Privacy Policy

Last updated: 18 July 2026

This Privacy Policy explains how WebOpen ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our website and services. This policy is prepared in accordance with the Gibraltar General Data Protection Regulation (Gibraltar GDPR) and the Data Protection Act 2004 of Gibraltar.

1. Data Controller

Tom Robert Lopes
204 Imperial Ocean Plaza
Gibraltar GX11 1AA
Company Registration Number: 126260
Email: trl@webopen.io

2. What Personal Data We Collect

We may collect the following categories of personal data:

  • Contact information — name, email address, phone number, and business name, provided when you fill out forms (e.g. AI Visibility Audit request, contact inquiries).
  • Website/technical data — URLs you submit for audit, and any technical metadata you provide about your digital presence.
  • Communication data — records of correspondence with us, including emails, messages, and call notes.
  • Usage data — IP address, browser type, device information, and pages visited (see Section 6 on cookies and analytics).
  • Account data — if you create an account on our backoffice platform, we collect login credentials and role/permissions data.

3. Legal Basis for Processing

We process your personal data only where we have a valid legal basis under Gibraltar GDPR:

  • Consent — when you tick the consent box on our forms or explicitly agree to data processing.
  • Contract — to perform a contract with you or take steps at your request before entering into a contract.
  • Legitimate interests — for fraud prevention, network security, and improving our services, provided your rights and freedoms are not overridden.
  • Legal obligation — where we are required to process data by Gibraltar law or regulatory requirements.

4. How We Use Your Data

  • To provide and manage our services, including AI visibility audits, website development, and backoffice platforms.
  • To communicate with you about your inquiries, projects, and ongoing service delivery.
  • To send you service-related updates, invoices, and administrative messages.
  • To maintain the security and integrity of our systems.
  • To comply with legal obligations and regulatory requirements.

We do not sell your personal data. We do not use your data for automated decision-making that produces legal or similarly significant effects.

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for legal, accounting, or reporting requirements. Typically:

  • Prospect and inquiry data: up to 3 years from last interaction.
  • Client project data: duration of the engagement plus 7 years for accounting and tax purposes.
  • Backoffice user accounts: until the account is deleted or the team member status is changed.

6. Cookies and Similar Technologies

This website does not use cookies. We do not deploy cookie-based tracking, advertising identifiers, or analytics scripts that store data on your device. Any usage data we collect is processed at the server level and does not involve persistent browser storage.

7. Data Sharing and Third Parties

We may share your personal data with:

  • Service providers — cloud hosting, email delivery, payment processing, and other operational vendors under strict data processing agreements.
  • Professional advisers — lawyers, accountants, and insurers where necessary.
  • Regulatory and law enforcement bodies — when required by Gibraltar law or a valid legal order.

All third-party processors are contractually bound to process data only on our instructions and in accordance with Gibraltar GDPR.

8. International Transfers

Where we transfer your personal data outside Gibraltar or the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions, in compliance with Gibraltar GDPR Chapter V.

9. Your Rights

Under Gibraltar GDPR, you have the following rights in relation to your personal data:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") — request deletion of your data where there is no overriding legal basis for continued processing.
  • Right to restriction of processing — request that we limit how we use your data.
  • Right to data portability — receive your data in a structured, commonly used, machine-readable format.
  • Right to object — object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent — at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us at trl@webopen.io. We will respond within one month, or within three months for complex requests.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes encryption in transit (TLS/SSL), access controls, and regular security reviews.

11. Data Protection Officer (DPO)

As a small enterprise, we have appointed a responsible contact for data protection matters rather than a formal DPO. You can reach them at:

Email: trl@webopen.io
Address: 204 Imperial Ocean Plaza, Gibraltar GX11 1AA

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated version will be posted on this page with a revised "Last updated" date.

13. Complaints

If you believe we have not handled your personal data in accordance with Gibraltar law, you have the right to lodge a complaint with the Gibraltar Regulatory Authority (GRA) — the supervisory authority for data protection in Gibraltar.

Website: www.gra.gi

This page is maintained by WebOpen to answer common privacy and data protection questions. It does not constitute legal advice. If you need specific legal guidance, we recommend consulting a Gibraltar-qualified data protection lawyer.