Privacy Policy

Last updated 25h May 2018

a. Policy relating to Privacy

Charles Gomez & Co. takes your privacy very seriously and any personal information you give us is treated confidentially and held with care and security.

This Privacy Policy document explains how we process any personal information we may collect from you or which we have obtained about you from a third party. We also set out and explain the purposes for which we process your personal information as well as your rights in respect of data protection.

In this Policy relating to Privacy references to "we", "us" and "our" refer to Charles Gomez & Co. References to "you" or "your" refer to data subjects.

If you need further information about Data Protection please visit www.gra.gi

b. Data Protection Section

If you have any questions about our privacy policy or if you wish to exercise any of your rights as described herein or under the General Data Protection Regulation, you can contact us either:

By Email: dataprotectionsection@gomezco.gi

By Post:

Charles Gomez & Co
Data Protection Section
PO Box 659
5, Secretary´s Lane
Gibraltar, GX11 1AA

By Telephone: +350 200 74998

Charles Gomez & Co has not appointed a specific Data Protection Officer but our Data Protection Section can be contacted directly via the above details.

c. Data Protection Principles

Charles Gomez & Co adheres to the following principles under the General Data Protection Regulation ("GDPR"):

  • Fairness – data must be processed in a fair, transparent and lawful manner.
  • Specified purpose - data must be collected and used only for specified, explicit and legitimate purposes.
  • Purpose Limitation – data must be limited to what is necessary in relation to the purposes for which they are processed.
  • Adequacy – data collected must be adequate, relevant and not excessive for the purpose for which they were collected.
  • Accuracy - data must be accurate and complete and, where necessary, kept up to date.
  • Retention - data must be kept for no longer than is necessary for the purposes for which the personal data are processed.
  • Security and confidentiality – the information collected is kept safe and secure, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage by using appropriate technical or organisational measures.

d. Your personal information and how we use it

We collect personal information from you in the course of our business and through your use of our website. Most of this information is directly provided by you but we may also collect information about you from publicly accessible sources such as the Companies House or from third party sources of information such as client due diligence providers. Websites or social media platforms are also a source of information if you have made your information public.

Under the General Data Protection Regulation ("GDPR") we may collect personal information from you in order to fulfil our legal obligations and provide our services, which would imply, without limitation:

  • Verification of your identity
  • Legal Advice
  • Recruitment processes
  • Protection of someone’s vital interests
  • Direct Marketing
  • Management of enquiries and complaints
  • Compliance with any court order, judicial process, applicable law, or the requirements of a regulator.
  • Performance of our obligations in accordance with any contract that we may have with you.
  • As otherwise required or permitted by law or requested by regulatory authorities.

Further to the above, we may process and hold the following personal information:

d.1) Existing client or prospective individual client:

  • Identifying information (full name, job title, company, email address, phone number etc).
  • Payment information (Bank account statement, source of funds etc).
  • Other information depending on the nature of your instructions to Charles Gomez & Co and relevant to the provisions of our services.
  • Relevant information as required by Know Your Client and / or Anti-Money Laundering regulations (company documents, deeds, wills, proof of inheritance, passport, ID card etc).

If you do not wish to provide us with your personal data, we may not be able to perform our obligations under the contract between us. Charles Gomez & Co will only use your personal data for the purposes for which we collected it. If we need to use your personal data for an unrelated purpose, we will notify you in a timely manner and we will explain the legal basis which allows us to do so.

d.2) Website user:

  • Identifying information (name, company, email address, social media account, phone number etc).
  • Visitors Information (preferences and interests, pages you visit and other details).
  • Information about the device through which you access our website and your computer’s Internet Protocol (IP).
  • Information collected by cookies on our website. (Please see our Cookies Policy).
  • Other information relevant to the provision of our services.

Our website may, from time to time, contain links to and from third-party websites. Please note that these websites have their own privacy policies and Charles Gomez & Co does not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

d.3) Recruitment candidates:

You may provide us with your full name, contact information, CV, education and employment history and similar matters for potential recruitment opportunities with Charles Gomez & Co. This shall apply to applications received by us online, via email, by facsimile, by hard copy or in-person.

d.4) Marketing purposes:

We may also collect and use the personal information above to enable us to market our products and services which may be of interest to you. We will only send you marketing communications where you have consented or where we have a lawful right to do so. You have the right to opt out of receiving email marketing communications from us at any time by contacting our Data Protection Section at dataprotectionsection@gomezco.gi or replying to our marketing emails or letters stating you wish to unsubscribe from our email marketing list.

We might also need to process personal information in relation to other third parties instructed either by our own clients or other persons or companies involved with us providing the Services to our client (for instance other law firms or experts).

Please note the list above is not exhaustive due to the extensive variety of personal information processed as part of a law firm providing legal services.

d.5) Sensitive personal data and Children:

Sensitive personal data relates to information such as racial or ethnic origin, religious or philosophical beliefs, sexual orientation or data concerning health. It is not our aim to seek this kind of information but if strictly necessary, we will ask for your explicit consent to our proposed use of that information at the time of collection and will be also treated confidentially. Personal data relating to children will apply as sensitive data and the same precautions will be taken. We request those under 16 not to use our website nor disclose or provide personal information to us.

e. Who we share your personal information with

We may share your personal information with third parties such as:

  • Our professional advisers such as accountants.
  • Government or regulatory authorities.
  • Professional indemnity or other relevant insurers.
  • Regulators/tax authorities/corporate registries.
  • Third parties to whom we outsource certain services such as, without limitation, document processing and translation services, IT systems, support service and software suppliers, document and information storage providers.
  • Third parties engaged in the course of the services we provide to clients such as arbitrators, counsels, mediators, clerks, witnesses, court, opposing party and their lawyers, and experts such as tax advisors.

We may have to share personal information outside Gibraltar and / or the European Economic Area (EEA) to deliver our services to you. Non-EEA countries have different data protection laws and requirements. These transfers are subject to special rules under European and Gibraltar Data Protection Laws. However, we will comply with our legal and regulatory obligations in relation to the personal information, including but without limitation, putting appropriate safeguards in place as required by GDPR law.

Please note the list below is non-exhaustive.

f. Retention and storage of your personal information

We will keep your personal data for a minimum period of 6 years or longer as we are required to do so by law or at your request. Therefore, retention periods will vary depending on the nature of the information. Retention could also be with the aim of protecting your interests or those ones of other relevant natural persons. In view of the various limitation periods which can accrue, we will not dispose of any elements without your consent and then only with our agreement.

For visitors to the website, we will retain the relevant personal information for as long as necessary to provide a service, or to improve our services in future from the date of our last interaction with you and in compliance with our obligations under the GDPR.

g. Confidentiality and Security

We are committed to keeping the personal information provided to us secure and we have implemented appropriate information security policies, rules and technical measures to protect this information. We follow rigorous security protocols to safeguard any personal information you may share with us.

All our staff as well as data processors (i.e. those who process your personal information on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal information, are obliged to respect the confidentiality of such personal information.

Despite these precautions, Charles Gomez & Co cannot guarantee the security of information transmitted over the Internet or that unauthorized persons will not obtain access to personal data. According to GDPR we must notify any breach within 72 hours to the applicable regulatory entity and we will also notify you.

h. Your GDPR rights

We hereby inform you that according to GDPR you have the following rights:

  • Right to be informed

You have the right to know the information we hold about you.

  • Right of access to your information

You have the right to access information which we hold about you. If you so request, we shall provide you with a copy of your personal data at such fee as may from time to time be allowed by law.

  • Right to rectification and updating

You have the right to have your personal data rectified or updated. You can update your details or change your privacy preferences by contacting our "Data Protection Section" above. If we have shared your personal information with others, we will try to let them know about the rectification where possible.

  • Right to erasure

You have the right to ask us to delete or remove your personal information in some circumstances ("Right to be Forgotten") or if you withdraw your consent (where applicable and allowed by law).

  • Right to restrict processing

You can ask us to stop the processing of your personal information in certain circumstances such as direct marketing and when allowed by law.

  • Right to data portability

You have the right to receive personal data which you have provided to us in a structured and commonly used format so that it can be transferred to another data controller ("data portability") and to reuse it elsewhere or to ask us to transfer this to a third party of your choice. The right to data portability only applies where your personal data is processed by us with your consent or for the performance of a contract.

  • Right to object or withdraw your consent to processing

You have the right to object at any time to our processing of your personal data for direct marketing purposes or relying on our own or someone else's legitimate interests. Where you object on this ground, we shall no longer process your personal data unless we can demonstrate compelling legal grounds for the processing.

  • Right not to have decisions being taken by automated means

Individuals have the right not to be the subject of a decision when it is based solely on automatic means without any human intervention.

  • Right to contact us

We do our best to meet privacy standards. However, if you are concerned about any data protection issue, you have the right to raise any issue or complaint to us. You can exercise any of your rights by contacting us as provided under "Data Protection Section" above. We may then ask you to follow a process in order to verify your identity, ask you for additional information for that purpose, fill in the appropriate form or supply any other relevant documentation. We must respond to your request within 1 month. Under certain circumstances that period may be extended where requests are complex or numerous.

  • Right to complain to the Gibraltar Supervisory Authority (GRA)

You have the right to complain at any time with the relevant Supervisory Authority if you feel your rights have been breached. In Gibraltar, the Supervisory Authority who acts as Data Protection Commissioner is the GRA whose offices are located on the 2nd floor, Eurotowers 4, 1 Europort Road, Gibraltar. You can contact them on their website www.gra.gi, by email at info@gra.gi or by telephone (+350) 20074636 or Fax (+350) 20072166.

Please note we may refuse to comply with a subject access request if the request is manifestly unfounded, excessive or repetitive in nature. All requests must be made in writing.

We hereby inform you that under the GDPR we must provide a copy of the information free of charge. However, if your requests are manifestly unfounded, excessive or disproportionate, we can charge a reasonable fee taking into account the administrative costs of providing such information. This would also apply to further copies of the same information.

i. Changes to this Privacy Policy

We may make changes and update this Policy relating to Privacy from time to time to comply with changes in applicable law or regulatory requirements. Please see the "Last updated" date at the beginning of this Privacy Policy. We encourage you to review this Privacy Policy periodically to be informed of how we use your personal information.

j. Consent

By instructing us for any of our services you consent to this Privacy Policy. This consent shall also apply for all subjects providing personal information to us at any time such as for recruitment processes, enquiries and complaints purposes.

By using our website and disclosing your personal information on it, you consent to the collection, storage and processing of your personal information in the manner set out in this privacy statement.

If you are an internet user and you do not agree with this privacy policy, you may not access our website. If you are an existing client or have an existing business relationship with us and you do not agree with our Privacy Policy, then you will have to terminate your engagement or business relationship with us in compliance with our Terms of Business.