Last updated: 30 October 2018
Goldbaum & Partners Limited (referred to as “we”, “us” or “our”) understands your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of our customers and users and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under law.
Our Websites are not intended for use by children under the age of eighteen (18) years old and we do not knowingly collect or use personal information from anyone under the age of eighteen (18) years old.
This Policy is divided into the following sections:
• About us and our Websites
• Our collection and use of your personal information
• Transfer of your information out of the EEA
• Cookies and similar technologies
• Your rights
• Keeping your personal information secure
• How to complain
• Changes to this Policy
• How to contact us
About us and our Websites
Goldbaum & Partners Limited is a private limited company incorporated in Gibraltar on 11 July 2018 with company number 117627, whose registered address is 21 Engineer Lane, Gibraltar.
This Policy applies to all of the personal data we collect about you, including information collated on our Websites and any other websites (including mobile access) where this Policy is linked to.
Throughout our Websites we may link to other websites owned and operated by certain trusted third parties to make additional products and services available to you. These other third-party websites may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to these other third-party websites, please consult their privacy policies as appropriate.
Our collection of your personal data
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (referred to as “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data and other online identifiers.
We collect personal information about you when you access our Websites, register with us, contact
us, send us feedback, purchase products or services via our Website or email. We collect this personal information from you either directly, such as when you register with us, contact us via our Websites or indirectly, such as your browsing activity while on our Websites (see ‘Cookies’ below) or information you provide to our third-party partners, agents, representatives or nominees.
The personal information we collect about you depends on the particular activities carried out through our Websites or email. Such information includes:
• personal information – your name, address, date of birth, business or company name, job title and contact details
• technical information – your login information, user ID, login password, internet protocol (IP) address, browser type and version, operating system and domain name
• transactional information – we collect any information about the services we provide to you or transactions you may complete on our Websites, products you may have viewed or searched and access times
• other information – details of any feedback you give us by phone, email, post or via social media.
Our basis for using and processing your personal information
Under GDPR, we must always have a lawful basis for using personal data. We use this personal information to:
• create and manage your communications with us
• verify your identity
• customise our Websites and their content to your particular preferences
• notify you of any changes to our Websites or to our services that may affect you
• promote and supply you with information, services or support you request
• improve our services
• keep our data safe and secure including troubleshooting, data analysis and testing
• detect and prevent activity that may be potentially illegal, unlawful or harmful.
There are various different legal bases upon which we may rely, and these will depend on the personal information in question and the specific context in which we collect it. The legal bases we may rely on include:
• consent – where you have given us clear consent for us to process your personal information for a specific purpose
• contract – where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
• legal obligation – where our use of your personal information is necessary for us to comply
with the law (not including contractual obligations)
• legitimate interests – where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information which overrides our legitimate interests).
Who we share your personal information with
We routinely share personal information such as your name and email address with our group companies. This data sharing enables us to get back to you with the expertise you require and to assist in the prevention of data security.
We may share your personal information with third parties that help us deliver our products and services. These may include hosting on our web servers, analysing data, providing marketing assistance, providing customer service, payment processing and delivery.
If any personal information is required by a third party as described above, we will take steps to ensure that your personal data is handled safely, securely and in accordance with your rights, our obligations and the third party obligations.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order or the instructions of a government authority.
Transfer of your information out of the EEA
We may transfer your personal information obtained from our Websites outside the European Economic Area (EEA) for security purposes.
These transfers are subject to special rules under European and Gibraltar data protection law.
The following countries to which we may transfer personal data have been assessed by the European Commission as providing an adequate level of protection for personal data: Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the US (limited to the Privacy Shield framework).
Except for the countries listed above, non-EEA countries do not have the same data protection laws as Gibraltar and EEA. We will, however, ensure the transfer complies with data protection law and all personal data will be secure. Our standard practice is to use standard data protection contract clauses which have been approved by the European Commission. To obtain a copy of those clauses please click or visit the following site https://ec.europa.eu/info/law/law-topic/data-protection/data- transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.
Cookies and similar technologies
You can set your browser not to accept cookies and the websites below tell you how to remove cookies from your browser. However, some of our Websites features may not function as a result.
• recognise you whenever you visit our Websites (this speeds up your access to the Websites);
• obtain information about your preferences and use of our Websites;
• carry out research and statistical analysis to help improve our content, products and services and to help us better understand our users’ requirements; and
• make your online experience more efficient and enjoyable.
Types of cookies
The cookies that we may place on your device fall into the following categories:
• Session cookies – these allow our Websites to link your actions during a particular browser session. These expire each time you close your browser and do not remain on your device afterwards.
• Persistent cookies – these are stored on your device in between browser sessions. These allow your preferences or actions across our Websites to be remembered. These will remain on your device until they expire, or you delete them from your cache.
• Strictly necessary cookies – these cookies are essential for you to be able to navigate our Websites and use its features. Without these cookies, the services you have asked for could not be provided.
• Analytical cookies – these cookies collect information about how you use our Websites, eg which pages you go to most often. These cookies do not collect personally identifiable information about you. All information collected by these cookies is aggregated and anonymous, and is only used to improve how our Websites works.
• Functionality cookies – these cookies allow our Website to remember the choices you make (such as your user name, language, last action and search preferences) and provide enhanced, more personal features. The information collected by these cookies is anonymous and cannot track your browsing activity on other websites.
• Targeting cookies – these cookies let us know when and how often you visit our Websites and which parts of them you have used and this information helps us better to understand you and, in turn, make our Websites and advertising more relevant to your interests.
For further information on cookies generally visit:
• www.aboutcookies.org or
How to control and turn off cookies
If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of our Websites. For further information about cookies and how to disable them please go to:
You can choose to enable or disable cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third party cookies. By default, most internet browsers accept cookies but this can be changed. The links below provide instructions on how to control cookies in all mainstream browsers:
The links below provide instructions on how to control Cookies in all mainstream browsers:
• Google Chrome https://support.google.com/chrome/answer/95647?hl=en-GB
• Microsoft Internet Explorer https://support.microsoft.com/en-us/kb/278835
• Microsoft Edge https://support.microsoft.com/en-gb/products/microsoft-edge
• Safari (macOS) https://support.apple.com/kb/PH21411?viewlocale=en_GB&locale=en_GB
• Safari (iOS) https://support.apple.com/en-gb/HT201265
• Mozilla Firefox https://support.mozilla.org/en-US/kb/enable-and-disable-Cookies-website-
• Android https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DAndroid&hl=en
With your permission and/or where permitted by law, we may also use your personal data for marketing purposes which may include contacting you by email, telephone, text message or post with information, news and offers on our services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directives) Regulations 2003. You will always have the opportunity to opt-out and you can unsubscribe at any time by contacting us at firstname.lastname@example.org.
Under the GDPR you have the following rights which we will work to uphold:
• The right to be informed about our collection and use of your personal data
• The right to access the personal data we hold about you (please see the paragraph below
to learn how to exercise this right)
• The right to have your personal data rectified if any of your personal data held by us is
inaccurate or incomplete
• The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of
your personal data that we have
• The right to restrict (i.e. prevent) the processing of your personal data.
• The right to object to us using your personal data for a particular purpose or purposes.
• The right to data portability. This means that, if you have provided personal data to us
directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases
• Rights relating to automated decision-making and profiling.
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the guidance from the Gibraltar Regulatory Authority at:
How to access your personal data
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as ‘subject access request’. If you would like to exercise this subject access request, please:
• Post or email marked for the Data Protection Officer at email@example.com
• let us have enough information to identify you e.g. name and email address
• let us know the information to which your request relates.
There is not normally any charge for such a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request not more than one month of receiving it. Normally, we aim to provide a complete response including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be fully informed of our progress.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We will not keep your personal data for any longer than is necessary in the light of the reasons for which is was first collected. You can find the reasons for the collection of your personal data in the section named ‘Our basis for using and processing your personal information’ of this Policy.
How to complain
We hope that our Data Protection Officer can resolve any query or concern you raise about our use of your information.
The GDPR also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in Gibraltar is the Gibraltar Regulatory Authority who may be contacted at firstname.lastname@example.org or telephone: (+350) 20074636.
We may change the Policy from time to time, when we do we will inform you when you visit our Websites.
How to contact us
Please contact our Data Protection Officer by post, email or telephone if you have any questions about this Policy or the information we hold about you. Our contact details are:
Our Data Protection Officer’s contact details:
Name: Giuliano Benoni