Data Privacy and Security Policy
Last Updated: January 2026
Introduction
Welcome to domu5.com (“we”, “our” or “us”). We are committed to protecting your privacy and handling your personal information in accordance with the data protection laws of Gibraltar. This privacy policy (the “Policy”) outlines how we collect, use, disclose, and safeguard your information when you visit our website and use our information services. We will not be accessing any special categories of personal data (as defined in Article 9 of the Gibraltar GDPR). As part of our daily operations, we may make use of data relating to identifiable individuals, including data on:
current, past and prospective employees;
customers;
users of our website and platform;
subscribers; and
other stakeholders.
In collecting and using this data, we are subject to a variety of legislation controlling how such activities may be carried out and the safeguards that must be put in place to protect it. This control applies to all systems, people and processes that constitute our information systems, including board members, directors, employees, suppliers and other third parties who have access to our systems.
Gibraltar Data Protection Regulation
The GDPR entered into force in Gibraltar on 25 May 2018 because at the time Gibraltar was a territory within the European Union (by virtue of the accession of the United Kingdom on 1 January 1973). As such, regulations were directly applicable in Gibraltar. Gibraltar ceased to become a territory within the European Union on 31 January 2020 when the United Kingdom left on that same date. However, at the end of the transition period, EU law ceased to apply in Gibraltar and the Gibraltar Government implemented the GDPR into Gibraltar national law (creating the “Gibraltar GDPR”). Gibraltar also continues to adhere to their existing Data Protection Act 2004.
Information We Collect
We may collect the following types of information when you interact with our website and services:
Personal Information
Name;
Email address;
Phone number; and
Address.
“Personal data” is defined as “any information relating to an identified or identifiable natural person” (Article 4). A low bar is set for “identifiable” – if the natural person can be identified using “all means reasonably likely to be used” (Recital 26) the information is personal data. A name is not necessary either – any identifier will do, such as an identification number, phone number, location data or other factors which may identify that natural person.
Usage Information
Log data (e.g., IP address, browser type, operating system);
usage patterns and preferences;
clickstream data; and
cookies and similar technologies.
Information You Provide
Feedback and comments;
enquiries and support requests; and
user-generated content.
How We Use Your Information
We use the collected information for the following purposes:
providing and enhancing our information services;
responding to your enquiries and support requests;
sending promotional communications (you can opt out at any time);
personalising your experience on [website];
analysing usage patterns and trends; and
ensuring the security and integrity of our website.
Sharing Your Information
We may share your information with the following parties:
service providers: third-party contractors who assist us in delivering our services (e.g., hosting, analytics);
legal requirements: when necessary to comply with the law or protect our rights and safety; and
business transfers: in the event of a merger, acquisition, or sale of our assets, your information may be transferred.
Data Protection Principles
We are responsible for compliance with a set of core principles which apply to all processing of personal data. Under these principles, personal data must be (Article 5): processed lawfully, fairly and in a transparent manner (the “lawfulness, fairness and transparency principle”);
collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (the “purpose limitation principle”); adequate, relevant and limited to what is necessary in relation to the purpose(s) (the “data minimization principle”); accurate and where necessary kept up to date (the “accuracy principle”);
kept in a form which permits identification for no longer than is necessary for the purpose(s) for which the data is processed (the “storage limitation principle”); and processed in a manner that ensures appropriate security of the personal data, using appropriate technical and organizational measures (the “integrity and confidentiality principle”). In addition, in order to satisfy the lawfulness principle, each use of personal data must be justified by reference to an appropriate basis for processing. The legal bases (also known lawful bases or lawful grounds) under which personal data may be processed are (Article 6(1)): with your consent (where consent must be “freely given, specific, informed and unambiguous”, and must be capable of being withdrawn at any time);
where necessary for the performance of a contract to which you are a party, or in taking steps at your request prior to entering into a contract; where necessary to comply with a legal obligation (of the EU) to which we are subject;
where necessary to protect your vital interests or that of another person (generally recognised as being limited to ‘life or death’ scenarios, such as medical emergencies); where necessary for the performance of a task carried out in the public interest; or where necessary for the purposes of our legitimate interests or that of a third party (which is subject to a balancing test, in which our interests must not override your interests or fundamental rights and freedoms. Note also that this basis cannot be relied upon by a public authority in the performance of its tasks).
Cookies and Tracking Technologies
We utilise cookies and similar technologies to collect usage information and improve your experience on our website. You can manage your cookie preferences through your browser settings.
Data Retention
We shall not keep personal data for any longer than is necessary in light of the purpose or purposes for which that personal data was originally collected, held, and processed.
When personal data is no longer required, all reasonable steps will be taken to erase or otherwise dispose of it without delay.
For full details on our approach to data retention, including retention periods for specific personal data types held by us, please contact our Data Protection Officer.
Your Rights
You enjoy a range of rights to control the processing of your personal data, some of which are very broadly applicable, whilst others only apply in quite limited circumstances. We must provide information on action taken in response to requests within one calendar month as a default. We have a limited right to extend this period thereby a further two months where the request is onerous.
Right of Access (Article 15)
You are entitled to request access to and obtain a copy of his or her personal data, together with prescribed information about the how the data have been used by the controller.
Right to rectify (Article 16)
You may require inaccurate or incomplete personal data to be corrected or completed without undue delay.
Right to erasure (Article 17)
You may request erasure of your personal data. The right is not absolute; it only arises in quite a narrow set of circumstances, notably where we no longer need the data for the purposes for which it was collected or otherwise lawfully processed, or as a corollary of the successful exercise of the objection right, or of the withdrawal of consent.
Right to restriction of processing
You enjoy a right to restrict processing of your personal data in defined circumstances. These include where the accuracy of the data is contested; where the processing is unlawful; where the data is no longer needed save for legal claims; or where the legitimate grounds for processing is contested.
Right to data portability (Article 20)
Where the processing of personal data is justified either on the basis that you have given consent to processing or where processing is necessary for the performance of a contract, then you have the right to receive or have transmitted to another controller all personal data concerning you in a structured, commonly used and machine-readable format (e.g. commonly used file formats recognised by mainstream software applications).
Right to object (Article 21)
You have the right to object to processing, on grounds relating to your particular situations or where processing is in the public interest. In these circumstances we will then have to suspend processing of this data unless we demonstrate “compelling legitimate grounds” for processing which override your rights under Article 21. In addition, you enjoy an unconditional right to object to the processing of personal data for direct marketing purposes at any time.
Transfer
Transfers of personal data outside the United Kingdom or European Union will be carefully reviewed prior to the transfer taking place to ensure that they fall within the limits imposed by the Gibraltar GDPR. This depends partly on the European Commission’s judgement as to the adequacy of the safeguards for personal data applicable in the receiving country and this may change over time.
Breach Notification
We must notify a breach to the supervisory authority without undue delay, and where feasible, not later than 72 hours after having become aware of it, unless we determine that the breach is unlikely to result in a risk to the rights and freedoms of natural persons. When the personal data breach is likely to result in a high risk to natural persons, we would also be required to notify you without undue delay (Article 34).
Data Security
We implement reasonable security measures to protect your information from unauthorised access and disclosure. However, no data transmission over the internet is entirely secure.
Changes to this Privacy Policy
We may update this Policy periodically to reflect changes in our practices and legal requirements. We will notify you of significant changes and obtain your consent if required by applicable laws.
Data Protection Officer
Our ‘Data Protection Officer’ is contactable on email address contact@domu5.com.
The Data Protection Officer shall be responsible for overseeing the implementation of this Policy and for monitoring compliance with this Policy, and with the Gibraltar GDPR and other applicable data protection legislation.
Contact Us
For any questions, concerns, or requests related to this Policy, please reach out to us at contact@domu5.com.
By using our website, you acknowledge that you have read and understood this Policy and consent to the collection, use, and disclosure of your information as outlined herein.