Your privacy is important to us. It is the Gibraltar Medical Registration Board’s policy to respect your privacy regarding any information we may collect from you across our website, https://www.gibmrb.org.
Information we collect
When you visit our website, our servers may automatically log the standard data provided by your web browser. This data is considered “non-identifying information”, as it does not personally identify you on its own. It may include your computer’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details.
We may also collect data about the device you are using to access our website. This data may include the device type, operating system, unique device identifiers, device settings, and geo-location data. What we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.
We may ask for personal information, such as your:
- Business/ Role/ Position
This data is considered “identifying information”, as it can personally identify you. We only request personal information relevant to providing you with a service, and only use it to help provide or improve this service. There are separate Privacy Notices for our services, for example, Themis and e-Nexus systems.
How we collect information
We collect information by fair and lawful means, with your knowledge and consent. We also let you know why we’re collecting it and how it will be used. You are free to refuse our request for this information, with the understanding that we may be unable to provide you with some of your desired services without it.
Use of information
We may use a combination of identifying and non-identifying information to understand who our visitors are, how they use our services, and how we may improve their experience of our website in future. We do not disclose the specifics of this information publicly but may share aggregated and anonymised versions of this information, for example, in website and customer usage trend reports.
We may use your personal details to contact you with updates about our website and services, along with promotional content that we believe may be of interest to you.
Data processing and storage
The personal information we collect is stored and processed in the United Kingdom, or where we or our partners, affiliates, and third-party providers maintain facilities. We only transfer data within jurisdictions subject to data protection laws that reflect our commitment to protecting the privacy of our users.
We only retain personal information for as long as necessary to provide a service, or to improve our services in the future. While we retain this data, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use, or modification. That said, we advise that no method of electronic transmission or storage is 100% secure, and cannot guarantee absolute data security.
If you request your personal information be deleted, or where your personal information becomes no longer relevant to our services, we will erase it from our system within a reasonable timeframe.
Third-party access to information
We may use third-party services for:
- Analytics tracking
- User authentication
- Content marketing
- Email marketing
These services may access our data solely for the purpose of performing specific tasks on our behalf. We do not share any personally identifying information with them without your explicit consent. We do not give them permission to disclose or use any of our data for any other purpose.
We may, from time to time, allow limited access to our data by external consultants and agencies for the purpose of analysis and service improvement. This access is only permitted for as long as necessary to perform a specific function. We only work with external agencies whose privacy policies align with ours.
We will refuse government and law enforcement requests for data if we believe a request is too broad or unrelated to its stated purpose. However, we may cooperate if we believe the requested information is necessary and appropriate to comply with legal process, to protect our own rights and property, to protect the safety of the public and any person, to prevent a crime, or to prevent what we reasonably believe to be illegal, legally actionable, or unethical activity.
We do not otherwise share or supply personal information to third parties. We do not sell or rent your personal information to marketers or third parties.
Limits of our policy
Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.
Changes to this policy
Your rights and responsibilities
As our user, you have the right to be informed about how your data is collected and used. You are entitled to know what data we collect about you, and how it is processed. You are entitled to correct and update any personal information about you, and to request this information be deleted. You may amend or remove your account information at any time, using the tools provided in your account control panel.
You are entitled to restrict or object to our use of your data while retaining the right to use your personal information for your own purposes. You have the right to opt-out of data about you being used in decisions based solely on automated processing.
Feel free to contact us if you have any concerns or questions about how we handle your data and personal information.
Gibraltar Medical Registration Board
HM Government of Gibraltar Data Protection Officer
Gibraltar Regulatory Authority
This policy is effective as of 9 October 2020.