Privacy Policy | Findr Dublin

Effective Date: 1 February 2026
Last Updated: 14 March 2026

1. Introduction

Findr Dublin ("we", "us", "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect personal information when you use our lost property recovery service.

We operate in full compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Irish Data Protection Act 2018. As a Data Controller, we take our responsibilities seriously and are committed to transparency in our data practices.

2. Data Controller Information

The Data Controller responsible for your personal data is:

Findr Dublin
6 Fern Road
Sandyford, Dublin 18
D18FP98
Ireland

Email: info@findrdublin.ie
WhatsApp: +353 89 467 5775

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Information You Provide

Data Category	Examples	Purpose
Contact Details	Name, email address, phone number, postal address	To communicate about your claim and arrange delivery
Claim Information	Item description, venue visited, date lost, verification answers	To match and verify ownership of items
Payment Information	Transaction records (processed via Stripe/Revolut)	To process finder's fees and delivery charges

3.2 Information from Found Items

When we collect lost items from partner venues, certain items may contain personal data belonging to their owners:

Mobile Phones: We do not access, unlock, or view any data stored on devices. Phones are catalogued by external appearance only (make, model, colour, case description).
Wallets: We may view external identifying features. We do not photograph or record bank card numbers, though we may note the bank name for matching purposes.
Bags and Clothing: Catalogued by description only. Contents are not itemised unless visible without opening secured compartments.

Important: We do NOT collect passports, national identity cards, driving licences, or other government-issued identification documents. These remain with the venue or are reported to An Garda Síochána.

3.3 Technical Data

When you visit our website, we may collect:

IP address and approximate location
Browser type and version
Pages visited and time spent
Referring website

4. Lawful Basis for Processing

We process your personal data under the following lawful bases as defined in Article 6 of the GDPR:

Processing Activity	Lawful Basis
Processing claims and returning items	Legitimate Interest – Reuniting owners with their property is in the interest of both parties and is reasonably expected
Processing payments	Contract – Necessary to fulfil our service agreement
Contacting you about your claim	Legitimate Interest – Essential for service delivery
Retaining transaction records	Legal Obligation – Required for tax and accounting purposes
Website analytics	Legitimate Interest – To improve our service and user experience

4.1 Legitimate Interest Assessment

Where we rely on legitimate interest, we have conducted a Legitimate Interest Assessment (LIA) and concluded that:

Returning lost property to its rightful owner serves both our business purpose and the owner's interests
Data subjects would reasonably expect their information to be used for this purpose
The processing is necessary and proportionate
The fundamental rights of data subjects are not overridden

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. We distinguish between physical item retention and personal data retention:

5.1 Physical Item Retention

Lost items collected from Partner Venues are stored at our secure facility for a maximum of 30 days from the date of collection. After 30 days, unclaimed items become the property of Findr Dublin (see our Terms of Service, Section 5) and may be donated, recycled, or sold at our discretion.

5.2 Personal Data Retention

Data Type	Retention Period	Reason
Found item records (unclaimed)	30 days from collection	Standard holding period; records (photos, descriptions) securely deleted after physical item is processed
Successful claim records	6 years	Legal and accounting requirements; dispute resolution
Unsuccessful claim enquiries	90 days	In case item is found later or claim is renewed
Payment transaction records	7 years	Irish tax and accounting obligations
Website analytics	26 months	Service improvement analysis

After the retention period expires, data is securely deleted or anonymised. Personal data associated with unclaimed items (including photographs and item descriptions) is deleted within 7 days of the item being donated, recycled, or sold.

6. Data Sharing

We may share your personal data with the following categories of recipients:

6.1 Service Providers

Payment Processors: Stripe and Revolut process payments on our behalf. They act as independent Data Controllers for payment data.
Courier Services: An Post, DPD, or other delivery partners receive your name and address solely for delivery purposes.
Communication Platforms: WhatsApp (Meta) for customer messaging.

6.2 Partner Venues

We do NOT share your personal data with partner venues. Venues transfer found items to us, but we handle all customer interactions directly.

6.3 Legal Requirements

We may disclose personal data if required by law, regulation, or legal process, including:

Requests from An Garda Síochána regarding suspected stolen property
Court orders or legal proceedings
Irish Data Protection Commission investigations

7. International Data Transfers

Your data is primarily stored and processed within the European Economic Area (EEA). Where data is transferred outside the EEA (e.g., to service providers with US-based infrastructure), we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
Transfers to countries with EU adequacy decisions

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data:

Physical Security: Secure, access-controlled storage facility with 24/7 monitoring
Digital Security: Encrypted data storage, secure communication channels, access controls
Staff Training: All personnel handling personal data receive GDPR training
Incident Response: Procedures in place to detect, report, and investigate data breaches

9. Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

Right	Description
Access	Request a copy of the personal data we hold about you
Rectification	Request correction of inaccurate or incomplete data
Erasure	Request deletion of your data ("right to be forgotten")
Restriction	Request limited processing of your data in certain circumstances
Portability	Receive your data in a structured, machine-readable format
Object	Object to processing based on legitimate interest
Withdraw Consent	Where processing is based on consent, withdraw it at any time

To exercise any of these rights, please contact us using the details in Section 12. We will respond within one month of receiving your request.

10. Cookies

Our website uses cookies to enhance your browsing experience:

Essential Cookies: Required for the website to function (no consent needed)
Analytics Cookies: Help us understand how visitors use our site (consent required)

You can manage cookie preferences through your browser settings. Disabling cookies may affect website functionality.

11. Children's Privacy

Our service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

12. Contact Us

Data Protection Enquiries

For any questions about this Privacy Policy or to exercise your data protection rights:

Email: info@findrdublin.ie
Post: Findr Dublin, 6 Fern Road, Sandyford, Dublin 18, D18FP98
WhatsApp: +353 89 467 5775

We aim to respond to all enquiries within 5 working days.

13. Complaints

If you are not satisfied with our response to a data protection concern, you have the right to lodge a complaint with the Irish Data Protection Commission:

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland

Website: www.dataprotection.ie
Phone: +353 1 765 0100 / 1800 437 737

14. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via our website and, where appropriate, by email. The "Last Updated" date at the top of this policy indicates when it was last revised.

This Privacy Policy is governed by Irish law and is subject to the jurisdiction of the Irish courts.