GRA PRIVACY NOTICE
This Privacy Notice discloses the privacy practices, in accordance with the Data Protection Act 2004, for www.gra.gi. This notice applies solely to information collected by the Gibraltar Regulatory Authority (the “GRA”).
This Privacy Notice was last updated on 16th August 2021. This Privacy Notice is a live document and will be kept under regular review and updated, as required.
1. Who is Responsible for Managing my Personal Data?
The website www.gra.gi and all forms which allow for the collection of personal data, submitted via the website or any other means are owned and maintained by:
Gibraltar Regulatory Authority, 2nd floor, Eurotowers 4, 1 Europort Road, Gibraltar GX11 1AA
This Privacy Notice explains how we collect, use, share and protect your personal data.
The GRA is responsible for the collection and proper management of any personal information you submit. We will keep your personal details secure and use the information you provide consistently with applicable privacy and data protection laws and the terms of this Privacy Notice.
2. What Personal Data do we collect?
We will collect details that you provide in relation to the following:
- Complaints or enquiries in relation to entities issued with a general authorisation under the Communications Act 2006;
- Complaints or enquiries in relation to data controllers in relation to their obligations under the Data Protection Act 2004, or any other privacy related legislation applicable in Gibraltar;
- Complaints or enquiries in relation to entities issued with a licence under the Broadcasting Act;
- Complaints or enquiries in relation to entities issued with a licence or general authorisation under the Postal Services Act;
- Complaints or enquires in relation to matters under our remit in respect of the Competition Act 2020;
- Information submitted by you in response to a public consultation issued by us;
- The issuing of licences under Part VI of the Communications Act 2006, such as radio amateur licences, private mobile radio licences and citizens band radio licences;
- Our subscriptions feature, which is used to update subscribers with news, updates or any other relevant information consistent with subscribers’ requirements;
- The Register of Data Protection Officers; and
- The Opt-out Register for Telephone and Fax
It is our policy to not collect personal information from any minors.
3. How we use your Personal Data
The information you provide is used in a number of ways, for example:
- To carry out investigations in relation to your complaint or enquiry;
- To keep our register of radio licences issued under Part VI of the Communications Act 2006 current and updated;
- To keep you updated with any information we feel corresponds to your subscription requests;
- To process any replies, comments or submissions following a public consultation;
- To maintain your entry in the Register of Data Protection Officers; and
- To maintain your entry in the Opt-out Register for Telephone and Fax
4. What is the legal basis for processing your Personal Data?
We will always process your personal information on lawful grounds and in particular on the basis that we will always seek to obtain explicit consent from you before we begin to process any personal data.
We will ask your consent to use your name, email address, phone number(s) and postal address to contact you about your complaint, enquiry, subscription, licence or register entry.
You can withdraw your consent at any time, however, please be aware that there are certain legal provisions which require us to process your personal data in order to provide you with specific services, such as the renewal of a radio licence.
5. Who do we share Personal Data with?
6. How long will we hold your information for?
Your information is only stored whilst it is required for the relevant purposes, or to meet legal requirements.
In the case of investigations carried out as a result of a complaint, we will hold your personal data for the course of the investigation and then, if we have issued any decisions, recommendations, directions, or any other action which is appealable, we will hold the data for the period provided for by statute for such appeals, including judicial review, to take place.
Where your information is no longer required, we will ensure it is disposed of or deleted in a secure manner.In certain circumstances we will anonymise the data to the extent that we will continue to process data in a format which makes identifying you impossible.In these instances, every effort is made to ensure proper and correct processes are in place to carry this out effectively.
7. Your rights
You have the right to ask us:
- to confirm whether we hold any of your personal data;
- to provide you with a copy of any personal data that we hold about you;
- to correct any inaccuracies in your personal data and to modify it in such a way if you believe the personal data we hold is incomplete;
- to delete (in as much as is possible in the specific circumstances) any of your personal data, where we are required to do so by law;
- to stop processing your personal data, where required to do so by law;
- to let you have a portable copy of the personal data we hold about you, where required to do so by law;
- to stop processing any of your personal data that is processed by us on the basis of our legitimate interests; and
- where we process your personal data on the basis that you have given us your consent to do so, you may contact us at any time to withdraw your consent.
If you wish to exercise any of these rights, or object to our processing your personal data, please email us on email@example.com or write to us at the address provided for below.
8. How do we update this Privacy Notice?
This Privacy Notice is always under regular review and we will update it accordingly on our website.
9. Who can I contact in reference to this Privacy Notice?
The GRA’s Data Protection Officer is Maurice Hook. You can also contact him directly if you have any questions about our privacy notice or information we hold about you.
Please send an email to firstname.lastname@example.org or contact:
Maurice Hook, Data Protection Officer
Gibraltar Regulatory Authority, 2nd floor, Eurotowers 4, 1 Europort Road, Gibraltar GX11 1AA.