GiBoard

Privacy Policy

Last updated: October 11, 2025

1. Data Controller

GiBoard, registered in Gibraltar, is the data controller responsible for your personal information. For users in Spain and the wider European Union, we fully comply with EU GDPR requirements as well as Gibraltar data protection laws.

2. Information We Collect

We collect information you provide directly and automatically when using our marketplace platform:

Personal Data:

  • Account information (name, email, phone number, profile picture)
  • Listing information (property details, descriptions, images, location data)
  • Chat messages and communications between users
  • Payment information (processed securely by third-party providers)
  • Reviews and ratings you provide
  • Favorites and saved searches

Technical Data:

  • IP address, browser type, device information
  • GPS location data (with your permission)
  • Usage analytics and interaction data
  • Cookies and similar tracking technologies

3. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Contract: To provide marketplace services, process listings, and facilitate communications
  • Consent: For marketing communications, location tracking, and optional features
  • Legitimate Interest: For fraud prevention, security, and service improvement
  • Legal Obligation: 3. Legal Basis for Processing (GDPR)

4. How We Use Your Information

Your information is used to:

  • Provide and maintain marketplace services
  • Process listings and facilitate transactions between users
  • Enable chat communications between buyers and sellers
  • Process payments for premium listing features
  • Send notifications about your listings and messages
  • Detect and prevent fraud, spam, and abuse
  • Improve our services through analytics and user feedback
  • Comply with legal obligations and resolve disputes

5. Information Sharing

We share your information only in these specific circumstances:

  • Public Listings: Information in your listings is visible to all users
  • Service Providers: Payment processors, cloud hosting, email services (under strict data processing agreements)
  • Legal Requirements: When required by law, court order, or regulatory authorities
  • Business Transfers: In case of merger, acquisition, or sale of assets (with user notification)

6. Photo Uploads and Metadata

When you upload photos to your listings:

  • We automatically remove EXIF metadata including GPS coordinates, camera details, and timestamps
  • Photos may be resized and compressed for optimal performance
  • By uploading photos, you grant us license to display them in your listings and search results
  • You retain ownership rights to your photos

7. Contact Information Visibility

Your contact information visibility:

  • Email and phone numbers in your listings are visible to all users
  • You can choose to communicate only through our internal messaging system
  • Your account email is private and not shown in listings unless you add it
  • We recommend using our chat system to protect your privacy

8. Third-Party Services and Analytics

We use trusted third-party services to operate and improve our platform. These providers process data on our behalf under strict data processing agreements. Examples include Google Analytics (with IP anonymization), Cloudflare (CDN and security), Firebase (authentication and storage), and payment processors such as Stripe or PayPal.

We vet providers for security and GDPR compliance. For transfers outside the EEA or Gibraltar, we rely on adequacy decisions or Standard Contractual Clauses as required by applicable law.

9. International Data Transfers

As we operate between Gibraltar and Spain, data may be transferred between these jurisdictions. We ensure adequate protection through standard contractual clauses and adequacy decisions. For transfers outside EU/Gibraltar, we implement appropriate safeguards under GDPR Article 46.

10. Data Security

We implement comprehensive security measures:

  • HTTPS/TLS encryption for all data transmission
  • Database encryption at rest
  • Regular security updates and monitoring
  • Access controls and secure authentication
  • Incident response and breach notification procedures

11. Cookies and Tracking

We use cookies for essential functionality:

  • Essential Cookies: Required for login, security, and core functionality
  • Functional Cookies: Remember your preferences (language, saved searches)

You can control cookies through your browser settings. Disabling essential cookies may affect site functionality.

12. Automated Processing and AI Transparency

GiBoard may use automated processing and algorithmic tools to personalise content, recommend listings, or assist moderation. These systems are used to improve user experience and platform safety. Automated outcomes do not produce legal effects or similarly significant effects on users. Human review and oversight are maintained for decisions affecting user accounts.

If you wish to opt out of personalised recommendations or profiling, you can disable personalization in your account settings or contact us at privacy@giboard.gi.

13. Your Rights (GDPR)

Under GDPR and Gibraltar data protection law, you have the following rights:

  • Right of Access: Request copies of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data (subject to legal requirements)
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Restrict: Limit how we use your data
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at privacy@giboard.gi. We will respond within 30 days.

14. Data Retention

We retain your data for different periods:

  • Active Account: While your account remains active
  • Inactive Account: 3 years after last login, then deleted or anonymized
  • Active Listings: While published; expired listings automatically removed after 90 days
  • Deleted Listings: Permanently deleted within 30 days (backup copies may exist for 90 days)
  • Communications: Chat messages retained for 2 years or until account deletion

15. Data Breach Notification and Incident Response

We maintain an incident response plan to detect, investigate, and remediate security incidents. In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the Gibraltar Regulatory Authority (GRA) and affected individuals in accordance with applicable law, generally within 72 hours of becoming aware, unless an exception applies.

If you suspect a security incident affecting your data, please contact privacy@giboard.gi immediately.

16. Data Hosting and Storage

We store and process personal data on secure servers located in the European Union or the United Kingdom, depending on the service provider. Backups may be stored in Gibraltar under encrypted conditions. We take contractual and technical measures to ensure adequate protection for data transfers and processing.

17. Children's Privacy

GiBoard is not intended for users under 16 years old. We do not knowingly collect personal information from children. If we discover that a child has provided personal information, we will delete it immediately. Parents who believe their child has provided information should contact us.

18. Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. Material changes will be notified via email or prominent platform notice at least 30 days before taking effect. Continued use constitutes acceptance of the updated policy.

19. Applicable Law

This Privacy Policy is governed by the Data Protection Act 2004 of Gibraltar, the UK GDPR (as retained in Gibraltar), and where applicable, the EU General Data Protection Regulation (Regulation (EU) 2016/679).

20. Complaints and Regulatory Authorities

If you have concerns about our data processing, you can:

  • Contact us at privacy@giboard.gi
  • File a complaint with Gibraltar Regulatory Authority (GRA)
  • For EU residents: Contact your local supervisory authority

21. Contact Information

For any privacy-related questions or to exercise your rights:

Email: privacy@giboard.gi

We aim to respond to all inquiries within 30 days.