Privacy Policy

This Privacy Policy applies to the online platform Homewhere Ltd an online platform which is operated by Homewhere Ltd a company registered in the UK, with registered number 13442520, ISO (App C110702) and whose registered office is at 11 Pierrepont Street, Bath, Somerset BA1 1LA (hereinafter jointly referred to as “Us”, “We” or “Homewhere Ltd”).

We take your privacy extremely seriously. The GDPR forms part of the data protection regime in the UK, together with the new Data Protection Act 2018 (DPA 2018). The main provisions of this apply, like the GDPR, from 25 May 201  and other statutory regulations.

The services offered by us via the Website and/or App (jointly “Platform“) can function only if we collect, store, transfer, delete and/or otherwise use (“collect and use“) specific data relating to you. Personal data means all information relating to an identified or identifiable natural person such as your name, address or email address.

This Privacy Policy describes which of your data we collect and for what purposes we collect and use it when you use the services offered by us on the Platform. This Privacy Policy also contains important information on the protection of your data, especially the statutory rights you have in connection with it.

Certain services on our Platform are offered by third-party suppliers. When you use these services, the data protection regulations of the third-party suppliers will then apply in addition to this data protection statement. Prior to your use of such services, the third-party suppliers may require you to provide permission under data protection law.

Under applicable data protection laws, Homewhere Ltd is obligated to inform you about data processing and Homewhere Ltd fulfills this obligation within this Privacy Policy. This Privacy Policy and any parts of it are not meant as contractual clauses and do not become part of the general terms and conditions (“GENERAL TERMS AND CONDITIONS”) as a contract that is concluded with registered users. Under applicable data protection laws, Homewhere Ltd can process data that is necessary for the performance of a contract with you or necessary for taking steps at the request of you prior to entering into a contract (Art. 6 (1) (b) GDPR). References to the GENERAL TERMS AND CONDITIONS should at all times be understood as information on data processing (Art. 13 and 14 GDPR) and never as clauses that become part of the GENERAL TERMS AND CONDITIONS. By using the Platform and our services, you enter into a legally binding contract between you and Homewhere Ltd conditions of which are described in the GENERAL TERMS AND CONDITIONS.

 

To enable you to use the Platform, allow us to provide our services and perform our GENERAL TERMS AND CONDITIONS

 

We collect and use your personal data to allow you to use our Platform, to provide our services and to perform a contract (GENERAL TERMS AND CONDITIONS) with you and to undertake commercial transactions via the Platform, to use the electronic payment system and communicate with other users. To use these services, you need a Homewhere.online account. For this purpose, you must register as a member on the Website or App.

Most of your personal data are required to perform a contract (GENERAL TERMS AND CONDITIONS) with you. In case you do not provide us with this personal data, we will not be able to conclude and execute a contract (GENERAL TERMS AND CONDITIONS) with you. Part of your data is required to fulfill our legal obligations when you are a member of our Platform. In case you do not provide us with this personal data, we will not be able to comply with legal requirements and provide our services.

This data is also used for the improvement of the Platform in order to make it a better experience for our users.

Homewhere Ltd collects your personal data to allow you to use our Platform, to provide our services and to perform a contract (GENERAL TERMS AND CONDITIONS) with you and keeps it for as long as we keep your Homewhere Ltd account – for 3 months from the date of deletion of your Homewhere Ltd account or for 5 years and 3 months of inactivity on your account.

 

To enable registration on the Platform

When you register as a member on the Platform, you must provide the following data in order to carry out the registration procedure and access your Homewhere Ltd account:

  1. User name;
  2. Email address;
  3. If you register on Homewhere Ltd Platform – your full name;
  4. Password;
  5. Legal basis for the collection and use of data is the performance of a contract (GENERAL TERMS AND CONDITIONS) to which you are a party or in order to take steps at your request prior to entering into a contract (GENERAL TERMS AND CONDITIONS) (Art. 6 (1) (b) of the GDPR).

We also determine your location at the time of registration to show on your profile. You can at any time choose to change your location (country, city or region) and make your city or region not visible to other users under “My settings” in your Homewhere Ltd account.

Personal data collected and used for this purpose are kept for as long as we keep your Homewhere Ltd account – for 3 months from the date of deletion of your Homewhere Ltd account or for 5 years and 3 months of inactivity on your account.

To enable you to list your items

If you list items on the Platform, we will collect and use the following data for the purpose of creating and publishing listings on the Platform (list of required information differs depending on the chosen item category):

  1. Item title;
  2. Item description;
  3. Item category;
  4. Item brand;
  5. Item age
  6. Item size;
  7. Item colour;
  8. Item material;
  9. Item images;
  10. Price;
  11. Shipping options.

 

If you list items in Poland, we will, in addition to other personal data described above, we collect and use your phone number. 

Legal basis for such collection and use is your consent (Art. 6 (1) (a) of the GDPR).

Personal data collected and used for this purpose are kept for 18 months and 7 days of inactivity. Images are kept for 3 months after the item is deleted.

 

To enable you to communicate with other users

If you communicate with other users on the Platform, we collect and use the following data: 

  1. Name of the member you are communicating with;
  2. Messages;
  3. Date and time of messages;
  4. Shared images;
  5. Your device;
  6. Information whether another member has seen your message;
  7. Other data submitted in messages.

Legal basis for the collection and use of data is the performance of a contract (GENERAL TERMS AND CONDITIONS) to which you are a party of the GDPR).

Personal data collected and used for this purpose are kept for as long as we keep your Homewhere Ltd account – for 3 months from the date of deletion of your Homewhere Ltd account or for 5 years and 3 months of inactivity on your account.

To send you important communication regarding the Platform

If you register on the Platform, we will send you e-mails and messages via the Platform’s messaging system for the purpose of providing important notifications e.g. GENERAL TERMS AND CONDITIONS, Privacy Policy changes.

Legal basis for the collection and use of data is the performance of a contract (compliance with our GENERAL TERMS AND CONDITIONS) to which you are a party of the GDPR) and compliance with the legal obligations to which Homewhere Ltd is subject of the GDPR).

Personal data collected and used for this purpose are kept for as long as we keep your Homewhere Ltd account – for 3 months from the date of deletion of your Homewhere Ltd account or for 5 years and 3 months of inactivity on your account.

 

To provide you with customer support service

If you send us a query, request or complaint, we will collect and use the following data for the purpose of providing you with customer support services you request on the Platform: 

  1. Your profile information;
  2. Platform usage information;
  3. Transaction information;
  4. Shipment information;
  5. Communications;
  6. IP address;
  7. Session information;
  8. Item listings, photos and videos;
  9. Inquiries;
  10. Other information submitted by you.

The type of information we collect can vary depending on your inquiry.

Legal basis for the collection and use of data is the performance of a contract (GENERAL TERMS AND CONDITIONS) to which you are a party of the GDPR.

To resolve any purchase-related disputes between users

If you purchase and/or sell and/or swap items on the platform and get involved in a dispute with another member, we will collect and use any of your personal data held by Homewhere Ltd which may be necessary to solve the dispute.

We base such collection and use on a legitimate interest which may be used to settle disputes between our users and defend the rights and interests of Homewhere Ltd of the GDPR and, where relevant, compliance with the legal obligations to which Homewhere Ltd is subject of the GDPR.

Personal data collected and used for this purpose are kept for 1 year after a dispute is concluded.

To retain temporarily your deleted account

If you decide to delete your account, we will make reasonable efforts to make sure it is no longer viewable on the Platform and restrict the use of your data. For up to 3 months it is still possible to restore your account if it was accidentally or wrongfully deactivated or in case you change your mind and wish to return to the Platform and take action in case someone else would gain access to your account and delete it without your knowledge. 

Legal basis for such storage of your data is our legitimate interest of Homewhere Ltd and our users to restore your account when necessary of the GDPR and, where relevant, compliance with the legal obligations to which Homewhere Ltd is subject of the GDPR.

Personal data are kept for this purpose for 3 months from the date of deletion of your Homewhere Ltd account. After 3 months we may delete your account from our Platform.

To save your recent searches

In order to help you find previously searched items on the Platform, we save your search keywords. We collect and use the following data for the purpose of providing information about newly listed items on the Platform based on the keyword you were looking for previously:

  1. Your search history (last 15 searched keywords);
  2. Date and time of your search;
  3. Number of newly listed items.

 

Legal basis for such collection and use is the legitimate interest of our users and Homewhere Ltd to improve search results on the Platform (of the GDPR).

You can delete your search history at any time.

Personal data collected and used for this purpose are kept for as long as the searched keyword is on the list of the last 15 searched keywords unless you delete your search history.

 

To ensure the security of your account and the Platform  

Homewhere Ltd strives to ensure that the accounts of our users and the Platform itself would be secure and protected from cyber attacks, unauthorized access and other related risks.

 

To track visits to the Platform for security purposes

When you connect to the Website or App, we collect and use the following data (logfiles), even if you are not logged in to the Website as a member:

  1. IP address of your device;
  2. Browser used by your device;
  3. Content and URLs you connect to;
  4. Date and time of your connections.

 

In the event of access via mobile devices, the following log files are also captured as part of your use of the Homewhere Ltd App: 

  1. Model and manufacturer of your mobile device; 
  2. Operating system used by your mobile device (iOS, Android).

 

This data is used for security purposes, especially the prevention of cyberattacks such as data scraps and denial of service attacks and for preventing impermissible multiple applications.

Legal basis for such collection and use is our legitimate interest to protect the Platform and ensure its security and the legitimate interest of our users to ensure the safety of their accounts on the Platform (Art. 6 (1) (f) of the GDPR).

Personal data collected and used for this purpose are kept for 3 months.

To verify your account in case of suspicious actions related to your account

If we detect actions on your account that Homewhere Ltd considers suspicious, we will request you to perform a basic verification – confirm your email

For the purpose of performing a basic verification, we will collect and use the following data:

  1. Email address

Legal basis for such collection and use is our legitimate interest to protect the Platform and ensure its security and the legitimate interest of our users to ensure the safety of their accounts on the Platform (Art. 6 (1) (f) of the GDPR).

Homewhere Ltd collects and uses your personal data for this purpose for as long as we keep your Homewhere Ltd account – for 3 months from the date of deletion of your Homewhere Ltd account or for 5 years and 3 months of inactivity on your account.

To carry out PayPal account security check

As part of the security process, we request our users to verify the ownership of their PayPal accounts when there was no actual charge. As part of this process, Homewhere Ltd collects and uses the following data:

  1. Username;
  2. Registration email address;
  3. Information in the screenshot(s) of PayPal profile: account holder’s full name, address and other visible data.

As part of the security process, we also request our users that use PayPal to verify the ownership of their PayPal accounts. As part of this process, Homewhere Ltd collects and uses the following data:

  1. Username;
  2. Registration email address;
  3. Information in the screenshot(s) of the expanded statement of the most recent Homewhere Ltd order: date, amount, the account holder’s full name, shipping address, and other visible data.

Legal basis for such collection and use is our legitimate interest to protect the Platform and ensure its security and the legitimate interest of our users to ensure the safety of their accounts on the Platform (Art. 6 (1) (f) of the GDPR).

Personal data collected and used for this purpose are kept for 4 days after the security check is passed.

Please note, this section only applies to our American Platform.

If you buy items on the Platform, your Credit card and Homewhere Ltd Balance payments are processed via our electronic payment system, STRIPE (see our GTC), which is operated by Stripe, Inc. (United States) (“STRIPE”). To use STRIPE, you will need to set up an e-wallet on the Platform (referred to on the Platform as a

„wallet“) and provide us with the following information, which we will transfer to STRIPE:

  1. First name;
  2. Last name;
  3. Date of birth;
  4. Address;
  5. Country;
  6. Email;
  7. IP address;
  8. Social security number (last 4 digits);
  9. Bank account number.

 

If you use the STRIPE electronic payment system, STRIPE will collect the payment information required according to the payment method selected. Payment will then be implemented via STRIPE and the payment service provider you have selected. To this extent, the data protection regulations of STRIPE and the relevant payment service provider will apply.

If you use a credit card as your payment method, Homewhere Ltd  will see only the last four digits of your card number. This information will be used by us solely for the purpose of confirming payment.

STRIPE, within the context of the regulated services provided to our users as an electronic money institution, shall in particular collect and use personal data for the following purposes: opening and managing the wallet; receiving and executing payment transactions; managing customer relations and claims; combatting money laundering and the financing of terrorism. In this context, the Platform you use may be considered as a communication channel with STRIPE API and constitutes the only contact point of the data subject for the collection of its personal data and the customer service. 

Homewhere Ltd uses the services of STRIPE in order to generate on its payment page the input fields to collect payment data. The purpose of this processing is determined by Homewhere Ltd, as the publisher of the Platform and its payment page. However, STRIPE determines the data input fields and communicates with the payment service provider selected by STRIPE. 

You can find out more on how STRIPE collects and uses your data by consulting the privacy policy of STRIPE, accessible at the following address: https://stripe.com/privacy. If you still need to contact STRIPE directly, you can contact their data protection officer at the following email address: privacy@stripe.com. We acknowledge that you may, in general, contact either Homewhere Ltd or STRIPE to exercise your respective rights. Homewhere Ltd and STRIPE will forward your request to the other party where this is needed for

fulfilling the data subject’s rights. All duties under the GDPR are fulfilled by both Homewhere Ltd and STRIPE.

Legal basis for the collection and use of data is the performance of a contract (compliance with our GTC) to which you are a party (Art. 6 (1) (b) of the GDPR). 

Personal data are required to perform a contract (GTC) with you. In case you do not provide us with this personal data, we will not be able to conclude and execute a contract (GTC) with you.

Transaction data are kept for 13 months from the day of the transaction.

 

To supervise compliance with and enforce GENERAL TERMS AND CONDITIONS

 

Homewhere Ltd may supervise compliance with and enforce GENERAL TERMS AND CONDITIONS for the purpose of ensuring the security of your account and the Platform. 

 

To enforce spam filtering

In order to protect our users and the Platform, we use spam filtering tools. These tools have a list of keywords that are commonly associated with spam. If your messages include the aforementioned keywords, they are stopped by the aforementioned tools and reviewed manually before being sent to other users. 

Legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our users to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR).

Homewhere Ltd collects and uses your personal data for this purpose for as long as we keep your Homewhere Ltd account – for 3 months from the date of deletion of your Homewhere Ltd account or for 5 years and 3 months of inactivity on your account.

 To moderate your activity on the Platform

In order to ensure the security of the Platform and its users we regularly moderate your activity on the Platform. We may check your listings automatically or we may check your listings, comments, messages when we receive other users’ or third party’s reports.

If you communicate with another Homewhere Ltd member via private messages and either you or another member sends us a report or escalates a transaction, we collect and use the information contained in your communication to check for a potential violation of our GENERAL TERMS AND CONDITIONS.

Legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our users to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR).

Homewhere Ltd collects and uses your personal data for this purpose for as long as we keep your Homewhere Ltd account – for 3 months from the date of deletion of your Homewhere Ltd account or for 5 years and 3 months of inactivity on your account.

 

To issue and enforce warnings

If you as a member violate our GENERAL TERMS AND CONDITIONS or take other actions that result in a warning being issued to you, we collect and use the following data to issue and enforce the warning:

  1. Username;
  2. Kind of warning received by member;
  3. Date of warning received by member.

 

Legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our users to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR).

Homewhere Ltd collects and uses your personal data for this purpose for as long as we keep your Homewhere Ltd account – for 3 months from the date of deletion of your Homewhere Ltd account or for 5 years and 3 months of inactivity on your account.

 

To delete or hide items that violate Homewhere Ltd GENERAL TERMS AND CONDITIONS

If you list items that violate our GENERAL TERMS AND CONDITIONS, we will remove or hide them. However, we will retain deleted listings as proof of the violation. For this purpose, Homewhere Ltd uses personal data included in the listing as specified herein

Legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our users to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR).

Deleted listings are kept for 30 days after their removal.

 

To suspend users

If you send too many messages in a short period of time, you may get suspended for 1 to 6 hours. For this purpose, Homewhere Ltd collects and uses the time and duration of the suspension.

Legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our users to ensure their safety on the Platform of the GDPR).

Homewhere Ltd collects and uses your personal data for this purpose for as long as we keep your Homewhere Ltd account – for 3 months from the date of deletion of your Homewhere Ltd account or for 5 years and 3 months of inactivity on your account.

 

To enforce bans

If you violate Homewhere Ltd GENERAL TERMS AND CONDITIONS in a way that results in you getting banned, we will use your ban reason, time and your profile data.

Legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our users to ensure their safety on the Platform of the GDPR).

Personal data collected and used for this purpose are kept for 3 months from the moment you have been blocked.

 To enforce IP blocks

If there are signs of cyber-attacks or other risks to the Platform’s security coming from your IP address, we will collect and use your IP address in order to protect the platform by blocking your IP address.

Legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our users to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR).

Personal data collected and used for this purpose are kept for 5 years.

 

To enable your payments for items

 

Payments on the Platform are carried out via payment service providers that provide payment processing and escrow services. Homewhere Ltd does not offer payments via the Platform on some of its Platforms, therefore, this chapter of the Privacy Policy is only relevant to certain Homewhere Ltd Platforms. Furthermore, different payment service providers operate on different Platforms and, as a result, different sections below are relevant depending on the Platform that you use.

Most of your personal data are required to perform a contract (GENERAL TERMS AND CONDITIONS) with you. In case you do not provide us with this personal data, we will not be able to conclude and execute a contract (GENERAL TERMS AND CONDITIONS) with you (Art. 6 (1) (b) of the GDPR). Part of your data is required to fulfill our or our payment service providers’ legal obligations when you are a member of our Platform (Art. 6 (1) (c) of the GDPR). In case you do not provide us with this personal data, we or our payment service providers will not be able to comply with legal requirements and we will not be able to provide our services.

Personal data collected and used for the aforementioned purpose are kept until this information is transferred to our payment service provider STRIPE

 

 

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

To issue refunds

If an item that you purchase is never shipped, as payment is held in escrow a refund will be given, however if or the item arrives damaged or not as described and you issue a claim, refund will come from the seller as payment will have been released due to the seller providing a tracking number. An image will be required from the buyer so claim can then be made with the seller or sellers insurance company. There is no liability of Homewhere Ltd  whatsovere or howsoever arising as a result of non arrival of an item or part thereof or if the item or part thereof arrives damaged or not as described

Legal basis for the collection and use of data is the performance of a contract (GENERAL TERMS AND CONDITIONS) to which you are a party of the GDPR).

Personal data are required to perform a contract (GENERAL TERMS AND CONDITIONS) with you. In case you do not provide us with this personal data, we will not be able to conclude and execute a contract (GENERAL TERMS AND CONDITIONS) with you.

Transaction data are kept for 13 months from the day of the transaction.

To keep financial records 

If you participate in purchase-sale and/or other transactions when using the Platform, Homewhere Ltd will collect and use the following data in order to carry out its accounting-related duties:

  1. Full name;
  2. Address;
  3. Value and description of supplied goods and/or services.

 

This is necessary in order to comply with the legal obligations to which Homewhere Ltd is subject of the GDPR.

Financial regulations require us to keep accounting documents that confirm the transactions for 10 years.

 

To enable you to ship or receive items

If you choose to enter your shipping information or when you buy, sell or swap items, we collect and use the following data that you provide for dispatch and shipping purposes:

  1. Full name;
  2. Country;
  3. City;
  4. Address;
  5. Telephone number;
  6. E-mail address;
  7. Signature;
  8. Address of the drop off point of the parcel;
  9. Tracking number of the parcel;
  10. Confirmation of delivery of the parcel;
  11. Other shipping information required by a particular shipping service provider.

 

Legal basis for the collection and use of data is the performance of a contract (GENERAL TERMS AND CONDITIONS) to which you are a party (Art. 6 (1) (b) of the GDPR).

Personal data are required to perform a contract (GENERAL TERMS AND CONDITIONS) with you. In case you do not provide us with this personal data, we will not be able to conclude and execute a contract (GENERAL TERMS AND CONDITIONS) with you. 

 

To track your parcel

When you buy, sell items on the Platform, we collect and use the following data for shipment tracking purposes:

  1. Date and time of delivery of the parcel;
  2. Tracking number of the parcel;
  3. Address;
  4. Location of the parcel.

Legal basis for the collection and use of data is the performance of a contract (GENERAL TERMS AND CONDITIONS) to which you are party (Art. 6 (1) (b) of the GDPR).

Personal data are required to perform a contract (GENERAL TERMS AND CONDITIONS) with you. In case you do not provide us with this personal data, we will not be able to conclude and execute a contract (GENERAL TERMS AND CONDITIONS) with you.

Personal data collected and used for this purpose are kept for 10 years. 

To carry out marketing activities

Homewhere Ltd seeks to involve our users in marketing campaigns and it benefits our users. At the same time, we wish to present you with marketing material that is both relevant and engaging.

To send you marketing emails

You can register for our newsletter and for other marketing emails (“Marketing Emails”). When you register, we will ask you for your permission to use your email address for the purposes of sending you Marketing Emails containing the latest information on our products and services, especially with regard to goods available on the Platform, special offers and marketing campaigns. If you do not give your consent when registering, you can at any time change your mind and agree to receiving Marketing Emails by adjusting the settings on your Homewhere Ltd account. 

We base such collection and use on your consent (Art. 6 (1) (a) of the GDPR, Art. 69(1) of Lithuanian Law on Electronic Communications).

Your permission for the sending of Marketing Emails can be given and withdrawn by you at any time with future effect. In your Homewhere Ltd account, you can adjust your settings to choose what emails you wish to receive or disable the sending of any further Marketing Emails. Alternatively, you can click “Unregister” at the end of the Marketing Email. Withdrawal of permission will not affect the lawfulness of collection and use carried out prior to withdrawal of permission.

Homewhere Ltd collects and uses your personal data for this purpose for as long as we keep your Homewhere Ltd account – for 3 months from the date of deletion of your Homewhere Ltd account or for 5 years and 3 months of inactivity on your account or until you withdraw your permission.

To manage our social media profiles

If you are interested in our activity and follow our profiles on social media, we collect and use the following data about you in order to manage our social networking sites:

  1. Name and surname;
  2. E-mail address;
  3. Gender;
  4. Country;
  5. Picture;
  6. Message;
  7. Time and date the message was received;
  8. Content of the message;
  9. Message attachments;
  10. Response to the message;
  11. Time of response to the message;
  12. Information about our rating;
  13. Comments on a post;
  14. Post shares;
  15. Information about post reactions.

We base such collection and use on our legitimate interest to manage our social media profiles (Art. 6(1)(f) of GDPR).

In order to manage our social media accounts, we receive and provide data to the following social media platform operators:

  1. LinkedIn Ireland Unlimited Company (Ireland);
  2. LinkedIn Corporation (USA) (personal data is protected by the service provider entering into the EU Standard Contractual Clausesfor the transfer of data as approved by the European Commission);
  3. Google Ireland Ltd. (Ireland);
  4. Google LLC (USA) (personal data is protected by the service provider entering into the EU Standard Contractual Clausesfor the transfer of data as approved by the European Commission);
  5. Facebook Ireland Ltd. (Ireland);
  6. Facebook, Inc (personal data is protected by the service provider entering into the EU Standard Contractual Clausesfor the transfer of data as approved by the European Commission);
  7.  

Personal data collected and used for this purpose are kept as long as you are registered on a specific social media network.

If you wish to exercise your rights regarding your data, it would certainly be more effective for you to contact Facebook directly. If you still need help in exercising your rights, you can contact us. In accordance with our agreement, Facebook assumes primary responsibility for fulfilling the obligations for the joint processing of “insights data”. This includes fulfilling the following rights:

– The right to access (GDPR);

For legal purposes

 

To handle your requests related to personal data 

If you use your statutory rights regarding your data, we will collect and use the data contained in your request in addition to any other personal data held by Homewhere Ltd for the purpose of examining the request, responding to it and, when necessary, taking necessary action.

In order to respond to requests, Homewhere Ltd provides your data to service partners which provide data protection officer’s services and consult us on questions of data protection law.

We base such collection and use on a legitimate interest to exercise our users’ rights (Art. 6 (1) (f) of the GDPR).

Personal data collected and used for this purpose are kept for two years from the day we respond to your request.

 

To provide information to law enforcement and other state institutions

If we have reasonable grounds to suspect that you are involved in illegal activities, we will collect and use necessary data of your profile data, data related to your activities on the Platform and data collected and used for security purposes in order to notify the law enforcement and other state institutions.

Homewhere Ltd also provides the aforementioned data to law enforcement and other state institutions when we receive requests for information in relation to investigations carried out by these institutions.

This is necessary in order to comply with the legal obligations to which Homewhere Ltd is subject (Art. 6 (1) (c) of the GDPR).

Personal data are required to fulfill our legal obligations when you are a member of our Platform. In case you do not provide us with this personal data, we will not be able to comply with legal requirements.

Homewhere Ltd collects and uses your personal data for this purpose for as long as we keep your Homewhere Ltd account – for 3 months from the date of deletion of your Homewhere Ltd account or for 5 years and 3 months of inactivity on your account.

 

 

To comply with specific data retention requirements of the French Decree No. 2011-219 (where you use .fr Platform)

If you are our registered member based in France, we are legally required to keep your personal data for certain periods of time according to the Decree no. 2011-219 of 25 February 2011 on the retention and communication of data to identify any person involved with the creation of online content applicable to hosting providers. We need to do that in order to comply with legal requirements and provide the data mentioned below to the authorities in the event of an administrative request.

Every time content is created, modified or deleted, hosting providers like Homewhere Ltd are compelled to retain the following data for a period of 1 year following the creation/modification/deletion of the content:

  1. Username;
  2. IP address;
  3. Identifier assigned by the information system to the content which is the object of the operation: it is the unique identifier that the hosting provider assigns to a particular content in its database (eg. the reference of the listing, the URL, the reference of a comment made on Homewhere Ltd’s forum, etc.)
  4. Types of protocols used to connect to the service and to transfer content (eg. FTP transfer, access via the Web interface, etc.);
  5. Nature of the operation (creation, modification or deletion of content);
  6. Date and time of the content creation/modification/deletion operation carried out on the Platform.

 

Data relating to the opening of the account (such data have to be retained for a period of one year after the deletion of the account):

  1. IP address used by the person at the time of the creation of the account;
  2. Name of the person creating the account (or the company name but, at the moment, this is not applicable to Homewhere Ltd);
  3. Postal addresses associated with the account;
  4. Pseudonyms used;
  5. Email addresses associated with the account;
  6. Telephone numbers;
  7. Data enabling to verify or modify the password chosen, in their latest updated version.

 

Data relating to financial transactions, when the hosting provider charges a fee for the service provided (which is the case when the buyer chooses to use Homewhere Ltd Buyer protection); such data have to be retained for a period of one year after the payment operation:

  1. Type of payment used;
  2. Payment reference;
  3. Amount;
  4. Date and time of the transaction.

 

This is necessary in order to comply with the legal obligations to which Homewhere Ltd is subject (Art. 6 (1) (c) of the GDPR).

Personal data are required to fulfill our legal obligations when you are a member of our Platform. In case you do not provide us with this personal data, we will not be able to comply with legal requirements.

We will store the data collected and used for this purpose for a one-year period as described above.

To comply with the French Law for the Digital Republic (where you use .fr Platform)

In order to display you a relevant version of our Platform which is designed to comply with the French Law for a Digital Republic – we collect your location data (country) based on your IP address to determine if you are physically in France.

This is necessary in order to comply with the legal obligations to which Homewhere Ltd is subject (Art. 6 (1) (c) of the GDPR).

Personal data are required to fulfill our legal obligations when you are a member of our Platform. In case you do not provide us with this personal data, we will not be able to comply with legal requirements.

Homewhere Ltd collects and uses your personal data for this purpose for as long as we keep your Homewhere Ltd account – for 3 months from the date of deletion of your Homewhere Ltd account or for 5 years and 3 months of inactivity on your account.

To defend the rights and interests of Homewhere Ltd

If you get involved in a dispute with Homewhere Ltd or we need to carry out enforcement of our GENERAL TERMS AND CONDITIONS or otherwise defend, enforce, exercise, and uphold our rights, we will collect and use all of your personal data held by Homewhere Ltd to the extent necessary to resolve a particular situation. 

We base such collection and use on a legitimate interest to defend the rights and interests of Homewhere Ltd (Art. 6 (1) (f) of the GDPR).

Personal data collected and used for this purpose are kept for 1 year following the moment we became aware of the aforementioned circumstances or for the duration of a dispute or legal proceedings, depending on which one of these periods is longer

Recipients of personal data

 

Homewhere Ltd transfers or shares personal data with service providers only insofar as necessary and allowed in accordance with applicable laws. Service providers to which your personal data are transferred or shared with for specific purposes are described herein. In addition, we appoint the following service providers that, as a result, receive personal data as recipients of data.

We may conduct and improve technical maintenance of the Platform to protect the security and confidentiality of personal data we process and to perform certain business-related functions that help make our services available and functional. For this reason, we may transfer your profile data to service providers which provide cloud and hosting services, IT security, maintenance and technical services, communications services:

  1. Microsoft Ireland Operations Limited (Ireland), Microsoft Corporation (USA) (personal data is protected by the service provider entering into the EU Standard Contractual Clausesfor the

 

transfer of personal data to attorneys, attorney’s assistants, notaries, bailiffs, auditors, consultants, IT service providers, insurance companies, archiving services that provide services to Homewhere Ltd.

Additionally, we share data within the Homewhere Ltd group.

Homewhere Ltd is statutorily obligated to provide personal and/or usage data to investigative, criminal prosecution or supervisory authorities if and insofar as required for the avoidance of risk to the public and for the prosecution of criminal acts.

Homewhere Ltd may share your data with third parties when transferring rights and obligations pertaining to the contractual relationship between you and Homewhere Ltd to such third parties in accordance with the GENERAL TERMS AND CONDITIONS (available via the link https://www.Homewhere Ltd.co.uk/terms_and_conditions), in particular in the case of the transfer of a sector of activity, a merger through the foundation of a new company, a merger through absorption, de-merger or any change in control affecting Homewhere Ltd. Prior to such an event Homewhere Ltd will inform you separately about the details of sharing your data and will obtain your consent where legally necessary.

 Use of cookies

 

Homewhere Ltd uses cookies on the Platform. You can find out more by visiting our Cookie Policy.

 Right of amendment

 

As we are constantly developing our services, we reserve the right to change this Privacy Policy at any time subject to the applicable regulations. Any changes will be published promptly on this page. Regardless of the aforementioned, you should check this page regularly for any updates.

 Your statutory rights regarding your data

 

What rights do you have?

 

Subject to conditions, limitations, and exceptions established by statutory data protection provisions, you have the right at any time:

  • to be informed of the data we collect and use and to request access or demand a copy of the data concerned (right to access). All the data that you have actively provided for us on the Platform can also be accessed by you at any time in your Homewhere Ltd account;
  • to demand the correction of inaccurate data and, subject to the nature of the collection and use, the completion of incomplete data (right to rectification). All the data that you have actively provided us with on the Platform can also be amended by you yourself at any time in your Homewhere Ltd account (except sent messages and any forum posts or reviews); 
  • subject to just cause, to demand the deletion of your data (right to deletion);
  • to demand restriction of the collection and use of your data, provided the statutory criteria are met (right to restrict processing);
  • subject to the statutory criteria being met, to receive the data you have provided in a structured, current, and machine-readable form and to transfer this data to another data controller or, where technically feasible, to have it transferred by Homewhere Ltd (right to data portability);
  • not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects on you, unless the statutory conditions for such automated decision-making are met;
  • to object to the collection and use of data – only where the collection and use is based on a task carried out in the public interest or in the exercise of official authority vested (Art. 6 (1)(e) of GDPR) or legitimate interest (Art. 6 (1)(f) of GDPR), including profiling, based on the same data collection and use grounds as explained in other sections of this statement (right to object). You also have the right to at any time object to the collection of your personal data for direct marketing purposes;
  • to withdraw at any time any permission you have provided to us. Such withdrawal will not affect the lawfulness of the collection and use carried out prior to withdrawal and based on the permission granted. You can withdraw your permission for the sending of our newsletter by adjusting your Homewhere Ltd account settings to block the sending of any further Marketing Emails. Alternatively, you can click “Unregister” at the end of the Marketing Email;
  • not to receive discriminatory treatment while exercising your rights.

To exercise any of the rights specified in this section, you can contact Homewhere Ltd and submit your request using the contact details . Regardless of any other legal remedy, you also have the right at any time to submit a complaint to the supervisory authorities.

 

What is My Right to Know about my personal data collected, disclosed, or transferred?

 

You have the right to request that we disclose certain information to you about our collection and use of your personal data. Once we receive and verify your request we will disclose to you, depending on the nature of your request, personal data we collected about you, the categories of sources for the data we have collected about you, our business or commercial purposes for collecting or sharing that personal information, the categories of third parties with whom we share that personal information, and the specific pieces of personal information we collected about you. As explained above, we may have disclosed personal data to third parties for a business or commercial purpose. Thus, you have the right to know also personal data that we disclosed about you and the categories of third parties to whom the personal data was disclosed.

 What is my Right to Request Deletion of my personal data?

 

You have a right to request the deletion of your personal data collected and maintained by us in case the information is not used in compliance with applicable laws. Once we receive and verify your request, we will delete (and direct our service providers to delete) your personal data from our records, unless applicable laws do not provide for the deletion of the data in a particular case (for instance, retaining the data is necessary for us or our service provider(s) to complete the transaction for which we collected the personal data, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you, detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities, comply with a legal obligation, make other internal and lawful uses of that data that are compatible with the context in which you provided it).

 

What is my Right to Opt-Out of sharing my personal data with ad partners?

 

We provide Usage Data to advertising partners, which enables us to provide you with interest-based advertising. For more information on interest-based advertising, please see our Cookie Policy. You have a right to direct us to stop sharing your personal data with our ad partners, and to refrain from doing so in the future. If you wish to do so, please adjust the settings accordingly by going to our Cookie Policy.

 

How will you verify my request?

 

Your request must provide sufficient information that allows us to reasonably verify you are the person or an authorized representative of a person whose personal data we have collected (name, surname, your public profile URL, your e-mail, other information we may request for verification purposes), describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it, provide a confirmation under a penalty that you are the individual whose personal data is the subject of the request. If your request is submitted by an authorized agent, a written permission and information that verifies the identity of the agent must be enclosed with the request. We cannot provide you with the information or exercise your other right if we cannot verify your identity or authority to make the request and confirm the information relating to you. In order to verify your identity, we may request you to provide additional information about yourself. We will only use this information and information provided in the request to verify your identity or authority to make the request.

 Can I Use an Authorized Agent?

 

Sure. You may use an authorized agent to submit a request to opt-out on your behalf if you provide us with the authorized agent written permission to do so. If this is the case, please provide us with a copy of the said permission as instructed under the section ‘How Do I Submit a Request?’ above. We may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf. 

Our contact details

 

If you have any queries regarding the collection and use of your data as part of your use of the Platform, or regarding your rights, please contact our data protection officer at info@homewhere.online

 

Homewhere Ltd data protection officer

11 Pierrepont Street

Bath

Somerset

BA1 1LA

.