Logistable Limited - Banner


P.O.BOX 565

Data Protection Policies


The European Union (EU) General Data Protection Regulation (GDPR) comes into force on the 25th May 2018 making it automatically effective in all EU Member States, including Gibraltar. The provisions of the GDPR therefore supersede the current Data Protection Act 2004.

The GDPR is designed to improve transparency, accountability and an individual’s rights with regard to organisations that hold, control and process their personal data. It also makes it easier for individuals to bring private claims against data processors and data controllers when their data privacy has been infringed, and allows data subjects who have suffered non-material damage as a result of an infringement to sue for compensation.


Before gathering any personal data on an individual, the GDPR requires that organisations such as Logistable Limited (Logistable) must communicate to that individual (in advance of processing their data) the following;

  • the legal basis for processing the data,
  • the retention period of that data,
  • the right of complaint if the individual is unhappy with the processing or storage of the data,
  • the use the data will be put to, and
  • to whom the data will be disclosed and if it is going to be transferred to third parties inside or outside of the EU, the rights that individual has under the GDPR.


Logistable is licenced by the Gibraltar Financial Services Commission as an Investment and Company Manager and as such is required to comply with anti-money laundering and terrorist financing legislation/guidance such as the Proceeds of Crime Act and the guidance notes issued by the Gibraltar Financial Services Commission (GFSC). This requires Logistable to collect and hold certain information on the individuals with whom it conducts business for know your client and source of funds purposes.

Whilst Logistable is required to collect and hold data, it is Logistable’s policy to protect an individual’s right to privacy. Logistable takes all reasonable steps in the circumstances of each case to ensure that internal procedures are in place to prevent inappropriate access to and disclosure of personal data. Logistable will therefore endeavour to ensure that;

  • Robust security controls are in place to protect an individual’s data against unauthorised access, processing, loss or accidental destruction and that these controls are reviewed and tested regularly so as to ensure they remain effective,
  • Logistable will process an individual’s data in a manner that is consistent with the original purpose for its collection,
  • Logistable will maintain the accuracy of an individual’s personal data and ensure that it can amend any inaccurate data without undue delay,
  • Logistable have established governance and operational procedures and undertaken staff training in order to ensure compliance with the GDPR.


In the course of providing services to an individual, Logistable may collect and hold their personal data. This typically includes the following information:-

  • Personal contact details such as name, title, address(es), telephone numbers and e-mail address(es);
  • Date of birth and place of birth;
  • Gender;
  • Marital status and details on dependants;
  • Copies of identification documents such as passports and identity cards;
  • Nationality, tax residence and country of residence;
  • Employment details;
  • Details of assets owned and liabilities;
  • Personal details of any agent or attorney.


Logistable will collect an individual’s personal data:-

  • directly from the individual;
  • when it is provided to Logistable by a third party;
  • from publically available sources.


Logistable will only use an individual’s personal data in the following circumstances:-

  • when it is required to comply with a legal obligation imposed upon it or that applies to it;
  • when it is ordered by a judicial authority or regulator to disclose the information;
  • when it is required in the performance of its duties with regard to the contracts/services it has entered into or agreed with an individual;
  • when the individual has provided his/her consent;
  • when it is necessary for the legitimate interests of Logistable (or those of a third party) and the individual’s interests and fundamental rights do not override those interests;
  • when Logistable is required to do so for the purposes of any legal proceedings or regulatory action;
  • when Logistable needs to verify and confirm an individual’s identity.

Please note that Logistable may process an individual’s personal data without their knowledge or consent, in compliance with the above situations where this is required and/or permitted by law.

Logistable does not envisage any situation arising in which any decisions will be taken about an individual using automated means.


Logistable places great emphasis on ensuring that personal data is kept secure. All sensitive documents (be they regulatory or functional) are held in fireproof safes within a strong room on Logistable’s premises access to which is restricted to the Executive Directors of Logistable and the Data Protection Officer (please refer to the section below on the role of the Data Protection Officer).

However, where Logistable is required by the Financial Services Authorities to hold personal data relating to an individual in an electronic format, it is kept on an intra-office network that is separate from and has no direct access to the internet. This eliminates the possibility of Logistable’s database being hacked and sensitive information being misused, abused or misappropriated. Furthermore the data is stored on a restricted “Drive” that is only accessible from the Data Protection Officer’s computer terminal access to which is password protected.

The system is run from a central server which is contained in a purpose built air conditioned room access to which is limited to the Data Protection Officer and senior executives of Logistable. The server itself is connected to an Uninterrupted Power Supply and a battery bank which is designed to provide power for up to three hours in the event of a power failure. Backups of the information held on the server are performed automatically on a daily basis. Backup tapes are removed from the offices of Logistable and stored offsite overnight.

In the event that the premises of Logistable Limited were to be destroyed or significantly damaged by fire, flood or any other catastrophic event Logistable has in place a recovery plan to ensure that it would be able to function as a going concern and continue to carry out its business activities uninterrupted.

Logistable does not share any personal data with third parties for marketing or any other reasons save in the circumstances referred to in the previous section.


Logistable will retain personal data for as long as is necessary in order to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements.


Pursuant to legal obligations imposed on Logistable, it may have to report certain details of an individual’s personal information to the Gibraltar authorities.

Pursuant to a Court order Logistable may have to disclose to the Court or judicial/regulatory authorities in Gibraltar details of an individual’s personal data.


In accordance with the GDPL, Logistable has appointed a Data Protection Officer (DPO). The person appointed as DPO for Logistable is Mr Charles Fava. The DPO will act as an advisor on personal data issues both internally for Logistable and externally for all clients. The DPO will also be the point of contact for all clients whose data Logistable processes and the legal authorities that Logistable is obliged to interact with.


The GDPL provides an individual with enhanced rights to access the data that Logistable holds on them and greater control on how that data is used.

An individual can therefore exercise the following rights:-

  • request and have access to a copy of the personal data Logistable holds on them;
  • request correction of the personal data Logistable holds on them;
  • request that Logistable delete or remove personal data held on them where there is no good reason for Logistable to continue to hold it or where the individual has exercised his/her right to object to Logistable having/holding such data;
  • request that Logistable suspend the processing of their personal data whilst it is established that the data is accurate or that Logistable have a valid reason for holding it;
  • request the transfer of their personal data to another party (ie data portability).
  • object to their data being collected or used,

If an individual should wish to receive a copy of the information held by Logistable on them and/or change and/or challenge how Logistable uses their data they should make a request in writing to;

The Data Protection Officer
Logistable Limited
Suite 3A Tisa House
143 Main Street
GX11 1AA

Alternatively an individual can send an e-mail to the DPO at the following address;       chiqui.fava@logistable.gi

Logistable will take all and any steps it deems necessary (and which may vary from time to time) to verify an individual’s identity prior to processing their request.








©2008 Logistable Limited. All Rights Reserved. Legal Information :: Disclaimer

Web Design By
Glide Technologies Limited.