Privacy Notice
Gaurdius is usually the controller for website, account, onboarding, platform operations, support, billing, and security processing. Suppliers are normally separate controllers for the personal data they use for their own contracts and service delivery.
1. Who we are
1.1 Gaurdius is operated by Paragraph Software Limited (company number 16767863), registered in England and Wales, with registered office at Building 2 Guildford Business Park, Guildford, England, GU2 8XG.
1.2 For the purposes of data protection law, Paragraph Software Limited is the controller of the personal data described in this Notice except where this Notice says a Supplier or another party acts separately as controller.
1.3 You can contact us about privacy matters at support@gaurdius.com.
2. What this Notice covers
2.1 This Notice explains how we collect, use, store, share, and protect personal data when you visit the website, create an account, browse listings, submit enquiries, communicate through the Platform, receive support, or otherwise interact with Gaurdius.
2.2 If you enter into a Supplier Contract, the Supplier will usually process your personal data for its own purposes as a separate controller. The Supplier's own privacy notice and contract terms may therefore also apply.
3. The personal data we collect
- Identity and contact data, such as your name, email address, phone number, organisation, and billing or correspondence details.
- Account data, such as login details, role, verification status, and account preferences.
- Booking and enquiry data, such as service requests, dates, times, locations, itinerary information, service preferences, booking status, and platform messages.
- Supplier onboarding data, such as business information, licence information, insurance information, proof of authority, and other information reasonably requested for platform access.
- Technical and usage data, such as IP address, browser or device details, cookies, authentication logs, and activity records.
- Support and complaint information, such as support tickets, emails, chat records, and evidence supplied in relation to a complaint or misuse report.
- Billing and transaction data, such as invoice details, fee records, commission records, and limited payment metadata where relevant to platform fees or managed payments.
3.1 Please avoid uploading special category data or highly sensitive personal information unless it is strictly necessary for a booking and lawful to share. If you provide personal data about another person, you must have authority to do so and, where required, you must give them relevant privacy information.
4. Where we get personal data from
- Directly from you when you create an account, browse, message, book, or contact support.
- From Suppliers and Clients when they share booking information, account details, complaint material, or supporting records with us.
- Automatically from your device and browser when you use the website or Platform.
- From service providers, payment providers, verification partners, or public sources where reasonably necessary for onboarding, billing, fraud prevention, or legal compliance.
5. How we use personal data and our legal bases
| Purpose | Examples of data used | Legal basis |
|---|---|---|
| Create and manage accounts | Identity, contact, account and login data | Performance of a contract with you, or steps at your request before entering into a contract |
| Operate the platform and facilitate enquiries and booking workflows | Account, booking, message, profile and technical data | Performance of a contract; legitimate interests in running an orderly, secure marketplace |
| Onboard and review Suppliers | Business details, licence and insurance information, verification material, contact and technical data | Legitimate interests in platform safety, fraud prevention, quality control and business operations; legal obligations where applicable |
| Provide support, investigate misuse, and handle complaints | Support records, communications, booking history, technical logs, evidence supplied by users | Legitimate interests in support, security, abuse prevention and dispute management; legal obligations where applicable |
| Administer billing, commission, platform fees and records | Billing contact details, invoices, transaction references, fee history and related logs | Performance of a contract; legitimate interests in collecting sums due and maintaining financial records; legal obligations |
| Comply with law and protect legal rights | Any data reasonably required for compliance, fraud prevention, record keeping, claims or regulatory responses | Legal obligations; legitimate interests in defending legal claims and protecting the business and its users |
6. Sharing personal data
6.1 We may share personal data with Suppliers and Clients where necessary to facilitate enquiries, bookings, support, complaint handling, or legitimate platform operations.
6.2 We may share personal data with hosting, authentication, communications, analytics, support, payment, or other service providers that process data on our behalf.
6.3 We may also share personal data with professional advisers, auditors, insurers, prospective investors or buyers, regulators, law enforcement, courts, or public authorities where required by law or reasonably necessary to establish, exercise, or defend legal rights.
6.4 If Gaurdius later offers managed payments, additional data may be shared with the relevant payment service provider under the payment terms for that service.
7. International transfers
7.1 Where personal data is transferred outside the UK, we will take appropriate steps to ensure that a lawful transfer mechanism and appropriate safeguards are in place.
8. Retention
8.1 We keep personal data only for as long as reasonably necessary for the purposes described in this Notice, including platform administration, support, security, record-keeping, and legal compliance.
8.2 In general, we expect to retain core account, billing, and booking records for the life of the account and for a reasonable period afterwards, commonly up to 6 years where needed for tax, limitation, audit, fraud prevention, or legal defence purposes. We may keep shorter or longer periods where the law or the circumstances require.
9. Security
9.1 We use reasonable technical and organisational measures designed to protect personal data, including role-based access, authentication controls, logging, and secured infrastructure.
9.2 No system is completely secure. You should also take care when sharing information and should only disclose information that is necessary for your enquiry or booking.
9.3 Where a Supplier exports, downloads, or sends personal data outside the Platform, that Supplier is normally responsible for the security and legality of that separate processing.
10. Your rights
10.1 Subject to applicable law, you may have rights to request access, correction, erasure, restriction, objection, portability, and withdrawal of consent where relevant.
10.2 You also have the right to complain to the Information Commissioner's Office (ICO).
11. Cookies and technical information
11.1 We may use cookies and similar technologies for authentication, security, analytics, and service improvement. You can manage cookies through your browser settings and any cookie controls made available on the website.
12. Contact and complaints
12.1 For questions or requests about this Notice or your personal data, contact support@gaurdius.com.
12.2 If you are unhappy with how we handle your personal data, you can also complain to the ICO.