Last updated: 16 March 2026 · Data Controller: Findivo Technologies
Findivo Technologies operates the online classifieds platform at findivo.ie ("the Platform"). For the purposes of GDPR, Findivo Technologies is the Data Controller of the personal data you provide. Contact for data protection matters: Email: privacy@findivo.ie Subject line: "Data Protection Request"
We collect the following categories of personal data: 2.1 Registration Data: Full name, email address, phone number, account role (landlord/estate agent/tenant-buyer), company name (estate agents), PSRA licence number (estate agents), password (stored in hashed form using Argon2 — never in plain text). 2.2 Profile Data: Profile photograph, company logo, company address. 2.3 Listing Data: Property and vehicle listing details including address, photographs, videos, price, and property characteristics. 2.4 Application Data: Rental/purchase application details including viewing preferences, household composition, nationality, smoking and pet preferences. 2.5 Document Data: Personal documents uploaded for application purposes, including employment letters, payslips, bank statements, PPS number documents, IRP cards, work permits, visas, and passport stamps. 2.6 Communication Data: Messages exchanged between users through our in-platform messaging system. 2.7 Support Data: Support tickets, complaints, and correspondence submitted to our support team. 2.8 Technical Data: IP address, browser type, device type, operating system, access timestamps, and session data collected automatically for security and operational purposes. 2.9 Alert Preferences: Listing alert criteria you configure (county, price range, property type, etc.).
We process your personal data for the following purposes and on the following legal bases: Purpose | Legal Basis --- | --- Providing and operating the Platform | Contract performance (Art. 6(1)(b) GDPR) Verifying PSRA licence credentials | Legitimate interests / Legal obligation Processing and managing applications | Contract performance Enabling messaging between users | Contract performance Storing and displaying your uploaded documents | Contract performance / Consent Sending listing alert emails | Consent (Art. 6(1)(a) GDPR) Sending transactional emails (verification, password reset, application updates) | Contract performance Investigating complaints, fraud, or abuse | Legitimate interests Complying with legal obligations | Legal obligation (Art. 6(1)(c) GDPR) Security monitoring and fraud prevention | Legitimate interests Improving the Platform | Legitimate interests
4.1 Location. All personal data is stored on Microsoft Azure infrastructure located in the United Kingdom. Azure maintains ISO/IEC 27001 certification and complies with GDPR as a certified data processor under a Data Processing Agreement. 4.2 Security Measures. We implement the following security controls: • Passwords: Hashed using Argon2 — industry-leading password hashing algorithm • Data in transit: Encrypted using TLS 1.2 or higher (HTTPS) • Authentication: JWT tokens with short expiry periods • Access controls: Role-based access control (RBAC) — employees access only data necessary for their role • Infrastructure: Hosted on ISO 27001-certified Microsoft Azure • Rate limiting: API rate limiting to prevent brute-force attacks • HTTP headers: Helmet.js security headers to mitigate common web attacks 4.3 No Absolute Guarantee. Despite these measures, no system is completely immune to cyberattacks. In the event of a data breach, we will comply fully with our GDPR breach notification obligations. 4.4 Password Storage. We never store your password in plain text. Passwords are hashed using Argon2 before being stored. Even Findivo administrators cannot read your password.
5.1 Other Users. When you submit an application, your profile information and uploaded documents are shared with the listing owner for the purpose of evaluating your application. 5.2 Microsoft Azure. Our infrastructure provider processes data on our behalf under a Data Processing Agreement compliant with GDPR. 5.3 Resend / SMTP Provider. We use a third-party email delivery service to send transactional and notification emails. Only your email address and the content of the email are shared. 5.4 Law Enforcement & Regulatory Authorities. We may disclose your personal data to An Garda Síochána, the Data Protection Commission, or other competent authorities where we are legally required to do so, or where we have a good-faith belief that disclosure is necessary to: (i) comply with a legal obligation; (ii) protect the rights or safety of any person; or (iii) investigate fraud or illegal activity. 5.5 No Selling of Data. We will never sell, rent, or trade your personal data to any third party for commercial purposes. Your personal data is not for sale — period. Where advertising is displayed on the Platform, we will clearly disclose which advertising partners are involved and what data, if any, is shared with them. Any such sharing will be subject to appropriate contractual safeguards and will be disclosed in an updated version of this Policy. 5.6 Business Transfer. In the event of a merger, acquisition, or sale of Findivo Technologies, your data may be transferred to the acquiring entity, subject to the same privacy protections.
Given the sensitive nature of documents you may upload (such as bank statements, PPS numbers, and immigration documents), we apply the following additional protections: 6.1 Access Restriction. Documents are accessible only to the uploading user, the listing owner to whom an application was submitted, and Findivo administrative staff where necessary for complaint investigation or legal compliance. 6.2 Purpose Limitation. Documents uploaded for a specific application may only be used for that application. Listing owners may not retain, copy, or share your documents beyond the evaluation of your application. 6.3 Prohibition on Misuse. Any listing owner found to be misusing applicant documents (including unauthorised copying, sharing, or use for any purpose other than application evaluation) will have their account immediately terminated, and the matter will be reported to the Data Protection Commission. 6.4 Deletion. Upon account deletion, all your documents will be permanently and irreversibly deleted within 30 days.
7.1 Storage. Messages exchanged through our platform are stored on our servers for the duration of the application's existence and for a period of 6 months thereafter. 7.2 Admin Access. Findivo administrative staff may access message content under the circumstances described in Section 6.2 of the Terms of Service (complaint investigation, legal compliance, or fraud prevention). This access is logged and subject to internal access controls. 7.3 Message Security. Messages on Findivo are encrypted in transit using TLS/HTTPS and encrypted at rest using Azure AES-256 disk encryption. Message content may be accessed by authorised Findivo personnel only under the narrow circumstances described in Section 7.2 above. All such access is logged and subject to internal access controls. 7.4 User Responsibility. You are responsible for the content of your messages. Do not share sensitive financial information (such as full bank account numbers or card details) through our messaging system.
8.1 We use functional/session-based storage (localStorage) to maintain your logged-in state. 8.2 Where advertising is displayed on the Platform, advertising partners may use cookies or similar tracking technologies. We will clearly identify any advertising partners and their data practices in an updated version of this Policy before such advertising is introduced. 8.3 Should we introduce analytics tools (such as Google Analytics), we will obtain your consent in accordance with GDPR requirements where applicable, and update this Policy accordingly. 8.4 You have the right to opt out of non-essential cookies at any time.
Under the GDPR and Irish Data Protection Act 2018, you have the following rights: Right of Access (Art. 15): You may request a copy of all personal data we hold about you. Right to Rectification (Art. 16): You may request correction of inaccurate or incomplete data. Right to Erasure / "Right to be Forgotten" (Art. 17): You may request deletion of your personal data where there is no legitimate reason for us to continue processing it. Right to Restriction (Art. 18): You may request that we restrict processing of your data in certain circumstances. Right to Data Portability (Art. 20): You may request your data in a structured, machine-readable format. Right to Object (Art. 21): You may object to processing based on legitimate interests. Right to Withdraw Consent: Where processing is based on consent (e.g. listing alerts), you may withdraw consent at any time without affecting the lawfulness of prior processing. Right to Lodge a Complaint: You have the right to lodge a complaint with the Data Protection Commission (Ireland) at dataprotection.ie or the Information Commissioner's Office (UK) at ico.org.uk. To exercise any of these rights, email us at privacy@findivo.ie. We will respond within 30 days.
Account data: Retained for the duration of your account plus 6 years after account closure (Irish statutory limitation period). Documents: Retained while your account is active. Deleted within 30 days of account deletion. Messages: Retained for the duration of the application plus 6 months thereafter. Support tickets: Retained for 3 years. Technical logs: Retained for 90 days for security monitoring purposes. We review our retention periods annually and delete data that is no longer necessary.
Findivo is not directed at or intended for use by persons under the age of 18. We do not knowingly collect personal data from children. If we become aware that a user is under 18, we will immediately delete their account and associated data. If you believe a child has registered on our Platform, please contact us immediately at privacy@findivo.ie.
We may update this Privacy Policy from time to time. Where changes are material, we will notify you by email at least 14 days before the changes take effect. The date of the most recent revision is shown at the top of this page. Continued use of the Platform following notification constitutes acceptance of the revised Policy.
For any privacy-related enquiries, data subject requests, or complaints: Email: privacy@findivo.ie Website: findivo.ie Subject line: "Data Protection Request" We aim to respond to all requests within 30 days.
© 2026 Findivo Technologies. All rights reserved. · Terms of Service