The Royal Gibraltar Post Office is committed to protecting and respecting your right to privacy. This privacy notice aims to provide you with information on what data we collect about you, what we do with that information and why we do it, who we share it with, and how we protect your privacy.
This notice covers all personal data collected by the Royal Gibraltar Post Office and where we tell other organisations to collect information for us. This is the same whether the data are collected by letter, email, face to face, telephone or online.
The Royal Gibraltar Post Office holds and processes personal data in accordance with the European Union’s General Data Protection Regulation (“GDPR”) and the Data Protection Act 2004.
It is important that you read this privacy notice together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.
We may change this privacy notice from time to time, so please check this page occasionally to ensure that you are happy with any changes.
Personal data are information that identifies a living person. That can be obvious information like a name or an address, but it may also be something like an IP address.
This includes information you tell us about yourself, information we are provided by other people or organisations, or what we learn when you use services we provide.
Some information are considered more sensitive or special:The Royal Gibraltar Post Office is the data controller and is responsible for your personal data (collectively referred to as the Royal Gibraltar Post Office, “we”, “us” or “our” in this privacy notice).
If you have any questions about this privacy notice or any of our privacy practices, please contact us on the below details:
Royal Gibraltar Post Office
104 Main Street
Gibraltar
GX11 1AA
+350 200 75714
info@post.gi
Alternatively, you can contact our Data Protection Officer on:
Email address: dpo@gibraltar.gov.gi
Postal address: Government Law Offices, No.40 Town Range, Gibraltar, GX11 1AA
Personal data means any information about you from which you can be identified. It does not include data where the identity has been removed (anonymisation).
We may collect, use, store and transfer different kinds of personal data about you as follows:| Purpose | Lawful bases for processing |
|---|---|
| Providing services to you where there is a contract or agreement in place with you. | Contract – we need to process your data to provide these services to you in accordance with that contract or agreement. |
| Providing postal services to you when you have paid us to do so but we don’t have a contract or agreement in place with you, such as in some circumstances when you send a letter or parcel using our services. | Legitimate Interests – we need to process your data to provide these postal services for which you have paid. |
| Providing postal services to a third party, such as when someone sends you a letter or parcel and we use your data to deliver it or provide delivery updates. | Legitimate Interests – we need to process your data to provide these postal services, including delivering the letter or parcel to you and providing additional services, such as delivery updates. |
| Providing postal services via a third party, where you have agreed to accept delivery of an item on behalf of another person (such as a neighbour) and you have provided your details to enable us to record the delivery, including where we inform the sender and the intended recipient of Royal Gibraltar Post services that you have taken delivery of the item. | Legitimate Interests and consent – we need to process your data to provide the sender and recipient with your details in order to complete the delivery and to allow the delivery to be properly tracked within the postal service. In some circumstances, we will obtain your consent to do this, otherwise we have a legitimate interest to do so. |
| As part of Royal Gibraltar Post track and trace services, where we provide a service which informs both the sender and recipient of Royal Gibraltar Post services about the delivery status and timing of that service. | Legitimate Interests – we need to monitor the delivery status of Royal Gibraltar Post Services to improve our service and provide better information to our customers. |
| Customer services – dealing with enquiries, complaints or claims relating to our services. | Legitimate Interests – we may need to process your data so we can handle and resolve any enquiry, complaint or claim raised by you or another person. |
| Providing data services to other organisations, namely our business customers, to help them run their businesses better, and to the Gibraltar Government. For example, we provide services for the purposes of maintaining and updating accurate address data, for identity verification or fraud prevention purposes, and for helping businesses to target their marketing. | Legitimate Interests – our business customers and the Gibraltar Government have a legitimate interest to process data in these ways, and we have a legitimate interest to process personal data to support them to do so. In each case, we need to process your personal data to pursue those interests. |
| Market research and analysis, and the development of new services. For example, we may develop new postal services or new data services for business customers (for the purposes of maintaining accurate address data, for identity verification or fraud prevention purposes, and for helping businesses to target their marketing). | Legitimate Interests – we sometimes need to process personal data to develop new services we can offer you and others. |
| Security, preventing fraud and money laundering, and taking action against fraudsters or people who commit an offence. | Legitimate Interests – we sometimes need to process personal data to protect rights, property and personal safety |
| Customs and tax clearance, and security screening when sending or receiving post to or from overseas. | Legal Obligation – we need to process personal data to comply with revenue and customs regulations. |
| Prevention and detection of crime – including the use of CCTV to protect our customers, employees and property. | Legitimate Interests – we sometimes need to process personal data to protect the rights, property and the personal safety of our staff and customers. |
| Complying with the law, including regulatory requirements. | Legal Obligation – to comply with our legal obligations, including regulatory conditions relevant to postal operators, and health and safety legislation, we sometimes have to process personal data. |
The security and confidentiality of your data is very important to us.
We will:We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
All of our staff are trained in the importance of protecting personal and other sensitive information. All civil servants are required to work in line with the core values set out in the General Orders, including; integrity and honesty.
Where letters or parcels are sent overseas, personal data may need to be shared between postal authorities in different countries. Personal data that we collect from you may be transferred to, or stored or processed at a destination within or outside the EEA by ourselves or one of our suppliers in accordance with applicable laws on data protection. Such processing may include, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services.
Should we ever transfer your personal data out of the EEA, we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe, there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
By law, we have to keep basic information about our service users (including contact, identity, financial and transaction data) for 40 years after life cycle as per Accounting Instructions.
In some circumstances, you can ask us to delete your data: see [Your Rights] below for further information.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you).
If you wish to exercise any of these rights, or object to our processing your personal data, please email us on info@post.gi or write to us at;
If you wish to exercise any of these rights, or object to our processing your personal data, please email us on info@post.gi or write to us at;
Royal Gibraltar Post Office
104 Main Street
Gibraltar
GX11 1AA
If you remain dissatisfied, you can make a complaint about the way we process your personal information to the Gibraltar Regulatory Authority details found on their website at www.gra.gi or by emailing them on info@gra.gi