GDPR Privacy Policy

The data controller for personal data is:

**gibgib.ch**
Address: [To be completed]
Email: privacy@gibgib.ch
Phone: [To be completed]

For any questions regarding this privacy policy or your rights, you can contact us at the email address above.

We collect the following personal data:

**During registration:**
• Username
• Email address
• Password (encrypted)
• City and country of residence
• Profile picture (optional)

**When using the service:**
• Published items (descriptions, photos)
• Messages exchanged via messaging
• History of reservations and exchanges
• Connection data (IP address, browser)
• Technical cookies necessary for operation

**Geolocation data:**
• City and country to facilitate local exchanges
• No precise geolocation is collected

Your personal data is processed for the following purposes:

**User account management:**
• Creation and management of your profile
• Authentication and security
• Communication with you

**Marketplace operation:**
• Publication and management of items
• Facilitating exchanges between users
• Integrated messaging system
• Reservation management

**Service improvement:**
• Anonymized statistical analysis
• User experience improvement
• Development of new features

**Legal obligations:**
• Compliance with legal obligations
• Fraud prevention
• Platform security

The processing of your personal data is based on the following legal bases:

**Performance of a contract (Art. 6.1.b GDPR):**
• Provision of marketplace services
• Management of your user account
• Facilitation of exchanges

**Legitimate interest (Art. 6.1.f GDPR):**
• Improvement of our services
• Platform security
• Fraud prevention

**Consent (Art. 6.1.a GDPR):**
• Non-essential cookies
• Marketing communications (if accepted)
• Precise geolocation (if enabled)

**Legal obligation (Art. 6.1.c GDPR):**
• Retention of certain data for accounting obligations
• Cooperation with authorities if required

We retain your personal data for the following periods:

**Active account data:**
• As long as your account is active
• 3 years after last login

**Item and exchange data:**
• 5 years after the end of the exchange
• For traceability and dispute resolution reasons

**Messages and communications:**
• 2 years after sending
• Automatic deletion of old conversations

**Connection data:**
• 12 months maximum
• For security and fraud prevention

**Accounting data:**
• 10 years in accordance with Swiss legal obligations

**Automatic deletion:**
We perform regular automatic deletions of expired data.

In accordance with GDPR, you have the following rights:

**Right of access (Art. 15):**
• Obtain a copy of your personal data
• Know the purposes of processing
• Know how long your data is retained

**Right to rectification (Art. 16):**
• Correct inaccurate data
• Complete incomplete data
• Automatic update via your profile

**Right to erasure (Art. 17):**
• Deletion of your data in certain cases
• Automatic deletion of your account
• Right to digital oblivion

**Right to restriction (Art. 18):**
• Limit the processing of your data
• Temporary suspension of processing

**Right to portability (Art. 20):**
• Retrieve your data in a structured format
• Transfer your data to another service

**Right to object (Art. 21):**
• Object to processing for legitimate reasons
• Object to direct marketing

**How to exercise your rights:**
Contact us at privacy@gibgib.ch with proof of identity.

We implement appropriate technical and organizational measures to protect your data:

**Technical measures:**
• SSL/TLS encryption for all communications
• Password encryption with bcrypt
• Secure servers with firewalls
• Regular encrypted backups
• Continuous access monitoring

**Organizational measures:**
• Limited data access on a need-to-know basis
• Staff training on data protection
• Incident management procedures
• Regular security audits

**Hosting:**
• Servers located in Switzerland or the EU
• Compliance with European security standards
• GDPR-compliant subprocessing contracts

**In case of breach:**
We will inform you within 72 hours in case of a data breach concerning you.

**Data Protection Officer:**
Email: privacy@gibgib.ch
Response within 30 days maximum

**To exercise your rights:**
• Send an email to privacy@gibgib.ch
• Attach a copy of your identity document
• Clearly specify your request
• We will respond within legal deadlines

**Right to complaint:**
If you believe your rights are not being respected, you can file a complaint with:

**Federal Data Protection and Information Commissioner (FDPIC)**
Feldeggweg 1
3003 Bern
Switzerland
Tel.: +41 58 462 43 95
Email: contact@edoeb.admin.ch
Website: www.edoeb.admin.ch

**European supervisory authority:**
If you reside in the EU, you can also contact the data protection authority of your country.