Gib Flow Ltd (“GibFlow”, “we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy.
This Privacy Policy explains how we collect, use, store, and protect your information when you use the GibFlow mobile application (“App”), website, and related services.
By using GibFlow, you acknowledge that your personal data will be processed as described in this Policy.
Who We Are
Gib Flow Ltd is the data controller responsible for your personal data.
If you have any questions about this Policy or your personal data, please contact us using the details above.
What Personal Data We Collect
We may collect and process the following categories of data:
Account Information
- Full name
- Email address
- Phone number (if provided)
- Password (encrypted and stored securely)
Booking & Facility Data
- Secure parking bookings
- Entry and exit timestamps
- Facility access logs
- Employer-linked access permissions
Payment Information
- Payment transaction records
- Billing history
Location Data
- Real-time location (if you grant permission)
- Device location used for unlocking facilities
- General navigation data
You can disable location permissions at any time in your device settings.
Device & Technical Information
- Device type and operating system
- App version
- IP address
- Crash logs and diagnostics
Communications
- Messages sent to support
- Feedback submissions
- Customer service records
How We Use Your Data
We use your data to:
- Create and manage your account
- Enable secure bicycle parking bookings
- Provide digital access to facilities
- Process payments
- Provide navigation and transport information
- Improve app performance and user experience
- Respond to customer support requests
- Prevent fraud and ensure security
- Comply with legal obligations
Where applicable, we process your data based on:
- Performance of a contract — to provide the services you have booked
- Legal obligation — to comply with applicable laws
- Legitimate interests — system security, fraud prevention, service improvement
- Your consent — location services, optional notifications and marketing
Real-Time Bus Tracking & Third-Party Data
Where available, real-time transport information may rely on third-party systems. We may receive operational data from transport providers to display live bus locations, estimated arrival times, and delay notifications. We are not responsible for inaccuracies in third-party transport data.
Employer & Private Facilities
If you access a facility provided by your employer:
- We may share booking and access confirmation data with your employer
- Employers may act as independent data controllers regarding internal access management
- Access logs may be retained for security and compliance purposes
Lawful Basis for Processing
Under Gibraltar’s data protection framework, we rely on the following lawful bases:
- Contractual necessity — to provide booked services
- Legal compliance — to meet regulatory obligations
- Legitimate interests — system security, fraud prevention, and service improvement
- Consent — location tracking and optional notifications
You may withdraw consent at any time where processing is based on consent. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
Data Retention
We retain personal data only for as long as necessary to provide services, maintain security records, comply with legal obligations, and resolve disputes. Retention periods may vary depending on the type of data and applicable regulatory requirements.
Data Sharing
We may share your data with:
- Payment service providers
- IT hosting and cloud service providers
- Analytics providers
- Transport data providers
- Employers (where relevant to facility access)
- Regulatory authorities (where legally required)
We do not sell your personal data. All third parties are required to implement appropriate security measures.
International Transfers
Where data is transferred outside Gibraltar, we ensure appropriate safeguards are in place, such as adequacy decisions, standard contractual clauses, or equivalent legal protections.
Data Security
We implement appropriate technical and organisational measures, including:
- Encryption in transit and at rest
- Secure authentication systems
- Access controls and role-based permissions
- Monitoring and logging
- Secure cloud infrastructure
While we take reasonable steps to protect your data, no system is completely secure.
Your Rights
Under applicable data protection law, you may have the right to:
- Access your personal data
- Correct inaccurate data
- Request deletion (“right to be forgotten”)
- Restrict processing
- Object to processing
- Data portability
- Withdraw consent
- Lodge a complaint with the Gibraltar Regulatory Authority
To exercise your rights, contact us at info@gibflow.gi. We may require proof of identity before responding.
Cookies & Analytics (Website)
If you visit our website, we may use cookies and analytics tools to understand usage trends, improve user experience, and monitor performance. Please see our Cookie Policy for full details. You can control cookies via your browser settings at any time.
Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be published on our website and within the App, with an updated “Last Updated” date. Continued use of GibFlow after updates constitutes acceptance of the revised policy.
Contact & Complaints
Questions or complaints?
Gib Flow Ltd12/1 Collage Lane, Gibraltar
info@gibflow.gi
You also have the right to lodge a complaint with the Gibraltar Regulatory Authority if you believe your data protection rights have been infringed.