Privacy Policy

Last updated: [04/09/2025]

This Privacy Policy explains how The Gibraltar Address (“TGA”, “we”, “us”, “our”) collects, uses, shares, and protects your personal data when you use https://thegibraltaraddress.com (the “Website”).

TGA is the data controller for personal data processed via the Website.
Contact: info@thegibraltaraddress.com

We are committed to protecting your privacy and handling your data transparently and securely in line with Gibraltar’s data protection legislation (the Gibraltar GDPR framework).

1. What this Policy covers

1.1 Who we are and what data we collect
1.2 Why and how we use your data (our legal bases)
1.3 Who we share it with and international transfers
1.4 How long we keep it
1.5 Your rights and how to exercise them
1.6 How to contact us or lodge a complaint

2. Personal data we collect

2.1 Data you provide to us:

• Enquiries & contact forms: name, email, phone, message details.

• Newsletter sign-ups: name, email, marketing preferences.

• Listing submissions (where applicable): seller contact details; property details, media (photos/floorplans); and documents evidencing property ownership you choose to provide (e.g., title info).

• Account / portal access (if enabled): name, email, password (hashed), preferences.

You can choose not to provide certain information, but this may limit your ability to use specific features (e.g., submit a listing or receive updates).

2.2 Data we collect automatically (“Device/Usage Information”)

• Technical: IP address, browser type/version, device identifiers, time zone, operating system.

• Usage: pages viewed, referring/exit pages, clicks, scrolls, session duration, and interactions.

• Cookies & similar tech: see our Cookie Policy for details and controls.

We do not intentionally collect special category data (e.g., health, religion) or criminal records via the Website.
We do not knowingly collect data from children under 16. If you believe a child has provided data, please contact us and we’ll delete it.

3. Why we process your data (purposes) and our legal bases

We only process what’s necessary and proportionate. Depending on the context, we rely on:

3.1 Contract (Art. 6(1)(b))

• To provide services you request: handling enquiries, facilitating contact about specific properties, processing listing submissions, sending service communications (e.g., confirmations or follow-ups).

3.2 Legitimate Interests (Art. 6(1)(f))

• To operate, secure, and improve the Website (troubleshooting, analytics, preventing abuse/fraud, keeping our platform safe).

• To match and route enquiries to relevant licensed estate agents or authorised listing contacts for the property you’ve requested information about.

• To maintain accurate records and respond to queries.

We balance these interests against your rights and expectations. You can object (see Section 9).

3.3 Consent (Art. 6(1)(a))

• Marketing emails/newsletters (you can withdraw anytime via the unsubscribe link).
  Non-essential cookies/analytics as set out in our Cookie Policy.

3.4 Legal obligation (Art. 6(1)(c))

• To comply with applicable laws, regulatory requests, or court orders (e.g., responding to lawful requests by authorities).

• We do not sell your personal data.

4. Who we share your data with

We share personal data only when necessary and with appropriate safeguards:

• Licensed estate agents / authorised property contacts: to respond to your specific property enquiry or to progress a listing you submitted.

• Service providers (“processors”): hosting, security, email/SMS delivery, customer support tools, analytics, and document storage — under contracts that require confidentiality and GDPR-compliant processing.

• Professional advisers: lawyers or auditors where reasonably necessary.

• Authorities: where required by law, to protect our rights, users’ safety, or investigate fraud/abuse.

5. International transfers

Some providers may process data outside Gibraltar/UK/EEA. Where transfers occur, we implement appropriate safeguards, such as:

• Adequacy decisions (destinations recognised as providing essentially equivalent protection), and/or

• Standard Contractual Clauses (SCCs) or binding corporate rules.

You can contact us for details of the relevant safeguards.

6. How long we keep your data (retention)

We keep data no longer than necessary for the purposes stated:

• Enquiries / contact forms: up to 24 months from last meaningful interaction.

• Newsletter data: until you unsubscribe (we retain minimal suppression data to honour opt-outs).

• Listing submissions & related documents: generally up to 7 years after the listing is removed/closed to support record-keeping and potential legal claims.

• Device/Usage data (analytics): typically 14–26 months depending on tool settings (see Cookie Policy).

We may retain data longer where required by law or to establish, exercise, or defend legal claims.

7. Security

We use administrative, technical, and physical measures to protect your data, including encryption in transit, access controls, and least-privilege practices. However, no internet transmission or storage system can be guaranteed 100% secure.

8. Marketing

We’ll send you marketing only with your consent (or where permitted by law). You can withdraw consent at any time via the unsubscribe link or by emailing info@thegibraltaraddress.com.

9. Your rights

You have the following rights under the Gibraltar GDPR framework (subject to conditions/exemptions):

• Access to your personal data

• Rectification of inaccurate or incomplete data

• Erasure (“right to be forgotten”)

• Restriction of processing

• Data portability (machine-readable copy)

• Object to processing based on legitimate interests or to direct marketing

• Withdraw consent where processing relies on consent

• Rights related to automated decision-making (we do not carry out decisions producing legal or similarly significant effects solely by automated means)

To exercise these rights, email info@thegibraltaraddress.com. We may need to verify your identity.

10. Cookies and similar technologies

We use cookies and similar technologies for essential functionality, analytics, and (where applicable) marketing. For details on categories, purposes, providers, retention, and how to manage preferences, see our Cookie Policy.

11. Third-party websites

Our Website may link to third-party sites. We are not responsible for their content or privacy practices. Please review their privacy policies before providing personal data.

12. Changes to this Policy

We may update this Policy from time to time. The “Last updated” date at the top indicates the latest version. Material changes will be highlighted where appropriate.

13. Contact & complaints

Data Controller: The Gibraltar Address
Email: info@thegibraltaraddress.com

If you have concerns about how we handle your data, please contact us first. You also have the right to lodge a complaint with the Gibraltar Regulatory Authority (GRA) (the data protection supervisory authority in Gibraltar).

Gibraltar Regulatory Authority – Data Protection Division
Tel: +350 20074636 | Email: info@gra.gi
Website: www.gra.gi