top of page

Privacy Policy

1. Introduction

The Consular Corps of Gibraltar (“we”, “our”, or “us”) is committed to protecting your privacy and ensuring the lawful, fair, transparent, and secure processing of your personal data in accordance with the Gibraltar GDPR and the Data Protection Act 2004 (DPA).

This Privacy Policy explains how we collect, use, disclose, protect, and retain your personal data when you interact with us.

​

2. Personal Data We Collect

We collect personal data when you engage with the Consular Corps of Gibraltar, for example, by:

  • Making enquiries

  • Registering for events or activities

  • Subscribing to updates or communications

The personal data we may collect includes:

  • Identity Data: Name, title, job role, organisation

  • Contact Data: Email address, physical address, telephone and/or mobile number

We collect only data that is reasonably necessary for the purposes described in this Policy.

​

3. Lawful Basis for Processing

Under the Gibraltar GDPR, we process your personal data only when we have a lawful basis, including:

  • Consent: Where you have expressly agreed to receive communications or updates

  • Legitimate Interests: Where processing is necessary for administration of events, communications, or activities of the Consular Corps

  • Legal Obligations: Where processing is required to comply with Gibraltar law

We will inform you of the specific lawful basis relied upon where required by law.

​

4. How We Use Your Personal Data

We use your personal data to:

  • Respond to your enquiries and requests

  • Facilitate your participation in events, meetings, briefings, and activities

  • Communicate relevant information about the Consular Corps of Gibraltar’s work and activities

  • Send updates where you have consented to receive them

We will not use your personal data for purposes incompatible with those for which it was collected.

​

5. Marketing and Communications

We will only send you marketing or promotional communications if you have expressly consented to receive them. You may withdraw your consent at any time by contacting us or by using the unsubscribe mechanism included in our communications.

​

6. Cookies and Tracking Technologies

We use cookies to gather information about how users interact with our website and to improve functionality. Cookies may include session identifiers and tracking technologies. For more information, see our Cookie Policy.

We set cookies in compliance with the Gibraltar GDPR and the Communications (Personal Data and Privacy) Regulations 2006.

​

7. Sharing and Disclosure of Your Personal Data

We do not sell or rent your personal data. We may share your personal data with:

  • Service Providers: Supporting our operations (e.g. event management, communications platforms)

  • Legal or Regulatory Authorities: Where required by law or as necessary to respond to legal process

  • Partner Organisations: Strictly for the purpose of facilitating your participation in authorised activities

Any sharing of personal data is done in accordance with the Gibraltar GDPR.

​

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, damage, or disclosure. These measures are proportionate to the risk presented by the data processing.

​

9. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals:

  • We will notify the Gibraltar Regulatory Authority (GRA) without undue delay and, where feasible, within 72 hours of becoming aware of the breach

  • Where required, we will inform affected individuals promptly

This follows the breach notification requirements under Article 33 of the Gibraltar GDPR.

​

10. Your Rights under Gibraltar GDPR

Under the Gibraltar GDPR, you have the right to:

  • Access your personal data and obtain a copy

  • Correct inaccurate personal data

  • Erase your personal data (where lawful)

  • Restrict or object to processing

  • Data Portability (where applicable)

To exercise your rights, please contact us using the details below. You can also lodge a complaint with the Gibraltar Regulatory Authority (GRA) if you believe your rights have been infringed.

​

11. Third-Party Links and External Services

Our website may contain links to third-party websites. We are not responsible for the privacy practices of external sites. We encourage you to review the privacy policies of any third-party sites you visit.

We may also engage third-party service providers (e.g. analytics, email delivery, event platforms). These providers may process data on our behalf and are contractually restricted from using your data for other purposes.

​

12. Retention of Personal Data

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, to comply with legal obligations, and to support our legitimate interests.

​
13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Any changes will be posted on this page with a revised effective date.

​

14. Contact Us

If you have any questions or concerns about this Privacy Policy or your rights under data protection law, you may contact:

Consular Corps of Gibraltar
Anne Lundin 
Email: icelandicconsulategibraltar@gmail.com

For data protection guidance or to make a complaint, you may also contact:
Gibraltar Regulatory Authority (GRA)
Email: privacy@gra.gi
2nd Floor, Eurotowers 4
1 Europort Road, Gibraltar GX11 1AA
Telephone: +350 20074636

bottom of page