Gigz.online

Privacy Policy

Last updated: 2025-12-05

1. Introduction

This Privacy Policy explains how we collect, use, and protect your personal data when you use Gigz.online ("we", "our", "the service"). We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

2. Data Controller

Legal Name: HugMuninn Ltd.
Company Number: 16868375
Address: 83 Davis Road, W3 7SF, London, United Kingdom
Representative: Tobias Piper
Location: United Kingdom
Email: privacy@gigz.online
Website: https://gigz.online

For any privacy-related inquiries or to exercise your rights, please contact us at the email addresses above.

Note: While HugMuninn Ltd. is registered in the United Kingdom, all data processing and storage occurs within the European Union (Germany). Data transfers between the UK and EU are covered by the UK's adequacy decision under GDPR.

3. Data We Collect

3.1 Account Information

When you create an account, we collect:

  • Email address
  • Username
  • Password (encrypted using industry-standard hashing)
  • Account creation and last login dates

3.2 Usage Data

When you use our service, we may collect:

  • Pages visited and features used
  • Time spent on the platform
  • Browser type and version
  • Device information (type, operating system)
  • Anonymized IP address (last octet removed)

3.3 User-Generated Content

Information you voluntarily provide:

  • Profile information
  • Event data (if you create or manage events)
  • Comments and interactions

4. Cookies and Tracking Technologies

We use cookies to provide and improve our service. You can control cookies through our cookie consent banner, which appears on your first visit.

4.1 Cookie Categories

CategoryPurposeRequiredDuration
NecessaryAuthentication, security, basic functionalityYesSession / 30 days
AnalyticsGoogle Analytics (anonymized)No14 months

4.2 Google Analytics

We use Google Analytics 4 to understand how visitors use our website. Google Analytics only runs if you give consent via our cookie banner.

What data does Google Analytics collect?

  • Pages viewed and time spent on each page
  • Geographic location (country/city level only)
  • Device type, browser, and screen resolution
  • Anonymized IP addresses (last octet removed)
  • Referral source (how you found our site)

Data Processing: Google Analytics data is processed by Google Ireland Limited in accordance with Google's Data Processing Terms and stored on servers within the European Union.
Data Retention: Analytics data is automatically deleted after 14 months.
Privacy Features: IP anonymization is enabled, and advertising features are disabled.

4.3 Specific Cookies Used

Cookie NamePurposeDuration
cookie_consentStores your cookie consent preferences1 year
session_*Maintains your login sessionSession (deleted on logout) / Up to 30 days (persistent tokens)
themeRemembers your dark/light mode preferencePersistent
_gaGoogle Analytics: Distinguishes users14 months
_gidGoogle Analytics: Distinguishes users24 hours
_ga_*Google Analytics: Persists session state14 months

4.4 Opt-Out Options

You can opt-out of Google Analytics in several ways:

  • Decline analytics cookies in our cookie banner (appears on first visit)
  • Click the "Cookie Settings" button in our footer and disable Google Analytics
  • Use your browser's "Do Not Track" setting (we respect DNT signals)
  • Install the Google Analytics Opt-out Browser Add-on

5. Legal Basis for Processing

We process your data based on the following legal grounds:

  • Consent (Art. 6(1)(a) GDPR): Analytics cookies - you can withdraw consent at any time
  • Contract Performance (Art. 6(1)(b) GDPR): Account data necessary to provide our service
  • Legitimate Interest (Art. 6(1)(f) GDPR): Security, fraud prevention, service improvement
  • Legal Obligation (Art. 6(1)(c) GDPR): Data retention for legal compliance

6. Data Retention

We retain your data for the following periods:

  • Account Data: Retained while your account is active, plus 90 days after deletion request
  • Analytics Data: Automatically deleted after 14 months
  • Security Logs: Retained for 90 days for security purposes
  • Legal Records: Retained as required by law (typically 6-10 years for financial records)

7. Data Sharing and Transfers

We do not sell your personal data. We share data only with:

Third-Party Services

Google Ireland Limited (Google Analytics)

Purpose: Website analytics
Location: Ireland (EU)
Legal Basis: Your consent (Art. 6(1)(a) GDPR)
Data Processing Agreement: Yes (Google Ads Data Processing Terms)
Privacy Policy: Google Privacy Policy

Netcup GmbH

Purpose: Infrastructure and hosting
Location: Germany (EU)
Legal Basis: Contractual necessity (Art. 6(1)(b) GDPR)
Data Processing Agreement: Yes
Certifications: ISO 9001 / ISO 27001 / ISO 27701

8. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling as defined in Article 22 GDPR. All decisions that may significantly affect you are made by humans, not algorithms.

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

🔍 Right to Access (Art. 15 GDPR)

Request a copy of your personal data we hold

✏️ Right to Rectification (Art. 16 GDPR)

Correct inaccurate or incomplete data

🗑️ Right to Erasure (Art. 17 GDPR)

Request deletion of your data ("right to be forgotten")

📦 Right to Data Portability (Art. 20 GDPR)

Receive your data in a structured, machine-readable format

🚫 Right to Object (Art. 21 GDPR)

Object to processing based on legitimate interests

⏸️ Right to Restrict Processing (Art. 18 GDPR)

Request restriction of processing under certain conditions

↩️ Right to Withdraw Consent (Art. 7(3) GDPR)

Withdraw consent for analytics at any time

How to exercise your rights: Contact us at privacy@gigz.online. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

10. Data Security

We implement comprehensive security measures to protect your data:

  • Encryption: All data in transit uses HTTPS/TLS encryption
  • Password Security: Passwords are hashed using industry-standard algorithms (bcrypt/Argon2)
  • Access Controls: Role-based access control and authentication
  • Regular Updates: Security patches and updates applied promptly
  • Monitoring: Continuous security monitoring and logging
  • Backups: Regular encrypted backups with secure storage

11. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at privacy@gigz.online.

12. International Data Transfers

Our service is operated by HugMuninn Ltd., a company registered in the United Kingdom. All data is hosted and processed on servers located in Germany (European Union).

UK to EU Transfers

The United Kingdom has received an adequacy decision from the European Commission, meaning that data can flow freely between the UK and EU with the same level of protection as within the EU. This ensures your data is protected regardless of whether it's processed in the UK or EU.

Safeguards in place:

  • UK GDPR compliance (equivalent to EU GDPR)
  • EU Commission adequacy decision for UK
  • Data Processing Agreements with all third-party processors
  • Primary data storage within EU (Germany)

Google Analytics data may be transferred between EU countries but remains within the EU/EEA. All transfers comply with GDPR requirements and appropriate safeguards are in place.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

  • Updating the "Last updated" date at the top of this page
  • Showing a notice on our website
  • Sending an email to registered users (for material changes)

Your continued use of the service after changes constitutes acceptance of the updated policy.

14. Contact Information

For privacy-related questions, concerns, or to exercise your rights:

Email: privacy@gigz.online

Postal Address: HugMuninn Ltd., 83 Davis Road, London W3 7SF, United Kingdom

We aim to respond to all inquiries within 30 days as required by GDPR.

15. Supervisory Authority

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with the relevant data protection supervisory authority:

For the United Kingdom:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
United Kingdom
Phone: +44 (0) 303 123 1113
Website: www.ico.org.uk

For Germany (where data is processed):

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Str. 153
53117 Bonn, Germany
Website: www.bfdi.bund.de

You may contact either authority depending on your location or where you believe the data protection violation occurred.

Thank you for trusting Gigz.online with your data. We take your privacy seriously.