Privacy Notice

1.- Purpose of privacy notice

Andrew Fortuna trading as “ANDREW FORTUNA NT”, is committed to protecting and respecting your right to privacy. This privacy notice aims to provide you with information on what data we collect about you, what we do with that information and why we do it, who we share it with, and how we protect your privacy.

This notice covers all personal data collected Andrew Fortuna NT or where we may tell other organisations (such as laboratories) to collect information for me. This is the same whether the data are collected by letter, email, face to face, telephone or online.

Andrew Fortuna NT holds and processes personal data in accordance with the European Union’s General Data Protection Regulation (“GDPR”) and the Data Protection Act 2004

It is important that you read this privacy notice together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.

We may change this privacy notice from time to time, so please check occasionally to ensure that you are happy with any changes.

2.- Personal Data
Personal data are information that identifies a living person. That can be obvious information like a name or an address, but it may also be something like an IP address.

This includes information you tell me about yourself, information we are provided by other people or organisations, or what we learn when you use services we provide.
Some information are considered more sensitive or special:

• Sexuality and sexual health.
• Religious or philosophical beliefs.
• Ethnicity.
• Physical or mental health conditions.
• Trade union membership.
• Political opinion.
• Genetic/biometric data.
• Criminal history.

If for any reason we have to collect any of the above , we will inform you of the reason and we will take extra care when collecting and using these types of special information.

3.- Who I am
Andrew Fortuna NT is responsible for your personal data and the self-desinated Data Protection Officer. If you have any questions about this privacy notice or any of my privacy practices, please contact me.

4.- What personal data do we collect?
Personal data means any information about you from which you can be identified. It does not include data where the identity has been removed (anonymisation).

Andrew Fortuna NT, stores, and processes personal data in order to be able to provide (in the future) employment services, in accordance with Gibraltar Employment Laws, the Proceeds of Crime Act, International Co-operation Tax Laws and Data Protection Laws and/or any other legislation in force at any given time, which may apply to me.

We may collect, use, store and transfer different kinds of personal data about you as follows:

• Identity Data – this includes [first name, maiden name, last name, username or similar identifier, marital status, nationality, title, date of birth, gender and identity card or passport details].
• Contact Data – this includes [residential address, email address and telephone numbers].
• Employment Details – this includes [employment status, employers past, current and prospective, your salary, pension scheme details, conditions of employment and termination details. It may also include your CV and any applications to job vacancies you have applied to through our services].
• Financial Data – this includes [bank account and payment card details].
• Transaction Data – this includes [details about payments to and, from you and other details of any payment services you have interacted with us].
• Profile Data – this includes [your username and password, your interests, preferences, qualifications, feedback and survey responses].

Personal data about you and your employment is private and confidential and will not be disclosed to anyone whether or not connected with the provision of our services, unless you give me your consent, the disclosure forms part of a Data Sharing Agreement, or the law permits or requires it.

5.- How we collect your personal data
We use different methods to collect data from and about you including through:

• Direct interactions. You may give me your [Identity, Contact and Financial Data] by filling in forms or by corresponding with us by post, phone, and email or otherwise. This includes personal data you provide when you:
o Raise a complaint with me.
o Use my services.
o Create an online portal with me.
o Give us feedback or contact me.

6.- How I use your personal data
Andrew Fortuna NT will always comply with data protection law. This says that the personal information we hold about you must be-

  1. Used lawfully, fairly and in a transparent way.
  2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  3. Relevant to the purposes we have told you about and limited only to those purposes.
  4. Accurate and kept up to date.
  5. Kept only as long as necessary for the purposes we have told you about.
  6. Kept securely.

Andrew Fortuna NT will only use your personal data for the purpose for which we collected it, which include the following:
• To register you to our services.
• Where we need to comply with a legal obligation.
• Where we need to perform the service we are about to enter into or have entered into with you.
• To manage your service user interaction with me.
• To improve our website, services, or customer relationships.

7.- Security, sharing and disclosure of personal data
The security and confidentiality of your data is very important to me.

Andrew Fortuna NT will:
• Ensure safeguards are in place to make sure personal data is kept secure in compliance with Government’s Information Security Policy.
• Ensure that your data remains under the control of our authorised controllers and processors with adequate safeguards to protect your rights.
• Ensure only authorised staff are able to view your data.
• Not make your information available for commercial use.
• Only ask you for what is needed.

Andrew Fortuna NT requires all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow any potential third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Andrew Fortuna NT have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
All of our staff are trained in the importance of protecting personal and other sensitive information. All civil servants are required to work in line with the core values set out in the General Orders, including; integrity and honesty.

8.- Transferring your personal data
We do not transfer your personal data outside the EU, only for use in laboratories in Gibraltar and the UK for the purpose of performing the service.

9.- Retention of personal data
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe, there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

By law, we have to keep basic information about our service users (including contact, identity, financial and transaction data) for 40 years after life cycle.

In some circumstances, you can ask me to delete your data: see [Your Rights] below for further information.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

10.- Your rights
You have the right to ask me:

• to confirm whether we hold any of your personal data;
• to provide you with a copy of any personal data that we hold about you;
• to correct any inaccuracies in your personal data and to modify it in such a way if you believe the personal data we hold is incomplete;
• to delete (in as much as is possible in the specific circumstances) any of your personal data, where we are required to do so by law;
• to stop processing your personal data, where required to do so by law;
• to let you have a portable copy of the personal data we hold about you, where required to do so by law;
• to stop processing any of your personal data that is processed by me on the basis of our legitimate interests; and
• where we process your personal data on the basis that you have given me your consent to do so, you may contact me at any time to withdraw your consent;

If you wish to exercise any of these rights, or object to our processing your personal data, please email me on info@andrewfortuna.com or write to me at:

P.O Box 1305
Irish Town
Gibraltar
GX11 1AA

If you remain dissatisfied, you can make a complaint about the way I process your personal information to the Gibraltar Regulatory Authority details found on their website at www.gra.gi or by emailing them on info@gra.gi