Explore Gibraltar

Privacy Policy

Last updated: 19-11-2025

1. Introduction

Discover Gibraltar or Explore Gibraltar (“we”, “us”, “our”) provides location-based informational and tourism services through our mobile application (“App”) and our website, exploregib.com (the “Site”). We operate from Gibraltar and serve users in the European Union and worldwide.

We comply with applicable privacy laws, including the EU/UK General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”), and the Children’s Online Privacy Protection Act (“COPPA”) where applicable.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the App or Site (collectively, the “Services”). By using the Services, you agree to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Services.

2. Information We Collect

2.1 Information You Provide to Us

We may collect information that you voluntarily provide, including:

  • Account details (such as your name, email address, username, and password);
  • User-submitted preferences, settings, and profile information;
  • Communications you send to us (such as support requests, feedback, or inquiries);
  • Payment-related information (if applicable), which is processed via third-party payment processors. We do not store full payment card details on our servers.

2.2 Information Collected Automatically

When you use the App or Site, we may automatically collect certain information, such as:

  • Device information (including device type, operating system, device model, and unique device identifiers);
  • IP address, browser type, language preferences, and approximate location based on IP;
  • Usage data (such as pages viewed, screens visited, links clicked, features used, and session duration);
  • Crash logs, error reports, and diagnostic information;
  • Location data:
    • Approximate or precise location information if you grant the App permission to access your device’s location;
    • Used to provide location-based features, such as maps, points of interest, or local recommendations.

2.3 Analytics (PostHog and Other Analytics Providers)

We use cloud-hosted analytics services, including PostHog, to help us understand how the Services are used and to improve performance and user experience. These services may collect information such as:

  • Events and interactions within the App and Site;
  • User flows, navigation paths, and feature usage;
  • Technical information about your device and connection;
  • Crash and error reports;
  • Session analysis (if enabled).

Analytics data is used in aggregated or pseudonymized form where possible, and we use it to develop, test, and improve the Services.

2.4 Advertising and Tracking

We may work with various advertising networks and partners (for example, but not limited to, mobile ad networks) that use cookies, SDKs, and similar technologies to deliver advertisements and measure their effectiveness.

These technologies may collect:

  • Device identifiers and mobile advertising IDs;
  • IP address and approximate location;
  • Interaction data with ads and content;
  • Usage information about how you interact with the Services.

Where required by law (such as under GDPR or CPRA), we will request your explicit consent before enabling personalized advertising or non-essential tracking technologies.

2.5 Information from Third Parties

We may receive information about you from third parties, such as:

  • Social login providers (if you choose to sign in using a third-party account);
  • Advertising partners and networks;
  • Analytics providers that assist us in understanding usage and performance.

3. How We Use Your Information

We use the information we collect for purposes including:

  • Providing, operating, and maintaining the App and Site;
  • Delivering location-based and tourism-related content and features;
  • Personalizing your experience and tailoring content and recommendations;
  • Improving the functionality, performance, and security of the Services;
  • Conducting analytics, research, and statistical analysis;
  • Responding to your inquiries, comments, and support requests;
  • Sending administrative information, such as updates to terms, policies, or security notifications;
  • Delivering advertising and measuring ad performance, where permitted by law;
  • Detecting, preventing, and addressing fraud, abuse, security risks, and technical issues;
  • Complying with legal obligations and enforcing our agreements and policies.

4. Legal Bases for Processing (GDPR / UK GDPR)

Where GDPR or UK GDPR applies, we process your personal data on the following legal bases:

  • Consent: For certain processing activities such as statistics, marketing, and personalized ads, we rely on your consent, which you can withdraw at any time.
  • Contract performance: We process data as necessary to provide the Services you request and to fulfill our contractual obligations.
  • Legitimate interests: We process data for our legitimate interests, such as improving the Services, enhancing security, and preventing fraud, provided these interests are not overridden by your rights and freedoms.
  • Legal obligations: We may process data when necessary to comply with our legal or regulatory obligations.
  • Vital interests: In rare cases, we may process data to protect your vital interests or those of others.

5. How We Share Your Information

5.1 Service Providers

We may share your information with third-party service providers who perform services on our behalf, such as:

  • Cloud hosting and infrastructure providers;
  • Analytics providers (including PostHog);
  • Advertising networks and partners;
  • Email, push notification, and communication tools;
  • Payment processors and billing services;
  • Customer support and helpdesk tools.

These service providers are authorized to use your information only as necessary to provide services to us and are bound by appropriate confidentiality and data protection obligations.

5.2 Advertising Partners

We may share limited information with advertising partners to deliver, measure, and improve advertising, where such sharing is permitted by law and/or based on your consent.

5.3 Legal and Compliance

We may disclose your information if we believe in good faith that such disclosure is necessary to:

  • Comply with applicable laws, regulations, legal processes, or governmental requests;
  • Enforce our terms and policies;
  • Protect our rights, property, or safety, or that of our users or the public.

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred to another entity, subject to this Privacy Policy or a substantially similar policy.

6. International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have data protection laws that differ from those in your jurisdiction.

Where required, we implement appropriate safeguards for international data transfers, such as Standard Contractual Clauses approved by the European Commission or other legally recognised mechanisms.

7. Your Privacy Rights

7.1 Rights Under GDPR / UK GDPR

If you are in the European Economic Area (EEA) or the UK, you may have the right to:

  • Request access to your personal data;
  • Request correction of inaccurate or incomplete data;
  • Request deletion of your personal data (subject to certain exceptions);
  • Request restriction of processing;
  • Object to processing based on legitimate interests or for direct marketing;
  • Request data portability in a structured, commonly used, and machine-readable format;
  • Withdraw consent at any time where processing is based on consent.

7.2 Rights Under CCPA / CPRA (California)

If you are a California resident, you may have the right to:

  • Request to know the categories and specific pieces of personal information we collect, use, disclose, and share;
  • Request deletion of your personal information, subject to certain exceptions;
  • Request correction of inaccurate personal information;
  • Opt out of the “sale” or “sharing” of personal information as defined by CCPA/CPRA;
  • Not be discriminated against for exercising your CCPA/CPRA rights.

We do not sell personal information in the traditional sense. To the extent that certain data sharing for advertising may be deemed a “sale” or “sharing”, you have the right to opt out where applicable.

7.3 Exercising Your Rights

To exercise any of the above rights or to submit a privacy-related request, please contact us at:

Email: admin@exploregib.com

We may ask you to verify your identity before responding to your request. We will respond within the time limits set by applicable law.

8. Data Retention

We retain personal data for as long as necessary to fulfill the purposes described in this Privacy Policy, including:

  • Providing and maintaining the Services;
  • Complying with legal obligations;
  • Resolving disputes and enforcing our agreements;
  • Security, fraud prevention, and legitimate business interests.

When personal data is no longer needed, we will delete it or anonymize it so that it can no longer be associated with you.

9. Security

We implement reasonable technical, administrative, and physical safeguards designed to protect your personal data against unauthorized access, loss, misuse, or alteration. However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

10. Children’s Privacy (COPPA)

Discover Gibraltar is designed for mixed audiences, but is not directed specifically toward children under 13 years of age. We do not knowingly collect personal information from children under 13 without verifiable parental consent.

If you believe that we may have collected personal information from a child under 13 without appropriate consent, please contact us at admin@exploregib.com, and we will take appropriate steps to delete such information.

11. Cookies and Tracking Technologies

We and our partners use cookies and similar tracking technologies in connection with the Site and App. These may include:

  • Essential cookies necessary for the operation and security of the Services;
  • Preferences cookies to remember your settings;
  • Analytics cookies to help us understand usage and improve the Services;
  • Advertising cookies and identifiers used to deliver and measure ads.

Where required by law, you will be asked to provide consent to the use of non-essential cookies and tracking technologies via a cookie banner or in-app settings.

You can manage your preferences through:

  • Browser or device settings (such as disabling cookies or resetting ad identifiers);
  • In-app privacy or cookie settings, where available;
  • Opt-out mechanisms provided by advertising partners or industry groups.

12. Links to Third-Party Sites and Services

The App and Site may contain links to third-party websites, services, or content that are not operated by us. We are not responsible for the privacy practices or content of those third-party properties. We encourage you to review their privacy policies before providing any personal information.

13. Data Controller

The data controller responsible for your personal data is:

Explore Gibraltar
Website: https://exploregib.com
Email: admin@exploregib.com

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will update the “Last updated” date at the top of this page and, where appropriate, provide additional notice (such as a notice within the App or on the Site).

Your continued use of the Services after the effective date of the updated Privacy Policy will constitute your acceptance of the changes.

Explore Gibraltar