Effective Date: 17 December 2025
Contact: team@aifreelance.space
This Privacy Policy explains how [Marketplace Operator] (“Company,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal data when you access or use the online marketplace platform, website, applications, and related services (collectively, the “Platform”).
This Privacy Policy applies to all Users, including Buyers and Sellers, and should be read together with our Terms of Use and Cookies Policy.
1. ROLE OF THE COMPANY (MARKETPLACE ONLY)
The Company operates solely as a technology service provider and marketplace operator.
- We are not a seller, buyer, employer, agent, or partner of any User.
- Transactions occur directly between Buyers and Sellers.
- Sellers act as independent data controllers with respect to their own customers and content.
2. DEFINITIONS
- “Personal Data” means any information relating to an identified or identifiable natural person, as defined by the GDPR.
- “PSI (Personal and Sensitive Information)” refers to personal data requiring heightened protection, including financial data, authentication data, and identifiers.
- “Processing” has the meaning given in Article 4 GDPR.
- “Data Controller” and “Data Processor” have the meanings given in the GDPR.
3. LEGAL FRAMEWORK AND COMPLIANCE
This Privacy Policy is designed to comply with, where applicable:
- EU General Data Protection Regulation (GDPR)
- UK GDPR
- PSD2 and Strong Customer Authentication (SCA)
- PCI DSS (Payment Card Industry Data Security Standard)
- Applicable data protection and privacy laws in other jurisdictions
4. PERSONAL DATA WE COLLECT
4.1 Data You Provide Directly
- Name, email address, username
- Account credentials (hashed and secured)
- Billing and invoicing information
- Communications and support requests
- Seller profile and listing information
4.2 Transaction and Payment Data
- Transaction IDs and payment status
- Limited payment metadata
Important:
We do not store or process full payment card details. Payment data is handled exclusively by PCI DSS–compliant third-party payment processors.
4.3 Automatically Collected Data
- IP address
- Device and browser information
- Log files and usage analytics
- Cookies and similar technologies (see Cookies Policy)
5. PURPOSES OF PROCESSING
We process personal data for the following purposes:
- Operating and maintaining the Platform
- Account creation and authentication
- Facilitating transactions between Buyers and Sellers
- Fraud prevention and security monitoring
- Compliance with legal and regulatory obligations
- Customer support and communications
- Improving Platform performance and usability
6. LEGAL BASES FOR PROCESSING (GDPR)
We process personal data under the following legal bases:
- Contractual necessity (Article 6(1)(b))
- Legal obligation (Article 6(1)(c))
- Legitimate interests (Article 6(1)(f)), such as platform security
- Consent (Article 6(1)(a)), where required
7. STRONG CUSTOMER AUTHENTICATION (SCA / PSD2)
Where payment services subject to PSD2 apply:
- We rely on SCA-compliant payment providers
- Multi-factor authentication may be required for certain transactions
- Authentication data is handled securely and never stored in plaintext
The Company does not independently perform payment authorization.
8. PCI DSS COMPLIANCE
- All payment processing is handled by PCI DSS-certified third-party providers
- The Company does not store, transmit, or process full cardholder data
- Access to payment-related systems is restricted and logged
9. PSI (PERSONAL AND SENSITIVE INFORMATION) PROTECTION
We apply enhanced safeguards to PSI, including:
- Encryption in transit and at rest
- Access controls and role-based permissions
- Monitoring and logging of access
- Data minimization and retention limits
10. DATA SHARING AND DISCLOSURE
We may share personal data with:
- Payment processors
- Hosting, infrastructure, and security providers
- Analytics and monitoring providers
- Authorities where legally required
We do not sell personal data.
11. SELLERS AS INDEPENDENT CONTROLLERS
Sellers may independently collect and process Buyer personal data in connection with their products or services.
The Company:
- Is not responsible for Seller privacy practices
- Does not control Seller data processing
- Recommends Buyers review Seller privacy disclosures
12. INTERNATIONAL DATA TRANSFERS
Where personal data is transferred outside the EEA or UK, we ensure appropriate safeguards, including:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions
- Equivalent legal mechanisms
13. DATA RETENTION
We retain personal data only for as long as necessary to:
- Fulfill contractual obligations
- Comply with legal requirements
- Resolve disputes
- Enforce agreements
Data is securely deleted or anonymized thereafter.
14. DATA SUBJECT RIGHTS (GDPR)
You have the right to:
- Access your personal data
- Rectify inaccurate data
- Request erasure (“right to be forgotten”)
- Restrict or object to processing
- Data portability
- Withdraw consent at any time
- Lodge a complaint with a supervisory authority
Requests may be submitted to: team@aifreelance.space
15. SECURITY MEASURES
We implement technical and organizational measures, including:
- Encryption
- Secure authentication
- Network monitoring
- Incident response procedures
However, no system is completely secure, and we cannot guarantee absolute security.
16. DATA BREACH NOTIFICATION
In the event of a personal data breach:
- We will notify relevant authorities as required by law
- Affected Users will be informed where legally required
17. CHILDREN’S DATA
The Platform is not intended for individuals under 18 years of age. We do not knowingly collect data from minors.
18. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy periodically. Material changes will be communicated via the Platform.
Continued use of the Platform constitutes acceptance of the updated Privacy Policy.
19. CONTACT INFORMATION
For privacy-related inquiries or requests:Email: team@aifreelance.space
