Dolya Website Privacy & Cookie Policy
​
​Updated: 11 March 2025
​
Dolya Consulting the trading name of Dolya Limited (“we”, “us” and “our”), a limited company registered in Gibraltar with company incorporation number 119231 and a registered office at 6.20 World Trade Center, 6 Bayside Road, Gibraltar, GX11 1AA. We’ve drafted this Privacy and Cookie Policy in order to provide you with information and understanding of how we treat your Personal Data which we gather through your use of our website www.dolya.consulting (“Site”). Personal Data means any information relating to you as an identified or identifiable natural person (known also as a “Data Subject”).
This Privacy Policy sets out what Personal Data we collect and how we utilise/process it in accordance with data laws, including the General Data Protection Regulations (“GDPR”), the Gibraltar implementation of the GDPR and the Data Protection Act 2004.
We may make changes to this Privacy Policy, but a current version will always be available on our Site.
​
1. Personal Data We Collect
We may collect the following data when you browse or otherwise use our Site or when communicating with us over email:
-
Your name
-
Your email address
-
Any Personal Data you may choose to provide us in correspondence with us
​
​​2. How We Collect & Store Your Personal Data
We only process Personal Data that you provide to us through filling out our contact form, communicating with us over email or when asking to be informed of updates on our business. We always store Personal Data securely on our cloud based document management system.
Our Data Protection Office (“DPO”) oversees the storage and maintenance of your Personal Data. We have physical, technical and administrative security measures in place, which will ensure the confidentiality of the information contained including, but not limited to, the encryption of electronic communications. These measures will be reviewed over time and upgraded in line with technological developments and legal requirements.
​
Purpose | Types of Data | Lawful Basis for Processing |
|---|---|---|
To keep you informed of developments with our business. | Your name and contact information, such as email. | Your consent and our legitimate interest to keep you informed of developments you have shown interest in. We will always stop updating you if you tell us to do so. |
To communicate with you. | Your name, contact information, such as email, and any other data you may choose to share with us over correspondence. | Your consent and our legitimate interest to interact with actual and potential customers and manage our business. |
​3. How and Why We Process Your Personal Data
We will only collect and process your Personal Data through our Site where we are legally allowed to do so and namely (but not exclusively) in situations where you give us consent or where the processing of your personal data is necessary for us to develop our business. The table below shows the purpose for which we will process your Personal Data and our lawful basis for doing so.
​
Change of Purpose
We will only ever process your Personal Data for a purpose which is either listed in the table above or compatible with those already listed. Should we have a legal basis to process your Personal Data for any other reason, we will always inform you directly of the processing and explain why we are allowed to do so.
​​
4. Keeping Your Personal Data Current
​
To keep the Personal Data we hold about you accurate and current, please keep us informed of any changes to your information. From time to time we may also ask you to review and update your Personal Data.
​
5. Special Category Personal Data
We do not gather or process any sensitive or special category data through our Site.
​​
6. Cookies & Website Tracking
Our Site uses cookies in order to:
-
To provide a great experience for you.
-
To monitor and analyse the performance, operation and effectiveness of our Site.
-
To ensure our Site is secure and safe to use.
​​
The cookies used on our Site are detailed in the following table:
​
Cookie Name | Purpose | Duration | Cookie Type |
|---|---|---|---|
client-session-bind | Cookie for API protection | Session | Essential |
server-session-bind | Cookie for API protection | Session | Essential |
fedops.logger.sessionId | Tracking session errors and issues (resilience) | 12 months | Essential |
bSession | Used for system effectiveness measurement | 24 hours | Essential |
TS* | Cookies for attack detection | Session | Essential |
SSR-caching | Performance cookie for rendering | 24 hours | Essential |
svSession | Session cookie for identification | 6 months | Essential |
hs | Security Cookie for Hive (legacy) | Session | Essential |
XSRF-TOKEN | Cookie for fraud detection of calls | Session | Essential |
​
You will always be prompted to accept or reject the use of both essential and any non-essential cookies when you first land on our Site.
​​
7. Who May Receive Your Personal Data
Sometimes, we may share some aspects of your Personal Data with the following:
​
-
Third party service providers (including contractors): such as providers that assist us in our due diligence processes, secure document storage, client work, marketing and website hosting and development. More details on these parties can be provided to you upon request.
​
-
Agents, advisors and business partners: such as providers that assist us with legal and financial aspects of our business and other companies or individuals that we may partner up with to enable us to provide our clients with our services and to improve our service offering. More details on these parties can be provided to you upon request.
​
-
Public agencies: such as law enforcement agencies, government entities, regulators, courts and other third parties who may request your personal data under a legal requirement or court order. We will always take your interests into account when responding to such requests.
​
-
Group companies: such as companies who are in the same group of companies as Dolya Limited, for example Dolya Solutions Limited.
Where possible, we do not allow our third-party service providers, agents, advisors, business partners or contractors to use your Personal Data for their own purposes and only permit them to process your Personal Data in accordance with our instructions. Where any third-parties to whom we provide your Personal Data act themselves as data controllers, they are responsible for the treatment of your Personal Data.
Should we ever choose to sell, transfer or merge parts (or the entirety) of the Dolya Consulting business to or with another company, the new entity may also use your Personal Data in accordance with this Privacy Policy.
​
​​8. Transfers Outside of the EEA
Should we need to transfer your Personal Data outside of the UK and the European Economic Area (EEA), we will comply with at least one of the following requirements:
​
-
When dealing with international third parties, we will ensure that your Personal Data is covered by contractual clauses, approved by the Gibraltar Regulatory Authority, which will extend local data protection standards to your Personal Data.
​
-
We will ensure that the country to which your Personal Data is being transferred is regarded as a jurisdiction offering adequate protection to Personal Data.
​
9. How Long We Keep Your Personal Data
We will only keep your Personal Data for as long as it is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, reporting or regulatory requirements. For more information please contact our DPO using the email at the end of this Policy.
We may retain anonymised and/or aggregate data indefinitely as long as it is no longer considered Personal Data.
​
10. Your Rights in Relation to Your Personal Data
You have the right to:
​
-
Request access to your Personal Data. We will provide you with a copy of the Personal Data we hold about you upon request.
​
-
Request correction of any Personal Data that we hold about you. We will correct any incomplete or inaccurate Personal Data we hold about you upon request.
​
-
Request erasure of your Personal Data. We will delete or remove Personal Data provided that (i) we do not have a lawful basis to retain the data; or (ii) you have successfully objected to our processing of your data; or (iii) we have processed your information unlawfully; or (iv) we are required to erase your Personal Data to comply with an applicable local law.
​
-
Object to processing of your Personal Data. We will stop processing your Personal Data if we have been unfairly relying on a legitimate interest (our or of a third party) for processing causing an undue impact on your fundamental rights and freedoms.
​
-
Request restriction of processing of your Personal Data. We will suspend the processing of your Personal Data if (i) you ask us to check the data’s accuracy; or (ii) our use of the data is unlawful but you do not want us to erase it; or (iii) you need us to retain the data past our retention period in order to establish, exercise or defend a legal claim; or (iv) you have objected to our processing and your objection is being investigated.
​
-
Request the transfer of your Personal Data. We will provide to you, or a third party you have chosen, with your Personal Data in a structured, commonly used, machine-readable format. This right only applies to automated data which we process under your consent or where such Personal Data is used to perform our employment contract with you.
​
-
Withdraw consent. We will stop processing any Personal Data which we are using under your consent. Remember that any processing done before consent is withdrawn remains lawful.
​
-
Raising a complaint. We will always investigate thoroughly any concerns you may have about our use of your Personal Data. Please use the contact details below to reach out to the Dolya Consulting DPO with any worries, questions or problems.
​​​
If you have any questions or wish to exercise any of the rights specified above, please contact the Dolya Consulting DPO at privacy@dolya.consulting.
​​
Fees & Confirming Your Identity
You will not have to pay a fee to exercise any of your rights in relation to your Personal Data, but we may charge a reasonable fee or refuse to comply with your request if it is clearly unfounded, repetitive or excessive.
We will ask you for information and documents to confirm your identity prior to you exercising your rights in relation to your personal data.
​​
​​11. Contact, Questions & Complaints
We are committed to robust standards of privacy protection, but if you become concerned about our management of your Personal Data, please contact the Dolya Consulting DPO at privacy@dolya.consulting.
You also have the right to make a complaint at any time to the Information Commissioner under the Data Protection Act – currently the Gibraltar Regulatory Authority (“GRA”). However, we would appreciate an opportunity to resolve your concerns in the first instance.
The contact details for the GRA are:
Gibraltar Information Commissioner
Gibraltar Regulatory Authority
2nd Floor, Eurotowers 4
1 Europort Road
Gibraltar
Email: info@gra.gi
Phone: (+350) 200 74636
Fax: (+350) 200 72166
​​