The Gibraltar Electricity Authority (“the GEA”) takes considerable measures in protecting your privacy and the utmost care is required from our data controllers when processing your data. This Privacy Notice is designed to inform you about the types of personal data we collect, how we gather it, the reasons for doing so, and how this information may be shared with third parties.
Under the Gibraltar General Data Protection Regulation (GGDPR) and The Data Protection Act 2004 (DPA) you have specific rights concerning the personal data we hold about you. We will detail these rights and provide guidance on how to contact us regarding them.
For the purposes of this Privacy Policy “we”, “our”, or “us” means the GEA whereas “you” or “your” refers to our customers (consumers) or any other data subjects whose personal data we may process, such as our suppliers. Our employees are however referred to the company’s internal Privacy Policy for further information.
The data we collect from you will depend on your relationship with the GEA and the use of our website. For consumers, this may include:
When you visit our website, we may collect information about your browsing activities, IP address, and device information.
CCTV
CCTV cameras are in use at our Consumer Services Office and therefore your audio and image may be recorded should you visit our premises.
The implementation of our comprehensive CCTV camera system serves the purpose of protecting our facilities, assets, and personnel. It acts as a deterrent and plays a vital role in detecting, recording, and analysing a wide range of incidents, including theft, vandalism, accidents, fires, floods, and emergency situations, throughout the GEA premises.
The GEA acknowledges the importance of striking a balance between an individual's right to privacy and the imperative of ensuring the safety and security of GEA employees, customers, visitors, and corporate assets. When CCTV is deployed externally, it will exclusively capture images of public streets and buildings were permitted by law.
Access to operate the CCTV systems and review the recorded images is limited solely to authorized personnel.
To ensure transparency, notices indicating CCTV filming will be prominently displayed in areas under surveillance.
For further information regarding CCTV please refer to our CCTV Policy on our website.
Special Category Personal Data
Special Category Personal Data, which includes sensitive information, is subject to additional protection under GGDPR. This refers to certain categories of personal information, such as race, ethnicity, religion, health, political opinions, sexual orientation or biometric information, or data relating to criminal convictions and offenses. While not all types of sensitive data are processed, we may handle medical reports, financial statements, and other relevant data for arrears management, special requirements, or assisting authorities.
We limit the personal data collection, storage and usage to data that is relevant, adequate and necessary to successfully fulfil our obligations.
We collect personal data for various reasons, including:
Information is collected via various means and is very much dependent on the manner you interact with us. This section outlines the methods and sources through which we may collect your personal data.
We identify the lawful basis we rely upon in order to collect, use and keep hold of your personal information. The following are the principal bases we rely upon:
We retain personal data for periods appropriate to the data's purpose and lawful basis. This includes contractual obligations, legal requirements, legitimate interests, our obligations under The Act, health or social care matters, or assisting authorities.
We will keep the information for a period which enables us to handle or respond to any complaints, queries or concerns relating to our services.
CCTV recordings, both video and audio, are subject to automatic deletion one month from the date of the recording.
We will actively review the information we hold and delete it securely when it is no long necessary, however, in some circumstances we may anonymise so that it can no longer be associated to you and as such we may use the data without further notice to you.
We employ several resources to ensure the personal data collected is secure and the confidentiality of said data is a matter of high importance to the GEA. Within the organisation we limit the sharing of personal data through staff authorisation levels. Personal data is administered by the authorised data controllers and is shared purely on a need-to-know basis for the task being carried out.
We share your personal information with third parties as follows:
Data transferred is limited to what is absolutely necessary and you can rest assured that we will undertake an independent assessment of the third-party requests, always identifying a lawful basis in order to do so.
We do not transfer personal data to any other third party, nor to any country outside the EEA, except under the following circumstances:
We have a framework of policies, procedures and training covering data protection, confidentiality and security. We regularly review the appropriateness of the measures in place which keep the data we hold secure. Technical measures are also implemented to ensure a level of security proportionate to the level of risk assessed for specific data sets.
Contractual agreements are in place with our processors and suppliers which include data protection clauses, to ensure that these entities protect data in accordance with the relevant legislation.
CCTV camera recordings are exclusively accessed by authorized personnel when the need arises, such as in the case of a security breach or an incident.
We want to ensure you are aware of your rights under data protection law. You have the right to request the following:
If you wish to exercise any of these rights, or object to our processing your personal data, please email, call, or write to us (please refer to section ‘11. Contact Us’).
Accessing your Personal Data or exercising any of your rights does not involve any fees. However, in cases where your request is deemed clearly unfounded or excessive, we may, at our discretion, apply a reasonable fee, or alternatively, we may choose not to process the request. In either scenario, we will provide a justification for our decision.
To confirm your identity and uphold your right to access information or exercise your rights, we may request specific details from you. This is an additional security measure to guarantee that Personal Data is not disclosed to individuals without the rightful authority to access it.
If you have any questions or concerns about the information we hold about you and how we use it, or wish to exercise any of your rights as described above, you may contact our Data Protection Team at privacy@gea.gi.
You may also write, visit or call us, as follows:
Address: |
Gibraltar Electricity Authority Rosia Road Electricity Centre |
Telephone: |
+350 20075957 |
Please note that, alternatively, you have a right to contact the Government’s Data Protection Officer directly as follows.
Address: |
Data Protection Officer 7.3.03 Europort Gibraltar GX11 1AA |
Email: |
If you are dissatisfied with how we've addressed any data protection inquiries or if you have reservations regarding our personal data processing, you also have the option to reach out to the Gibraltar Regulatory Authority directly using the contact details provided below.
Address: |
Gibraltar Regulatory Authority 2nd Floor, Eurotowers 4 1 Europort Road Gibraltar GX11 1AA |
Telephone: |
(+350) 200 74636 |
Email: |
We continually review and update this Privacy Notice to reflect changes in our services, as well as to comply with changes in the law. We will notify you of any updates either in writing or by updating this Privacy Notice on our website.
We may also notify you in other ways from time to time about the processing of your Personal Data.