Back to Home

Privacy Policy

Last Updated: December 22, 2025

1. Introduction

VIYB Ltd, trading as Global Yacht Brokers Network ("GYBN," "we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you use our API service.

Data Controller: VIYB Ltd (Company No. 13691625), International House, 10 Beaufort Court, Admirals Way, Canary Wharf, London E14 9XL, United Kingdom.

This policy applies to data we collect directly from subscribers (yacht brokers) and indirectly through listing data (which may contain personal data of vessel owners and contacts).

2. Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract Performance: To provide the API service you subscribed to
  • Legitimate Interests: To improve our service, prevent fraud, and ensure security
  • Legal Obligation: To comply with tax, accounting, and regulatory requirements
  • Consent: Where required by law for marketing communications

3. Data We Collect

3.1 Subscriber Data (Broker Information)

When you subscribe to our service, we collect:

  • Account Information: Name, company name, email address, phone number, billing address
  • Authentication Data: API credentials, IP addresses (if whitelisting enabled)
  • Billing Information: Payment card details (processed by third-party payment processor), transaction history
  • Support Communications: Correspondence via email, chat, or phone

3.2 Listing Data

Listing data you submit via the API may contain:

  • Vessel Information: Specifications, descriptions, pricing, location
  • Contact Information: Owner names, email addresses, phone numbers (if included in listings)
  • Media: Photos, videos, documents

Important: You are the data controller for personal data within listing submissions. We process this data on your behalf as a data processor. See our Data Processing Agreement for details.

3.3 Technical Data

  • API Usage Logs: Request timestamps, endpoints accessed, response codes
  • Device Information: Browser type, operating system, IP address
  • Cookies: See our Cookie Policy for details

4. How We Use Your Data

4.1 Service Delivery

  • Authenticate API access
  • Validate and distribute listing data to authorized platforms
  • Process billing and payments
  • Provide technical support
  • Monitor API performance and uptime

4.2 Service Improvement

  • Analyze usage patterns to improve API performance
  • Develop new features based on subscriber needs
  • Generate anonymized analytics (no personally identifiable information)

4.3 Security and Fraud Prevention

  • Detect and prevent unauthorized access
  • Identify suspicious activity or fraudulent listings
  • Maintain audit logs for security investigations

4.4 Legal Compliance

  • Comply with tax and accounting regulations
  • Respond to lawful requests from authorities
  • Enforce our Terms of Service

5. Data Sharing and Disclosure

5.1 Authorized Distribution Platforms

We share listing data only with platforms you explicitly authorize. Current authorized platforms are listed in your account dashboard. We do not sell your data to third parties.

5.2 Service Providers

We engage third-party service providers who process data on our behalf:

  • Hosting: Amazon Web Services (AWS) - data centers in EU and UK
  • Payment Processing: Stripe - handles payment card data (PCI DSS compliant)
  • Email Communications: SendGrid - transactional emails only
  • Security: Cloudflare - DDoS protection and CDN services

All service providers are contractually obligated to protect your data and use it only for specified purposes.

5.3 Legal Disclosures

We may disclose personal data if required by law, court order, or governmental regulation, or to protect our legal rights.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. You will be notified via email of any such change.

6. Data Retention

  • Active Subscriptions: Data retained for the duration of your subscription
  • After Cancellation: Listing data deleted within 30 days; account data deleted within 90 days
  • Tax/Legal Records: Billing records retained for 7 years as required by UK tax law
  • Audit Logs: Security logs retained for 90 days

7. Your Rights (UK GDPR / EU GDPR)

Under UK and EU data protection law, you have the following rights:

7.1 Right to Access

Request a copy of the personal data we hold about you.

7.2 Right to Rectification

Correct inaccurate or incomplete personal data.

7.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data (subject to legal retention requirements).

7.4 Right to Restriction

Request that we restrict processing of your data in certain circumstances.

7.5 Right to Data Portability

Receive your data in a structured, machine-readable format (JSON export available).

7.6 Right to Object

Object to processing based on legitimate interests.

7.7 Right to Withdraw Consent

Withdraw consent for marketing communications at any time.

To exercise your rights: Email privacy@globalyachtbrokers.net. We will respond within 30 days.

8. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request disclosure of personal data collected, used, and shared
  • Right to Delete: Request deletion of personal data
  • Right to Opt-Out: Opt-out of sale of personal data (we do not sell data)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise CCPA rights, email privacy@globalyachtbrokers.net or call +44 7340 482091.

9. International Data Transfers

Data is primarily stored in AWS data centers located in the EU and UK. If data is transferred outside the UK/EU, we ensure adequate protections through:

  • Standard Contractual Clauses (SCCs) approved by the EU Commission
  • Adequacy decisions where applicable
  • Binding Corporate Rules for service providers

10. Security Measures

We implement industry-standard security measures:

  • Encryption: TLS 1.2+ for data in transit, AES-256 for data at rest
  • Access Controls: Role-based access, IP whitelisting options
  • Authentication: JWT tokens with expiration, optional two-factor authentication
  • Monitoring: 24/7 logging and intrusion detection
  • Regular Audits: Annual security assessments planned

11. Data Breach Notification

In the event of a data breach affecting your personal data, we will:

  • Notify you within 72 hours of discovering the breach
  • Inform the UK Information Commissioner's Office (ICO) where required
  • Provide details of what data was affected and steps we are taking
  • Offer guidance on protective measures you should take

Report security concerns: security@globalyachtbrokers.net

12. Children's Privacy

Our service is not directed at children under 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email with 30 days notice. The "Last Updated" date will be revised accordingly.

14. Supervisory Authority

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office

Wycliffe House, Water Lane, Wilmslow

Cheshire SK9 5AF, United Kingdom

Phone: 0303 123 1113

Website: https://ico.org.uk

15. Contact Us

Data Protection Officer

VIYB Ltd, trading as Global Yacht Brokers Network

International House, 10 Beaufort Court, Admirals Way

Canary Wharf, London E14 9XL, United Kingdom

Email: privacy@globalyachtbrokers.net

Phone: +44 7340 482091

Terms of ServiceData Processing AgreementCookie Policy