session; and (c) competent authorities where we are required to disclose information by law.
We do not share your information with third-party marketing providers.
6. Cookies and Analytics
This site does not use third-party analytics, advertising trackers, or marketing cookies. We may set a single technical preference, such as your chosen theme, in your browser's local storage; this preference stays on your device and is not transmitted to us.
7. Data Retention
We retain engagement records and invoices for the period required by applicable tax and commercial law in Indonesia (typically up to ten years). Operational records such as session notes are retained for up to 24 months after the Engagement to support follow-up requests, after which they are deleted.
8. Your Rights
Depending on where you live, you may have the right to: (a) access the personal information we hold about you; (b) request rectification of inaccurate information; (c) request deletion of information we no longer have a lawful basis to retain; (d) request portability of information you provided to us in a structured, machine-readable format; (e) object to or restrict certain processing; and (f) withdraw consent at any time where processing is based on consent.
To exercise any of these rights, contact us at [email protected]. We respond within 30 calendar days.
9. Security Measures
We apply reasonable administrative and technical safeguards to protect personal information, including access control on our work devices, full-disk encryption, current operating systems, and use of reputable remote session tooling with end-to-end encrypted channels. No method of transmission or storage is fully secure, but we work to maintain a defensible baseline aligned with current industry practice.
10. International Transfers
Because we use globally operated payment processors and remote session tooling, your information may be transferred to and processed in countries outside your country of residence. Where such transfers involve personal data of individuals in the European Economic Area or the United Kingdom, we rely on the safeguards offered by the processors we use, such as Standard Contractual Clauses where applicable.
11. Children
Our Services are not directed at children under 13 years of age, and we do not knowingly collect personal information from them. If you believe a child has provided personal information to us, please contact us so we can delete it.
12. Changes
We may update this Privacy Policy from time to time. The "last updated" date at the top of this page indicates the most recent revision. Material changes will be highlighted at the top of the page for at least 30 days.
13. Contact
Privacy enquiries and rights requests should be sent to [email protected]. For other contact channels see the Contact page.