Privacy Notice

How the University of Gibraltar processes your personal data

The University of Gibraltar, Europa Point, Gibraltar, GX11 1AA (tel: +350 20071000), is committed to protecting your personal data and informing you of your rights in relation to that data.

The University of Gibraltar is registered as a Data Controller under the Gibraltar Data Protection Act 2004.

One of our responsibilities as a data controller is to be transparent in our processing of your personal data and to tell you about the different ways in which we collect and use your personal data. The University will process your personal data in accordance with the General Data Protection Regulation (GDPR) and the Gibraltar Data Protection Act 2004 (amendments and Regulations 2018) and this privacy notice is issued in accordance with the GDPR Articles 13 and 14.

We may update our Privacy Notices at any time. The current version of all of our Privacy Notices can be found below, and we encourage you to check back here regularly to review any changes.

University of Gibraltar Privacy Notices

The Data Protection Officer;

Data Protection Officer
Compliance Team
University of Gibraltar
Europa Point
Gibraltar
GX11 1AA

Email: dpo@unigib.edu.gi

Your Personal Data and its processing

We define personal data as information relating to a living, identifiable individual. It can also include “special categories of data”, which is information about your racial or ethnic origin, religious or other beliefs, physical or mental health, the processing of which is subject to strict requirements. Similarly information about criminal convictions and offences is also subject to strict requirements. “Processing” means any operation which we carry out using your personal data, for example obtaining, storing, transferring or deleting.

We only process data for specified purposes and if it is justified in accordance with data protection law. Details of each processing purpose and its legal basis is given in each privacy notice listed below – please consult the one most relevant to your relationship to the University.

How long we keep your data for

Unless specific time periods are given in the relevant Privacy Notice, your data will be kept in line with the University’s Records Retention policy.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
If you need more detailed advice on how long your data may be kept, please contact the Data Protection Officer (dpo@unigib.edu.gi).

Your rights as a data subject

You have the following rights in relation to your personal data processed by us:

Right to be informed

The University will ensure you have sufficient information to ensure that you are happy about how and why we are handling your personal data, and that you know how to enforce your rights.

The University provides information in the form of privacy notices

Right of access / right to data portability

You have a right to see all the information the University holds about you. Where data is held electronically in a structured form, such as in a database, you have a right to receive that data in a common electronic format that allows you to supply that data to a third party – this is called “data portability”.

To make a request for your own information please contact the Data Protection Officer (dpo@unigib.edu.gi).

Right of rectification

If we are holding data about you that is incorrect, you have the right to have it corrected.  Please email any related request to the Data Protection Officer (dpo@unigib.edu.gi).

Right to erasure

You can ask that we delete your data and where this is appropriate we will take reasonable steps to do so. Please email any related request to the Data Protection Officer (dpo@unigib.edu.gi).

Right to restrict processing

If you think there is a problem with the accuracy of the data we hold about you, or we are using data about you unlawfully, you can request that any current processing is suspended until a resolution is agreed.

Please email any related request to the Data Protection Officer (dpo@unigib.edu.gi).

Right to object

You have a right to opt out of direct marketing.

You have a right to object to how we use your data if we do so on the basis of “legitimate interests” or “in the performance of a task in the public interest” or “exercise of official authority” (a privacy notice will clearly state to you if this is the case). Unless we can show a compelling case why our use of data is justified, we have to stop using your data in the way that you have objected to.  Please email any related request to the Data Protection Officer (dpo@unigib.edu.gi).

Rights related to automated decision-making including profiling

We may use a computer program, system or neural network to make decisions about you (for example, everyone that is on a particular course gets sent a particular letter) or to profile you. You have the right to ask for a human being to intervene on your behalf or to check a decision.

Withdrawing consent:

If we are relying on your consent to process your data you may withdraw your consent at any time.

Exercising your rights, queries and complaints

For more information on your rights, if you wish to exercise any right, for any queries you may have or if you wish to make a complaint, please contact the University Data Protection Officer (dpo@unigib.edu.gi).

Complaint to the Information Commissioner, Gibraltar

You have a right to complain to the Information Commissioner’s Office at the Gibraltar Regulatory Authority (GRA). Please see their website for more information:  https://www.gra.gi/data-protection/individuals

Privacy Notices

Please consult the privacy notice that best fits your relationship with the University:

Data Protection Policy

The University of Gibraltar takes its responsibilities with regard to the management of the requirements of the General Data Protection Regulation (GDPR) very seriously. This policy sets out how the University manages those responsibilities.
Data Protection Policy
Data Security Breach Incident Management Policy
The aim of this policy is to standardise the University-wide response to any reported data breach incident, and ensure that they are appropriately logged and managed in accordance with best practice guidelines.
Data Security Breach Policy
Subject Access Request Form (SAR)
You can use this form to request access to the personal information held on you by the University of Gibraltar
(the University).
Subject Access Request Form (SAR)

Students and applicants

This privacy notice applies to current and former students and applicants. It explains how we’ll process your personal data. This notice does not form part of any student or applicant contract.
Student and Applicant

Staff, job applicants and others working at the University

This privacy notice applies to current and former employees, workers, contractors, honorary position holders, volunteers, visiting professors and lecturers, Beacon professors, associate researchers and similar. It explains how we’ll process your personal data. This notice does not form part of any contract of employment or other contract to provide services.
Staff, job applicants and others working at the University

Visitors, correspondents and prospective applicants

This Privacy Notice applies to visitors to the University and people with whom the University communicates who are not either staff or current students, including prospective applicants such as enquirers, prospectus requesters, and other individuals who have expressed an interest in studying at the University of Gibraltar or participating in the activities of the University in another way, such as on one of our outreach programmes. It applies to adults and children who visit the campus for one-off events such as community open days, and to those who visit for longer periods, such as to attend one of our outreach programmes or use certain facilities, such as the libraries or sports facilities. It explains how we will process your personal data.
Visitors, correspondents and prospective applicants

Visitors to our website

This privacy policy explains how we use any personal information we collect about you when you use this website.
Visitors to our website

Alumni, supporters and friends

This Privacy Notice applies to alumni of the University and people who wish to support the University and its activities, and friends of the University who may aid or assist it in some way. It explains how we will process your personal data.
Alumni, supporters and friends

Subject of photography

We collect personal information in the form of your appearance and distinguishing features through photoshoots, and we may also ask to collect identifiable data to allow us to track you in our system like your name and contact details. When we do collect this information, it will be provided directly by you.
Subject of photography

Subject of videography

We collect personal information in the form of your appearance, voice and distinguishing features through filming video, and we may also ask to collect identifiable data to allow us to locate your data like your name and contact details. When we do collect this information, it will be provided directly by you. Sometimes we may ask for your name to personalise the footage we take of you, but we’ll only include this if you agree to it.
Subject of videography