UBO logo

Gibraltar UBO Register



Who are you and what is the purpose of this notice?

HM Government of Gibraltar (“HMGoG”) is committed to protecting and respecting your right to privacy. This Privacy Notice aims to provide you with information on what personal data we collect about you, what we do with that information and why we do it, who we share it with, and how we protect your privacy.



HM Government of Gibraltar (“HMGoG”) (collectively referred to as “we”, “us” or “our” in this Privacy Notice) is the data controller for the purposes of this digital portal and your interactions with us.



It is important that you read this Privacy Notice together with any future notice we may provide so that you are fully aware of how and why we are using your personal data.



What information do you collect about me?

In order to register your account, we requested personal data about you including: first name, surname, contact mobile number and email address. This information is necessary as we must be able to verify your identity before allowing you access to the UBO register.



How do you use my information?

We may use your personal data to:

  • verify your identity and prevent user fraud;
  • help resolve an incident or problem you may report
  • we may also share your data if we are required to do so by law (for example complying with a court order) or to assist law enforcement bodies in the prevention, investigation, detection or prosecution of criminal offences


Cookies

You can find further information about our cookie policy by accessing https://www.gibraltar.gov.gi/cookie-policy .



What gives you the right to use my information?

Whenever we process your personal data we ensure that we:

  • process it lawfully, fairly and in a transparent manner.
  • collect it only for valid purposes that we have clearly explained to you and not use it in any way that is incompatible with those purposes.
  • keep it only as long as necessary for the purposes we have told you about.
  • keep it safe and secure, to limit the potential of a personal data breach.

We will only use your personal data for the purpose for which we collected it, specifically for delivery of our digital services. Our lawful basis for processing your personal data is Article 6(1)(e) of the Gibraltar GDPR, which allows for processing that is necessary for the performance of a task carried out in the public interest. Additionally, we also rely on section 10(d) of the Data Protection Act 2004 processing that is necessary for the exercise of a function of a Minister or a government department.



Do we transfer your Personal Data internationally?

We would only transfer your Personal Data outside Gibraltar if:

  • specifically directed by you;
  • necessary to comply with a legal obligation or criminal investigation,


and we will use reasonable endeavours to procure that the recipient country or organisation offers the same levels of protection to your Personal Data as the Gibraltar GDPR and the Data Protection Act 2004.



How do you keep my information safe and secure?

Under the Data Protection Act 2004 and the Gibraltar GDPR, strict principles govern our use of personal data and our duty to ensure it is kept safe and secure.

Please rest assured that we have put in place appropriate security measures (such as password protection and access restrictions) to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also use encryption for the collection or transfer of sensitive personal data, such as your credit card details when making a payment.

All our records are restricted so that only those individuals who have a need to know can access the information. This might be through the use of technology or other environmental safeguards.

All our employees are subject to the common law duty of confidentiality. This means that any personal data about you will only be used in connection with the purpose for which it was provided, unless we have specific consent from you or there are other special circumstances covered by law.

We remind you that you should never disclose your password or login credentials to anyone. This is specific to you and should remain private to ensure that your personal data are protected.

If you believe that someone has logged in with your credentials you should notify us by contacting our support team.



Who do you share my information with?

We do not normally share or disclose your personal data with any third parties. However, we may share when necessary to assist in the prevention, investigation, detection or prosecution of criminal offences, and in order to prevent fraud.