1. Scope and updates of this User Privacy Notice
This User Privacy Notice applies to your use of this website and all Openreachapplications, services (including payment services), products and tools (collectively the 'Services'), regardless of how you access or use these Services, including access via mobile devices and apps.
This User Privacy Notice also applies if explicit reference is made to it via a link or in a similar manner, e.g. on websites of partners on which Services from Openreach are offered.We may change this User Privacy Notice at any time by posting the revised User Privacy Notice on this website andindicating the effective date of the revised User Privacy Notice. You will be notified of any material changes to this User Privacy Notice via My Messages in My Openreach and/or by email
Openreach company is responsible for the collection and processing of your personal data in connection with the provision of the Services depends on how you use our Services.
2.1 Use of the Services
Depending on the region in which you are located, Openreach group companies is responsible for the collection and processing of your personal data in connection with the provision of our Services (except payment services)
3. Data protection officer and contact
We have appointed data protection officers in several countries to oversee the protection of your personal data. If you have any questions about this User Privacy Notice or about data protection at Openreach in general, you can contact the data protection officer responsible for your country at any time. You will find the contact details of your data protection officer in thelist of our data protection officers-opens in new window or tabin ourOpenreach Privacy Centre-opens in new window or tab.
Furthermore, if you have any questions or complaints regarding this User Privacy Notice, our global data protection principles (see section6.1 Data transfers to Openreach corporate family membersunder section6. International data transfersbelow) or ourhandling of personal data, you can also contact the Openreach Privacy Team or the controller who is responsible for the processing of your personal data at any time (for further information, seeControllerabove). This applies regardless of whether we have appointed a data protection officer in your country or not. You can find all necessary information andcontact details-opens in new window or tabin ourOpenreach Privacy Centre-opens in new window or tab.
4. What personal data we collect and process
We collect your personal data when you use our Services, create a new Openreach account, provide us with information via a web form, add or update information in your Openreach account, participate in online community discussions or otherwise interact with us. We also collect personal data from other sources (such as other Openreach corporate family members, credit agencies or bureaus, and other data brokers)
5.Purposes and legal basis for data processing and categories of recipients
6. International data transfers
Some recipients of your personal data are located outside your country or have offices in countries where data protection laws may provide a different level of protection than the laws in your country. When transferring personal data to such recipients, we provide appropriate safeguards.
7. Storage duration and erasure
Your personal data will be stored by us and our service providers in accordance with applicable data protection laws to the extent necessary for the processing purposes set out in this User Privacy Notice (seePurposes and legal basis for data processing and categories of recipientsfor more information on the processing purposes). Subsequently, we will delete your personal data in accordance with our data retention and deletion policy or take steps to properly render the data anonymous, unless we are legally obliged to keep your personal data longer (e.g. for legal compliance, tax, accounting or auditing purposes). As far as legally permissible or required, we restrict the processing of your data instead of deleting it (e.g. by restricting access to it). This applies in particular to cases where we may still need the data for the execution of the contract or for the assertion of or defence against legal claims, or where such retention is otherwise required or permitted by law. In these cases, the duration ofthe restriction of processing depends on the respective statutory limitation or retention periods. The data will be deleted after the relevant limitation or retention periods have expired.
8. Rights as a data subject
Subject to possible restrictions under national law, as a data subject, you have the right to access, rectification, erasure, restriction of processing and data portability with regard to your personal data. In addition, you can withdraw your consent andobjectto our processing of your personal data on the basis of our legitimate interests. You can also lodge a complaint with a supervisory authority.
9. Cookies & similar technologies
10. Data security
We protect your personal data through technical and organisational security measures to minimise risks associated with data loss, misuse, unauthorised access and unauthorised disclosure and alteration. To this end we use firewalls and data encryption, for example, as well as physical access restrictions for our data centres and authorisation controls for data access. You can find further information on our data security in ourSecurity Centre-opens in new window or tab.
11. Other important information regarding data protection
This section contains important additional information about the protection of personal data in connection with the use of our Services, including whether you are required to provide personal data.
What happens when you share your personal data on our sites or applications?
Other users have access to the information you share on Openreach or disclose to other users. For example, other users can see your purchases, items for sale, saved interests, sellers and searches, shopfronts, Feedback, ratings, product reviews and associated comments. Other users can also see any information you chose to share in your profile.
When you use our Services, your public user ID may be displayed and available to the public and associated with all of your public Openreach activity. Notices sent to other users about suspicious activity and notice violations on our sites may refer to your public user ID and specific items. Accordingly, if you use a username that allows othersto identify you, these others may be able to identify your Openreach activities.
To help protect your personal data, we allow only limited access to other users' contact, postage and financial information as necessary to facilitate your transactions and collect payments. However, when users are involved in a transaction, they have access to each other's name, user ID, email address and other contact and postage information. For example, we may allow users to exchange telephone numbers in order to contact each other prior to completing a transaction (e.g. a seller may opt to share their telephone number with a buyer so that the buyer may call with questions about a listed item). In this case, sellers are prohibited from using a buyer's telephone number for other purposes (e.g. completing a transaction off Openreach or adding the buyer to a marketing list).
Your responsibilities over transactional information you receive through Openreach
When you complete a transaction with another user (or a transaction has been cancelled, failed or subsequently invalidated), we will provide you with the other user's personal data (such as name, username, email address, contact information and billing information). Independent from us, you are the controller of such data and responsible for any processing that you perform after we have shared this data with you, including compliance with any limitations imposed by this User Privacy Notice and our User Agreement.
Unless you act for purely personal purposes, we recommend that you explain your data processing activities in your own privacy notice and protect the privacy of other users. As a seller, you must in any case comply with the applicable data protection laws and in particular protect the rights of other users as data subjects, e.g. give them the opportunity to access the personal data collected by you and demand that it be erased.
You may only use the personal data that you have access to for Openreach transaction-related purposes, or for other Services offered through Openreach (such as fraud complaints and member-to-member communications), and for purposes expressly consented by the user to whom the data relates. Using personal data of other users that you have access to for any other purpose, such as adding them to a mailing list without their express consent, constitutes a violation of ourUser Agreement.
Personal data relating to third parties
If you provide us with personal data relating to another person, you must obtain the consent of this person or the disclosure of the data to us must be otherwise legally permissible. You must inform the other person of how we process personal data in accordance with our User Privacy Notice.
Filtering of messages sent via our messaging tools
All messages sent via our messaging tools are first received by us and then forwarded to the recipient. All messages are automatically filtered according to certain criteria. If necessary, conspicuous messages are checked manually by our customer service. In the event of a violation of ourUser Agreement(including any of ourrules and policies), we reserve the right to block the transmission of the message and to restrict the purchase and sales functions of your Openreach account or to block your Openreach account.
This is to protect our legitimate interests such as protecting against fraudulent or suspicious activities (e.g. spam, viruses, phishing or other illegal activities) or enforcing ourUser Agreementand our otherrules and policies(e.g. illegal and other prohibited content), including but not limited to enforcing theprohibition of purchases and sales outside of Openreach.
Are you obliged to provide your personal data to us?
Our services are not intended for use by children. We do not knowingly collect personal data from users who are considered children under applicable national laws. Under our User Agreement, children are not permitted to use our Services.
Staying signed in
When you sign in to your account on our Services, we give you the option to stay signed in to your account for a certain amount of time. If you are using a public or shared computer, we encourage you to decline. You or any other user of the computer/browser you signed in on will be able to view and access most parts of your account and take certain specific actions during this signed in period without any further authorisation. The specificactions and account activities that you or any other user of this computer/browser may take include
Buy or make an offer on an item
Check out or add items to your cart
Purchase an item with Stripe payment using Faster Checkout (if enabled in your account)
View the activity header
View the My Openreach page
View or edit order details
View the profile page
Send member-to-member messages
Conduct after-sale activities, such as leaving Feedback, cancelling orders, requesting returns or submitting claims
If you attempt to change your password or user ID, update any other account information or attempt other account activity beyond those listed above, you may be required to enter your password.
You can typically end your signed-in sessionby either signing out and/or clearing your cookies. If you have certain browser privacy settings enabled, simply closing your browser may also end your signed-in session. If you are using a public or shared computer, you should sign out and/or clear your cookies when you are done using our Services to protect your account and your personal data.