Last updated: 30 October 2018




Goldbaum & Partners Limited (referred to as “we”, “us” or “our”) understands your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of our customers and users and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under law.


Our websites, and all sub-websites (the “Websites”), use cookies and similar technologies in order to distinguish you from other users. By using cookies, we are able to provide you with a better experience and to improve our Websites by better understanding how you use it.


We ask that you read this Data Privacy and Cookie Policy (referred to as “Policy”) carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.


Our Websites are not intended for use by children under the age of eighteen (18) years old and we do not knowingly collect or use personal information from anyone under the age of eighteen (18) years old.


This Policy is divided into the following sections:

• About us and our Websites
• Our collection and use of your personal information
• Transfer of your information out of the EEA
• Cookies and similar technologies
• Marketing
• Your rights
• Keeping your personal information secure
• How to complain
• Changes to this Policy
• How to contact us


Your acceptance of this Policy including our cookie policy is deemed to occur if you continue using our Websites. If you do not agree to this Policy, please stop using our Websites immediately.


About us and our Websites


Goldbaum & Partners Limited is a private limited company incorporated in Gibraltar on 11 July 2018 with company number 117627, whose registered address is 21 Engineer Lane, Gibraltar.


This Policy applies to all of the personal data we collect about you, including information collated on our Websites and any other websites (including mobile access) where this Policy is linked to.


Throughout our Websites we may link to other websites owned and operated by certain trusted third parties to make additional products and services available to you. These other third-party websites may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to these other third-party websites, please consult their privacy policies as appropriate.


Our collection of your personal data


Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (referred to as “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data and other online identifiers.
We collect personal information about you when you access our Websites, register with us, contact
us, send us feedback, purchase products or services via our Website or email. We collect this personal information from you either directly, such as when you register with us, contact us via our Websites or indirectly, such as your browsing activity while on our Websites (see ‘Cookies’ below) or information you provide to our third-party partners, agents, representatives or nominees.
The personal information we collect about you depends on the particular activities carried out through our Websites or email. Such information includes:

• personal information – your name, address, date of birth, business or company name, job title and contact details
• technical information – your login information, user ID, login password, internet protocol (IP) address, browser type and version, operating system and domain name
• transactional information – we collect any information about the services we provide to you or transactions you may complete on our Websites, products you may have viewed or searched and access times
• other information – details of any feedback you give us by phone, email, post or via social media.


Our basis for using and processing your personal information


Under GDPR, we must always have a lawful basis for using personal data. We use this personal information to:

• create and manage your communications with us
• verify your identity
• customise our Websites and their content to your particular preferences
• notify you of any changes to our Websites or to our services that may affect you
• promote and supply you with information, services or support you request
• improve our services
• keep our data safe and secure including troubleshooting, data analysis and testing
• detect and prevent activity that may be potentially illegal, unlawful or harmful.


There are various different legal bases upon which we may rely, and these will depend on the personal information in question and the specific context in which we collect it. The legal bases we may rely on include:

consent – where you have given us clear consent for us to process your personal information for a specific purpose
contract – where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
legal obligation – where our use of your personal information is necessary for us to comply
with the law (not including contractual obligations)
legitimate interests – where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information which overrides our legitimate interests).


Who we share your personal information with


We routinely share personal information such as your name and email address with our group companies. This data sharing enables us to get back to you with the expertise you require and to assist in the prevention of data security.


We may share your personal information with third parties that help us deliver our products and services. These may include hosting on our web servers, analysing data, providing marketing assistance, providing customer service, payment processing and delivery.


If any personal information is required by a third party as described above, we will take steps to ensure that your personal data is handled safely, securely and in accordance with your rights, our obligations and the third party obligations.


In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order or the instructions of a government authority.


Transfer of your information out of the EEA


We may transfer your personal information obtained from our Websites outside the European Economic Area (EEA) for security purposes.


These transfers are subject to special rules under European and Gibraltar data protection law.
The following countries to which we may transfer personal data have been assessed by the European Commission as providing an adequate level of protection for personal data: Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the US (limited to the Privacy Shield framework).


Except for the countries listed above, non-EEA countries do not have the same data protection laws as Gibraltar and EEA. We will, however, ensure the transfer complies with data protection law and all personal data will be secure. Our standard practice is to use standard data protection contract clauses which have been approved by the European Commission. To obtain a copy of those clauses please click or visit the following site transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.


Cookies and similar technologies


A cookie is a small text file which is placed onto your device (eg computer, smartphone or other electronic device) when you use our Websites. We use cookies on our Websites. These help us recognise you and your device and store some information about your preferences or past actions. For example, we may monitor how many times you visit our Websites, which pages you go to, and the originating domain name of a user’s internet service provider. This information helps us to build a profile of our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually.


You can set your browser not to accept cookies and the websites below tell you how to remove cookies from your browser. However, some of our Websites features may not function as a result.
For further information on our use of cookies, including a detailed list of your information which we and others may collect through cookies, please see below.


This cookie policy only relates to your use of our Websites. Throughout our Websites we may link to other websites owned and operated by certain trusted third parties for example to view embedded content such as Google Maps, a playable video hosted on YouTube or Vimeo, or social media sharing buttons. These other third party websites may also use cookies or similar technologies in accordance with their own separate cookie polices. For privacy information relating to these other third party websites, please consult their cookie policies as appropriate.


Our use of cookies


We use cookies on our Websites to:

• recognise you whenever you visit our Websites (this speeds up your access to the Websites);

• obtain information about your preferences and use of our Websites;

• carry out research and statistical analysis to help improve our content, products and services and to help us better understand our users’ requirements; and

• make your online experience more efficient and enjoyable.


Types of cookies


The cookies that we may place on your device fall into the following categories:

• Session cookies – these allow our Websites to link your actions during a particular browser session. These expire each time you close your browser and do not remain on your device afterwards.

• Persistent cookies – these are stored on your device in between browser sessions. These allow your preferences or actions across our Websites to be remembered. These will remain on your device until they expire, or you delete them from your cache.

• Strictly necessary cookies – these cookies are essential for you to be able to navigate our Websites and use its features. Without these cookies, the services you have asked for could not be provided.

• Analytical cookies – these cookies collect information about how you use our Websites, eg which pages you go to most often. These cookies do not collect personally identifiable information about you. All information collected by these cookies is aggregated and anonymous, and is only used to improve how our Websites works.

• Functionality cookies – these cookies allow our Website to remember the choices you make (such as your user name, language, last action and search preferences) and provide enhanced, more personal features. The information collected by these cookies is anonymous and cannot track your browsing activity on other websites.

• Targeting cookies – these cookies let us know when and how often you visit our Websites and which parts of them you have used and this information helps us better to understand you and, in turn, make our Websites and advertising more relevant to your interests.


For further information on cookies generally visit: or


Consent to use cookies


We will ask for your permission (consent) to place cookies or other similar technologies on your device, except where these are essential for us to provide you with a service. If you accept our request for permission or use of our Websites after this notification has been displayed to you, we will assume that you consent to our use of cookies for the purposes described in this Policy.


How to control and turn off cookies


If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of our Websites. For further information about cookies and how to disable them please go to:


You can choose to enable or disable cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third party cookies. By default, most internet browsers accept cookies but this can be changed. The links below provide instructions on how to control cookies in all mainstream browsers:


The links below provide instructions on how to control Cookies in all mainstream browsers:

• Google Chrome

• Microsoft Internet Explorer

• Microsoft Edge

• Safari (macOS)

• Safari (iOS)

• Mozilla Firefox

• Android




With your permission and/or where permitted by law, we may also use your personal data for marketing purposes which may include contacting you by email, telephone, text message or post with information, news and offers on our services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directives) Regulations 2003. You will always have the opportunity to opt-out and you can unsubscribe at any time by contacting us at


Your rights


Under the GDPR you have the following rights which we will work to uphold:

• The right to be informed about our collection and use of your personal data

• The right to access the personal data we hold about you (please see the paragraph below
to learn how to exercise this right)

• The right to have your personal data rectified if any of your personal data held by us is
inaccurate or incomplete

• The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of
your personal data that we have

• The right to restrict (i.e. prevent) the processing of your personal data.

• The right to object to us using your personal data for a particular purpose or purposes.

• The right to data portability. This means that, if you have provided personal data to us
directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases

• Rights relating to automated decision-making and profiling.


For further information on each of those rights, including the circumstances in which they apply, please contact us or see the guidance from the Gibraltar Regulatory Authority at:


How to access your personal data


If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as ‘subject access request’. If you would like to exercise this subject access request, please:

• Post or email marked for the Data Protection Officer at

• let us have enough information to identify you e.g. name and email address

• let us know the information to which your request relates.


There is not normally any charge for such a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example you make repetitive requests) a fee may be charged to cover our administrative costs in responding.


We will respond to your subject access request not more than one month of receiving it. Normally, we aim to provide a complete response including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be fully informed of our progress.


Keeping your personal information secure


We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.


We will not keep your personal data for any longer than is necessary in the light of the reasons for which is was first collected. You can find the reasons for the collection of your personal data in the section named ‘Our basis for using and processing your personal information’ of this Policy.


How to complain


We hope that our Data Protection Officer can resolve any query or concern you raise about our use of your information.


The GDPR also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in Gibraltar is the Gibraltar Regulatory Authority who may be contacted at or telephone: (+350) 20074636.


Changes to this privacy policy


We may change the Policy from time to time, when we do we will inform you when you visit our Websites.


How to contact us


Please contact our Data Protection Officer by post, email or telephone if you have any questions about this Policy or the information we hold about you. Our contact details are:


Our Data Protection Officer’s contact details:
Name: Giuliano Benoni