Privacy Statement

Please read this notice carefully to understand our policies and practices regarding your personal data and how we will treat it. We are committed to protecting the privacy of your personal data in accordance with applicable data protection legislation. It also governs your use of our legal and fiduciary services, content, features, or functions offered by us and all related sites, and applications (collectively, the Services). 

1. About us

Ramparts consists of Ramparts Corporate Advisors Limited and Rampart Corporate Services Limited respectively an authorised law firm and authorised fiduciary services provider in Gibraltar.

References in this notice to ‘we’, ‘our’ or ‘us’ means Ramparts, their subsidiaries, affiliates, and the other partnerships and other entities or practices authorised to use the name ‘Ramparts’ or describe themselves as being in association with Ramparts as the context may require. Each such entity is a ‘Group’ member, and are collectively the Ramparts ‘Group’. 

Ramparts controls the collection and processing of any personal data that you provide in relation to this website, www.ramparts.gi, and our Services. Where Services are provided to you by any other Ramparts Group member or affiliate, the entity providing the service will be the controller of your personal data. This notice applies to all such entities and/or affiliates.

The entity responsible for providing Services to you will be stated in our Engagement Letter and it is this entity that will be determining the purposes and means of the data processing taking place and shall be the independent ‘controller’ of your data. This notice applies whether you are, or you are acting on behalf of, a client or potential client of a Group member, or you are a professional, business contact, third party contact or job applicant of the Group.

2. Your duty to inform us of changes

It is essential that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us and your use of our Services. 

3. Personal data we may collect from you

The kinds of personal data that we may collect from you and hold may include:

  • identifying information, such as your name, date of birth, gender,  the company you work for, your job title and your position, or any other types of data relevant to us providing you with our Services;
  • identity verification information, such as images of your government issued ID, passport, national ID card, utility bill or driving licence contact information, such as your postal address, email address and telephone numbers;
  • financial information, such as a credit or debit card, bank account or other payment details and/or other personal wealth information;
  • online identifiers that may also constitute personal data, such as your MAC address, computer and mobile device unique device ID and IP information based on your internet connection settings;
  • details of any Services that we provide to you and how you use them;
  • records of our communications with you, including any messages you send us;
  • health information, for example if you are signing up to an event and have dietary requirements.
  • other information received which is relevant to enable the provision of legal and other Services to our clients. This will vary depending on the type of matter but may include insurer information, witness statements, correspondence, court documents and transactions documents. It may also include special category data;
  • special category data to assist with our diversity and equality management (voluntary and by explicit consent only);
  • visual images and personal appearances; and
  • lifestyle information such as information about your family members.

Without this information, we may not be able to provide you with our Services (or with all of the features and functionality offered by our Services), to respond to queries or requests that you submit to us and to fulfil our duties to protect against the risks of crime, fraud, money laundering and terrorist financing.

4. How and why we use your personal data

How we collect personal data

We collect personal data about you in a number of ways including:  

  • where you register for an account or to receive emails from us;
  • when you require Services from us;
  • when you submit a query or request to us;
  • when you respond to a survey that we run or fill in forms on our website;
  • by tracking your use of our website;
  • from public sources; and
  • from third parties who are entitled to disclose that information to us.

In some cases, we may also be required by law to collect certain types of personal data about you.

Where we collect personal data from you, we will generally do so ourselves.  However, we also collect personal data from third parties, such as through your representatives, our partners, contractors who provide services to us, or third parties who refer you to us because they think you may be interested in our Services.

Why we use your personal data

Whether we receive your personal data directly from you or from a third party, we will only use your personal data if we have a lawful reason for doing so. Such reasons will include:

  • complying with our legal and regulatory obligations;
  • for the performance of our contract with you or to take necessary steps, at your request, before entering into a contract;
  • for our legitimate interests or those of any third parties; and/or
  • when we have your consent to do so.

We may also use your personal data to enable us to:

  • provide Services to you or one of our clients;
  • manage our business relationships with you or your organisation;
  • act in compliance with our legal obligations, including with respect to anti-money laundering, sanctions check, conflict checking, financial/credit checks and any other means required to ensure compliance with law and regulation including compliance with the rules of the LSRA, SRA or any other local bar in another jurisdiction;
  • gather and provide information required by audits, enquiries or investigations by regulatory authorities or for insurance purposes or to consider and defend claims against our business;
  • manage and secure access to our offices, systems and online platforms;
  • monitor our technology tools, including our websites and email communications;
  • comply with court orders;
  • carry out processing that is necessary for the legitimate interest of our business or third parties provided that such interests are not overridden by your interests or fundamental rights and freedoms;
  • keep our databases up to date with relevant and accurate information; or
  • communicate with you about events and seminars or to send briefings or other marketing materials we feel will be of interest to you, your organisation or business.

5. Automated decision making

We may process your personal data without human intervention to evaluate your personal situation such as transactional history and account opening anniversary events. We may do this to decide what marketing communications are suitable for you, to analyse statistics and to assess risks.

This is all done on the basis of our legitimate interests, to protect our business, and to develop and improve our products and Services.

6. Marketing

We may use your personal data to send you marketing communication by email, text, telephone or post on legal developments that may be of interest to you and/or information about our Services. We have a legitimate interest in processing your personal data in this way. This means we do not always need your consent to send you marketing communications. However, where consent is required, we will ask for this separately and clearly. You also have the right to opt-out of marketing communications. An unsubscribe link will be included in all marketing communications. We may, from time to time, ask you to update your marketing preferences to ensure you receive communications that are relevant to you or to take into account changes in law or regulation. 

7. Keeping your personal data secure

We have appropriate security measures in place to seek to prevent personal data from being accidentally lost or used or accessed unlawfully. However, the transmission of data via the internet is not completely secure and although we use a number of technical and organisational measures to seek to protect your data, we cannot guarantee the security of your information transmitted online.

We have procedures in place to deal with any suspected data breach and will notify you, and any applicable regulator(s), of any suspected substantive data breach when it is appropriate or when legally required to do so.

8. Sharing Personal Data

We will not use your data for any other purpose than set out above, or disclose it to any third party, without your consent unless we are required to do so by law or as mentioned in this section.

Other Group members

In the course of providing our Services, or subsequent to the provision of such Services, we may have to share personal data about our clients or other third parties (or about individuals representing a client) with other members of the Group for administrative or regulatory purposes, where this is necessary for the performance of our contract with you (or the company or other person you represent), or for the legitimate interests we have in managing our business and improving our Services, or in order to comply with regulatory requirements. In some cases this will include the establishment, exercise or defence of legal claims.

We may also refer you to another member of the Group with your consent, in which case we will provide the other member of the Group with your contact details and other personal data about you which is relevant to the services they are to provide.

Other professionals and other bodies

In order to provide some of our Services, we may use the input of third parties such as counsel or other external lawyers, accountants and experts, or we may refer you to such third parties, with your consent or where this is necessary for the performance of our contract with you (or the company or other person you represent). This will require the disclosure to such third parties of your contact details, as well as further personal data about you which is relevant to the services they provide. We may also be required to disclose your personal data to regulators, by order of the court, Government departments and local authorities and similar bodies in order to comply with legal obligations or to perform our contract with you (or the company or other person you represent).

External audits

External organisations may conduct audits or quality checks for us, either where this is necessary for compliance with our legal obligations or for the legitimate interests we have in improving our business and Services. These external organisations are required to maintain confidentiality in relation to your files. If you do not want your file to be part of this process, please tell us as soon as possible.

Data processing services

Some of our data processing services are supplied by third party providers, who will need to have access to your data for that purpose. Such third party suppliers will be appointed on the basis that they provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing will meet the requirements of the applicable data protection legislation and ensure the protection of the rights of the data subjects, and will carry out processing only on our written instructions, or where we have a legitimate interest in doing so, as indicated above.

Transferring our rights and duties

We may transfer your personal data to anyone to whom we may transfer our rights and duties under the terms of our retainer with you (for instance, if you wish to change your professional representation, or where we do so for the purposes of Group re-organisation and administration or if our business is merged with or we are acquired by a third party). We will do this in order to perform our contract with you (or the company or other person you represent) or where this is necessary for the legitimate interests we have in improving our business and Services.

Compliance with legal obligations

We may disclose your personal data if we are required to do so in order to comply with any legal or regulatory obligation or request, or where we have a legitimate interest in doing so, such as in order to enforce or apply our contract with you, to investigate potential breaches, or to protect our property and rights or those of others. This may include exchanging information with other companies and agencies for the purposes of credit risk reduction and to comply with legislation concerning money laundering, tax evasion, crime prevention and fraud protection.

Transfers outside the UK or EEA

In order to provide some of our Services, we may share your personal data with one or more third party providers situated in countries outside Gibraltar, the United Kingdom and/or European Economic Area that do not necessarily have the same standards of data protection legislation. We may do so with your consent, or where it is necessary for performance of the contract we have with you or for the establishment, exercise or defence of legal claims. However, we will ensure that contractual or other safeguards are in place to ensure that your personal data is adequately protected, and that enforceable rights and effective legal remedies are available for data subjects, and will inform you of the nature of these safeguards at the relevant time.

Professional or business contacts

If you are not a client (or a representative of a client) but have provided us with your professional or business contact details or other relevant personal data for business reasons, we may share your personal data with other Group members and with our other professional or business contacts or those of our other Group members, on the basis that it is necessary for our legitimate interests in promoting and marketing the Group and our Services, unless you indicate otherwise.

9. Data retention

Your personal data will only be kept as long as required to meet our legal obligations and no longer than is necessary (note that in some cases it may be necessary for us to retain records indefinitely.).

If you contact us with an enquiry about our Services but you do not subsequently become a client (or the company or other person you represent does not do so), it is our policy to delete your personal data after six years subject to any legal or regulatory obligations that may apply.

If you are or become a client (or the company or other person you represent is or becomes a client), we normally retain contract information (including personal data) for a minimum period after the end of the relevant contract or client relationship, or for longer where it is necessary for us to do so for compliance with regulatory or other legal obligations, or for the establishment, exercise or defence of legal claims, or where we agree with you to do so.

10. Our full data retention policy is available on request

Personal data relating to our professional contacts will be retained for so long as is necessary, or until you indicate otherwise to us, but we will aim to update our contacts’ preferences on a periodic basis.

In certain cases, it may not be physically possible to delete certain data (for instance, where it is stored on a secure external server), in which case we will take appropriate steps to ensure that it is not available for re-use or disclosure to third parties.

11. Your rights as a data subject

As a data subject, you have certain legal rights (subject to certain exceptions under the data protection legislation) including:

Access right: this enables you to receive a copy of the personal data we hold about you. 

Erasure right (‘right to be forgotten’): this enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Please note that if you request the erasure of your personal information:

  • We may retain some of your personal information as necessary for our legitimate business interests, such as fraud detection and prevention and enhancing safety.
  • We may retain and use your personal information to the extent necessary to comply with our legal and regulatory obligations.
  • We may limit our erasure measures to a reasonable level when a request is manifestly unfounded or excessive.

Data processing restriction right: this enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. Please note that any requests in relation to the restriction of the processing of your data means that we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel your use of our services but we will notify you if this is the case at the time.

Rectification right: this enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Data portability right:  on your request, we can provide your personal data in a structured, commonly used, machine-readable format, which you can then transfer to an applicable third party. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. 

Withdrawal of consent: at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain Services to you. We will advise you if this is the case at the time you withdraw your consent.

Please contact us if you wish to exercise any of the rights set out above. You also have the right to make a complaint to a supervisory authority (see below).

12. No fee is usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

13. What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

14. Third-party sites

Some pages made available through the Services include links to third-party websites: clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control such websites and are not responsible for their privacy statements. We encourage you to read the privacy policy of every website you visit.

15. Changes to this notice

Any changes we make to our notice in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy statement.  

16. Contact us

If you have any questions or comments about this notice, or you wish to exercise your rights under data protection legislation then please contact our Data Protection Compliance Officer, by post using the following details:

Data Protection Officer, Ramparts, 6.20 World Trade Center, 6 Bayside Road, Gibraltar, GX11 1AA

17. Lodging a complaint with a supervisory authority

You may have the right to lodge a complaint to a supervisory authority about the processing of your data by Ramparts or a member of its Group. Contact details for Gibraltar’s supervisory authority can be found below:

Data Protection Commissioner

The Gibraltar Regulatory Authority

2nd Floor, Eurotowers 4

1 Europort Road

Gibraltar

T: (+350) 2007-4636

W: www.gra.gi