Lifestyle Lifestyle

Bassadone Automotive Finance Privacy Policy

1. General introduction

We are committed to ensuring that we manage your personal data professionally and in compliance with all applicable data protection laws. Part of this commitment is to ensure that there is transparency about how we process personal data. This policy includes an explanation of:

  • • What data we are processing;
  • • Why we are processing it and what we do with it;
  • • Whether we will share it with anyone else;
  • • Whether we will transfer it outside of Gibraltar
  • • How we keep your data safe; and
  • • Your rights

We hope that you find this Privacy Policy helpful. If you have any questions, please don’t hesitate to contact us.


2. About us

Our company name is Bassadone Automotive Finance Limited and we are located 42 Devil’s Tower Road Gibraltar. In this policy we have referred to Bassadone Automotive Finance Limited: we, us, our or BAF.

For any queries concerning your data please contact us at the above address or by email at or by phone on 200 44835.


3. Your personal data

We process your personal data to process Finance applications and provide credit decisions. In this section 3 we provide more detailed information about how we will manage your personal data.

When you apply for finance we use your data and any relevant historic Bassadone Automotive Finance data to make a credit assessment. If you as a client complete a finance with us then we keep your data to enable us to run your account and for any regulatory requirements.


4. What data do we hold about you and how have we obtained this?

We will obtain information about you when you apply for finance, typically the information that we obtain will be your contact details, employment details as well as information about financial circumstances and transactions.

If you apply for finance through our website we will make a provisional automated finance decision based on the data provided. All automated decisions are reviewed by a manager within 1 working day; No finance applications are declined for purely based on an automated decision.

If you have visited our website we may automatically collect some personal information including: details of your browser and operating system, the website from which you visit our website, the pages that you visit on our website, the date of your visit, and the Internet protocol (IP) address assigned to you by your internet service. We collect some of this information using cookies – please see Cookies in Section 9 for further information.


5. How do we use your personal data and what is the applicable lawful basis?

Where we are required to do so to perform our contract with you, we process your information for completing finance contracts and to run your account.

We may process your information to comply with regulatory obligations including complying with Money Laundering Regulations and to evidence we comply with the Consumer Credit Act.

We may process your information to allow us to pursue our legitimate interests including for: analysing our performance to further improve our customer services; market research, training and to administer our websites; prevention of fraud or other criminal acts; complying with requests from you including if you exercise any of your rights noted in this Privacy Policy; enforcing our legal rights or to defend legal proceedings and for general administration purposes.


6. Will we share your personal data with any third parties?

We may share your data with following third-party service providers: Vehicle Licensing, to change Ownership of vehicles. Other official bodies for the purposes of complying with legal obligations or for the prevention or detection of a crime; this includes the Royal Gibraltar Police, HM Customs and Gibraltar Car Parks.

When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.


7. How long do we keep your data?

For all finance contracts we will retain the data for 7 years following the final payment of the contract.

For all finance applications where finance is not completed we will retain data for 2 years.

If you have requested that we do not send you marketing information we will always retain sufficient information to ensure that we remember to comply with your request.

The periods stated in this section may be extended if we are required by law to keep your data for a longer period.


8. Transferring your data outside of the EU

The information that you send to us will not be transferred outside the EU.


9. Cookies

We use Cookies on our website. A cookie is a small text file which is placed onto your computer (or other electronic device) when you visit our website. This enables us to monitor how many times you visit the website, which pages you go to, traffic data, location data and the originating domain name of your internet service provider.

Some (usually newer) versions of Web browsers allow you to decide whether or not to accept cookie files and some programs notify you when a Web site is about to deposit a cookie file on your hard drive. If you decide not to accept cookies, you may not be able to successfully navigate some portions of a Web site.

BAF uses or will use cookie files for online purchasing and the customized presentation of Web pages. We do not use cookies to retrieve information from your computer that was not originally sent in the cookie, nor do we use information transferred through cookies for any promotional or marketing purposes.

For more information about cookies generally and how to disable them you can visit:


10. Data security

We have adopted the technical and organisational measures necessary to ensure the security of the personal data we collect, use and maintain, and prevent their alteration, loss, unauthorised processing or access, having regard to the state of the art, the nature of the data stored and the risks to which they are exposed by human action or physical or natural environment. However, as effective as our security measures are, no security system is impenetrable. We cannot guarantee the security of our database.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use procedures and security features to try to prevent unauthorised access.

Links to other websites; Our website may contain links to and from other websites (e.g. social media sites such as Twitter, Flickr, YouTube and Facebook). Unless we own such websites, we accept no responsibility for the way in which they process your personal data. You are recommended to check the privacy policy of each website before you submit any personal data to it.


11 Your rights

Your right to access data; we always aim to be as open as we can and allow people access to their personal information. Where we hold your personal data, you can make a ‘subject access request’ to us and we will provide you with:

  • • a description of it;
  • • an explanation of why we are holding it;
  • • information about who it could be disclosed to; and
  • • a copy of the information in an intelligible form – unless an exception to the disclosure requirements is applicable.

If you would like to make a ‘subject access request’ please make it in writing to our email address;

Unless you agree a different time, we will complete your subject access request within one month.

Right to stop marketing messages. You always have the right to stop marketing messages, we will usually include an unsubscribe button in any marketing emails. If you do wish to unsubscribe, please just click the unsubscribe button and we will promptly action that request. Alternatively, you can update your marketing preferences by contacting us at any-time. Our contact details are shown in section 2.

Right to be forgotten 1. If we hold personal data about you, but it is no longer necessary for the purposes that it was collected and cannot otherwise be justified – you have the right to request that we delete the data.

Right to restrict data. If we hold personal data about you and you believe it is inaccurate you have the right to request us to restrict the data until it is verified. You also have the right to request that the data is restricted where you have a right to it being deleted but would prefer that it is restricted.

Right to complain. If you wish to raise a complaint on how we have handled your personal information, you can contact our Data Protection Officer at We hope that we can address any concerns you may have, however you always have the right to complain to the personal data regulator, the GRA (Gibraltar Regulatory Authority).