Privacy statement

Who are we?

In 1991 the water supply service to Gibraltar was commercialised via the formation of a joint venture company, called Lyonnaise des Eaux (Gibraltar) Ltd.

This was established between the Government of Gibraltar and a French company called Lyonnaise des Eaux. Subsequently, the majority shares in Lyonnaise des Eaux (Gibraltar) were held by Northumbrian Services Ltd, previously Ondeo Services UK Plc. then part of the Suez Lyonnaise des Eaux Group. In May 2003, Suez sold 75% of its holding in Ondeo Services UK, retaining 25%.

Northumbrian Services Ltd became part of Northumbrian Water Group Plc, a company listed on the London Stock Exchange. As a consequence of these changes, Lyonnaise des Eaux (Gibraltar) changed its name to AquaGib Ltd. with effect from 15th December 2003.

Northumbrian Water Group was delisted from the London Stock Exchange on Friday 14th October 2011 following a cash acquisition by UK Water (2011) Limited (a company indirectly wholly owned by a consortium comprising Cheung Kong Infrastructure Holdings Limited, Cheung Kong (Holdings) Limited and Li Ka Shing Foundation Limited).

The shareholdings in AquaGib Ltd is two thirds Northumbrian Water Group and one third HM Government of Gibraltar.

AquaGib has the following contracts with Government under a License Agreement :


Potable water is metered.


Salt water is not metered.


AquaGib controls the operation and management.


Key Terms

“AGL” “we” and “us” mean AquaGib  Limited.

“Personal data” has the same meaning as defined in the General Data Protection Regulation, (Data Protection Act 2004) being any information relating to an identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Our Privacy Aim

We will:

  • process your personal data fairly and lawfully;

  • tell you how we will use your personal data;

  • only collect personal data about you when we need it for legitimate purposes, or legal reasons;

  • ensure that your personal data is adequate, relevant and not excessive for the purposes for which we collect it;

  • not keep your personal data for longer than we need to for those lawful purposes;

  • keep your personal data secure;

  • ensure we have robust controls in place to prevent unauthorised access to and use of your personal data;

  • ensure that you know how to exercise your rights in relation to your personal data; and

  • require any third parties we may share your personal data with to take appropriate steps to protect it.

To supply our customers with our services we need to use information about you, and some of that may be personal or private. For example we may need to know your name and address, details of how you would like to be contacted (e.g. your mobile phone number), or how you would like to pay for the services we provide you.

As we do this, we’d like you to take some time to read this privacy statement. It will explain what information we might collect about you, why we collect it, what we may use it for, and who we may give it to. We’ll also explain your rights towards your information and how we look after it while we have it.

Privacy in more detail

What information do we collect about you?

We collect and use information about you for different purposes. You may give us information about you by filling in forms, on our website or by corresponding with us by telephone, email or otherwise. The information we collect about you will vary depending on your relationship with us.

Why do we need to collect and use your personal data?

The reason we need to collect your personal data will vary depending on how and why we have your information. The table below provides examples of the types of data we collect about you, the reason it is collected and how long we keep it for.

Example information We may use this for Retention period
Name, postal address, date of birth, banking information. Billing purposes. 7 years after the account is closed.
Postal address, telephone number, e-mail addresses. To contact you. 7 years after the account is closed.
Date of birth, customer reference number. To identify you and protect your account. 7 years after the account is closed.
Telephone discussions. For training purposes. 180 days unless the call has been tagged to be kept for longer.
We may note other information on your account that is related to the services we provide to you. To provide you with the excellent customer service you expect. 7 years after the account is closed.

We may also use your personal data to administer, support, improve and develop our business generally and to enforce our legal rights.

We need to collect and use your personal data for a number of purposes and we must have a lawful basis for processing your information. This lawful basis will vary depending on how and why we have your information and we have put together the table below to provide you with examples:

Lawful basis for processing Example activities
Activities necessary for the performance of our public tasks as a water company. Arranging and maintaining your supply, billing you, maintaining our infrastructure.
You have provided us with your explicit consent to process the information. Providing support or OAP Utility Grant.
The activities are within our legitimate business interests. Carrying out market research or customer satisfaction surveys.
To protect your contractual interests or someone else’s contractual interests. If there is a risk to your household due to a water quality issue or where your water supply may be disrupted.

If we process special category information we must have an additional lawful basis for processing. Special category data we do routinely collect is:

The further lawful basis for processing this type of data is detailed in the table below and we have provided an example of when this might apply:

Additional lawful basis for processing special category data Example activities
You have provided your explicit consent. Providing support or OAP Utility Grant
The processing is necessary to protect your contractual interests or someone else’s contractual interests. If there is a risk to your household due to a water quality issue or where your water supply may be disrupted.
You have made the information public. You have provided the information publicly on social media.
The processing is necessary for the establishment, exercise or defence of legal claims. Taking action for failure to pay bills.
The processing being necessary for reasons of public interests in the area of public health. Managing a water quality incident.

What security measures do we implement to protect your personal data?

We have security arrangements in place to guard against unauthorised access, improper use, alteration, destruction or accidental loss of your personal data.

We take appropriate organisational and technical security measures and have rules and procedures in place to ensure that there is no unauthorised access to your personal data.

When we work with third party organisations we require them to assure us of their compliance with our data protection and security requirements. This is further detailed in the contracts we have with them.

No data transmission over the internet can ever be entirely secure. While we do our best to protect your personal data, we cannot guarantee its security and you must be aware of this when using our websites.

Our websites may contain links to other websites that are outside of our control. Other websites are not subject to our Terms & Conditions or Privacy Policies and so we cannot accept responsibility for their content. We recommend that you take the time to read the Privacy Policies on any other websites which you visit.

We also ensure that where information is required to be transferred out of the EU, we will comply with the law in doing so.


When visiting our websites, you may also be providing us with information via our use of website ‘cookies’. You can find out more about this by reading our Cookie Statement here.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. Cookies can contain information that is transferred to your computer’s hard drive.

Our website uses cookies to distinguish you from other users. This helps us to provide you with the excellent customer service you expect when you browse our website and also allows us to improve our site.

We only use cookies that are required for the operation of our website.

Data sharing

Agreements we have with other organisations for sharing information.

We have legal requirements for sharing data with HMGOG and GEA who operate their billing, reading and collection services.

Sharing data for the prevention and detection of crime

We may be contacted by HMGOG, the police or immigration control. Under data protection legislation we are permitted to share your personal data and are sometimes required to share it without your consent and you will not be notified that this has been done.

Carefully selected and trusted partners

We may use carefully selected third parties to help us process your data and provide you with excellent customer service. When we work with third party organisations we require them to assure us of their compliance with our data protection and security requirements. This is further detailed in the contracts we have with them.

We work with the following categories of our third party processors:

  • Software providers for systems like our billing systems, job management system and meter reading system in order to support our data and system management.

  • Operational partners who assist us with operational work like helping us to fix leaking pipes.

  • Research partners who assist us with market research in order to improve our business and provide you with excellent customer service.

  • External auditors to ensure our business is running as it should.


We currently do not contact you for marketing purposes.

Your Rights

GDPR has enhanced the rights of individuals. At AGL we want to provide you with as much information as we can in order to make it as easy as possible for you to exercise your rights. Your rights are:

  • The right to be given specific information on your personal data we collect.

  • The right of access to your personal data.

  • The right to rectify any of your personal data which is inaccurate.

  • The right to erase your personal data in certain circumstances.

  • The right to restrict processing of your personal data.

  • The right to data portability.

  • The right to object to certain processing.

  • Rights in relation to automated decision making and profiling.

Right of access

You have the right to see all the personal information we hold about you.

We’ll handle routine enquiries as part of our usual customer service. If you want to see more of the information that we have about you, you can make a Data Subject Access Request (SAR).

As part of an access request you can also ask:

a) purpose of processing
b) categories of personal data concerned
c) the recipients or categories of recipients to whom the personal data has or will be disclosed
d) the period of time for which the information will be stored
e) your right to request rectification or erasure or restriction of processing
f) where the information is not collected directly from you, any detail as to its source
g) the existence of automated decision making, including profiling as well as the significance/ consequences of such processing
h) if transferred to a third country, the right to be informed of the safeguards in place relating to the transfer.

To help you make your request, please email us or write to us on the contact information provided below.

We may reply to you where we need further information to help respond effectively to your request

To ensure that we only give your information out to you and not someone else, you will need to provide us with two current forms of identification.

Once we receive your written request, any clarifications, identification, we respond as soon as we can within 1 calendar month.

You can either post your form to:

AquaGib Ltd
Suite 10b, Leanse Place, 50 Town Range, Gibraltar, GX11 1AA

Or email it to us:

Right to rectification

You have the right to ask us to correct any of your personal data we hold about you which is inaccurate.

We always try to maintain your personal data as accurately as possible.

Right to erasure

The right to erasure allows for you to have your personal data erased. You may have heard this right called ‘the right to be forgotten’.

This right is not absolute and only applies in the following circumstances:

a) the personal data is no longer necessary for the purpose which we originally collected or processed it for;
b) we are relying on consent as our lawful basis for holding the data, and you have withdrawn your consent;
c) we are relying on legitimate interests as our basis for processing, you object to the processing of your data, and there is no overriding legitimate interest to continue this processing;
d) we are processing the personal data for direct marketing purposes and you object to that processing;
e) we have processed the personal data unlawfully
f) we have to do it to comply with a legal obligation

Right to restriction of processing

You have the right to ask AGL to restrict processing of your personal data. This is not an absolute right and only applies when:

  • You contest the accuracy of your personal data

  • The processing is unlawful

Right to data portability

The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way.

This right would only apply if we process your personal data on the basis of:

  • your consent

  • a contract

  • the processing is carried out by automated means

Right to object and automated individual decision taking

You have the right to object at any time to automated processing (making a decision solely by automated means without any human involvement) or profiling.

If you want to contact us about your rights or to find out more please email

Who to contact and when


The contact details listed below are to be used for contact about your privacy and this privacy notice only. If you wish to make a complaint, report a leak or discuss your account please use the contact information on the following web page

Right to lodge a complaint

You have the right to lodge a complaint if you think we are not acting in accordance with our legal obligations.

However, we would always encourage you to raise your concerns with us first so we can investigate. You can do this by contacting 20040880, or write to us on:

AquaGib Ltd
Suite 10b, Leanse Place, 50 Town Range, Gibraltar, GX11 1AA

You also have the right to complain to the regulator, the Information Commissioner, at any time by using the contact details below or visiting their website

Gibraltar Regulatory Authority, 2nd floor, Eurotowers 4, 1 Europort Road, Gibraltar.
(+350) 20074636    (+350) 20072166

Notice Owner

The notice owner is AGL’s Data Protection Officer and can be contacted at:


This privacy notice is reviewed at least annually or earlier if there is any change to the processing of customer data or to applicable legislation.

Date of last update: (27/06/2018)

The new modified or amended privacy statement will apply from that revision date.  Therefore, we encourage you to periodically review this statement to be informed about how we are protecting your information.