The Gibraltar Tourist Board (“GTB”, “we, “us” or “our”), a statutory body incorporated under the Development of Tourism Act 1969, with its offices at Duke of Kent House, Cathedral Square, Gibraltar.
We undertake our statutory duties to promote tourism to and within Gibraltar under the brands “VisitGibraltar” and “Gibraltar - A Year of Culture”.
GTB is the data controller in connection with any personal information collected or received by us arising from your use of any of our products, services, applications, websites (including any e-commerce stores) and customer support communications.
This Policy explains the types of information that we may collect and hold, how that information is used and with whom the data is shared. It also sets out how you can contact us if you have any queries or concerns about this information.
We reserve the right to make changes to this Policy at any time. Your continued use of our products, applications, services and websites that are subject to this Policy will signify your acceptance of any and all changes to this Policy made by us from time to time.
We may collect information about you in several different ways. Please take care when submitting information to us, particularly when completing free text fields or uploading content, documents and other materials. Some of our services may be automated and we may not recognise that you have accidentally provided us with incorrect or sensitive information.
Information that you provide us
Whenever you interact with us, you may be asked to provide us with information relating to you. For example:
Some of our products or services may require you to create an account or register certain information in order to use a particular product or service. We may ask you to provide a range of information, such as your name, address, email address, date of birth, location, contact details, applicable device ID(s) relating to the devices you are using to access and receive particular applications and services, interests and account and marketing preferences
When you purchase, register or subscribe for one of our products or services via any one of our authorised channels, we may ask you to provide information such as your contact details, applicable device ID (s) relating to your particular product(s), delivery date and place of purchase and payment information
When you contact us for customer service assistance (by any means of communication including written communications or via our website(s), support forums, telephone, email, SMS, or our social media channels), we may record all customer service communications and keep information about the particular communication, including your name, the product(s) you bought, the reason why you contacted us, and the advice we gave you so we can track the resolution of any customer service issues and for customer service training purposes
When you join and/or participate in one of our loyalty programmes, we may collect information relating to your use of the loyalty programme and the rewards you claim
When you visit us at a public event, such as a trade show or exhibition or participate in one of our surveys, competitions or prize draws, we may ask for information, such as your business card, name, contact details, interests and marketing preferences
When you use our applications and services or other platforms, we may receive content that you choose to upload, such as product reviews, comments, photos and forum posts, or details of your interests and preferences that you choose to tell us about when, for example, selecting the services that you wish to receive
Information we collect from other sources
We may also collect information from publicly available sources and third parties, including:
When you seek to make a purchase from us, we may carry out credit and financial checks to ensure payment is not made fraudulently and that you have a suitable credit rating
Information we collect in relation to social networks
If you use any of our social network pages or applications or you use one of our products or services that allow interaction with social networks, we may receive information relating to your social network accounts.
If you log-in to one of our websites, applications or services using your social network account, we may receive basic details from your social network profile. The basic details we receive may depend on your social network account privacy settings; however, they might include your social network ID, name, profile picture, gender and locale. We may also receive additional information from your profile if you give us permission to access it
If you click on a ‘like’, ‘+1’ or ‘tweet’ or similar button in one of our websites or services, we may record the fact that you have done so. In addition, the content that you are viewing may be posted to your social network profile or feed. We may receive information about further interactions with this posted content (for example, if your contacts click on a link in the posted content), which we may associate with the details that we store about you
If you ‘like’, ‘+1’ or similar one of our pages on a social network site, we may receive information about your social network profile, depending on your social network account privacy settings
Information we collect when you use websites, products, services and applications from us
In order to improve and provide a better user experience, some of our websites, Internet-enabled products and applications and services provide us with information about your use of them, including:
Details of your usage patterns, the content (including any advertisements) that you view and interact with including information on the services and applications you are using in-device to personalise services to your specific needs. For example, when you use our websites, we may collect information about your visit, such as your browser software, which pages you view and which items you ‘clicked’ on or added to your shopping basket
Service, product or server logs, which hold technical information about your use of our service, product or websites, such as your IP address, device ID(s), domain, device and application settings, errors and hardware activity. We may use your IP address to determine your location/country of origin.
Device Information such as your device ID(s), including information about where your device is physically located. For example, when you are using a geo-location service or application and you have given consent to your location being shared
Interests and preferences that you specify during set up or registration of any product or service
We may use the personal information you provide to us or which we collect for the following range of purposes, including:
We may use information it collects for the following purposes:
Provide you with a product or service you have requested (including any backup and restore service), delivering your purchase to you or ensuring that you benefit from any relevant special offer or promotion (and fulfil its obligations under any other agreement it may have with you)
Create and manage customer database(s) of its users including basic account information (such as your name, date of birth, address, contact details), applicable device ID(s) (relating to the devices you are using to access and receive particular applications and services), related product or service usage information and customer preference information as provided by you from time to time. As part of our ongoing customer relationship management activities, we may consolidate several databases into one or otherwise link separate databases to more effectively manage your accounts.
For staff training and quality assurance purposes, particularly in relation to our customer relations staff at our call, email and other customer support centres
Ask for your opinions about our products and services and conduct surveys
Facilitate and process your searches and requests for information when you contact us about our websites, products and services
Hold competitions prize draws, contests and other promotional offers across all platforms (web/online media as well as offline platforms including at exhibitions and trade shows and events), contact winners and to fulfil prizes to winners and, where applicable, accompanying guests
We may use your information to provide you with product and service updates, newsletters and other communications about existing and/or new products and services by email, if you have provided your prior consent or we are otherwise permitted to do so under applicable law.
Personalised content, recommendations and advertisements
We may use the information we collect and/or any information which you share with us to personalise our stores, services, content, recommendations and adverts. You may notice this personalisation when you use our products and services, when we send you marketing communications and when you visit our own and third party websites that show advertisements from us or our advertising partners (for example, you might see an advertisement for a product that you have recently viewed on one of our websites).
Statistics and Research
We may use your information to create user group profiles or segment data and to otherwise create anonymous, aggregated statistics about the use of our websites, products and services which we may share with third parties and/or make available to the public.
We may use your information to improve and enhance our existing products, services and applications and develop new offerings, recommendations, advertisements and other communications and learn more about customers’ shopping preferences in general.
Publish your reviews, comments and content
Where you have uploaded product reviews, comments or content to our websites or services and made them publicly visible, we may link to, publish or publicise these materials elsewhere including in our own advertisements.
Combining the information we collect
We may link or combine the information that we collect from the different sources outlined above in the “Information that we collect” section 1 above. Information may be linked via a unique identifier, such as a cookie or account number. Alternatively, we may decide to combine two or more databases into a single database of customer information.
We may do this for your and/or our convenience (for example, to allow you to more easily register for a new service), to allow us to provide more seamless customer support whenever you contact us and to provide you with better, personalised services, content, marketing and adverts.
In general, we do not share or disclose information about you to third parties without your consent. However, there are exceptions:
Our authorised data processors and service providers
We may use other third party service providers to provide certain data processing services for us (acting as our authorised data processors). Examples of authorised data processors could include billing and fulfilment partners, data analytics providers who process information on our behalf for the purposes outlined above. For example, we may use the services of third parties to personalise content, fulfil orders, deliver packages, send postal mail and emails, provide marketing assistance and provide customer services.
When acting as our authorised data processors, our service providers are required to only process data in accordance with our instructions, in line with this Policy, and are subject to appropriate confidentiality and security obligations.
Third party newsletters
If you request or agree to receive information or newsletters from one of our business partners, we may provide that third party with your details so that they can contact you and/or respond to your request.
We prepare anonymous, aggregate or generic data (including “generic” statistics) for a number of purposes as outlined above. As we consider that you cannot reasonably be identified from this information, we may share it with any third party (such as our partners, advertisers, industry bodies, the media and/or the general public).
Sharing of information provided by you
A number of our websites, applications and services allow you to upload and share messages, photos, video and other content and links with others and/or create a publicly accessible profile for your account. For example:
Other services allow you to share a link which if clicked on may allow the recipient to access your uploaded content
Please be aware that any content and links that you share via our websites, applications and services might, for instance, be forwarded by your recipients to others. You should always exercise discretion when using such applications and services.
We ask our users to take responsibility for protecting their own privacy online and to also respect the privacy of others. Participants in any communities, forums and message boards are prohibited from disclosing their own personally identifying information other than their own online IDs. Disclosure of phone numbers, addresses, age or other personally identifying information that may breach someone else’s privacy is prohibited. Encouraging or asking users to publicly disclose their personally identifying information is also prohibited.
The Gibraltar Tourist Board is a statutory body incorporated under the Development of Tourism Act 1969 with its headquarters based in Gibraltar. We have an international network of offices to assist in delivering our core function of promoting the development of tourism to and within Gibraltar and encouraging people to visit Gibraltar. As such we are a global organisation.
For the purposes explained in this Policy, your information may be transferred and/or processed (a) by and between our London and international offices (b) to other third parties (who are acting as our authorised data processors) in countries which do not have the same level of data protection laws as those in the country where you are located.
Each of our international offices and/or authorised data processors will however comply with our internal information handling policies relating to processing of personal data, which complies, with the key data protection principles of fair handling of personal data and ensuring adequate level of protection of personal data.
When you provide us with contact details, such as when you purchase a product, contact us for customer support or create an account for one of our services, you may be given the opportunity to opt-in to (or in certain cases where applicable law allows, opt-out of) receiving various newsletters and other communications from us. These communications may include, for instance, details about our latest products and services, including upgrades and special offers in which you may be interested.
You can change your marketing communication preferences at any time:
If you would like to unsubscribe from an email sent to you, follow the ‘unsubscribe’ link and/or instructions placed (typically) at the bottom of the email. But note that:
If you use more than one e-mail address to shop with us or contact us on, you will need to unsubscribe separately for each email address
This method will only unsubscribe you for emails. You will need to separately unsubscribe for other types of marketing communications you receive.
While we can’t guarantee that unauthorised access will never occur, rest assured that we take great care in maintaining the security of your personal data to prevent unauthorised access to it, through the use of appropriate technology and internal procedures.
What we do to protect your information
We take a number of steps to protect your information from unauthorised access, use or alteration and unlawful destruction, including where appropriate:
Limiting access to the information we collect about you (for instance, only those of our personnel who need your information to carry out our business activities are allowed access)
Putting in place physical, electronic, and procedural safeguards in line with industry standards
What you should do to protect your information
As general best practice on the Internet, it is recommended that individuals take great care with user accounts, and follow some basic rules:
Do not use trivial passwords (such as single dictionary words)
Do not use the same password for multiple accounts
Do use very long passwords (at least 10 characters, but preferably much longer)
Do use passwords which contain a combination of upper and lower case letters, numbers and special characters e.g. $%^& etc.
Do keep passwords securely (never written down, or shared with anyone) and changed periodically
Our websites use industry-wide technologies, such as “cookies”, to collect information about the use of our websites and email communications. For instance, these technologies may tell us which visitors clicked on key elements (such as links or graphics) on a website or email and recognise your browser the next time you visit our websites.
Cookies allow us to customise your experience to better match your interests and preferences, or to simply facilitate your signing in to use the services. Most browsers will allow you to erase cookies from your computer hard drive, block acceptance of cookies or receive a warning before a cookie is stored. However, if you block or erase cookies, we may not be able to restore any preferences or customisation settings you have previously specified, and our ability to personalise your online experience would be limited. Please refer to your browser instructions to learn more about these functions.
If you would like a copy of the personal information that we store about you in our customer databases, please contact us. You may be asked to provide some proof of identification so that we can verify that it is you making the request. We reserve the right, subject to applicable law, to charge a fee (subject to any cap on fees as required by applicable law) for inspection of your personal data held by us.
This is in addition to your legal rights, including the right to access a copy of your personal information, the right to request the deletion or updating of any inaccurate personal data and the right to object, in some cases, to our processing of your personal data. You can exercise these rights by contacting us using the details given in the “Contact us” section on our websites.
We will only retain your personal data for as long as is reasonably necessary for the various purposes set out in section 2 above or to otherwise comply with any applicable laws and regulations concerning the mandatory retention of certain types of information relating to our customers and/or any commercial transactions with them. Should any personal data held by us no longer be required by us for any of the purposes set out in section 2 above “How we use the information that it collects”, we undertake to take reasonable steps to destroy or de-identify any personal data after a reasonable period of time has elapsed.
If you are concerned that we have not complied with your legal rights or applicable privacy laws, you may contact your local data protection authority.
Under your right to rectification, data can be edited by emailing us at email@example.com or updating details on Mailchimp via the link at the bottom of every email.
Right to lodge a complaint
You have the right to lodge a complaint with the Gibraltar Regulatory Authority if you think we are not acting in accordance with our legal obligations. However, we would always encourage you to raise your concerns with us first so we can investigate. You can do this by contacting… The contact details for the Gibraltar Regulatory Authority can be found on their website at www.gra.gi or by emailing them on firstname.lastname@example.org.
Some of our websites may contain links to other third party websites that are not operated by us. While we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content, security or privacy practices of those third party websites. We strongly encourage you to view the privacy and cookie policies displayed on those third party websites to find out how your personal information may be used.