Gidun Privacy Policy

Last updated on November 23 2025

1. Introduction and overview

This Privacy Policy explains how Gidun collects, uses, shares and protects personal data when you visit or use our website, any mobile applications that may be offered and related services that connect to this policy. It is intended to give you a clear picture of what information we handle, why we handle it, how long we keep it and what choices and rights you have in relation to that information. When we say personal data we mean any information that can identify you directly or indirectly on its own or when combined with other data.

Gidun operates primarily from Canada and is committed to complying with Canadian privacy rules as well as international standards such as European data protection laws for users in those regions. This Privacy Policy applies to everyone who interacts with the Gidun marketplace including visitors who browse the site, buyers who place orders, sellers who list products, and participants in programmes such as affiliates or other partners. By using Gidun you agree that your personal data will be handled in accordance with this Privacy Policy and with the Terms of Service, except where your local law provides mandatory rights that cannot be waived.

1.1 Status of this Privacy Policy

This Privacy Policy is an important part of your overall agreement with Gidun. It should be read together with the Terms of Service, with the Cookie Policy, with the Shipping Policy, with the Refund Policy, with the Seller Terms, with the Affiliate Terms and with any other marketplace policies that apply to your use of the Gidun platform. Those documents explain in more detail how orders are processed, how disputes are resolved, how cookies work and what is expected of buyers and sellers.

Where there is a conflict between this Privacy Policy and a local privacy or data protection law that applies to you, the law will prevail for the specific matter that is in conflict. The rest of this Policy will continue to apply as far as possible. Nothing in this document is intended to limit any non waivable privacy or data rights that you may have under applicable law.

1.2 Who controls your personal data

For most activities described in this Privacy Policy, Gidun is the entity that decides how and why your personal data is processed. Gidun is established in Toronto Canada and operates the Gidun marketplace and related services. When we say Gidun we are referring to the legal entity that owns and runs the marketplace and acts as the data controller for the purposes described here.

You can contact Gidun about privacy matters through the options described on the Contact Us page. That page is the best way to reach us for questions, for requests to exercise your data rights and for raising any concerns about how your personal data is being handled.

2. Scope of this Privacy Policy

This Privacy Policy covers all personal data that Gidun collects and processes in connection with operation of the marketplace and related services. It applies when you visit our website, when you create or use a Gidun account, when you interact with other users through the platform, when you browse listings, place orders, participate in the affiliate programme or contact support. It also applies to certain offline or direct communications that relate to those online activities such as identity verification steps that we may ask you to complete.

The Policy applies to visitors, buyers, sellers, affiliates and other partners, regardless of their country of residence, subject to the extra protections that some countries require. We aim to offer a consistent privacy experience to all users while recognising that people in some regions such as the European Economic Area, the United Kingdom or California may have additional rights that go beyond the general rules set out here. In those cases, we will apply the stronger standard where the law requires us to do so.

2.1 Activities covered

This Privacy Policy applies to a wide range of activities that take place on or through Gidun. For example it applies when you create a buyer account, when you register as a seller, when you browse products, when you add items to your cart and when you check out. It also applies when you send messages to other users through Gidun, when you leave reviews, when you respond to surveys, when you join the affiliate programme and when you receive marketing communications such as emails or push notifications.

The Policy also applies when we process personal data for security and fraud prevention, analytics and product improvement, and legal compliance. These purposes are explained in more detail in later sections but they are part of the same overall framework. This document does not apply to activities that take place entirely outside the Gidun environment such as private transactions that you arrange directly with another person without using Gidun checkout or communication tools.

2.2 Relationship with other terms and policies

While this Privacy Policy focuses on personal data, your use of Gidun is governed by a wider set of terms and rules. The Terms of Service describe the general contractual relationship between you and Gidun. The Seller Terms apply to merchants who sell through the marketplace. The Cookie Policy provides more detail on the cookies and similar technologies that we use, and the Shipping Policy, the Refund Policy and the Returns and Refunds Policy referenced through the Returns & Replacements shortcode explain how orders are fulfilled, returned and refunded.

Those documents and this Privacy Policy are intended to work together as a coherent framework. If there is a discrepancy between the way personal data is described here and in another Gidun policy, this Privacy Policy should be treated as the main guide on how data is handled, without limiting any stronger rights that another policy may give you.

3. Personal data we collect

Gidun collects different types of personal data depending on how you use the marketplace, which features you interact with and what information you choose to provide. In this section we describe each main category of data that we collect. Some of this information is provided directly by you, some is created during your use of Gidun and some comes from third parties that help us operate the marketplace, process payments, prevent fraud or run analytics.

We do not intentionally collect more personal data than we need for the purposes described in this Policy. Wherever reasonable we seek to minimise and pseudonymise data so that it is linked to tokens or identifiers rather than to direct attributes, especially in analytics and security systems. We do not knowingly collect sensitive special category data such as health information or political opinions.

3.1 Account and profile information

When you create a Gidun account as a buyer or as a seller you provide basic information so that we can identify you and operate your account. This typically includes your full name, a display name or store name where relevant, your email address, your phone number and your billing and shipping addresses. If you contact support or update your profile, we may also collect information contained in those communications and settings, such as your preferred language or other optional preferences.

For sellers and affiliates we may collect additional account information related to business identity, such as the legal name of the business, registration details, tax identifiers and payout related information. These data are used to manage your relationship with Gidun, make sure that we can comply with legal and tax obligations and help us understand which entity is responsible for activity on the platform.

3.2 Order and transaction information

When you place an order through Gidun, we collect details about that transaction. This includes items purchased, quantities, prices, discounts, shipping options, payment status, order timestamps and related communications. We also collect information about how you interact with your orders, such as cancellation requests, return and refund requests, messages exchanged with sellers regarding an order and ratings or reviews that you leave.

Over time this creates an order history that helps Gidun operate core functions such as displaying previous purchases, helping you reorder items, enforcing seller standards, improving recommendations and handling disputes. It also helps us comply with financial and tax record keeping requirements in many jurisdictions where we operate or hope to operate in the future.

3.3 Payment and billing information

Gidun does not store full payment card numbers, full bank account numbers or similar highly sensitive financial data on its own servers. When you pay for an order, payment details such as card numbers and security codes are handled directly by trusted payment processors such as Stripe, PayPal or other providers made available in specific regions. These providers send us tokens, limited identifiers and confirmation codes that allow us to verify that a payment has been approved, to link payments to orders and to process refunds where necessary.

We may store partial payment information such as the last few digits of a card number, the brand of card and the expiry date month and year, where this is useful to help you recognise which method was used and to detect suspicious activity. We also store billing address information and transaction records including amounts, currencies, timestamps and payment statuses, which are necessary for accounting, troubleshooting and legal compliance.

3.4 Identity verification data

In some situations, especially for high value orders, for orders from higher risk locations or for compliance with anti money laundering and anti fraud rules, we may ask you to provide additional identity verification data. This can include scans or photos of government identification documents such as passports, national identity cards or driver licences, as well as supporting documents like utility bills, phone bills or bank statements that show your name and address.

We use these documents to verify your identity, confirm that payment methods are genuinely yours and reduce the risk of fraud affecting both you and the wider Gidun community. Where documents are required only for a one time verification, we aim to delete them once the verification is complete and any legal retention requirements are satisfied. In some cases, we may retain a record that verification was completed, including limited data such as document type and date, while removing unnecessary copies of the document itself.

3.5 Device, log and usage data

When you use Gidun we automatically collect certain device and usage information. This may include your internet protocol address, general location based on that address, device type, operating system, browser type, the pages you view, the links you click, access times and the way you move through our site or applications. We may also generate unique identifiers associated with your device or browser so that we can recognise returning visitors in a privacy conscious way.

This information is collected through server logs, through cookies and similar technologies described in the Cookie Policy and through analytics tools that follow data minimisation and pseudonymisation practices. For example, we may truncate or otherwise transform internet protocol addresses in our analytics systems so that they are less directly linked to individual users, while still providing useful insights into how the site is used and how well it performs.

3.6 Demographic and preference data

Gidun may collect or infer certain demographic and preference information to improve the marketplace experience. This can include your language preferences, your preferred currency, your approximate region or country and information about the types of products or categories that you seem to be most interested in based on your browsing and purchase history. In some cases we may also ask you to provide optional demographic data such as your age range or other preferences when taking part in surveys or account configuration.

We use this information to tailor recommended products, to display content in the right language and currency, to show more relevant search results and to send more relevant marketing communications where you have agreed to receive them. These activities are subject to the rights and choices described later in this Policy and comply with privacy laws in Canada, North America and other regions where we operate or where we serve customers.

3.7 Data we do not intentionally collect

Gidun does not intentionally seek to collect special categories of personal data such as information about your health, your religious or philosophical beliefs, your political opinions, your trade union membership, your genetic or biometric data for identification or your sexual orientation. We ask that you do not include such information in your profile, in messages or in other parts of the platform. If we become aware that we hold such information without a legal basis, we will take steps to remove it.

We also do not offer social login options at this time, such as signing in with large social networks or similar services. If we introduce social login in the future, this Privacy Policy will be updated to explain what data we receive from those services and how we use it.

4. How we collect personal data

Gidun collects personal data from several different sources. Some of this data comes directly from you when you choose to provide it, some is generated automatically when you use our services and some is obtained from other organisations that help us operate the marketplace, prevent fraud, run analytics or carry out marketing activities. Understanding these sources can help you make informed decisions about your own privacy settings and choices.

We seek to be transparent about where data comes from and to ensure that data we receive from third parties is used only for legitimate purposes within the limits of relevant laws and agreements.

4.1 Information you provide directly

Many of the personal data elements we collect come directly from you. This happens when you create an account, fill in your profile, place an order, provide shipping details, contact sellers or contact our support team. It also occurs when you participate in surveys, respond to promotions, join the affiliate programme or submit documents for identity verification.

Whenever we ask you to provide personal data, we aim to explain which fields are required for the service to work and which fields are optional. You can choose not to provide optional data, though this may limit certain features or reduce personalisation. For required data, such as address details needed to ship an order, we may not be able to provide the service if that information is missing or inaccurate.

4.2 Information collected automatically

Some data is collected automatically when you interact with Gidun. As you browse listings, log in to your account, search for products or interact with features of the site, our systems generate and store logs that include device information, interaction data and general location data derived from internet protocol addresses. We also place and read cookies and similar technologies as described in the Cookie Policy. These technologies allow us to remember your session, keep you logged in, keep items in your cart, measure site performance and understand how different parts of the site are used.

Our analytics tools, including Google Analytics and our own internal analytics systems, collect aggregated and pseudonymised data about usage patterns. We follow data minimisation practices, which means we focus on collecting the smallest amount of personal data necessary to achieve the intended analytics purposes. For example we may aggregate clicks and visits in ways that reduce the ability to link them to specific named individuals while still giving us valuable insight into overall behaviour.

4.3 Information from other sources

We also receive personal data from third parties in certain situations. Payment processors such as Stripe and PayPal send us payment status information, limited identifiers and fraud risk signals that help us confirm payments and identify suspicious transactions. Shipping and logistics partners provide delivery status information, tracking events and occasional updated address details needed to complete an order.

Fraud detection and security tools may provide risk indicators based on transaction patterns, device characteristics or lists of known compromised identifiers. Marketing partners and affiliate tracking tools may provide information about which campaigns or links led you to Gidun, subject to consent requirements in your region. Sellers may share information about their interactions with you on the platform, such as reports of suspected fraud, abusive behaviour or successful deliveries, which we use to protect the marketplace and enforce our policies.

5. How and why we use personal data

Gidun uses personal data for several related purposes that all support operation of the marketplace and the services we provide. These purposes include delivering core functionality such as accounts and orders, improving the site, personalising the experience, preventing fraud, complying with legal requirements and communicating with you. In this section we describe each purpose in more detail so that you can understand why particular data is processed.

We do not use personal data for unrelated purposes without a valid legal basis and, where required, your consent. If we want to use data for a new purpose that is significantly different from what was described at the time we collected it, we will take appropriate steps to inform you and, where required, seek consent.

5.1 Operating accounts and providing core services

We use account and profile data to create and maintain your Gidun account, to authenticate you when you log in, to help you recover access when you forget your credentials and to show you your orders, saved items and account settings. Without this data we would not be able to give you a personalised and secure account experience.

We also use order and transaction data to enable you to place orders, to route orders to sellers, to support communication between buyers and sellers, to manage returns and refunds and to keep records of past transactions. These activities are essential to the basic functioning of the marketplace and are generally based on contractual necessity or similar legal grounds.

5.2 Processing orders, payments and shipping

Gidun uses personal data to process orders from start to finish. This includes sharing relevant data with payment processors so that they can authorise payments, detecting potential issues with transactions, passing necessary shipping information to sellers and shipping partners, tracking the status of shipments and handling returns and refunds when required.

Your name, shipping address and phone number may be shared with sellers and with their chosen carriers so that items can be delivered. Order details, transaction identifiers and billing information are stored as part of our financial records. These activities are necessary to fulfil the contract between you and Gidun and, where relevant, between you and sellers using the marketplace.

5.3 Communication and customer support

We use your contact details and related data to communicate with you. This includes sending you service related messages such as order confirmations, shipping updates, return status notifications, security alerts and changes to our policies. These messages are necessary for the proper functioning of the service and are not considered marketing. You cannot opt out of essential service messages without closing your account because they are tied directly to orders and security.

We also use your data to provide customer support when you contact us through support channels. Our support team may access your account and order information to investigate issues, answer questions and help resolve problems between buyers and sellers. We may also analyse support interactions in aggregate to identify common issues and improve our support tools and training.

5.4 Personalisation and recommendations

We use data about your browsing behaviour, your purchases and your preferences to personalise the Gidun experience. This can include showing you recommended products, tailoring the order in which results appear in search, suggesting sellers you might like, highlighting offers that are more relevant to you and prioritising content that matches your interests.

These personalisation activities help make the marketplace more useful and easier to navigate. Where required by law, they are based on our legitimate interests in improving the service and in offering a more relevant experience, balanced against your privacy rights, or based on your consent when personalisation relies on certain types of cookies or identifiers.

5.5 Analytics, research and product improvement

Gidun uses aggregated and pseudonymised data to understand how people use the marketplace, which features are most popular, where users encounter errors and how performance can be improved. We rely on tools such as Google Analytics as well as our own internal analytics systems. These tools help us answer questions like how many people visit a certain page, how often a feature is used and whether a new design is performing better than an old one.

We also use data for research and development, such as testing new features, running experiments with small groups of users and training internal models that help us detect spam, recommend products or identify suspicious activity. Whenever possible we design these processes to reduce the direct identifiability of users by focusing on patterns rather than individuals.

5.6 Safety, security and fraud prevention

The safety of users and the integrity of the marketplace are very important to Gidun. We use personal data to protect accounts, detect and prevent fraud, abuse, spam and other harmful activity. This can include monitoring for unusual login patterns, tracking orders that show atypical behaviour, responding to reports of suspected fraud or harassment and verifying identities for high value orders or users in higher risk categories.

Identity verification data, device identifiers, transaction history and external fraud risk signals may all be used together to assess risk and to decide when extra checks or restrictions are needed. In some cases automated systems will flag an action as risky and may temporarily delay or block it for further review. These activities are based on our legitimate interests in protecting users and the marketplace and on legal obligations relating to fraud and financial crime.

5.7 Legal compliance and enforcement of policies

Gidun also uses personal data to comply with laws that apply to us and to enforce our own policies. For example we may retain certain transaction records for tax and audit purposes, we may report suspicious transactions to relevant authorities where required, and we may use data to enforce the Terms of Service, the Seller Terms and the Prohibited Items rules.

When there are disputes between buyers and sellers, we may review messages, order data and other relevant information to understand what happened and to make decisions that are consistent with our policies and with local law. We may also use data to exercise or defend legal claims, which can include providing information to courts, regulators or other authorities where we are legally required or where it is necessary to protect our rights.

6. Legal bases for processing personal data

Different laws around the world require that organisations identify the legal reasons why they process personal data. In this section we explain the main legal bases that Gidun relies on, especially for users located in the European Economic Area, in the United Kingdom and in other regions with similar requirements. While the labels may be legal in nature, the underlying idea is simple. We only process personal data where we have a clear and lawful reason to do so.

For many activities we rely on more than one legal basis, for example because a processing activity is both necessary to perform a contract and also aligned with our legitimate business interests. Where consent is required, we seek it in a clear way and explain how you can withdraw it.

6.1 Contractual necessity

Many processing activities are necessary to perform the contract between you and Gidun or between you and sellers using the marketplace. This includes creating and managing accounts, processing orders, arranging delivery, handling returns and refunds and providing customer support. If you do not provide the data needed for these activities, we may not be able to provide the relevant services.

For example we need your shipping address to deliver physical products, your email address to send important order updates and your order history to process returns. When we say that processing is based on contractual necessity we mean that it is directly tied to the services you have asked us to provide.

6.2 Legitimate interests

In other situations we process personal data because it is in our legitimate interests to do so, provided that those interests are not overridden by your rights and interests. Legitimate interests include maintaining and improving the marketplace, personalising the experience, preventing fraud and abuse, securing our systems, conducting analytics and internal reporting, and promoting Gidun to people who may be interested in our services.

When we rely on legitimate interests we consider the potential impact on your privacy and apply safeguards where needed, such as minimising and pseudonymising data. You have the right to object to processing based on legitimate interests in certain circumstances, as described in the section on your rights below.

6.3 Consent

For some uses of personal data we rely on your consent. This includes sending marketing emails or text messages, placing certain non essential cookies or similar technologies on your device, using data for retargeting or for some forms of personalised advertising and conducting certain identity verification checks that go beyond what is strictly required for security and compliance.

Where we rely on consent, we will ask you to actively agree, for example by ticking a box or choosing a setting in your account or in a cookie banner. You can withdraw your consent at any time, although this will not affect the lawfulness of processing based on consent before it was withdrawn. The effect of withdrawing consent is explained in the section about your rights and choices.

6.4 Legal obligations

We also process personal data where we are legally required to do so. This can include obligations under tax, accounting, anti money laundering, anti fraud and consumer protection laws, as well as obligations to respond to lawful requests from courts, regulators or law enforcement agencies. For example we may be required to keep certain transaction records for a minimum period, or to provide information about suspicious activity to relevant authorities.

When processing is based on legal obligations, you may not have the same ability to object or request deletion as you do for other processing activities, because we may need to keep or share data even if you would prefer that we did not. In such cases we will always try to limit data to what is strictly necessary and to apply appropriate safeguards.

6.5 Vital interests and public interest

In rare situations we may process personal data to protect vital interests, such as where there is an immediate risk to someone safety and sharing data could help prevent harm. We may also process data where it is necessary for tasks carried out in the public interest, in the limited circumstances where such grounds apply. These legal bases are unlikely to be used often in the context of Gidun but are recognised in some data protection laws and may apply in exceptional cases.

7. Sharing and disclosure of personal data

Gidun does not sell your personal data as a standalone product. However, we do share personal data with certain third parties in order to operate the marketplace, provide the services you request, comply with legal obligations, prevent fraud and support marketing where allowed. This section explains the main categories of recipients and the reasons for sharing in each case.

Where we share personal data with third parties we require them to handle it securely and to use it only for the purposes specified in their agreement with us. We also limit the amount of data shared to what is reasonably necessary for those purposes.

7.1 Sharing with sellers and other users

When you place an order on Gidun, we share certain information with the seller so that they can fulfil the order. This usually includes your full name, your shipping address, your phone number if needed for delivery and the details of the items you purchased. We do not share your email address by default and we expect sellers to communicate with you through Gidun messaging tools rather than off platform channels.

If you are a seller, buyers may see your store name, your location at a high level such as country or region and other details you choose to make public, such as store descriptions and product information. In the context of reviews and questions, buyers and sellers may see display names and content posted by one another. We ask all users to respect the privacy of others and to use information obtained through Gidun only for marketplace purposes, not for independent marketing or unrelated contact.

7.2 Service providers and technical partners

We share personal data with service providers that perform services on our behalf. These include payment processors that handle card and wallet payments, fraud detection providers, cloud hosting providers that run our servers, customer support tools that help us manage communications, analytics providers, email providers and other technical or business partners that support the Gidun platform.

These partners have access to personal data only as needed to perform their services. They are not allowed to use the data for their own independent purposes without our permission and without an appropriate legal basis. We conduct diligence on key providers and include contractual protections designed to keep your data secure and to ensure that it is used in line with this Privacy Policy and with applicable laws.

7.3 Advertising, analytics and affiliate partners

For advertising, analytics and affiliate tracking, we share limited data with partners such as advertising networks, platforms operated by large technology companies, and affiliate tracking providers. This may include device identifiers, cookies, approximate location, information about which pages you visited, which products you viewed or purchased and which campaigns or links led you to Gidun.

These partners use the data to help us measure the performance of our marketing efforts, to avoid showing the same ad too many times and to attribute purchases to appropriate campaigns for reporting and affiliate commission purposes. When required, these activities are based on your consent as managed through cookie and preference settings described in the Cookie Policy. You can change your preferences at any time using tools made available on the site and in your browser or device.

7.4 Law enforcement, regulators and legal proceedings

Gidun may disclose personal data to law enforcement agencies, regulators, courts, or other public authorities where we are legally required to do so or where we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud or respond to a lawful request or legal process.

We assess each request carefully and consider the legal basis, the scope of data requested and the impact on user privacy. Where the law permits, we may challenge requests that are overly broad or that lack a proper legal foundation. However, there are circumstances where we are obliged to provide data, for example in response to court orders or statutory obligations in fields such as financial crime and consumer protection.

7.5 Corporate transactions and restructuring

If Gidun is involved in a corporate transaction such as a merger, acquisition, investment, reorganisation or sale of assets, personal data may be shared with the parties involved and with their advisers as part of the evaluation and completion of the transaction. If such a transaction is completed, personal data may be transferred to the successor entity or combined with data of that entity.

In these situations we will ensure that personal data continues to be protected in line with this Privacy Policy or with any successor policy that offers at least an equivalent level of protection, and we will honour any rights you have under applicable law. If a transaction would materially change the way your data is used, we will make reasonable efforts to inform you in advance.

8. International transfers of personal data

Because Gidun operates globally, personal data may be stored and processed in multiple countries. This section explains where your data is likely to be processed and what safeguards we use when transferring data across borders. International transfers are common in modern internet services but must be handled carefully to ensure that data remains protected.

We take steps to ensure that transfers comply with applicable laws, including Canadian privacy rules and international frameworks such as European data protection laws where they apply to our users.

8.1 Where your data is stored and processed

Gidun stores and processes personal data primarily on secure servers located in Canada and the United States. For users in Europe and other regions, we may also use secure infrastructure in those regions when doing so helps keep data closer to users and complies with local rules. Technical support and staff who access data to operate the service may be located in various countries, but are bound by confidentiality and by our internal policies.

Regardless of where data is processed, Gidun applies consistent security and privacy standards. We seek to ensure that all locations where data is handled provide a level of protection that is comparable to the protections described in this Policy.

8.2 Safeguards for users in Europe and similar regions

For users in the European Economic Area, in the United Kingdom and in other regions with similar data transfer rules, Gidun uses appropriate safeguards when personal data is transferred to countries that may not have the same level of protection by default. These safeguards may include the use of standard contractual clauses approved by relevant authorities, or other mechanisms recognised by law.

These legal instruments impose obligations on recipients of the data to protect it in line with the standards required in those regions. If you would like more information about the specific safeguards used for your data, you can contact us through the channels described in this Policy.

8.3 Cross border transfers between users

When you buy from sellers in another country, or when you sell to buyers abroad, certain personal data must travel across borders so that the transaction can be completed. For example, your shipping address and name may be shared with a seller in another country, and the seller may pass that information to a carrier operating in yet another country.

These transfers are a natural part of cross border ecommerce. By placing international orders you understand that such transfers will occur. Gidun still takes steps to limit data to what is necessary for the transaction and expects sellers to use personal data only for fulfilment and related customer service in line with this Privacy Policy and with local data protection laws.

9. Data retention

Gidun keeps personal data only for as long as it is needed for the purposes described in this Privacy Policy, to comply with legal obligations, to resolve disputes and to enforce agreements. Different types of data may be kept for different periods depending on their nature and on regulatory requirements. In this section we explain our general approach and some specific examples.

We also explain what happens to your data when you close your account and how we continue to use non identifiable or aggregated data after personal identifiers have been removed.

9.1 General retention principles

In general we keep personal data for as long as your account remains active and for a further period where we need the data for legitimate business needs or legal obligations. For example we may need to keep order records for several years to comply with tax and accounting rules. The exact retention period can vary by country and by type of document.

When data is no longer needed in a form that identifies you, we will either delete it or transform it into an anonymised form that does not identify you directly or indirectly. Anonymised data may be used for analytics, research, business planning and improving the marketplace.

9.2 Examples of retention periods

Order and transaction data may be retained indefinitely as part of our business records, although access to older records may be limited to functions such as compliance and auditing rather than everyday operations. Identity verification documents that are required only for a one time check are kept only as long as needed to complete that check and to comply with any applicable legal retention rules, after which we aim to delete images and detailed copies while retaining a record that verification was completed.

Support communications may be kept for extended periods so that we can understand previous interactions and improve our support processes. Device and usage data used for analytics may be retained in aggregated or pseudonymised form for a long period because it no longer identifies individuals in a direct way but still provides useful insight.

9.3 Data after account closure

If you choose to close your Gidun account, we will deactivate it and remove elements of your profile from public view. We will also stop using your data for certain purposes such as sending marketing communications. However we may continue to keep some personal data after account closure where we are required to do so by law or where we have legitimate business reasons, such as handling outstanding disputes, preventing fraud, retaining necessary financial records or maintaining aggregated insights.

Where possible and appropriate, we will keep only non identifiable or pseudonymised versions of your data for long term use. For example we may keep a record that an order of a certain value occurred at a certain time in a certain region without retaining your name or contact details. This helps us make better future decisions while respecting your privacy.

10. Cookies and similar technologies

Gidun uses cookies and similar technologies to operate the site, to keep your account secure, to remember preferences, to perform analytics and to support advertising and affiliate tracking where allowed. Cookies are small text files that are placed on your device when you visit a website. Similar technologies include pixels, tags and software development kits used in mobile applications.

This section gives a high level overview of how we use these tools. More detailed information, including specific categories of cookies and your choices, is provided in the Cookie Policy, which should be read alongside this Privacy Policy.

10.1 Necessary and functional cookies

Some cookies are necessary for the site to function. They help us keep you logged in as you move between pages, remember the items in your cart, deliver pages efficiently and provide essential security features. Without these cookies the site would not work properly. For this reason they are usually always active and do not require separate consent, although you can still choose to block them through your browser settings at the cost of reduced functionality.

Other cookies are functional rather than strictly necessary. They remember your preferences, such as your chosen language, your preferred currency and certain settings that make the site more convenient. These cookies may be disabled if you wish, but doing so may mean that you need to set your preferences again each time you visit.

10.2 Analytics and performance technologies

We use analytics cookies and similar technologies to understand how the site is used, which pages are popular, how long users spend on different sections and how they move through key flows such as checkout. Tools such as Google Analytics and our own internal analytics systems help us collect this information in aggregated and pseudonymised form.

We follow data minimisation practices and privacy friendly configurations where possible, which may include reducing the detail of collected internet protocol addresses and focusing on trends rather than individual behaviour. Analytics data helps us improve performance, fix errors and design features that are better suited to user needs.

10.3 Advertising and affiliate technologies

Gidun may use advertising cookies and pixels to measure and improve marketing campaigns. These technologies help us understand which ads are effective, prevent the same ad from being shown too many times to the same person and reach people who are likely to be interested in Gidun based on their past interactions. We may also use cookies for affiliate tracking so that we can credit affiliate partners when their referrals lead to purchases, subject to a typical tracking window such as thirty days.

Advertising and affiliate cookies often interact with third party platforms such as social networks or advertising networks. Where required, these cookies are used only with your consent, which you can manage through the tools described in the Cookie Policy and in your browser or device settings.

10.4 Your choices about cookies

You have several ways to control cookies and similar technologies. At a basic level you can adjust settings in your browser to block or delete cookies. However, blocking all cookies may prevent many sites including Gidun from functioning properly. In regions where consent is required, we may display a cookie banner or similar notice when you first visit the site, allowing you to accept or decline certain categories of cookies.

If you later change your mind, you can clear your cookies so that the banner appears again and allows you to make a different choice. Some browsers and devices also offer settings or signals that express your tracking preferences. Where feasible and legally required, we will make reasonable efforts to respect such signals. For more detailed information, please consult the Cookie Policy.

11. Marketing, profiling and automated decision making

Gidun uses personal data for various marketing and profiling activities, and we also rely on some automated decision making tools, especially in the areas of fraud prevention and account security. This section explains how these activities work and what choices and rights you have in relation to them.

Our goal is to use data responsibly to support useful communications and protect the marketplace, while respecting the boundaries set by law and by your own preferences.

11.1 Marketing communications

If you choose to receive marketing communications, we may send you emails, text messages or push notifications about new features, special offers, product recommendations, newsletters, surveys or events related to Gidun. We may tailor these messages based on your prior purchases, browsing behaviour, interests or region so that they are more relevant.

You can opt out of marketing communications at any time by using the unsubscribe links in our emails, by changing settings in your account where available or by following the instructions in text messages or notifications. Opting out of marketing does not stop service related communications about your orders, your account or important changes to our policies, which we still need to send to operate the service.

11.2 Personalisation and profiling for marketing purposes

We may create profiles or segments based on your interactions with Gidun in order to understand which products or categories are likely to interest you. For example we might identify that a user often purchases certain types of products and therefore may be interested in similar items. This profiling helps us show more relevant content on the site and send more targeted marketing where you have agreed to receive it.

These activities are typically based on our legitimate interests in improving the relevance of our services or on your consent where required, especially when they involve cookies or identifiers used for targeted advertising across different sites. You can object to profiling for marketing by opting out of marketing communications or by adjusting your cookie preferences as described earlier.

11.3 Automated decisions for fraud and security

Gidun uses automated systems to help detect and prevent fraud and to protect accounts. These systems analyse data such as transaction patterns, device information, location signals, identity verification results and known fraud indicators. In some cases the systems may automatically decide to delay or block a transaction, to require additional verification or to restrict access to certain features temporarily.

These automated decisions are an important part of protecting both buyers and sellers and maintaining a safe marketplace. However, we recognise that no automated system is perfect. You can contact us if you believe that an automated decision has been made in error, and we will review the situation, often involving human staff who can check the context and adjust the outcome where appropriate.

12. Your rights and choices

Many privacy laws give individuals specific rights in relation to their personal data, such as the right to access, correct, delete or restrict processing. Gidun aims to provide these rights as broadly as possible, even in regions where they are not explicitly required, while recognising that some rights may apply differently depending on local law. This section summarises the main rights you may have and how to exercise them.

Exercising your rights is generally free of charge, although we may charge a reasonable fee or decline requests that are manifestly unfounded or excessive. We may also need to verify your identity before fulfilling your request to protect your data from unauthorised access.

12.1 Access, correction and portability

You have the right to ask whether we hold personal data about you and to request a copy of that data. You also have the right to ask that we correct inaccurate or incomplete information. Some of this can be done directly through your Gidun account settings, where you can view and update your profile and address details.

In certain regions you may also have the right to data portability, which means you can request that we provide certain personal data in a structured and commonly used format so that you can reuse it or provide it to another service. If you want to exercise these rights beyond what is available in your account, you can contact us through the Contact Us page with details of your request.

12.2 Deletion and restriction

You may have the right to request that we delete your personal data in certain circumstances, for example where the data is no longer needed for the purposes it was collected, where you have withdrawn consent and there is no other legal basis, or where you believe we have processed it unlawfully. You can also request that we restrict processing of your data in certain situations, such as while we investigate a concern you have raised about accuracy or legal basis.

When you request deletion, we will remove or anonymise personal data where possible, but we may still keep some information where we are required to do so by law or where we have legitimate reasons, such as keeping essential transaction records or preventing fraud. We will explain any such retention when responding to your request.

12.3 Objection and withdrawal of consent

You have the right to object to certain types of processing, especially where we rely on legitimate interests as the legal basis and the processing has a significant impact on you. For example you can object to profiling for marketing purposes or to some forms of analytics that go beyond what is necessary for the service. If you object, we will consider your request and stop processing unless we have compelling legitimate grounds that override your interests or unless processing is required for legal reasons.

Where processing is based on your consent, you can withdraw that consent at any time. This is particularly relevant for marketing communications and for certain cookies or tracking technologies. Withdrawing consent will not affect the lawfulness of processing that took place before the withdrawal, but it will usually stop future processing for the relevant purpose.

12.4 Regional rights and additional protections

In some regions you may have additional rights beyond those described here. For example residents of certain jurisdictions may have rights to object to automated decisions in more detail, to lodge complaints with particular regulators or to receive specific explanations of data practices. Gidun will honour these rights where they apply and will adapt our responses based on the region you are in and on the laws that govern your data.

No matter where you are located, you always have the right to contact Gidun with questions or concerns about how your personal data is being used and to seek clarification about this Privacy Policy.

13. Children and minors

Gidun is primarily intended for adults and for minors who use the marketplace with the knowledge and supervision of a parent or legal guardian. We take the privacy of young users seriously and design our services so that children are protected while not unfairly limiting their ability to benefit from responsible online commerce alongside their families. This section explains our approach to minors and to the personal data of children.

13.1 Use of Gidun by minors

In general we expect that Gidun accounts will be created and managed by adults who are at least eighteen years old or who have reached the age of majority in their jurisdiction. Minors may use Gidun under the consent and supervision of a parent or legal guardian who is responsible for the account and for any purchases made. The adult should review this Privacy Policy together with the minor and should ensure that the minor understands what information is being shared and why.

Parents and guardians who allow minors to use Gidun should monitor their activity, help them make safe and informed choices and contact us if they have concerns about how their child data is being handled. We aim to provide clear settings and explanations so that families can adjust privacy related choices in ways that work for them.

13.2 Children below a certain age

Gidun does not knowingly collect personal data from children below a certain age threshold where parental consent is required by law, such as children under thirteen years of age in many jurisdictions. We do not design our services to be targeted at very young children and we do not intentionally invite them to create accounts. If we learn that we have collected personal data from a child below the relevant age without appropriate parental consent, we will take steps to delete that data as soon as reasonably possible.

If you believe that a child has provided personal data to Gidun in violation of this principle, you should contact us through the Contact Us page with enough information for us to investigate. We will review the situation and take appropriate action, which may include closing accounts and removing content that involves children in ways that are not consistent with our policies or the law.

14. Security of your personal data

Gidun takes the security of your personal data very seriously. We use a combination of technical, organisational and procedural measures to protect data from unauthorised access, use, alteration or disclosure. While no system can be guaranteed to be perfectly secure, we work continuously to strengthen our defences and to respond quickly to potential risks.

This section provides an overview of the measures we use and of the responsibilities that users share in keeping their accounts safe.

14.1 Technical security measures

We use industry standard security technologies to protect personal data as it moves across networks and while it is stored on our systems. This includes the use of encryption for data in transit, secure protocols for communication between your browser or app and our servers and strict access controls within our technical infrastructure that limit who can see and handle different categories of data.

We regularly update and patch our systems, monitor for unusual activity, use firewalls and intrusion detection measures and design our architecture so that sensitive data is separated and protected. Where we work with third party providers, we assess their security practices and require appropriate safeguards to be in place.

14.2 Organisational measures and staff training

Security is not only a technical matter. It also depends on the behaviour and awareness of people who work with personal data. Gidun limits access to personal data to staff and service providers who need it to perform their duties and who are bound by confidentiality commitments. We provide training and guidance to help staff understand their responsibilities and to recognise potential security risks.

We also maintain internal policies and procedures for handling incidents, responding to suspected breaches and assessing new systems and features from a security and privacy perspective before they are deployed. These processes are reviewed and improved over time as our business and the threat landscape evolve.

14.3 Your responsibilities for security

Users also play an important role in protecting their own data. You should choose a strong and unique password for your Gidun account and should not share it with others. You should be cautious when using shared or public devices and should always log out after use. Be careful when responding to emails or messages that appear to come from Gidun but ask for sensitive information. If you are unsure whether a message is genuine, contact us using the details on the site rather than following links in the message.

If you believe that your account has been compromised, that someone else knows your password or that there has been unauthorised activity on your account, you should change your password immediately and contact us through the Contact Us page so that we can help secure your account and investigate what has happened.

15. Changes to this Privacy Policy

Gidun may update this Privacy Policy from time to time. Changes may be made for various reasons, including changes in law, new regulatory guidance, updates to our services, changes in technologies or feedback from users. When we make changes, we will update the date at the top of this document so that you can see when it was last revised.

For significant changes that materially affect your rights or the way we handle your personal data, we will make reasonable efforts to provide additional notice. This may include displaying a notice on the site, sending an email to account holders or presenting a notification within your account. In some cases we may ask you to review and accept updated terms before continuing to use certain features.

If you continue to use Gidun after changes to this Privacy Policy take effect, you are considered to have accepted the updated terms, to the extent that such acceptance is allowed by your local law. If you do not agree with the changes, you may choose to stop using Gidun and to close your account in accordance with the Terms of Service. We encourage you to review this Privacy Policy periodically so that you remain informed about how we handle personal data.

16. Contacting us and complaints

If you have any questions, comments or concerns about this Privacy Policy or about how Gidun handles your personal data, you can contact us through the methods described on the Contact Us page. Providing details such as your account email address, your country of residence and a clear description of your question or concern will help us respond more quickly and effectively.

We aim to respond to privacy related queries within a reasonable time and to work with you to address any issues. If you are not satisfied with our response, you may have the right to lodge a complaint with a data protection authority or privacy commissioner in your region. The relevant authority may vary depending on where you live. We encourage you to contact us first, as many issues can be resolved more quickly and informally when you speak directly with us.

By using Gidun you acknowledge that you have read and understood this Privacy Policy and that you consent to the handling of your personal data as described here, to the extent required and permitted by applicable law.