Privacy Policy
Last Updated: February 18, 2026
1. Introduction
SIA "BUYONE" ("we," "us," or "our"), incorporated in Latvia (Reg. No. 40203518800), is the data controller for the BuyOne application ("Service"). We are committed to protecting your privacy and ensuring the security of our "Social Utility" ecosystem. By using our Service, you acknowledge the practices described below.
2. Data We Collect
We collect data to provide a secure "Trust Infrastructure" and improve our Service. This includes: • Account Data: Name, email address, phone number, mailing address, age, gender, and marketing preferences. • Identity Verification Data (Mandatory for Active Users): To comply with our AML/CTF Policy, we collect government-issued identification (passport, ID card), facial images, and biometric "liveness" data. This data is processed by our third-party verification partner. • Financial Data: Payment details are processed directly by our PCI-DSS compliant payment partners. We do not store your credit card data on our servers. • Device & Usage Data: IP address, device type, connection speed, and browser type collected automatically for security monitoring and analytics. • Optional User Content: Photos or media provided via Camera/Gallery permissions. • Location Data: GPS data (if enabled) to provide location-based "Social Slots" and relevant content.
3. Legal Basis and Purpose of Processing
Under the GDPR, we process your data based on the following legal grounds: • Performance of Contract: To facilitate bookings between Hosts and Guests, process transactions, and manage your account. • Legal Obligation: To comply with the Latvian Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing and accounting/tax laws. This includes mandatory identity verification. • Legitimate Interest: To maintain platform integrity, execute our Fraud Prevention Policy, prevent "unauthorized chargebacks," and ensure the safety of our community. • Consent: To send you newsletters, promotional offers, and updates. You are not required to provide this consent to use the Service, and you may withdraw it at any time.
4. Data Sharing and Third Parties
We do not sell your data. We share data only with trusted third parties who assist in operating our Service, bound by strict confidentiality agreements: • Identity Verification Providers: We cooperate with Identity Verification Providers for your ID and biometric data collection to verify your identity and prevent fraud. • Payment Processors: To facilitate secure split-payments and safeguarding of funds. • Service Providers: Infrastructure hosting (e.g., AWS), customer support tools, and email delivery. • Regulatory & Legal Requirements: We may disclose data to Latvian law enforcement or the Financial Intelligence Unit (FIU) if required by law or if suspicious activity is identified under our AML/CTF Policy.
5. International Transfers
Your data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as the European Commission's Standard Contractual Clauses (SCCs).
6. Data Retention
We retain data only as long as necessary for the purposes for which it was collected: • General Account Data: Retained as long as your account is active. • KYC/AML Data: In accordance with Latvian Law, identity verification records and transaction logs are retained for a period of five (5) years after the termination of the business relationship. • Financial Logs: Retained for the period required by Latvian accounting regulations. • Deleted Accounts: If you delete your account, we delete or anonymise your personal data within 60 days, unless longer retention is required by law (e.g., 5-10 years for transaction records under Latvian accounting laws).
7. Your Rights (GDPR)
As an EU user, you possess specific rights regarding your personal data. To exercise these rights, please contact us at support@buyone.me. These rights include: • Access: The right to request a copy of the personal data we hold about you. • Rectification: The right to request the correction of inaccurate or incomplete data. • Erasure ("Right to be Forgotten"): The right to request the deletion of your data. Note: This right is subject to our legal retention obligations. We cannot delete data that we are required to keep under Latvian AML/CTF laws for five (5) years. • Restriction: The right to request that we limit the processing of your data under certain circumstances. • Portability: The right to receive your data in a structured, machine-readable format. • Objection & Opt-Out: The right to object to processing based on legitimate interests or direct marketing. You can unsubscribe from newsletters via the "unsubscribe" link or by contacting us directly at support@buyone.me.
8. Security
We implement a "Security by Design" approach to protect your data. This includes SSL/TLS encryption for all data transmissions, strict access controls, and the use of 3D Secure 2.0 (3DS2) for payment authentication. While we utilize industry-leading security measures, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
9. Cookies and Tracking
We use cookies and local storage to authenticate users, remember preferences, and analyze traffic patterns. You can manage cookie preferences via your browser settings; however, disabling certain cookies may impact the functionality and "Social Utility" features of the application.
10. External Links
Our Service may contain links to third-party websites or services. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites. We encourage you to review the privacy policy of every site you visit.
11. Children's Privacy
Our Service is a professional "Lifestyle Hosting" platform and is strictly not directed at persons under the age of 18. We do not knowingly collect data from minors. If we discover that a person under 18 has provided us with personal data, we will delete it immediately and terminate the account.
12. Changes to This Policy
We may update this Privacy Policy to reflect changes in our operational practices, "Social Utility" philosophy, or evolving legal requirements. We will notify you of material changes via the app or email. Continued use of the Service following such updates constitutes acceptance of the revised policy.
13. Dispute Resolution & Governing Role
This Policy is governed by the laws of the Republic of Latvia. The supervisory authority in Latvia is the Data State Inspectorate (Datu valsts inspekcija): Address: Elijas iela 17, Rīga, LV-1050, Website: www.dvi.gov.lv, Email: info@dvi.gov.lv In the event of a concern, we encourage you to contact us first at support@buyone.me to resolve the issue amicably. If a resolution cannot be reached, the matter shall be subject to the exclusive jurisdiction of the courts of the Republic of Latvia.