Privacy Notice

Effective date: February 1, 2025

This document describes the rules and processes according to which BiBiAuto collects and processes the personal data of any natural person using the BiBiAuto mobile applications, and any services offered by BiBiAuto.

In order to provide our services to customers, we must collect, use, transfer, store, and otherwise process personal data in accordance with the applicable data protection legal framework, which mainly includes the EU GDPR and any other data protection laws and regulations that may apply to our customers and BiBiAuto as a Platform operator targeting the EU market. 

All capitalized terms used in this Notice, not defined herein have the meanings outlined in the BiBiAuto Terms of Services, and General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 with amendments and updates).

Please read this Privacy Notice and our Terms of Services carefully before using the Platform or any of our Services (as defined below). 

If you have any questions or concerns about processing your Personal Data feel free to contact us at [email protected].

1. General Definitions.

• BiBiAuto, We shall mean the BiBiAuto Platform operator, the company AMD DEVELOPER COMPANY LIMITED registered under the laws of Ireland, entity number 771938, registered address 77 Camden Street, Lower Dublin, Dublin, Dublin, D02 Xe80, Ireland.
• Controller shall mean any person who alone or jointly with others, determines the purposes and means of Processing Personal Data. Depending on the applicable Service, the Controller of the Customer’s Personal Data is AMD DEVELOPER COMPANY LIMITED, entity number 771938, reg. address 77 Camden Street, Lower Dublin, Dublin, Dublin, D02 Xe80, Ireland.
• Customer, you shall mean any natural person who accesses and/or uses the Platform, and/or any other Services provided by us.
• Data you share on the Platform, Customer-generated data shall mean any information you upload and publish on the Platform when searching or publishing information about a vehicle, including but not limited to type, make, model, price, first registration, mileage, performance, vehicle condition, vehicle identification number (VIN), photos and comparable data, etc.
• GDPR shall mean the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
• Personal Data shall have a meaning ascribed in Article 4(1) of the GDPR. In simple words, that shall be any informational identifier, such as a name, an identification number, location data, email, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person, that can identify that natural person.
• Platform shall mean the BiBiAuto Mobile Applications, available on AppStore and Google Play. The Platform is a marketplace where customers looking to sell or rent or, respectively, buy or lease a vehicle can list an announcement, get each other’s contacts, and negotiate a deal.  
• Processor shall mean the person who Processes Personal Data on behalf of the Controller. Depending on the type of processing, that may be AMD DEVELOPER COMPANY LIMITED, entity number 771938, reg. address 77 Camden Street, Lower Dublin, Dublin, Dublin, D02 Xe80, Ireland, or the third-party service provider, who we engage for that purpose, for example, data storage providers. 
• Processing shall mean any operation or set of operations that is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, etc.
• Services shall mean any and all services offered by BiBiAuto or our external providers via the Platform.

2. Legal Disclaimer.

Before initiating any interaction or any transaction with another Customer from our Platform, please be aware that we do not collect any identification or address documents and do not verify our Customers by ID or other identification, nor do we verify our Customers’ addresses, inspect vehicles posted on our Platform, or verify the accuracy of any vehicle information in the listings.

Therefore, by using this Platform, you acknowledge and agree that you are solely responsible for making identification of your counterpaty and ensuring the legality of any transaction or interaction with other Customers and for inspecting vehicles prior to any transaction.

All transactions, agreements, and communications between Customers are conducted at their discretion and risk. It is the sole responsibility of a Customer to verify the accuracy and authenticity of any information, documentation, or images related to a vehicle before making any payments or entering into a transaction.

BiBiAuto is not responsible for any form of fraud, misrepresentation, false information, fake images or other inaccuracies stated in advertisements. In addition, we do not mediate or resolve disputes between customers. By using our platform, you agree to indemnify and hold BiBiAuto harmless from any claims, expenses, or losses arising from such issues.

If you suspect fraudulent activity, we recommend reporting it to the appropriate authorities immediately.

3. Personal Data that is being collected.

We collect your Personal Data when you access the Platform, utilize the available Services, or contact us through the Platform, social media, email, or other communication channels. BiBiAuto may gather your Personal Data from various sources, as described below.

Source	Details
Direct interaction	We collect the Personal Data you provide to us when reaching the Platform, filling in any forms, registering or logging in via Apple or Google profile, sending us emails, contacting support, or otherwise interacting with us.
Indirect interaction	We may collect Personal Data you have previously posted on publicly available sources, such as other websites and social media, or provided by third parties.
Automated Means	By using cookies and other similar technologies, we may automatically collect certain Personal Data about your session, and use of the Platform, such as IP address, device data, browser details, information about your visit, as well as other relevant technical information.

• 
  

4. Categories of Personal Data.
    

Identity Data	This includes your full name, email, telephone number, or any other means of communication that you provide during the registration process or submitting your listing on the Platform.
Profile Data	Customer’s Apple or Google profile data, such as name, e-mail address, language preference, and profile picture.
Data you share on the Platform	Except for the information about a vehicle, such as a type, make, model, price, first registration, mileage, performance, vehicle condition, vehicle identification number (VIN), photos, location or address of the vehicle, and any other comparable data, you may publish on the platform in an announcement or photos, for example, your image on the photo.
Financial data, transaction, and payment data	WE NEVER ASK FOR, NOR COLLECT, NOR STORE any of your financial data, transaction, and payment data, including any details and numbers of your payment card, bank or payment account, associated addresses, the payment method you opt, your bank card’s PIN, CVV, or other codes. Any payments or transactions you perform with Apple Store or Google Play, or any payments or transactions you provide to or accept from other Customers regarding renting or purchasing vehicles published on the Platform are being rendered between you and that third-party Customer directly, without any involvement or participation of BiBiAuto.  Please do not share any financial, transaction, or payment data with us, as we do not allow nor provide any payments or financial transactions within the Platform.  Please do not share any financial, transaction, or payment data with any third-party Customer or service provider before you have verified them by yourself.  Any financial, transaction, and payment data you transmit to other Customers or any third parties is at your own risk. Please carefully assess the risks and possible negative consequences, including possible fraud, deception, or scam before sharing your data. We do not verify the identity of any Customer, nor guarantee that the information, including photos of the vehicle or its state, contained in the listing is real, correct, and up-to-date. Please do your own research before making any transactions with another third party from the Platform, including identity verification and vehicle inspection.
User Data and Communications	Your requests, claims, and records of other activities and interactions with us.
Technical data	The device you log in from, IP address, geographical location, and other data we receive by using automatic means.

5. Purposes of Processing of Personal Data and Legal Basis

We are relying on the following legal grounds when Processing Customer’s Personal Data:

• Processing is necessary for the performance or entry into a contract between Customer and BiBiAuto (GDPR Article 6 (1) (b)) whose Terms and Conditions are available to the Customer during the registration process. To carry out this requested relationship, the interested party is obliged to provide their data;
• Processing is necessary for compliance with a legal obligation to which BiBiAuto is subject (GDPR Article 6 (1) (c)). BiBiAuto may Process Personal Data for Compliance Purposes under legal obligations to which BiBiAuto may be the subject;
• Processing is necessary for the purposes of the legitimate interests pursued by BiBiAuto (GDPR Article 6 (1) (f)). BiBiAuto is Processing Personal Data for Analytical or Personalization Purposes under legitimate interest;
• Subject that a Customer has granted his or her consent to the Processing of his Personal Data (GDPR Article 6 (1) (a)), BiBiAuto shall Process Personal Data for Marketing Purposes under the Customer’s consent.

Purpose	Category of Personal Data	Legal Basis
Identification	Identity Data	Performance of contractual obligations;Legitimate interest in preventing and identifying unauthorized access, preventing fraud, and minimizing potential harm.Compliance with legal obligations.
Service rendering	Identity Data,User and Communications Data, and Technical Data.	Performance of contractual obligations.
Collaboration with data protection authorities and law enforcement agencies.	Identity Data,User and Communications Data, and Technical Data.	Compliance with legal obligations.
User management	Identity Data, andUser and Communications Data.	Performance of contractual obligations;Compliance with legal obligations;Legitimate interest in User management.
Marketing	User and Communications Data, andTechnical Data.	User’s consent;Performance of contractual obligations;Legitimate interest in offering products and services.
Enabling the use of services provided by third-party providers	Identity Data,User and Communications Data, and Technical Data.	Performance of contractual obligations;Compliance with legal obligations.

6. Your Rights.

1. Information and Access. You can request us to provide you with a confirmation that your Personal Data is processed, get information about such Processing, and ask us to provide you with a copy of that information in a structured format.
2. Rectification. We are doing our best to hold only accurate and up-to-date information about you. However, if the Personal Data we hold about you is incomplete or inaccurate, you may request us to update or rectify your Personal Data.
3. Retention and Erasure. We are not processing your Personal Data longer than needed. You can, nevertheless, ask us ​​to erase your Personal Data. This right may be limited subject to requirements of the applicable law.
4. Objection. You have a right to object to the processing of your Personal Data and request us to stop the processing of your Personal Data if we are processing your Personal Data for direct marketing or research purposes or without any corresponding legal grounds for such processing. 
5. Processing restrictions. In certain circumstances, such as when you contest the accuracy or object to the processing of your Personal Data, you can ask us to restrict, block, or suppress the processing of your Personal Data. If your request is approved, we will stop the processing of your Personal Data but will continue to store it. 
6. Data portability. You may ask us to provide you with your Personal Data, which you have provided to us in a structured, commonly used, and machine-readable format, or, when possible, that we communicate your Personal Data on your behalf directly to another data controller.
7. Consent withdrawal. When the processing of your Personal Data is based on your consent, you are entitled to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of your Personal Data processing when such is based on other legal grounds.
8. Automated decision-making and profiling. Sometimes we rely on automated processes. You have the right not to be subject to a decision based solely on the automated processing of your Personal Data, including profiling, which produces legal or similarly significant effects on you. In general, by making decisions, we do not rely solely on automatic tools. However, if we made a decision about you based solely on an automated process, you may contest such a decision and require human intervention. 
9. Right to complain. Your privacy rights are of utmost priority to us and we are always happy to solve any issues and concerns related to the processing of your Personal Data. Thus, in case of any questions, please reach us by email at [email protected] so we can solve any issue promptly and efficiently. However, if you are not satisfied with our response to your complaint, you have the right to submit a complaint to the data protection authority in your country of habitual residence.
10. Right to opt out of marketing communications. To ensure you are always up-to-date with our Services, sometimes we’d like to share with you our latest news. In such a case, we will contact you by electronic means for marketing purposes only if you have consented to such communication and based on your marketing preferences. However, if you have changed your mind, you may raise objections about initial or further processing for purposes of direct marketing at any time. 

If you would like to exercise any of those rights, please contact us at [email protected], and after your identification, which may include proof of your identity and address we will satisfy your request as provided in this Notice and applicable privacy laws.

According to Article 12(3) of GDPR, BiBiAuto is obligated to respond to the request within 1 month. However, we will make our best efforts to respond to the Customer’s data processing request ASAP.

7. Where We Process Your Personal Data.

Our operations are backed by a network of servers, computers, and other information technology infrastructure. The processing of Personal Data described in this Privacy Notice takes place mostly in Ireland and Spain and is not intended to be sent outside the European Economic Area. 

However, we may transfer the Customer’s Personal Data to a third country for Processing purposes, for example, the USA, in which case BiBiAuto shall ensure that the recipient of the Personal Data has adopted standard data protection clauses adopted by a control authority and approved by the Commission, or has adopted codes of conduct, together with binding and enforceable commitments from the controller or processor in the third country to apply adequate guarantees, including those relating to the rights of the interested persons, or certification mechanisms, together with binding and enforceable commitments of the person in charge or the person in charge of the treatment in the third country to apply adequate guarantees, including those relating to the rights of the interested persons.

When transferring collected Personal Data outside of the EEA, BiBiAuto shall ensure the application of the appropriate safeguards. If the Customer wishes to receive a copy, please contact us as instructed below.

8. How We Protect Your Personal Data.

We are fully committed to safeguarding the security of your Personal Data. We have implemented a comprehensive set of physical, technical, and organizational measures to protect your data. These measures are designed to prevent unauthorized access, ensure the integrity and confidentiality of your Personal Data, and ensure that it is not misused, altered, or disclosed without proper authorization.

All Personal Data processed on the Platform is securely stored on servers that are protected by strict access controls, both physical and electronic. These measures include advanced encryption, secure authentication protocols, and restricted access to authorized personnel only. Additionally, we continuously monitor and update our systems to protect against evolving security threats.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to the Platform, therefore any transmission remains at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorized access.

9. Transferring and Disclosing Your Personal Data.

Any Personal Data you provide is treated as confidential and will not be disclosed to the general public. To provide you with our Services and improve them, perform contractual obligations, meet security standards, and fulfill certain legal obligations, sometimes we may have to share your Personal Data with the following third parties:

Third-Party category	Reason for sharing
Affiliates and subsidiaries	We may share your Personal Data with our affiliates and subsidiaries in cases where such forwarding is needed to provide you with our Services and perform corresponding contractual obligations.
Partners and External Providers	We may share your Personal Data with professional advisors, financial, security, accounting, infrastructural, and other business Partners and External Providers to provide you with our Services and pursue our legitimate interest in preventing illegal activities, ensuring security, and maintaining regulatory compliance.
Legal authorities	We may have to forward your Personal Data to law enforcement agencies, regulatory agencies, and other legal authorities to the extent we are obliged to do so according to the law.
Marketing and advertising partners	We may share your Personal Data with marketing and advertising partners to improve our Services and provide you with customized advertising content.

10. Aggregated Data.

We may use anonymized and/or aggregate data collected through your use of the Services and the Platform for statistical purposes, for improvement of the Services, to conduct research or any other lawful purpose. Aggregate Data is not considered personal data.

11. Retention and Deletion of Your Personal.

We will take reasonable steps to ensure that the Personal Data we Process is reliable for its intended use, accurate, and complete as necessary to carry out the purposes described herein. We will retain Personal Data for the period required or permitted by applicable law, but no longer than it is reasonably necessary to achieve the purposes for which the Personal Data was collected, as long as we have an obligation to the Customer to provide the Services, or as long as necessary to fulfill the purpose for which was initially collected and thereafter until we delete the Customer’s account under our Customer Terms and Conditions. We will retain and use your Personal Data to the extent necessary to comply with any legal/accounting/reporting obligation.

Your personal information will be deleted on one of the following occurrences:

1. Expiration of processing term; or
2. Deletion of your personal information by you (or by another person engaged by the Customer) where applicable; or
3. Receipt of a written request from you (or another person engaged by the Customer) to [email protected] to delete your Personal Data.

12. Children’s Personal Data.

Our Services are not designated for children. We do not knowingly collect or solicit Personal Data from people under the age of 18; if you are a child please do not attempt to register or otherwise use the Services or send us any Personal Data. If we learn that we have collected Personal Data from a child, we will delete that information as soon as possible. If you believe that a child has provided us with Personal Data, please contact us at [email protected].

13. Cookies Policy.

Cookies are small text files that are placed on your digital device when you visit our Platform. Such text files store information about your visit and help our Platform recognize your digital device and also remember your preferences. 

We use cookies and other similar technologies, like web beacons, for different analytical, marketing, advertising, and technical purposes. This helps us simplify your navigation on the website, remember your preferences, provide you with relevant information, and analyze how you interact with our Services to improve your general browsing experience.

Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on your device when you go offline, while Session Cookies are deleted as soon as you close your application.

We use both session and persistent Cookies for the purposes set out below:

• Necessary / Essential Cookies
  Type: Session Cookies
  Administered by: Us
  Purpose: These Cookies are essential to provide you with services available through the Platform and to enable you to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that you have asked for cannot be provided, and we only use these Cookies to provide you with those services.
• Functionality Cookies
  Type: Persistent Cookies
  Administered by: Us
  Purpose: These Cookies allow us to remember choices you make when you use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide you with a more personal experience and to avoid having to re-enter your preferences every time you use the Website.

If you do not accept Our Cookies, you may experience some inconvenience in your use of the Platform and some features may not function properly.

If you wish to get more detailed information on cookies, please visit www.aboutcookies.org.

14. Commercial Communication.

If a Customer receives commercial emails from us, he may unsubscribe at any time by following the instructions contained within the email or by sending an email to [email protected].

The Customer has to be aware that if he opts out of receiving commercial emails from us or otherwise modifies the nature or frequency of promotional communications he receives from us, it may take up to ten (10) business days for us to process the request. Additionally, even after he/she opts out of receiving commercial messages from us, he/she will continue to receive administrative messages from us regarding the Service.

15. Contact information.

You may contact BiBiAuto to exercise your rights, ask any question, or withdraw your consent, as well as relating to any issue of processing of your Personal Data, or file a complaint related to the processing of your Personal Data at [email protected].

16. Amendments and Modifications.

BiBiAuto is entitled to unilaterally amend this Notice from time to time. Any changes we may make to our Notice in the future will be notified and made available to you using the Platform. In case the new terms refer to Processing of Customer’s Personal Data for any new purpose, which requires Customer’s consent, then BiBiAuto will not Process Personal Data for such new purpose, before it has received respective consent. Your continued use of the Services and the Platform shall be deemed your acceptance of the varied Privacy Notice.

17. Contact Information.

Should the Customers have any questions regarding this Notice or want to exercise their rights, they are welcome to contact BiBiAuto with requests, inquiries, or any complaints via email: [email protected] clearly indicating (i) your identity, indicating, at least, your full name and the email address you used when registering on the website, and (ii) the right or rights you exercise.

You can also go to the Ireland Data Protection Commission (https://www.dataprotection.ie/en) to request the protection of your rights if you consider it appropriate.

The exercise of these rights is free unless manifestly unfounded or excessive requests are made, in which case the interested party may be required to assume the cost of the processing.

18. Confirmation.

By accepting this Notice the Customer confirms that he or she has familiarized himself or herself with this Notice, understood it, and agreed to its terms.