Last updated: June, 2021

Protection of your privacy and the security of your personal data are very important to THE GIBRALTAR CHAMBER OF COMMERCE.

This Privacy Policy explains how information about you is collected and used by THE GIBRALTAR CHAMBER OF COMMERCE. The terms “THE GIBRALTAR CHAMBER OF COMMERCE”, “CHAMBER,” refers to THE GIBRALTAR CHAMBER OF COMMERCE. The terms “you” and “your” includes our members, business partners and users of this website.

THE GIBRALTAR CHAMBER OF COMMERCE processes and stores personal information in accordance with the Data Protection Act 2004 (the “Data Protection Act”, which includes any modification or amendment to that Act), this Privacy Policy and the provisions of other applicable laws, regulations and rules.

By using this website, providing personal information and/or using any of our services, you agree that:

  • you consent to this Privacy Policy, as updated from time to time; and
  • if you have provided personal information to us relating to any other person, you:
    (a) have a right to provide that information
    (b) have provided a copy of this Privacy Policy, as updated from time to time, to that person; and
    (c) each such person has agreed to those terms.
  • In such cases, references in this Privacy Policy to terms such as “you” and “your” also refer to such persons.


When we talk about your information, we are referring to your ‘personal data’ as defined by the Data Protection Act and this includes information that can identify you as an individual, whether by itself or when used in conjunction with other information which we hold. Examples include, but are not limited to, your name, your telephone number, your email address, your place and date of birth.

What are we collecting?

For general web-browsing of this website, your personal data is not revealed to us, although certain statistical information is available to us via our internet service provider as well as through the use of special tracking technologies. Such information tells us about the pages you are clicking on or the hardware you are using, but not your name, age, address or anything we can use to identify you as an individual.

However, if you wish to use certain services offered on our website, obtain certain information made available by us, or request us to provide you with other services then you may be asked for information such as name, email address, telephone number and business address.

If you enter into a business relationship with us, either as a member or as one of our business partners, vendors or suppliers, then the kinds of personal information that we collect and hold about you may include:

  • identifying information, such as your name, occupation, age or gender.
  • contact information, such as your e-mail address, mailing address or phone number;
  • records of our communications with you; and/or

In these cases the provision of your personal data might be a contractual requirement and you will be obliged to provide the personal data we require in order to provide the services to you. Without this information, we may not be able to provide you with our services or to respond to queries or requests that you submit to us.


The Chamber will always ensure that we respect your privacy rights. This means we can only collect your personal data if we have a legitimate reason for doing so. In most cases, we may rely on the following grounds:

  • we may have a contractual arrangement with you and to fulfil our obligations we need to process your personal data (e.g. you are a Chamber member)
  • there may be a legal obligation for us to process your personal data
    we may need to fulfil a legitimate interest we may have in a manner that does not outweigh your rights and freedoms (e.g. ensuring security of our IT infrastructure and systems, or monitoring the use and effectiveness of our website)
  • you may have expressly asked us to do something or otherwise given your clear consent to us that you are happy for us to process your data (e.g. for marketing purposes, or simply responding to a members’ survey you may have answered or other feedback you may have given us).

In most cases, we collect personal data that you choose to provide to us so that we can provide you with a service which you have requested from us such as the issuing of export documentation or renting out meeting rooms for example. The relevant information is then used by us to communicate with you on any matter relating to the conduct of your instructions in general. If you choose not to provide certain information, we may not be able to provide you with some or all of the services your request.

Other reasons we may process your information include:

  • maintaining our administrative or membership relationship management systems;
  • providing you with information about us and our range of services, otherwise known as ‘Direct Marketing’;
    management of enquiries and complaints;
  • if you are attending an event organised by the Chamber.

We also process information relating to our employees, for general employment and recruitment purposes. These purposes will be disclosed in more detail at the time we collect personal data from such persons.


We use your information in a number of ways. When we use your personal information, we do so lawfully. In every case, we will use your information for the purposes for which it was provided by you or obtained by us, and where such purposes change or cease to exist, we will inform you that we need additional information or shall delete your information in accordance with the retention policies described in this Privacy Policy.

Your information may be used:

  • to verify your identity when you are interacting with us;
  • to carry out our obligations arising from contracts entered into between you and the Chamber and to provide you with the information and services that you have requested from the Chamber or otherwise process transactions on your behalf such as settling invoices payable by you to us or to third parties;
  • to notify you about changes to our services or this Privacy Policy;
  • to ensure that content from our website is presented in the most effective manner for you and for your device(s); and/or
  • to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, or otherwise as part of our efforts to keep our website safe and secure.

We may also use aggregate information and statistics for the purposes of monitoring website usage in order to help us to develop our website and our services. We may also provide such aggregate information to third parties. These statistics will not include information that can be used to identify you as an individual.

Direct Marketing

Your information may also be used to provide you with information about us and our range of services, otherwise known as ‘Direct Marketing’. To this end, we may use your information:

  • to allow you to participate in interactive features of our services, when you choose to do so;
    to inform you about and manage your involvement with our services and events, including educational or other forthcoming Chamber events;
  • to provide you, with news bulletins, newsletters, brochures, or general information about other goods, services and events which we offer that are similar to those that you have already purchased, attended or enquired about, or otherwise feel may be of interest to you (unless you have opted-out of receiving such information).

In circumstances where you are an existing Chamber member or we otherwise have an existing relationship with you, we will rely on our legitimate interests as the reason for processing your personal data for direct marketing purposes. To this end, it may be necessary to process your personal data so that we can directly market in our legitimate interest. In such circumstances it is reasonable to expect that you might receive marketing material from the Chamber from time to time in the same manner in which we normally communicate with you (e.g. via email) and that there is no disproportionate impact to your individual privacy rights in such circumstances.

On each marketing communication, we will always provide the option for you to exercise your right to object to the processing of your personal data for marketing purposes (known as ‘opting-out’) by clicking on the ‘unsubscribe’ button on our marketing emails or choosing a similar opt-out option on any forms we use to collect your data. You may also opt-out at any time by contacting us on the below details.

Please note that any administrative or service-related communication will solely be directed at existing Chamber members or business partners, and such communications generally do not offer an option to unsubscribe as they are necessary to provide the services requested. Therefore, please be aware that your ability to opt-out from receiving marketing and promotional materials does not change our right to contact you regarding your use of our website or as part of a contractual relationship we may have with you.

If you wish to be removed, we will retain your details in our marketing database(s) specifically for the purposes of suppressing your details from inclusion in all future marketing campaigns. These database(s) have restricted access which is only available to Chamber employees. Your request to unsubscribe will only affect these database(s) and will not change any existing information on our other databases that you have provided to us.


The General Data Protection Regulation ( which came into force on 25th May 2018 and more commonly known as GDPR, gives data subjects (like you) certain rights in relation to their personal data. You can find out more about the GDPR and these rights by accessing the European Commission’s website:

If you are a natural person, in other words, an individual rather than a corporate entity, you have the right to:

  • information about the processing of your personal data (and if you did not give it to us, information as to the source);
  • obtain access to the personal data held about you;
  • ask for incorrect, inaccurate or incomplete personal data to be corrected;
  • request, in certain cases, that personal data be deleted when it is no longer needed or if processing it is unlawful;
  • object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation;
  • request the restriction of the processing of your personal data in specific cases;
  • receive your personal data in a structured, commonly used and machine-readable format, or ask us to send it to another person (‘data portability’); and
  • request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers. You also have the right in this case to express your point of view and to contest the decision.

Please note these rights may only apply in certain cases. For example, some rights only apply where the Chamber’s grounds for processing is your consent, or where we have a contract with you.

You also have a right to lodge a complaint with the appropriate data protection authority ( and in certain cases may receive compensation from us, as data controller, for any damage you suffer.

The Chamber wishes to ensure that your personal information is accurate and up to date. If any of the information that you have provided to the Chamber changes, for example if you change your email address or name, please let us know the correct details by contacting us on the details below. You may ask us, or we may ask you, to correct information you or we think is inaccurate, and you may also ask us to remove information which is inaccurate.


You can enforce the rights described above by means of a written request to the Chamber at To protect the integrity and security of the information we hold, we may ask that you follow a defined access procedure, which may include steps to verify your identity and completion of a form so that we can understand the nature of your request and the information you are after. You will need to provide information to confirm your identity so that we are sure it is actually you requesting your data and not someone else trying to make a false or fraudulent request. We must respond to your requests without undue delay and at the latest within 1 month.

There may be cases where we are unable to provide the information you request, such as where it would interfere with the privacy of others or result in a breach of confidentiality. In these cases, we will let you know why we cannot comply with your request.

In addition, you can enforce your right to object to direct marketing as described in the Direct Marketing section above.
Even if you do not request access to and/or correct your personal information held by us, if we are satisfied that, having regard to the reasons for which we hold your personal information, that personal information is inaccurate, incomplete, out-of-date, irrelevant or misleading, we may take reasonable steps to correct that information.


In certain cases we may access, preserve, and disclose to third parties information about you if we believe disclosure is in accordance with, or required by, any contractual relationship with you, applicable law, regulation or legal process, unless such information is protected by legal professional privilege. Personal data may be processed by us and/or our affiliates, agents, vendors, consultants or suppliers, as well as any other third party service providers who are performing certain services on the Chamber’s behalf for the purposes specified above or on your specific instructions. Such third parties may have access to personal data solely for the purposes of performing the services specified in the applicable engagement, or to comply with applicable laws and not for any other purpose. We may require these third parties to undertake security measures consistent with the protections specified in this Privacy Policy. Such third parties may be located within or outside of Gibraltar.

In addition we may be required by law to disclose certain information about you or any engagement we may have with you to relevant regulatory, law enforcement and/or other competent authorities, unless such information is protected by legal professional privilege. We may also need to share your information in order to enforce or apply our legal rights under any agreed terms of business.

We will not sell your information

Communicating via the Internet and sending information to you by other means necessarily involves your personal information passing through or being handled by third-parties, but we will not sell or distribute without your permission your personal information to third parties for purposes of allowing them to market products and services to you. Any information we share with marketing companies, data analytics companies, website developers, and similar service providers and their affiliates is for the sole purpose of developing, hosting, managing, operating and supporting the content on our website, or otherwise improving our website and the manner in which we market the Gibraltar Chamber of Commerce. We ensure that in such cases, the information cannot be used to identify you and is anonymised and ‘de-identified’. More information is found in our Cookie Policy.


We are committed to taking appropriate measures designed to keep your personal data secure. Our technical, administrative and physical procedures are designed to protect personal data and non-personal data from loss, theft, misuse and accidental, unlawful or unauthorised access, disclosure, alteration, use and destruction. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received.

To prevent unauthorised access as required by the Data Protection Act, we follow strict security procedures in the storage, encryption and disclosure of information which you have given us. Our security procedures mean that we may request proof of identity before we are able to disclose personal data to you following a request from you for us to do so. We implement security measures to ensure our members’ data is protected within secured and encrypted servers we control, which are located in Gibraltar. We may also keep hard copy records of this personal information in physical storage facilities with access restricted solely to Chamber employees.

We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information.

Our website does not collect your personal information and you may browse anonymously. More information is found in our Cookie Policy. If you have any further questions about the security of your personal information, you can contact us by email at

Risks of using the Internet

We use reasonable physical, electronic, and procedural safeguards to protect the personal information that we obtain from you from loss, misuse, and unauthorised access, disclosure, alteration, and destruction. Please note that we are not responsible for the security of any data you are transmitting over the Internet, or any data you are storing, posting, or providing directly to a third party’s website, which is governed by that party’s policies. Please note that no method of transmission over the Internet or method of electronic storage is 100% secure and we cannot ensure or warrant the security of any information you transmit to us. Transfer of your data via these means is therefore at your own risk.

Data Breaches

A loss of personal data is known as a data breach. The GDPR imposes requirements on businesses to identify, assess and report breaches in a timely manner (within 72 hours). We undertake to inform you if your personal data is compromised and there is a risk to your rights and freedoms as a result.

More information on data breaches may be found on the GRA’s website:


We shall retain a record of our engagement with all of our members, as well as all files and documentation relating to members and/or the particular matter that forms the basis of the contractual relationship for a minimum period of 6 (six) years from the end of the business relationship described in the relevant engagement documentation, unless we are required by law to retain such records for a longer period.

We will attempt to minimise personal data to what is necessary to identify the member and the services provided by the Chamber, and after the applicable retention period has expired shall destroy all personal data and other records. At our discretion, we may retain personal information for less than or longer than the said period of six years if we consider it necessary or desirable to do so.

For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at

Information about you that is no longer required by the Chamber may be de-identified and aggregated with other non-personal data to provide insights which are commercially valuable to us, such as statistics of the use of our services or our main sources of work. This information will be de-associated with your name and other identifiers and the data will therefore be anonymised. Likewise, certain statistical information obtained from our website is already anonymised. More information is found in our Cookie Policy. Such information may be kept by us for longer periods than those specified in this Privacy Policy, provided that such retention is in accordance with applicable laws and regulations.


Contact information of Data Controller

The data controller for any personal data you provide to us is THE GIBRALTAR CHAMBER OF COMMERCE. If you have any questions, concerns or comments or if you would like further information about this Privacy Policy, how we handle your Personal Data, or otherwise wish to enforce your data protection rights please contact us at:

Watergate House
2/6 Casemates
Phone: +350 200 78376el

Your right to complain

The Chamber tries to meet the highest standards in order to protect your privacy. However, if you are concerned about the way in which the Chamber is managing your personal information and think that we may have breached any applicable privacy laws, or any other relevant obligation, you are encouraged to raise any complaints regarding the processing of personal data with us directly on the contact details above.

The Chamber will make a record of your complaint and deal with the matter as soon as we are able to and keep you informed of the progress and any outcome.

If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved to your satisfaction, you are entitled to make a complaint to the Data Protection Commissioner under the Data Protection Act, which is presently the Gibraltar Regulatory Authority (GRA). The GRA is responsible for ensuring that your rights and obligations are respected. The GRA is also competent to hear your complaints and may prohibit or restrict the processing of your personal data in certain cases. You may contact the GRA on the below details:

Gibraltar Data Protection Commissioner
Gibraltar Regulatory Authority
2nd Floor, Eurotowers 4
1 Europort Road
Phone: (+350) 200 74636
Fax: (+350) 200 72166



Occasionally, at our discretion, the Chamber may include links to third party products, services or websites on our website. Please be aware that we are not responsible for the privacy practices of any third party sites, nor do we verify nor accept any responsibility or liability for their content. The privacy policies of others may differ significantly from our Privacy Policy. Therefore, we encourage you to read the privacy statement/policy of each and every website that collects personal data.

Governing Law and Jurisdiction

All issues regarding the Chamber’s website and Privacy Policy are governed by Gibraltar law and are subject to the exclusive jurisdiction of the Gibraltar courts.

No Waiver

Any delay or failure on our part in enforcing any of our rights shall not constitute a waiver by us of our rights and remedies. If any part of this Privacy Policy is held to be invalid or unenforceable, the validity or enforceability of the remainder will not be affected.

Revisions to this Privacy Policy

On this website, you can always view the latest version of our Privacy Policy and our Cookie Policy. We may modify this Privacy Policy from time to time. If we make changes to this Privacy Policy, we will provide notice of such changes, such as by sending an email notification, providing notice through our website or updating the ‘Last Updated’ date at the beginning of this Privacy Policy. The amended Privacy Policy will be effective immediately after the date it is posted. By continuing to access or use our website after the effective date, you confirm your acceptance of the revised Privacy Policy and all of the terms incorporated therein by reference. We encourage you to review the Privacy Policy whenever you access or use our website to stay informed about our information practices and the choices available to you. If you do not agree to the revised Privacy Policy, you may not access or use this website. If you are a Chamber member or have an existing business relationship with the Chamber and do not agree to the revised Privacy Policy, your only option will be to terminate your membership with the Chamber. Please contact us at if you wish to enforce any of these rights.