Website Privacy Policy

[Updated on: 19 July 2021]

1. Introduction

This website is owned and operated by Consultant Logistics Limited (trading as “RCA Properties”), a private limited company registered in Gibraltar under registration number 96872, and with registered office situate at Suite 5, 38 Irish Town, Gibraltar, GX11 1AA.

Our principal place of business is at Unit 3, The Tower, Queensway Quay Marina, Gibraltar, GX11 1AA.

We are committed to safeguarding the privacy of our website visitors. This policy aims to inform you about any information that we may process and collect about you via this website. For further information about our privacy policies in general, we refer you to our General Privacy Policy.

We act as a “data controller” of any of the personal data of our website visitors; in other words, where we determine the purposes and means of the processing of that personal data.

By using our website, you consent to the data collection and use practices prescribed in this policy.

Links provided from our site to third party sites are not covered by this policy.

Interpretation

In this policy: “we”, “us” and “our” refer to “RCA Properties”. Correspondingly, “you” and “your” refers to the website user.

Our contact details

You can contact us:

(a) by post, to the addresses given above;

(b) using our website contact form;

(c) by telephone, on the contact number published on our website; or

(d) by email, using the email address(es) published on our website.

2. Data Protection Administrator

Should you have any comments or questions about how we collect and use your personal information on this website, you should address them to our Data Protection Administrator who can be reached at the contact details provided by this website or directly to: admin@rcagibraltar.com

3.The personal data that we collect

“Personal Data” means information that relates to an identified or identifiable individual. Identifiers could come from, for example, from an IP (Internet Protocol) address.

In this section we have set out the general categories of personal data that, via this website, we collect and process.

When you visit our website, our servers may automatically log the standard data provided by your web browser (“log data”). This data is considered “non-identifying information”, as it does not personally identify you on its own. It may include your computer’s IP address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details.

We may also collect data about the device you are using to access our website (“other technical data”). This data may include the device type, operating system, unique device identifiers, device settings, and geo-location data. What we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.

We may process data enabling us to get in touch with you (“contact data“). The contact data may include your name, email address, telephone number and postal address. The source of the contact data is you. When you subscribe to our “newsletters” via our website, we also obtain your contact data.

We may process information contained in or relating to any communication that you send to us or that we send to you (“communication data“). The communication data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website “contact forms”.

We may process information contained in any enquiry you submit to us regarding our services (“enquiry data“). The enquiry data may be processed for the purposes of offering, marketing and selling relevant services to you. The legal basis for this processing is to take necessary steps at your request prior to entering into a berthing contract.

We may also process information sent via our email contact address on this site relating to staff recruitment (“recruitment data”) such as: contact information, recruitment information, identification and background information, and other information relevant to potential recruitment by us, such as a candidate’s resume, any cover letter/application, work history, qualifications, and reference information. The purpose of processing this information to recruit and evaluate potential candidates in order to make the best recruitment decisions for us organisation.

Special Category Data

When you apply for a job with us, we will rely on your consent to process your data. If your application includes any special categories of data, for example – relating to minorities, disability or any additional needs you may have, we will rely on your explicit consent.

We need this information to process your application, and to keep a record of the applications made. We may keep your CV and personal contact details in order to offer you further opportunities in the future.

Please do not supply any other person’s personal data to us, unless we prompt you to do so.

4. Purposes of processing and legal bases

In this section we have set out the purposes for which we may process personal data and the legal bases of the processing.

Operations– We may process your personal data for the purposes of operating our website, providing our services, generating invoices, bills and other payment-related documentation, and credit control. The legal basis for this processing is our legitimate interests, namely the proper administration of our website, services and business and/or the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.

Relationships and communications– We may process contact data and/or communication data for the purposes of managing our relationships, communicating with you (excluding communicating for the purposes of direct marketing) by email, SMS, post, fax and/or telephone, providing support services and complaint handling. The legal basis for this processing is our legitimate interests, namely communications with our website visitors, individual clients and client personnel, the maintenance of our relationships, enabling the use of our services, and the proper administration of our website, services and

We use your information to communicate with you, to update you on services and benefits, to better understand who uses our site and the pages they access so as to be able to improve the site and to help us understand your needs and interests and provide you with a better service business.

Direct marketing - We may process contact data for the purposes of creating, targeting and sending direct marketing communications by email (including our newsletters), SMS, post and/or fax and making contact by telephone for marketing-related purposes. The legal basis for this processing is our legitimate interests, namely promoting our business and communicating marketing messages and offers to our website visitors and service users.

Security– We may process your personal data for the purposes of security and the prevention of fraud and other criminal activity. The legal basis of this processing is our legitimate interests, namely the protection of our website, services and business, and the protection of others.

Insurance and risk management– We may process your personal data where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks and/or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.

Legal claims– We may process your personal data where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.

Legal compliance and vital interests– We may also process your personal data where such processing is necessary for compliance with a legal obligation to which we are subject or in order to protect your vital interests or the vital interests of another natural person.

5. Providing your personal data to others

Third Party Service Providers

We share your personal data collected on this website with affiliated and third-party service providers, such as companies and/or individuals that provide us technical support, data hosting, and other services relating to this website, such as:

  • Analytics tracking

  • User authentication

  • Advertising and promotion

  • Content marketing

  • Email marketing

We only work with external agencies whose privacy policies align with ours.

Any such third-party service providers are required by us to take appropriate security measures to protect your data.

Transfer/Sale of Business

We may share your personal data obtained on this website with third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

Where disclosure is necessary

In addition to the specific disclosures of personal data set out in this Section 5, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise, or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

We do not otherwise share or supply personal information to third parties. We do not sell or rent your personal information to marketers or third parties.

6. Where is your personal data held

Your personal data is held processed on our website database which is stored on the servers of our hosting services providers – Host Europe GmbH. The website hosting facilities for our website are situated in Leeds, United Kingdom (Heart Internet Limited).

7. International transfers of your personal data

Transferring your personal data out of Gibraltar [and EEA]

To deliver services to you, it may be sometimes necessary for us to share your personal data (that is collected on this website) outside Gibraltar, e.g.:-

  • with your and our service providers located outside the Gibraltar;
  • if you are based outside Gibraltar.

    Under data protection law, we can only transfer your personal data to a country or international organisation outside the Gibraltar[and EEA]where:

  • the Gibraltar Government[ or, where the EU GDPR applies, the European Commission] has decided the particular country or international organisation ensures an adequate level of protection of personal data (known as an ‘adequacy decision’);
  • there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for data subjects; or
  • a specific exception applies under data protection law.

    These are explained below.

Adequacy decision

We may transfer your personal data to certain countries, on the basis of an adequacy decision. These include:

  • all European Union countries, plus Iceland, Liechtenstein and Norway (collectively known as the ‘EEA’);

  • United Kindgom; and

  • Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay.

The list of countries that benefit from adequacy decisions will change from time to time. We will always seek to rely on an adequacy decision, where one exists.

Other countries that we may be likely to transfer personal data to, do not have the benefit of an adequacy decision. This does not necessarily mean they provide poor protection for personal data, but we must look at alternative grounds for transferring the personal data, such as ensuring appropriate safeguards are in place or relying on an exception, as explained below.

Transfers with appropriate safeguards

Where there is no adequacy decision, we may transfer your personal data to another country if we are satisfied the transfer complies with data protection law, appropriate safeguards are in place, and enforceable rights and effective legal remedies are available for data subjects.

The safeguards will usually include using legally-approved standard data protection contract clauses.

To obtain a copy of the standard data protection contract clauses and further information about relevant safeguards,please contact our Data Protection Administrator.

Transfers under an exception

In the absence of an adequacy decision or appropriate safeguards, we may transfer personal data to a third country or international organisation where an exception applies under relevant data protection law, e.g.:

  • you have explicitly consented to the proposed transfer after having been informed of the possible risks;

  • the transfer is necessary for the performance of a contract between us or to take pre-contract measures at your request;

  • the transfer is necessary for a contract in your interests, between us and another person; or

  • the transfer is necessary to establish, exercise or defend legal claims

We may also transfer information for the purpose of our compelling legitimate interests, so long as those interests are not overridden by your interests, rights and freedoms. Specific conditions apply to such transfers and we will provide relevant information if and when we seek to transfer your personal data on this ground.

8. Retaining and deleting personal data

Please refer to our General Privacy Policy for further information.

9. Website Cookies

We refer you to our Cookie Policy for further information.

10. Security of personal data

This site uses SSL (Secure Socket Layer) encryption for security reasons and for the protection of the transmission of confidential content such as enquiries you send to us as the site operator.

Data relating to your enquiries that is sent from your web browser to our web server, or from our web server to your web browser, will be protected using encryption technology.

You can recognize an encrypted connection in your browsers address line when it changes from http:// to https:// and the lock icon is displayed in your browsers address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

You acknowledge that the transmission of unencrypted (or inadequately encrypted) data over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet

We will take appropriate technical and organisational precautions to secure your personal data and to prevent the loss, misuse or alteration of your personal data.

11. Third party websites

Our website includes links to and details of, third party websites.

In general we have no control over, and are not responsible for, the privacy policies and practices of third parties. When you leave our website please be sure to read the privacy notices and policies of those other websites. We do not endorse the content on any other websites that can be accessed via our website.

12. Your rights

In this section, we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

Your principal rights under data protection law are:

  • the right to access – you can ask for copies of your personal data;

  • the right to rectification – you can ask us to rectify inaccurate personal data and to complete incomplete personal data;

  • the right to erasure – you can ask us to erase your personal data;

  • the right to restrict processing – you can ask us to restrict the processing of your personal data;

  • the right to object to processing – you can object to the processing of your personal data;

  • the right to data portability – you can ask that we transfer your personal data to another organisation or to you;

  • the right to complain to a supervisory authority – you can complain about our processing of your personal data; and

  • the right to withdraw consent – to the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent.

If you consider that our processing of your personal data infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

To the extent that the legal basis for our processing of your personal data is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

These rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects by visiting https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/what-is-personal-data/

You can examine your rights by visiting the website of the Gibraltar equivalent of the UK ICO Officer, which is the Gibraltar Regulatory Authority (“GRA”) at the following website: https://www.gra.gi/

You may exercise any of your rights in relation to your personal data by written notice to us using the contact details set out below.

13. Policy change

This website policy was first published on 24 May 2018 and most recently updated on 1 July 2021.

For further information, please contact our Data Protection Administrator at: admin@rcagibraltar.com