Financial Communication Specialist

Book a Call

Privacy Policy

AL Miller | Financial Communication Specialist | Gibraltar

Last updated: February 2026

Who Is Responsible for Your Data?

Al Miller, Financial Communication Specialist, based in Gibraltar, is the data controller for personal information collected through this website. This means I am responsible for deciding how your personal data is collected, used, and protected.

I take data protection seriously. This policy explains what information I collect, why I collect it, how I use it, and what rights you have in relation to it. It is written in plain language because I believe you deserve to understand exactly what happens with your information.

This policy is drafted to comply with the Gibraltar Data Protection Act 2004, the EU General Data Protection Regulation as applied in Gibraltar, and the UK General Data Protection Regulation and Data Protection Act 2018 insofar as they apply to the processing of personal data of individuals in the United Kingdom.

What Information Do I Collect?

Information you provide directly

When you contact me through the website contact form, by email, or by telephone, I collect the information you choose to provide. This typically includes your name, email address, telephone number, firm name, and details about the project you wish to discuss.

If you commission work, I will also collect information necessary to deliver the project and process payment, such as your business address, billing details, and any briefing information you provide about your firm and its clients.

Information collected automatically

When you visit the website, certain technical information is collected automatically through cookies and server logs. This includes your IP address, browser type and version, operating system, the pages you visit, the time and date of your visit, and how you arrived at the website.

This information is collected through Google Analytics and essential website cookies as described in the Cookie Policy. It is used in aggregate form to understand how visitors use the website and to improve the experience over time.

Information I do not collect

I do not collect sensitive personal data such as health information, political opinions, religious beliefs, or trade union membership. I do not collect financial information about your personal circumstances. I do not collect information about your clients.

Why Do I Use Your Information?

I use your personal information for the following purposes:

  • To respond to your enquiries and provide information about my services
  • To deliver projects you have commissioned, including producing content, processing revisions, and managing the working relationship
  • To process payments and maintain accurate financial records
  • To send you information about my services where you have given consent or where I have a legitimate business interest in doing so
  • To improve the website based on how visitors use it
  • To comply with legal and regulatory obligations

What Is the Legal Basis for Processing?

Data protection law requires me to have a valid legal basis for processing your personal information. The bases I rely on are:

  • Contract: where processing is necessary to deliver a project you have commissioned or to take steps at your request before entering into a contract
  • Legitimate interest: where processing is necessary for my legitimate business interests, such as responding to enquiries, improving the website, and 
marketing my services to existing and potential clients, provided those interests do not override your rights
  • Consent: where you have given clear consent for me to process your data for a specific purpose, such as receiving marketing communications. You can withdraw consent at any time
  • Legal obligation: where processing is necessary to comply with a legal or regulatory requirement

Who Do I Share Your Information With?

I do not sell your personal information to anyone. I do not share it with marketing companies, data brokers, or any third party for their own commercial purposes.

I may share your information with the following categories of recipient where necessary:

  • Payment processors for handling transactions securely
  • Email service providers for sending communications
  • Website hosting providers who store the website and its data
  • Google Analytics for website usage analysis (anonymised data only)
  • Professional advisers such as accountants or lawyers where necessary for business operations
  • Law enforcement or regulatory authorities where required by law

All third-party service providers are required to process your data securely and only for the purposes I have specified.

International Data Transfers

I am based in Gibraltar. Some of the third-party services I use, such as Google Analytics and email providers, may process data in countries outside Gibraltar and the European Economic Area

Where data is transferred outside Gibraltar or the EEA, I ensure that appropriate safeguards are in place. Gibraltar benefits from an adequacy decision by the European Commission, meaning data transfers between Gibraltar and the EEA are permitted without additional safeguards.

For transfers to other countries, I rely on the safeguards provided by the service providers, which may include standard contractual clauses approved by the European Commission or equivalent measures.

How Long Do I Keep Your Information?

I retain personal information only for as long as necessary for the purpose it was collected.

  • Enquiry data: retained for 12 months after our last communication unless a project is commissioned
  • Project data: retained for six years after the project is completed, in line with standard business and tax record-keeping requirements
  • Payment records: retained for six years as required by Gibraltar tax law
  • Website analytics data: retained in anonymised form for up to 26 months within Google Analytics
  • Marketing consent records: retained for as long as the consent remains active, plus 12 months after withdrawal

When personal information is no longer required, it is securely deleted or anonymised.

What Are Your Rights?

Under data protection law, you have the following rights in relation to your personal information:

  • Access: you can request a copy of the personal information I hold about you
  • Rectification: you can ask me to correct any information that is inaccurate or incomplete
  • Erasure: you can ask me to delete your personal information where there is no compelling reason for me to continue processing it
  • Restriction: you can ask me to restrict how I use your information in certain circumstances
  • Portability: you can request that I provide your data in a structured, commonly used format so you can transfer it to another provider
  • Objection: you can object to processing based on legitimate interests, and I must stop unless I can demonstrate compelling grounds that override your interests
  • Withdrawal of consent: where processing is based on consent, you can withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal

To exercise any of these rights, contact me using the details at the end of this policy. I will respond within one month.

Complaints

If you are not satisfied with how I have handled your personal information, you have the right to lodge a complaint with the relevant supervisory authority.

In Gibraltar, the supervisory authority is the Gibraltar Regulatory Authority (GRA). You can contact them at: Gibraltar Regulatory Authority, 2nd Floor, Eurotowers 4, 1 Europort Road, Gibraltar. Website: www.gra.gi

If your complaint relates to processing by UK-based service providers, you can also contact the Information Commissioner’s Office (ICO) at: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Website: www.ico.org.uk

Security

I take reasonable technical and organisational measures to protect your personal information against unauthorised access, loss, destruction, or alteration. These include using encrypted connections for data transmission, secure storage of electronic records, and limiting access to personal information to those who need it for legitimate business purposes.

No method of data transmission or storage is completely secure. While I take all reasonable precautions, I cannot guarantee absolute security.

Changes to This Policy

I may update this privacy policy from time to time. The current version will always be available on this page with the date of the most recent update shown at the top. Where changes are significant, I will make reasonable efforts to notify you.

Governing Law

This privacy policy and any disputes arising from or in connection with it are governed by and construed in accordance with the laws of Gibraltar. The courts of Gibraltar shall have non-exclusive jurisdiction over any claim arising from or related to this policy, without prejudice to your right to bring proceedings in any other court of competent jurisdiction.

Contact

If you have any questions about this privacy policy, wish to exercise your rights, or have concerns about how your information is handled, please contact:

Al Miller
Financial Communication Specialist
Forbes Building, Devil’s Tower Road, Gibraltar
Email: info@almillerfcs.com

Telephone: +350 5600 4546