...
Hotline

Privacy Policy

TNG Global Realty Limited of Units 1-3, Ground Floor, TNG Global House, 39-43 Irish Town, Gibraltar (“TNGGR”) is the primary Data Controller with respect to the personal data collected from our website visitors, customers and clients. TNG Realty (Bayside) Limited and TNG Realty (Eastside) Limited (together, the “TNG Group Companies”) are also Data Controllers in respect of personal data processed for the purposes of administering and delivering their individual property developments.

This Privacy Notice applies to TNGGR and to the TNG Group Companies. Each company acts as a controller for the processing activities carried out in connection with its own development, while certain processing activities, such as group‑wide systems, marketing or compliance, may be undertaken jointly or on behalf of the relevant company.

We know that you care about your personal data and how it is used, and we want you to know that TNGGR and TNG Group Companies use your personal data carefully.

This Privacy Notice will help you understand what personal data we collect, why we collect it and what we do with it.

We collect, store and use your personal data to provide you with our service. By using our services, you acknowledge that we must collect and use some of your personal data for the purposes of providing you with our services.

Data Protection Legislation

The data protection legislation in Gibraltar is the Data Protection Act 2004 (the “DPA”) incorporating the “Gibraltar GDPR” (together the “Data Protection Legislation”).

Data Protection Principles

We will endeavour to ensure that the personal information we hold about you is:

  • used lawfully, fairly and in a transparent way.
  • collected only for specified and legitimate purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • adequate, relevant and limited to what is necessary in relation to the purposes we have told you about.
  • accurate and kept up to date.
  • not kept in a form which permits your identification for longer than necessary and kept only as long as necessary for the purposes we have told you about.
  • kept securely.
  • not transferred to another country without appropriate safeguards being in place.

Contact details

Address: Units 1-3, 39-43 Irish Town, Gibraltar, GX11 1AA

Telephone: 200 41006

Email: dataprotection@tng-global.org

Status of the TNG Group Companies

TNG Realty (Bayside) Limited and TNG Realty (Eastside) Limited act as independent Data Controllers in respect of personal data processed for their respective developments, including sales administration, customer management, regulatory obligations, and post‑completion matters.

TNGGR and the TNG Group Companies may, where necessary, act as joint controllers for certain shared processes such as group‑wide IT systems, regulatory compliance, or shared sales‑management functions. In such cases, each entity is responsible for ensuring that your personal data is processed in accordance with the Data Protection Legislation.

Although employees of TNG Global Realty Limited carry out day‑to‑day operations on behalf of TNG Realty (Bayside) Limited and TNG Realty (Eastside) Limited, each development company remains an independent Data Controller responsible for the personal data processed in connection with its own development.

If you would like to understand which TNG entity is responsible for a particular aspect of processing, you may contact us using the details in the Contact section above.

What information we collect, use, and why

We collect or use the following information to provide services for clients:

  • Names and contact details
  • Addresses
  • Gender
  • Occupation
  • Date of birth
  • Nationality
  • Third party information (such as family members or other relevant parties)
  • Payment details (including card or bank information for transfers)
  • Financial data (including income and expenditure)
  • Transaction data (including details about payments to and from you and details of products and services you have purchased)
  • Usage data (including information about how you interact with and use our website, products and services)
  • Telematics data and connected car information
  • Information relating to compliments or complaints
  • Records of meetings and decisions
  • Account access information
  • Website user information

We collect or use the following personal information for information updates or marketing purposes:

  • Names and contact details
  • Addresses
  • Profile information
  • Marketing preferences
  • IP addresses

We collect or use the following personal information to comply with legal requirements:

  • Name
  • Contact information
  • Identification documents
  • Client account information
  • Health and safety information
  • Any other personal information required to comply with legal obligations
  • Safeguarding information

We collect or use the following personal information for dealing with queries, complaints or claims:

  • Names and contact details
  • Addresses
  • Payment details
  • Account information
  • Purchase or service history
  • Customer or client accounts and records
  • Financial transaction information
  • Correspondence
  • Location data

Where personal data is processed specifically in connection with an individual development (for example, the Bayside or Eastside developments), the Data Controller for that processing will be the relevant development company, namely TNG Realty (Bayside) Limited or TNG Realty (Eastside) Limited.

Lawful bases and data protection rights

Your rights as a data subject

  • Your right of access – You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for.
  • Your right to rectification- You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete.
  • Your right to erasure- You have the right to ask us to delete your personal information, under certain conditions.
  • Your right to restriction of processing- You have the right to ask us to limit how we can use your personal information, under certain conditions.
  • Your right to object to processing- You have the right to object to the processing of your personal data, under certain conditions.
  • Your right to data portability- You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, under certain conditions.
  • Your right to withdraw consent– When we use consent as our lawful basis you have the right to withdraw your consent at any time.

If you make a request, we have one month to respond to you.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Manifestly unfounded or excessive requests

There are certain circumstances in which the law permits us to refuse a request exercised in accordance with any one or more of the rights referred to above where the exercise of that right is unfounded or excessive. In such circumstances we may also charge a reasonable fee.

Our lawful bases for the collection and use of your data

We must have a “lawful basis” for collecting and using your personal information. These include:

  • consent: the individual has given clear consent for you to process their personal data for a specific purpose;
  • contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract;
  • legal obligation: the processing is necessary for you to comply with the law or legal requirement (including, for example) court orders;
  • vital interests: the processing is necessary to protect someone’s vital interests (this can include a person’s safety);
  • legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

Our lawful bases for collecting or using personal information to: (1) provide services for clients; (2) for information updates or marketing purposes; (3) for research or archiving purposes; (4) to comply with legal requirements; and/or (5) for dealing with queries complaints or claims are:

  • Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

Where we get personal information from

  • Directly from you
  • Legal bodies or professionals (such as courts or solicitors)
  • Publicly available sources
  • Suppliers and service providers

How long we keep information

Your information is only stored whilst it is required for the relevant purposes, or to meet legal requirements. We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or to meet legal/regulatory requirements.

Where your information is no longer required, we will ensure it is disposed of or deleted in a secure manner.  In certain circumstances we will anonymise the data to the extent that we will continue to process data in a format which makes identifying you impossible.  In these instances, every effort is made to ensure proper and correct processes are in place to carry this out effectively. 

Who we share information with

We share personal data with certain third parties who act as data processors to help us deliver our services. These parties process personal data on our behalf and in accordance with our instructions.

Name of Data Processor:
CÔNG TY CỔ PHẦN ROX LIVING GLOBAL
Role: Data Processor
Relationship: Affiliate international partner company, assisting with post-exchange and completion activities relating to property sales in Gibraltar projects.
Processing Activities: Access to and management of customer information through our sales-management system (SSM), including names, addresses, contact details, and transaction data.
Location: Vietnam
Transfer Safeguards: International Data Transfer Agreement (IDTA), subject to completion of a Data Protection Impact Assessment (DPIA) and confirmation that risks to data subjects are low.
Legal Basis for Transfer: Contractual necessity and legitimate interests, with appropriate safeguards in place.
Additional Information: For details of the safeguards or to request a copy, please contact us using the details provided in this notice.

Where Rox Living Global carries out processing activities relating to a particular development, it does so on behalf of the Data Controller for that development (i.e., TNG Realty (Bayside) Limited or TNG Realty (Eastside) Limited, as applicable).

IT Service Providers – organisations that provide our IT systems, cloud hosting, software platforms and technical support. These providers may have access to personal data when performing their services and act as Data Processors under our instructions and subject to appropriate contractual safeguards.

Other entities/persons we may share personal information with:

  • Other financial or fraud investigation authorities
  • Insurance companies, brokers or other intermediaries
  • Professional or legal advisors
  • Our bank(s)
  • Regulatory authorities
  • KYC screening providers
  • Organisations we’re legally obliged to share personal information with
  • Suppliers and service providers
  • Professional consultants
  • Third parties. 

Sharing information outside of the EEA

Where necessary, we may transfer personal information outside of Gibraltar and the EEA. When doing so, we comply with our legal and regulatory requirements, making sure appropriate safeguards are in place.

From time to time, we will transfer your personal data to a jurisdiction that is outside of Gibraltar and the EU/EEA (referred to as a “third country”). When doing this, we will endeavour to ensure that your rights as a data subject (with regard to your personal data) are adequately protected. We may only transfer your personal data outside of the EEA where one of the following apply:

  1. Adequacy Decision: this means that the European Commission has decided that the third country in which the data importer (the entity receiving the personal data) is based ensures an adequate level of protection in respect of that personal data. The effect of an adequacy decision is that personal data can be freely transferred from Gibraltar (or indeed the EEA generally) to that third country without restriction.
  2. Transfers subject appropriate safeguards: These are circumstances where the relevant data importer can prove that it maintains appropriate safeguards in respect of personal data. Such appropriate safeguards most commonly take the form of an agreement entered into between the data importer and the data exporter (the entity transferring the personal data) which adopts the EU’s “standard contractual clauses”. These clauses create legally binding obligations on the data importer to provide for such safeguards. Other common forms are the use of “Binding Corporate Rules” (essentially an intra-group code of conduct with regard to data privacy).
  • Consent: this includes circumstances where the data subject has given their consent to the transfer of personal data to a third country.

These transfers may relate to processing carried out on behalf of TNGGR or, where applicable, on behalf of the TNG Group Companies acting as Data Controllers for their respective developments.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the GRA.

The Regulator

You have the right to make a complaint at any time to the Gibraltar Regulatory Authority (the “GRA”), the supervisory authority for data protection issues in Gibraltar (www.gra.gi). We would, however, appreciate the chance to deal with your concerns before you approach the GRA so please contact us in the first instance.

The GRA’s contact details are:

Gibraltar Regulatory Authority
2nd floor
Eurotowers 4
1 Europort Road
Gibraltar
GX11 1AA

Tel: (+350) 20074636

Email:  info@gra.gi

Changes to this Privacy notice

We may update our privacy notice from time to time to reflect changes in our business, technology, or legal requirements. We will notify you of any changes by posting the new privacy notice on this page and updating the “Last Updated” date as well as on this page of our mobile app. You are advised to review this privacy notice periodically for any changes.

Last updated: March 2026

 

The Life of Elegance