Privacy Policy
Last updated: 10 March 2026
1. Data Controller and Contact
The GruntWrk platform is owned and operated by CHILIBLUE, UNIPESSOAL LDA, a company registered in Portugal. CHILIBLUE, UNIPESSOAL LDA is the data controller for personal data processed through the Platform.
Privacy requests, rights requests, and complaints may be sent to service@gruntwrk.com.
2. Personal Data We Process
Depending on how you use the Platform, we may process:
- Account and profile data (name, email, phone, location, account preferences)
- Identity and verification-related data you choose to provide
- Platform activity data (listings, requests, messages, interactions, reports)
- Transaction and billing-related data where applicable
- Device and technical data (IP address, browser, device identifiers, logs)
- Support and complaint communications
3. Purposes and Legal Bases
We process personal data for the following purposes and legal bases:
- To provide and operate the Platform and user accounts (performance of a contract)
- To maintain security, prevent abuse, and detect fraud (legitimate interests and legal obligations)
- To communicate service, legal, and safety notices (contract and legal obligations)
- To process support requests and disputes (legitimate interests and legal obligations)
- To comply with legal, regulatory, tax, and law-enforcement requests (legal obligations)
- To analyze and improve Platform performance (legitimate interests; consent where legally required)
- To send marketing communications (consent where legally required; opt-out available)
4. Data Sources and Sharing
We receive data directly from users, from user activity on the Platform, and from integrated service providers. We may share personal data with processors and service providers who support hosting, analytics, security, communications, payment flows, customer support, and legal compliance.
Information you publish or share with other users is shared at your own discretion and risk. We are not responsible for third-party use or misuse of data that users disclose directly to each other.
5. International Transfers
Where personal data is transferred outside the European Economic Area, we use transfer mechanisms required by applicable law, such as adequacy decisions or standard contractual clauses, and apply supplementary safeguards where appropriate.
6. Retention
We retain personal data only for as long as necessary for the purposes described in this Policy, including legal, accounting, tax, dispute, and security requirements. Retention periods vary by data category and legal obligations.
7. Your Rights
Subject to applicable law, you may have rights to access, rectify, erase, restrict, object, and request data portability, and to withdraw consent at any time where processing is based on consent.
You also have the right to lodge a complaint with your local data protection authority or with the Portuguese supervisory authority (CNPD).
8. Security and Incidents
We implement reasonable technical and organizational safeguards to protect personal data. No internet transmission or storage system is fully secure, and we cannot guarantee absolute security.
Where legally required, we will notify competent supervisory authorities and affected users of qualifying data breaches within applicable legal timelines.
9. Children
The Platform is not intended for users under 18 years of age. We may suspend or remove accounts that reasonably appear to belong to underage users.
10. Automated Decision-Making
We do not make solely automated decisions that produce legal or similarly significant effects without human involvement. If this changes, we will update this Policy as required by law.
11. No Sale of Personal Data
We do not sell personal data.
12. Limitation and Mandatory Rights Carve-Out
To the maximum extent permitted by law, CHILIBLUE, UNIPESSOAL LDA and its members, directors, partners, affiliates, employees, agents, contractors, licensors, and service providers are not liable for losses resulting from unauthorized access or disclosure caused by factors outside our reasonable control.
Nothing in this Privacy Policy excludes or limits rights or remedies that cannot be excluded under applicable law, including rights under data protection law and any rights to lodge complaints or seek compensation where legally available.
13. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date indicates when the latest version became effective.
14. Governing Law
This Privacy Policy is governed by the laws of Portugal and applicable European Union data protection legislation, including the General Data Protection Regulation (GDPR).