Please read this notice carefully to understand our policies and practices regarding your personal data and how we will treat it. We are committed to protecting the privacy of your personal data in accordance with applicable data protection legislation. It also governs your use of our legal and fiduciary services, content, features, or functions offered by us and all related sites, and applications (collectively, the Services).
Ramparts consists of Ramparts Corporate Advisors Limited and Rampart Corporate Services Limited respectively an authorised law firm and authorised fiduciary services provider in Gibraltar.
References in this notice to ‘we’, ‘our’ or ‘us’ means Ramparts, their subsidiaries, affiliates, and the other partnerships and other entities or practices authorised to use the name ‘Ramparts’ or describe themselves as being in association with Ramparts as the context may require. Each such entity is a ‘Group’ member, and are collectively the Ramparts ‘Group’.
Ramparts controls the collection and processing of any personal data that you provide in relation to this website, www.ramparts.gi, and our Services. Where Services are provided to you by any other Ramparts Group member or affiliate, the entity providing the service will be the controller of your personal data. This notice applies to all such entities and/or affiliates.
The entity responsible for providing Services to you will be stated in our Engagement Letter and it is this entity that will be determining the purposes and means of the data processing taking place and shall be the independent ‘controller’ of your data. This notice applies whether you are, or you are acting on behalf of, a client or potential client of a Group member, or you are a professional, business contact, third party contact or job applicant of the Group.
It is essential that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us and your use of our Services.
The kinds of personal data that we may collect from you and hold may include:
Without this information, we may not be able to provide you with our Services (or with all of the features and functionality offered by our Services), to respond to queries or requests that you submit to us and to fulfil our duties to protect against the risks of crime, fraud, money laundering and terrorist financing.
How we collect personal data
We collect personal data about you in a number of ways including:
In some cases, we may also be required by law to collect certain types of personal data about you.
Where we collect personal data from you, we will generally do so ourselves. However, we also collect personal data from third parties, such as through your representatives, our partners, contractors who provide services to us, or third parties who refer you to us because they think you may be interested in our Services.
Why we use your personal data
Whether we receive your personal data directly from you or from a third party, we will only use your personal data if we have a lawful reason for doing so. Such reasons will include:
We may also use your personal data to enable us to:
We may process your personal data without human intervention to evaluate your personal situation such as transactional history and account opening anniversary events. We may do this to decide what marketing communications are suitable for you, to analyse statistics and to assess risks.
This is all done on the basis of our legitimate interests, to protect our business, and to develop and improve our products and Services.
We may use your personal data to send you marketing communication by email, text, telephone or post on legal developments that may be of interest to you and/or information about our Services. We have a legitimate interest in processing your personal data in this way. This means we do not always need your consent to send you marketing communications. However, where consent is required, we will ask for this separately and clearly. You also have the right to opt-out of marketing communications. An unsubscribe link will be included in all marketing communications. We may, from time to time, ask you to update your marketing preferences to ensure you receive communications that are relevant to you or to take into account changes in law or regulation.
We have appropriate security measures in place to seek to prevent personal data from being accidentally lost or used or accessed unlawfully. However, the transmission of data via the internet is not completely secure and although we use a number of technical and organisational measures to seek to protect your data, we cannot guarantee the security of your information transmitted online.
We have procedures in place to deal with any suspected data breach and will notify you, and any applicable regulator(s), of any suspected substantive data breach when it is appropriate or when legally required to do so.
We will not use your data for any other purpose than set out above, or disclose it to any third party, without your consent unless we are required to do so by law or as mentioned in this section.
Other Group members
In the course of providing our Services, or subsequent to the provision of such Services, we may have to share personal data about our clients or other third parties (or about individuals representing a client) with other members of the Group for administrative or regulatory purposes, where this is necessary for the performance of our contract with you (or the company or other person you represent), or for the legitimate interests we have in managing our business and improving our Services, or in order to comply with regulatory requirements. In some cases this will include the establishment, exercise or defence of legal claims.
We may also refer you to another member of the Group with your consent, in which case we will provide the other member of the Group with your contact details and other personal data about you which is relevant to the services they are to provide.
Other professionals and other bodies
In order to provide some of our Services, we may use the input of third parties such as counsel or other external lawyers, accountants and experts, or we may refer you to such third parties, with your consent or where this is necessary for the performance of our contract with you (or the company or other person you represent). This will require the disclosure to such third parties of your contact details, as well as further personal data about you which is relevant to the services they provide. We may also be required to disclose your personal data to regulators, by order of the court, Government departments and local authorities and similar bodies in order to comply with legal obligations or to perform our contract with you (or the company or other person you represent).
External organisations may conduct audits or quality checks for us, either where this is necessary for compliance with our legal obligations or for the legitimate interests we have in improving our business and Services. These external organisations are required to maintain confidentiality in relation to your files. If you do not want your file to be part of this process, please tell us as soon as possible.
Data processing services
Some of our data processing services are supplied by third party providers, who will need to have access to your data for that purpose. Such third party suppliers will be appointed on the basis that they provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing will meet the requirements of the applicable data protection legislation and ensure the protection of the rights of the data subjects, and will carry out processing only on our written instructions, or where we have a legitimate interest in doing so, as indicated above.
Transferring our rights and duties
We may transfer your personal data to anyone to whom we may transfer our rights and duties under the terms of our retainer with you (for instance, if you wish to change your professional representation, or where we do so for the purposes of Group re-organisation and administration or if our business is merged with or we are acquired by a third party). We will do this in order to perform our contract with you (or the company or other person you represent) or where this is necessary for the legitimate interests we have in improving our business and Services.
Compliance with legal obligations
We may disclose your personal data if we are required to do so in order to comply with any legal or regulatory obligation or request, or where we have a legitimate interest in doing so, such as in order to enforce or apply our contract with you, to investigate potential breaches, or to protect our property and rights or those of others. This may include exchanging information with other companies and agencies for the purposes of credit risk reduction and to comply with legislation concerning money laundering, tax evasion, crime prevention and fraud protection.
Transfers outside the UK or EEA
In order to provide some of our Services, we may share your personal data with one or more third party providers situated in countries outside Gibraltar, the United Kingdom and/or European Economic Area that do not necessarily have the same standards of data protection legislation. We may do so with your consent, or where it is necessary for performance of the contract we have with you or for the establishment, exercise or defence of legal claims. However, we will ensure that contractual or other safeguards are in place to ensure that your personal data is adequately protected, and that enforceable rights and effective legal remedies are available for data subjects, and will inform you of the nature of these safeguards at the relevant time.
Professional or business contacts
If you are not a client (or a representative of a client) but have provided us with your professional or business contact details or other relevant personal data for business reasons, we may share your personal data with other Group members and with our other professional or business contacts or those of our other Group members, on the basis that it is necessary for our legitimate interests in promoting and marketing the Group and our Services, unless you indicate otherwise.
Your personal data will only be kept as long as required to meet our legal obligations and no longer than is necessary (note that in some cases it may be necessary for us to retain records indefinitely.).
If you contact us with an enquiry about our Services but you do not subsequently become a client (or the company or other person you represent does not do so), it is our policy to delete your personal data after six years subject to any legal or regulatory obligations that may apply.
If you are or become a client (or the company or other person you represent is or becomes a client), we normally retain contract information (including personal data) for a minimum period after the end of the relevant contract or client relationship, or for longer where it is necessary for us to do so for compliance with regulatory or other legal obligations, or for the establishment, exercise or defence of legal claims, or where we agree with you to do so.
Personal data relating to our professional contacts will be retained for so long as is necessary, or until you indicate otherwise to us, but we will aim to update our contacts’ preferences on a periodic basis.
In certain cases, it may not be physically possible to delete certain data (for instance, where it is stored on a secure external server), in which case we will take appropriate steps to ensure that it is not available for re-use or disclosure to third parties.
As a data subject, you have certain legal rights (subject to certain exceptions under the data protection legislation) including:
Access right: this enables you to receive a copy of the personal data we hold about you.
Erasure right (‘right to be forgotten’): this enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Please note that if you request the erasure of your personal information:
Data processing restriction right: this enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. Please note that any requests in relation to the restriction of the processing of your data means that we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel your use of our services but we will notify you if this is the case at the time.
Rectification right: this enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Data portability right: on your request, we can provide your personal data in a structured, commonly used, machine-readable format, which you can then transfer to an applicable third party. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdrawal of consent: at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain Services to you. We will advise you if this is the case at the time you withdraw your consent.
Please contact us if you wish to exercise any of the rights set out above. You also have the right to make a complaint to a supervisory authority (see below).
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Any changes we make to our notice in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy statement.
If you have any questions or comments about this notice, or you wish to exercise your rights under data protection legislation then please contact our Data Protection Compliance Officer, by post using the following details:
Data Protection Officer, Ramparts, 6.20 World Trade Center, 6 Bayside Road, Gibraltar, GX11 1AA
You may have the right to lodge a complaint to a supervisory authority about the processing of your data by Ramparts or a member of its Group. Contact details for Gibraltar’s supervisory authority can be found below:
Data Protection Commissioner
The Gibraltar Regulatory Authority
2nd Floor, Eurotowers 4
1 Europort Road
T: (+350) 2007-4636