Our approach to data processing is based on data minimisation and privacy by design, ensuring that we only collect and process the personal data necessary for the operation of the IBSS platform.

• Data Minimisation and Privacy by Design: We only collect essential personal data for services like room bookings and tenant experiences. Privacy mechanisms are integrated into the app's design from the start to protect user data.
• User Consent: We obtain explicit consent from users before collecting personal data.
• Data Encryption and Security: Sensitive data is encrypted both in transit and at rest. Strict access controls and internal audits prevent unauthorised data access. Security data for authentication purposes will use an organisation's existing identity provider, and we will not store passwords.
• User Rights and Data Portability: Users have the right to access, correct, and delete their personal data. They can also request data portability to transfer their data to other services.
• Compliance Monitoring and Updates: Regular privacy audits ensure compliance with GDPR, and employees receive ongoing training on data protection obligations.
• Handling Data Breaches: We have a response plan in place to quickly address data breaches, notify authorities, and inform affected users as required by GDPR.
• Data Retention Policies: Personal data is retained only as long as necessary for its purpose or legal obligations. Once no longer needed, it is securely deleted.