Back to Home

Privacy Policy

Last updated: March 2026

BuildwiseGS is a B2B construction marketplace connecting contractors and tradesmen in Gibraltar and the Andalusia region of Spain. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights as a data subject.

1. Data Controller

The data controller for personal data processed through this platform is BuildwiseGS. For all data enquiries, contact us at the address in Section 10.

2. Data We Collect

Authentication data: When you log in via Auth0, we receive your email address and name from your identity provider (Google or email/password).
Profile data: Contractors provide: business name, trade categories, city, country, mobile number, email address, and optionally a street address, postal code, website URL, logo image, and opening hours. Tradesmen provide equivalent professional details plus availability status.
Vacancy applications: When a tradesman applies to a vacancy, we collect their full name, email address, mobile number, a CV document (uploaded to Cloudinary), and a cover message. This information is forwarded to the advertising contractor by email.
Payment data: Premium subscriptions are processed by Stripe, Inc. We never store card numbers or payment credentials on our servers. Stripe stores and processes payment data under its own Privacy Policy (stripe.com/privacy).
Technical data: We store an authentication session cookie (set by Auth0) to keep you logged in, a locale cookie to remember your language preference, and standard server logs (IP address, browser type, timestamps) for security and debugging.

3. How We Use Your Data

We use your personal data to: (a) create and maintain your account and professional profile; (b) display your profile to potential clients and contractors on the platform; (c) send transactional emails including registration confirmations and vacancy application notifications; (d) process and manage premium subscription payments via Stripe; (e) respond to your support enquiries; (f) maintain platform security and prevent fraud; and (g) comply with applicable legal and regulatory obligations.

4. Legal Basis for Processing

  • •Contract performance (Art. 6(1)(b) GDPR): processing of registration and profile data is necessary to provide the service you have requested when creating an account.
  • •Legitimate interests (Art. 6(1)(f) GDPR): server logs, session management, and security monitoring to protect the platform and its users.
  • •Consent (Art. 6(1)(a) GDPR): optional data such as a profile logo or portfolio items that you choose to upload.
  • •For users in Gibraltar, processing is also governed by the Gibraltar Data Protection Act 2004 (as amended), which applies standards equivalent to the EU Data Protection Directive.

5. Third-Party Service Providers

We share personal data only with the processors listed below, and solely to operate the platform. All processors are contractually bound to process data only on our instructions and to maintain appropriate security.

  • •Auth0 by Okta — authentication and identity management (auth0.com/privacy)
  • •MongoDB Atlas (MongoDB, Inc.) — encrypted cloud database hosting
  • •Stripe, Inc. — payment processing and billing (stripe.com/privacy)
  • •Cloudinary Ltd — storage of profile images and CV documents
  • •Resend — transactional email delivery
  • •Vercel, Inc. — web hosting, CDN, and infrastructure

6. Data Retention

We retain your profile and account data for as long as your account is active. If you request deletion of your account, we will erase your personal data within 30 days, except where retention is required by law. Financial records related to Stripe payments may be retained for up to 7 years in accordance with accounting and tax regulations. Vacancy application data is retained until the related vacancy is closed or the applicant's account is deleted, whichever comes first.

7. Your Rights

Under GDPR and applicable Gibraltar law, you have the following rights regarding your personal data:

  • •Right of access (Art. 15) — request a copy of the personal data we hold about you.
  • •Right to rectification (Art. 16) — request correction of inaccurate or incomplete data.
  • •Right to erasure (Art. 17) — request deletion of your data, subject to legal retention requirements.
  • •Right to restriction (Art. 18) — request that we limit processing of your data in certain circumstances.
  • •Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
  • •Right to object (Art. 21) — object to processing based on legitimate interests.
  • •Right to complain — lodge a complaint with the relevant supervisory authority:

Gibraltar: Gibraltar Regulatory Authority (GRA) — gra.gi

Spain / EU: Agencia Española de Protección de Datos (AEPD) — aepd.es

To exercise any of these rights, contact us at the details in Section 10. We will respond within 30 days.

8. Cookies and Local Storage

We use the following cookies: (1) A session cookie set by Auth0, strictly necessary to maintain your authenticated login — this cannot be disabled while you are logged in. (2) A locale cookie to store your language preference (English or Spanish). We do not use advertising cookies, tracking pixels, or third-party analytics cookies. No consent banner is required for strictly necessary cookies under applicable law.

9. Changes to This Policy

We may update this Privacy Policy from time to time as the platform evolves or legal requirements change. The 'Last updated' date at the top of this page indicates when it was last revised. We will notify registered users of any material changes by email at least 14 days before they take effect.

10. Contact Us

For questions, data access requests, correction or deletion requests, or complaints about our data practices, please contact our team:

support@buildwisegs.com

You can also use the Contact Support button on the home page. We aim to respond to all data-related enquiries within 5 business days.

Privacy Policy — BuildwiseGS