Privacy Policy

1. Introduction

FieldFinders ("we", "us", "our") is committed to protecting the personal data of all users of our Platform. This Privacy Policy explains how we collect, use, store, and protect personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).

The Data Controller is Gitwix Limited, registered in England and Wales, company number 15817715, with registered office at 9 Owen Street, Manchester, M15 4AU, United Kingdom.

Our Data Protection contact: admin@fieldfinders.co.uk

2. Data We Collect

We collect the following categories of personal data:

2.1 Account Registration Data

• Full name
• Email address
• Password (stored in encrypted form)
• Phone number
• Date of birth (to verify you are 18+)
• User type (Landowner or Detectorist)

2.2 Landowner-Specific Data

• Land ownership evidence or authority documentation
• Land address and boundary information
• Bank account details (for payouts — processed by Stripe, not stored by us)
• Property insurance information (if voluntarily provided)

2.3 Detectorist-Specific Data

• Proof of identity (if requested for verification)
• NCMD or FID membership number (which doubles as proof of the £10M public liability insurance required to detect)
• Photograph of NCMD/FID membership card (captured at the point of booking and shared with the Landowner as evidence of cover)
• Metal detecting experience level (self-declared)

2.4 Booking and Transaction Data

• Booking history
• Search Agreement terms
• Payment transaction records
• Booking dates, times, and land locations
• Cancellation and refund records

2.5 Communication Data

• Messages sent between Users through our in-Platform messaging system
• Correspondence with our support team
• Emails sent to you regarding bookings, confirmations, and disputes

2.6 Technical and Usage Data

• IP address
• Device type and operating system
• Browser type
• App usage logs and session data
• Cookies and similar tracking data (see our Cookie Policy)
• Location data (only if you expressly permit access to device location for map features)

2.7 User-Generated Content

• Land listing descriptions, photos, and details submitted by Landowners
• Reviews and ratings submitted by Users

3. How We Use Your Data

We process your personal data on the following lawful bases:

• Creating and managing your account — Performance of contract (Article 6(1)(b) UK GDPR)
• Facilitating bookings and Search Agreements — Performance of contract
• Processing payments — Performance of contract
• Communicating with you about Bookings — Performance of contract
• Verifying your identity and age (18+) — Legal obligation / Legitimate interests
• Verifying NCMD/FID membership and legal compliance — Legitimate interests
• Sending service updates and safety notices — Legitimate interests
• Sending marketing communications (with consent) — Consent (Article 6(1)(a) UK GDPR)
• Fraud prevention and security — Legitimate interests / Legal obligation
• Resolving disputes — Legitimate interests
• Complying with legal obligations (Treasure Act, court orders, etc.) — Legal obligation (Article 6(1)(c) UK GDPR)
• Improving the Platform — Legitimate interests
• Analytics and performance monitoring — Legitimate interests (with appropriate safeguards)

4. Data Sharing

We share personal data with:

4.1 Other Users. Certain profile information (name, user type, rating) is visible to other Users to facilitate introductions. Bank account details are never shared with other Users.

4.2 Payment Processor. We use Stripe (or an equivalent licensed payment services provider) to process payments. Stripe processes your payment data as an independent data controller under its own privacy policy. We do not store full card details.

4.3 Service Providers. We may share data with trusted third-party service providers who assist us in operating the Platform (e.g., cloud hosting, email services, analytics). These providers process data on our behalf and are contractually bound by data processing agreements under Article 28 UK GDPR.

4.4 Legal Authorities. We will disclose personal data to law enforcement, regulatory authorities, or courts where required to do so by law, including where we are required to report suspected criminal activity relating to Treasure theft, trespass, or fraud.

4.5 Business Transfer. If we sell or transfer any part of our business, personal data may be transferred as part of that transaction. We will notify you in advance.

4.6 We do not sell personal data to third parties.

5. Data Retention

We retain personal data for the following periods:

• Account data — Duration of account + 6 years after closure
• Booking and transaction records — 6 years (for tax and legal compliance)
• Payment records — 7 years (HMRC requirement)
• Communications — 3 years from last communication
• Dispute records — 6 years from resolution
• Membership card photographs and other verification documents — Duration of account + 2 years
• Technical/usage logs — 12 months

After the applicable retention period, data is securely deleted or anonymised.

6. International Transfers

We store data primarily within the UK. Where any data is transferred outside the UK, we ensure appropriate safeguards are in place under UK GDPR Article 46, such as the UK International Data Transfer Agreement (IDTA) or an adequacy decision.

7. Your Rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you (Subject Access Request)
• Rectify inaccurate or incomplete personal data
• Erase your personal data in certain circumstances ("right to be forgotten")
• Restrict processing of your personal data
• Object to processing based on legitimate interests or for direct marketing
• Data portability — receive your data in a structured, machine-readable format
• Withdraw consent at any time (where processing is based on consent)
• Not be subject to solely automated decision-making where this has legal or significant effects

To exercise any of these rights, contact us at: admin@fieldfinders.co.uk

We will respond within 30 days. We may need to verify your identity before processing your request.

If you are dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): www.ico.org.uk | Tel: 0303 123 1113.

8. Children

The Platform is not intended for use by persons under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a person under 18, we will delete it immediately.

9. Security

We implement appropriate technical and organisational security measures to protect personal data, including:

• Encryption of data in transit (TLS/HTTPS)
• Encryption of data at rest
• Access controls limiting data access to authorised personnel only
• Regular security reviews and penetration testing
• Incident response procedures for data breaches

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, notify affected individuals without undue delay.

10. Cookies

We use cookies and similar technologies on the Platform. Please see our Cookie Policy for full details. You can manage your cookie preferences through our cookie preference centre, accessible at any time from the Platform footer.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and/or through the Platform. Your continued use of the Platform following the update constitutes your acceptance of the revised Policy.

Data Controller: Gitwix Limited, 9 Owen Street, Manchester, M15 4AU, United Kingdom. Gitwix Limited processes personal data in accordance with the UK GDPR and the Data Protection Act 2018. Data protection queries: admin@fieldfinders.co.uk.