Naar hoofdinhoud

Privacy Notice

Last updated: [TO BE FILLED]

1. Who we are

The data controller for personal data processed via this platform is [TO BE FILLED — operator legal entity name and registered address].

Data Protection Officer (DPO): [TO BE FILLED — DPO name and email]. Where no DPO is required by law, the equivalent contact for privacy enquiries is [TO BE FILLED].

2. What we collect

  • Account data: email, hashed password, display name, role, timestamps.
  • Listing data: content you publish (text, photos, contact handles), city/district association.
  • UGC: reviews you author, forum posts, favourites, abuse reports.
  • Technical data: IP address (for rate-limit and abuse-defence), user-agent, request timestamps, session cookies.
  • Billing data:subscription status, plan, provider's transaction id. We do NOT store payment-card details — those are handled by the third-party billing provider on its own hosted-checkout page.

3. Lawful basis

We rely on: contract performance for account-, listing-, and billing-related processing; legitimate interests for abuse-prevention logging and basic analytics; consent for non-essential cookies and marketing analytics (set via the cookie banner); and legal obligation for tax/audit retention and for responding to lawful requests from authorities.

4. Your rights

Under GDPR (and equivalent regimes) you have the right to:

  • access the personal data we hold about you (Art. 15);
  • rectify inaccurate data (Art. 16);
  • erase your data (“right to be forgotten”, Art. 17);
  • restrict processing (Art. 18);
  • portability — export your data in a machine-readable form (Art. 20);
  • object to processing on legitimate-interest grounds (Art. 21);
  • lodge a complaint with your supervisory authority (Art. 77 — in NL, the Autoriteit Persoonsgegevens).

To exercise any of these rights, email [TO BE FILLED — DSAR intake email] or use the in-app DSAR request flow once available. We respond within 30 days.

5. Retention

Account and listing data are retained while your account is active and for [TO BE FILLED — number] days after closure for dispute-resolution and legal-defence purposes. Audit logs are retained per the operator's audit-retention policy (see internal documentation). Backups follow standard rolling retention.

6. Recipients & transfers

We share data with: hosting providers (necessary for operation), email-delivery provider (transactional only), adult-billing provider (for paid features), and law enforcement when legally compelled. International transfers, where required, rely on Standard Contractual Clauses.

7. Cookies

See our Cookie Notice for the full list. The cookie banner lets you accept/reject non-essential categories.

8. Contact

Privacy queries: [TO BE FILLED — privacy@operator-domain].

See also: Terms, Cookie Notice.