Privacy Policy

Privacy Policy

Protection of your privacy and the security of your personal data are very important to Cruzlaw LLP.

This Privacy Policy explains how information about you is collated and used by Cruzlaw LLP.  The term “Cruzlaw LLP” refers to Cruzlaw LLP (a private law firm incorporated in Gibraltar with company number 00012 and which is licensed and regulated by the Gibraltar Financial Services Commission) its successors, transferees and assigns as well as its associated companies and subsidiaries.

What personal information do we collect about you?

We may collect personal information from you in the course of our business including through your use of our website, when you engage our services as a client or as one of our business partners, vendors or suppliers. The personal information that we process includes:


  • Identification and background information provided by you or collected as part of our business acceptance processes including but not limited to your full name, occupation, age, and any photographs found in your identity verification documentation;
  • Contact information including but not limited to your email address, mailing address or phone number;
  • Financial information
  • Information we may have obtained from other sources (such as risk intelligence service providers and internet searches) all as part of the ‘KYC’ obligations contained in relevant legislation;
  • Records of our communications with you including but not limited to e-mail correspondence, meeting notes etc.;
  • Any other information relating to you which you may provide to us.

Provision of your personal data as per above will be a contractual requirement or a requirement relating to entering into a contract. It is your obligation to provide your personal data that we require in order to comply with the legal obligations allowing us to provide the services under that contract. Without this information, we may not be able to provide our services or to respond to queries or requests that you submit to us.

Use of Cruzlaw LLP website

Our website uses Google Analytics, a web-based analytic tool that tracks and reports on the manner in which the website is used to help us to improve it. Google Analytics does this by placing small text files called “Cookies” on your device. The information that the cookies collect, such the number of visitors on the site, the pages visited and the length of time spent on the site is aggregated and therefore anonymous.

How we use your personal information? 

Cruzlaw LLP collects and processes personal information about you in a number of ways. When we use your personal information, we must do so lawfully. In every case, we will use your information for the purposes for which it was provided by you or lawfully obtained by us, and where such purposes change or cease to exist, we will inform you that we need additional information or shall erase your information in accordance with the retention policies described in this Privacy Policy.


We use your personal information on the following basis:

  • To perform a contract, such as engaging with an individual to provide service
  • To comply with legal and regulatory obligations
  • For legitimate business purposes

Your information may also be used from time to time to provide you with information via e-mail about us and our range of services and to provide you with news bulletins, newsletters, brochures, or general information about other services which we offer, otherwise known as ‘Direct Marketing’.

How long do we keep your personal information?

Your personal information will be retained in accordance with our data retention policy which categorises all the information held by Cruzlaw LLP and specifies the appropriate retention period for each category of data. Those periods are based on the requirements of applicable data protection laws and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period.

Who we share your personal information with?

We may share your personal information with certain trusted third parties in accordance with contractual agreements in place unless such information is protected by duties of confidentiality owed to our clients or to other persons. Such third parties have access to personal data solely for the purposes of performing the services or to comply with applicable laws and not for any other purpose.

In connection with the provision of our services, personal data may also be transferred to countries or territories outside the European Economic Area (EEA) where necessary. For example, if you ask us to establish a corporate vehicle outside of Gibraltar as part of a specific service, your data may be transferred to our agents and business partners in other jurisdictions.

Security of your Personal Information

We take all appropriate measures to safeguard the confidentiality of your personal information in our custody and control, and we require similar safeguarding measures from our service providers.  Accordingly, we have put in place appropriate measures to maintain the confidentiality of all personal information, including only allowing access to personal information to employees and authorised third parties and service providers who require such information for the purposes described in this Privacy Policy. In order to protect against unauthorised access, we maintain administrative, technical, and physical safeguards and our service providers are obliged to maintain similar safeguards.

Your rights regarding your personal information

The European Union’s General Data Protection Regulation and other applicable data protection laws provide certain rights for data subjects.

You are entitled to request details of the information we hold about you and how we process it.  You may also have a right in accordance with the applicable data protection law to have it rectified or deleted, to restrict our processing of that information, to stop unauthorised transfers of your personal information to a third party and, in some circumstances, to have personal information relating to you transferred to another organisation. You may also have the right to lodge a complaint (see below) with the local supervisory authority in relation to Acquarius Trust Group’s processing of your personal information.

If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations.

Your objection (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to achieve the purposes set out above (see “How we use your personal information”) or that you may not be able to make use of the services and products offered by us. Please note that even after you have chosen to withdraw your consent we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.  Therefore, if you do wish to withdraw your consent to us holding and processing data, you can do so in writing to the address below.

We must ensure that your personal information is accurate and up to date. Therefore, please advise us of any changes to your information by emailing us immediately upon change.

Changes to this Privacy Policy

This Privacy Policy may be updated from time to time, in order to reflect changes to our personal information practices. Any update to our Privacy Policy will be posted on our website with the date of the last update. We will treat your personal information in accordance with the Privacy Policy that is in place at the time and we encourage you to review our privacy policy whenever you use our services to ensure you fully understand this.

This Privacy Policy was last updated May 2018.


If we receive a complaint from you, we will conduct a reasonable investigation and will attempt to resolve the matter in accordance with the principles contained in this Privacy Policy. If however you remain unhappy with the outcome,  you have the right to make a complaint to the Gibraltar Regulatory Authority which is the Gibraltar supervisory authority for data protection issues:

How can you contact us?

The data controller for any personal data you provide to us is Acquarius Trust Company Limited. If you have any questions, concerns or comments or if you would like further information about this Privacy Policy, how we handle your Personal Data, or otherwise wish to enforce your data protection rights please contact us via our website contact form.

Cruzlaw LLP
Suite 5
Fourth Floor
Icom House
1/5 Irish Town
Gibraltar GX11 1AA

Tel: +350 200 5076552