Privacy Notice (GDPR)
This privacy notice explains how the Castle Ship Management Ltd (‘we’) use any personal information we collect about you.
What information do we collect about you and why?
We collect and use personal data on the basis that it is in its legitimate interests to do so, for example to keep records of transactions and to provide a service to its customers.
We collect information via our onboarding process and throughout our relationship with you in order to comply with regulation and for the purpose of performing our contract with you. The provision of your personal data is required in order to enter into a contract with us; however the provision of information for marketing purposes is voluntary. We may record and monitor phone calls made to or by us in order to comply with regulatory obligations.
How long do we keep this information?
We will keep your information for 5 years after we last heard from you (or any other period as required by Gibraltar regulations).
Who do we share your information with?
- our appointed auditors, accountants, lawyers and other professional advisers, to the extent that they require access to the information to provide advice for any service we provide;
- fraud prevention agencies and other organisations to allow us to undertake the relevant checks;
- any relevant regulatory authority where they are entitled to require disclosure;
- if required to do so to meet applicable law, the order of a Court or market rules and codes of practice applicable to the circumstances at the time;
- relevant authorities to investigate or prevent fraud or activities believed to be illegal or otherwise in breach of applicable law;
- our IT providers and services providers in order to provide and maintain the provision of our services;
We will not lend or sell your information to third parties.
Your personal information may need to be shared with our service providers, which may involve transferring it to countries outside the European Economic Area (EEA). Where we do so, we will ensure that we do this in accordance with current data protection legislation by only transferring your data to jurisdictions in respect of which there is a European Commission adequacy decision or, where this is not the case, by using model clauses which have been approved by the European Commission.
If you agree, we may send you information about our products and services by email and those of other companies in our group which may be of interest to you. Where it is in our legitimate interests, we may send you information about our products and services by post. If you have consented to receive marketing, you may still opt out at a later date. We may also use your name and address to post to you invitations to events, or advise you of other products or services which may reasonably be considered to be of interest to you.
You have a right at any time to stop us from contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, please email us at email@example.com or write to us
You have certain rights in respect of the data we hold relating to you. Details of these rights can also be found at http://www.gra.gi/data-protection/general-data-protection-regulation. You are entitled to a copy of the information we hold about you in a portable format or otherwise, to request rectification, erasure, or restriction of processing of the information we hold about you, and to object to processing or to automated decision making. Please note that the application of these rights vary according to the legal basis used to process your data. In certain circumstances we are required to retain copies of information we hold about you by other regulations. In this instance we will not be able to erase or modify the data.
In order to exercise these rights or if you have any concerns about our use of your personal information, please contact the Data Protection Officer using the information at the end of this notice. You can also contact http://www.gra.gi/data-protection/complaints in its capacity as our supervisory body.
We will strive to keep your information accurate however if at any time after giving us this information it becomes out of date, then we ask you to notify us directly and we shall remove or amend the information within a reasonable time frame and in accordance with legislative requirements.
Internet communication, which includes email, is not secure. The protection of data by encryption is possible provided that the encryption method (protocol) used is current and the correct procedure for encryption and decryption is followed at all times. We cannot accept any responsibility for unauthorised access by a third party or for the loss, theft or modification of data while it is being sent to us by email. For security purposes we may monitor emails received or issued by us.
Changes to our Privacy Notice
We keep our privacy notice under regular review. This privacy notice was last updated in March 2020. We reserve the right to update this privacy notice at any time.
How to contact us
If you have any questions about our privacy notice or the information we hold about you please contact us at firstname.lastname@example.org or by post