Last updated on May 2020. Please find the new version of your Privacy Statement here
We care about your privacy and are committed to protecting your personal data. This privacy statement will inform you how we handle your personal data, your privacy rights and how the law protects you. Please read this privacy statement carefully before using our Services.
- Who are we?
- What data do we collect about you?
- Do we collect data from children?
- Why do we process your personal information?
- How will we inform you about changes in our privacy statement?
- Your rights
- Communication and Marketing
- Who do we share your data with?
- International transfers
- Where do we store your data and for how long?
- Technical and organisational measures and processing security
- Links to third-party websites
- Data Protection Authority
In this privacy statement:
Services means any products, services, content, features, technologies, or functions, and all related websites, applications and services offered to you by us.
Platform means the websites, mobile apps, mobile sites or other online properties through which we offer our Services.
1. Who are we?
The local data controller who processes your personal data is: Tradus B.V., a company incorporated and registered in the Netherlands with company number 61818534, whose registered office is at Wibautstraat 137-C, 1097 DN Amsterdam, the Netherlands.
2. What data do we collect about you?
2.1.1 Data provided through direct interactions
Registration and other account information
When you register to use our Services we may collect the following information about you:
- if you register using your Google account: first name, last name and email address;
- if you register using your Facebook account: we collect first name and last name as appeared on your Facebook account and Facebook IDs. In the event you have provided permission to Facebook through their in-app privacy option (which appears just before you register on our Platform), we may collect your gender, age or email id depending on the permissions granted by you; and
- if you register using your mobile number: we collect your mobile number.
Depending on the choices you make during the log-in to our Services or during the process of engaging our Services, you may opt to give the following additional personal data:
- your name;
- e-mail address;
- mobile number;
Communication through the chat feature on our Platform
When you use our chat feature to communicate with other users, we collect information that you choose to provide to other users through this feature.
2.1.2 Data we collect automatically when you use of our Services
When you interact with our Platform or use our Services, we automatically collect the following information about you:
- We collect device-specific information such as operating system version, unique identifiers. For example, the name of the mobile network that you are using. We associate the device identifiers with your OLX account.
- Depending on your device permissions, if you post an item on our Platform, we automatically collect and process information about your actual location. We use various technologies to determine location, including IP address, GPS, Wi-Fi access points and mobile towers. Your location data allows you to see user items near you and helps you in posting items within your location. In case we need your location data we will first show you a pop-up which will ask you to choose to allow or not to allow us to access your location data. If you do not allow us to have access to your location data, you will still be able to use our Services but with limited functionality. If you do allow us to access your location data you can always change this later by going to the settings on our Website or App our Platform and disable the permissions related to location sharing. To find out more on the purposes of using your location data and the way such data are processed, please be referred to Section 4.2 (ii) of this Privacy Statement.
Client and Log data
- Technical details, including the Internet Protocol (IP) address of your device, time zone and operating system. We will also store your login information (registration date, date of last password change, date of last successful login), type and version of your browser.
- We collect information about your activity on our Platform which includes the sites from which you accessed our Platform, date and time stamp of each visit, searches you have performed, listings or advertisement banners you clicked, your interaction with such advertisements or listings, duration of your visit and the order in which you visit the content on our Platform.
Cookies and Similar Technologies
2.1.3 Data from third parties or publicly available sources
We receive personal data about you from various third parties [and public sources] as set out below:
- Certain technical and usage information from analytics providers such as Google, Facebook, New Relic, Optimizely & Hotjar;
- Browsing and conversion data from advertising networks such as Doubleclick for Publishers, Adsense, Criteo, Facebook, Google and
- Push/SMS notifications from providers such as Pushcrew, Sendgrid;
3. Do we collect data from children?
Our Services are not intended for children under 16 and we do not knowingly collect data from anyone under 16. If we become aware that a person under 16 has provided us with personal data, we will delete it immediately.
4. Why do we process your personal information?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests to improve our Services and to provide you a safe and secure Platform.
- Where we need to comply with a legal or regulatory obligation.
In certain circumstances, we may also process your personal data based on your consent. If we do this, we will let you know the purpose and the category of personal data to be processed at the time we seek your consent.
We have set out below a description of the ways we use your personal data, [and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate].
4.1 For providing access and delivering Services through our Platform
i. If you log in using your mobile number or email id, we use your first name and last name, mobile number and/or e-mail address to identify you as a user and provide access to our Platform.
ii. If you log in using your Facebook account, we use your first name and last name from your Facebook profile and the Facebook e-mail address to identify you as a user on our Platform and to provide you access to our Platform.
iv. We use your e-mail address and mobile number (by SMS) to make suggestions and recommendations to you about our Services that may be of interest to you.
We process the above information for adequate performance of our contract with you and on the basis of our legitimate interest in undertaking marketing activities to offer you Services that may be of your interest.
4.2 For improving your experience on the Platform
i. We use clickstream data to
- offer you tailored content, such as giving you more relevant search results when using our Services.
- to determine how much time you spend on our Platform and in what manner you navigate through our Platform in order to understand your interests and to improve our Services based on this data. For example, we may provide you with suggestions on content that you can visit based on the contents you have clicked.
- to monitor and report the effectiveness of the campaign delivery to our business partners and for internal business analysis.
ii. We use your location data for the following purposes:
- to compile anonymous and aggregated information about the characteristics and behaviour of OLX users, including for the purposes of business analysis, segmentation and development of anonymous profiles.
- to measure and monitor your interaction with the third-party advertisements banners we place on our Platform.
iii. With the help of your log-in information which includes your email ID and phone number, we map the different devices (such as desktop, mobile, tablets) used by you to access our Platform. This allows us to associate your activity on our Platform across devices and helps us in providing you a seamless experience no matter which device you use.
iv. We access and analyze your messages with other users conducted through the communication function on our Platform for product enhancement and to provide you with a better user experience (e.g. to identify sold items and to provide you with active listings only or to upgrade user communication). Therefore we develop and train machine learning models and algorithms to automatically analyze your communication content. To build and train our machine learning models our machine learning specialists may review exemplary communication content manually. In these circumstances highly restricted access rights apply to selected machine learning specialists analyzing the communication content. During this analyzation process, we are de-identifying communication content as much as possible by applying a scanning filter to detect and hide personal data such as names, phone numbers, e-mail addresses. However, there may still be cases beyond our control in which the communication content may show certain personal data that you have chosen to provide.
We process the above information on the basis of our legitimate interest to improve your experience on our Platform and for adequate performance of our contract with you.
4.3 To provide you a safe and secure Platform
i. We use your mobile number, log data and unique device identifiers to administer and protect our Platform (including troubleshooting, data analysis, testing, fraud prevention, system maintenance, support, reporting and hosting of data).
ii. We access and analyze your messages with other users conducted through the communication function on our Platform for customer satisfaction, safety and for fraud prevention purposes (e.g. to block spam or abusive messages that may have been sent to you by other users). Therefore we develop and train machine learning models and algorithms helping us to automatically detect and prevent inappropriate and fraudulent user behaviour. Only in limited cases and circumstances our customer safety and security specialists review communication content manually. In these circumstances highly restricted access rights apply to selected customer safety and security specialists analyzing the communication content. During the analyzation process, we are de-identifying communication content as much as possible by anonymizing the unique identification values assigned to users. However, there may still be cases beyond our control in which the communication content may show certain personal data that you have chosen to provide.
We process the above information for adequate performance of our contract with you, to improve our services and on the basis of our legitimate interest to prevent fraud.
5. How will we inform you about changes in our privacy statement?
We may amend this privacy statement from time to time. We will post changes on this page and will let you know by e-mail or through our Platform. If you do not agree with the changes, you may close your account by going to account setting and select delete account.
6. Your rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
If you wish to exercise any of the rights set out below, please go to your account/privacy settings or contact us using our Help Center:
- Right to request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Right to request correction of any of the data we have about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Please note that for certain purposes we may be legally obligated to retain your data. Please also see section 10.
- Right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Right to request for the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Right to withdraw your consent to the processing of your personal data at any time. This does not affect the legality of any processing we have already carried out based on the consent given previously.
Usually no fee required: You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Time limit to respond: We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
In addition, you have the right to make a complaint at any time to the data protection authority responsible for you as outlined in section 13.
However, before you make a complaint to the data protection authority, we would appreciate the chance to deal with your concerns in the first instance, please reach out to our Privacy Office using our Contact Form.
7. Communication and marketing
We will communicate with you by email, SMS or in app notification in connection with our Services/Platform to confirm your registration, to inform you in case your ad listing has become live/expired and for other transactional messages in relation to our Services. As it is imperative for us to provide you such transactional messages you may not be able to opt -out of such messages.
However, you can ask us to stop sending you marketing communication at any time by clicking on the opt-out link in the email or SMS sent to you or by changing your communication settings in your account. In case you have problems changing your settings please contact us using our Contact Form.
You may receive marketing communications from us if you:
- have requested such information from us;
- use our Platform or Services;
- provided us with your details when you entered a competition; or
- registered for a promotion.
8. Who do we share your data with?
We may have to share your personal data with the parties set out below for the purposes set out in section 4 above.
Corporate affiliates: We may share your data with other OLX group companies which are located within as well as outside EEA and help us in providing business operation services such as product enhancements, customer support and fraud detection mechanism. Any sharing of personal data within the OLX group of companies situated outside European Economic Area (“EEA”) will always be subject safeguards as described in section 9 or to a data transfer agreement which clearly defines the obligations of the parties and ensures appropriate technical and organisational measures to protect your data.
Third Party Service Providers: We use third party service providers to help us deliver certain aspect of our Services for example, cloud storage facilities, such as Amazon Web Services and Microsoft Azure. Service providers may be located inside or outside of the “EEA”.
We conduct checks on our third-party service providers and require them to respect the security of your personal data and to treat it in accordance with the law. We do not allow them to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Advertising and analytics providers: In order to improve our Services, we will sometimes share your information with analytics providers that help us analyse how people are using our Platform/Service. For the most part, we share your information with them in non-identifiable form for monitoring and reporting the effectiveness of the campaign delivery to our business partners and for internal business analysis. This information will typically include a cookie ID, a (shortened) IP address, the referral URL as well as browser and device information. We partner with advertising providers that are organised under the Interactive Advertising Bureau (IAB) and are listed here: https://advertisingconsent.eu/vendor-list/.
Law enforcement authorities, regulators and others: We may disclose your personal data to law enforcement authorities, regulators, governmental or public bodies and other relevant third parties to comply with any legal or regulatory requirements.
We may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy statement.
Publicly available information: When you post an item for sale using our Services, you may choose to make certain personal information visible to other OLX users. This may include your first name, last name, your email address, your location and your contact number. Please note, any information you provide to other users can always be shared by them with others so please exercise discretion in this respect.
9. International transfers
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- Where we use service providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
You can receive the copy of relevant and implemented safeguards by contacting us using our Contact Form.
10. Where do we store your data and for how long?
The data we collect about you will be stored and processed inside as well as outside the EEA in secure servers in order to provide the best possible user experience. For example – for fast website or mobile application build up.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
If there has been no activity in your account for a period longer than 24 months, we may delete your account meaning that you will no longer be able to use it.
In case you have any queries in relation to retention period of your data please contact us contact us using our Contact Form.
11. Technical and organisational measures and processing security
All the information we receive about you are stored on secure servers and we have implemented technical and organisational measures that are suitable and necessary to protect your personal data. OLX continually evaluates the security of its network and adequacy of its internal information security program which is designed to (a) help secure your data against accidental or unlawful loss, access or disclosure, (b) identify reasonably foreseeable risks to the security of the OLX network, and (c) minimize security risks, including through risk assessment and regular testing. In addition, we ensure that all payment data are encrypted using SSL technology.
Please note, despite the measures we have implemented to protect your data, the transfer of data through the Internet or other open networks is never completely secure and there is a risk that your personal data may be accessed by unauthorised third parties.
12. Links to third-party websites
For any additional information or to exercise your rights, please check your account/privacy settings or contact our Privacy Office by using our Contact Form or through the Help Center in our Platform. You can also alternatively contact the Data controller for your local services.
14. Data Protection Authority
For data protection complaints, you may contact the responsible data protection authority. You may exercise this right by contacting the authority of your residency or workplace or the location of the data controller.
For cross border data processing, our lead supervisory authority is the Dutch Data Protection Authority in The Netherlands: