Biometric Policy

Last Updated: 21st May, 2025

At Gidaah Property Management Limited (hereafter referred to as Gidaah), protecting the privacy and integrity of our users’ data is a top priority. This Biometric Information Policy explains how biometric data—specifically facial recognition data—is collected, used, stored, protected, and deleted in compliance with applicable global privacy regulations, including the General Data Protection Regulation (GDPR), PIPEDA, and other international data protection laws.

This policy is intended for all users who interact with Gidaah’s services, including but not limited to guests, travellers, digital nomads, corporate clients, and families using our apartment rental platform.

1. Purpose of This Policy

Gidaah uses facial biometric data to verify the identity of users during the account creation and booking process. This is essential for:
  • Enhancing user trust and safety
  • Preventing identity fraud
  • Complying with anti-money laundering (AML) and Know Your Customer (KYC) regulations
  • Ensuring a secure booking experience

We do not use biometrics for profiling, behavioral tracking, or advertising purposes.

2. What Biometric Information We Collect

Gidaah collects facial recognition data only, and solely for the purpose of confirming that the individual attempting to create or access an account is the same person as represented in their submitted government-issued identification.

No other types of biometric identifiers (such as fingerprints, retina scans, or voiceprints) are collected or processed.

All facial biometric data is processed exclusively by our identity verification partner, Veriff, a global leader in secure biometric verification

3. Collection and Processing

When a user registers or attempts to book a stay through the Gidaah platform, they are required to upload a government-issued ID and provide a live image or video selfie. This media is analyzed by Veriff using facial recognition technology to confirm identity.

This process occurs only with the user’s explicit and informed consent. Users are provided with full disclosure and must agree to the biometric verification process before it begins.

Users who choose not to undergo biometric verification will not be able to complete bookings on the platform, as identity verification is a core requirement for service access.

4. Use of Biometric Data

Biometric data collected through Veriff is used strictly for
  • Verifying a user's identity against submitted ID documentation
  • Preventing fraudulent activities on the platform
  • Supporting compliance with international KYC/AML standards
  • Enhancing security during user onboarding
This data is not used for behavioral analysis, advertising, or shared with any unrelated third party.

5. Storage and Retention

Gidaah does not directly store biometric data. All biometric information is securely handled and stored by Veriff on encrypted servers that meet the security and compliance standards of major data protection laws.

The facial biometric data is retained for a period of six (6) months from the time of collection. After this retention period, the data is permanently deleted unless required to be retained for legal or compliance reasons.

6. Access and Security

Access to biometric data is strictly limited. At Gidaah, only the Data Protection Officer has privileged access to related biometric records, and this is for compliance oversight only—not for direct handling or processing of the data itself.

Veriff, as our data processor, employs robust technical and organizational measures to protect biometric data, including:
  • End-to-end encryption
  • Limited data access protocols
  • Regular security audits

7. Disclosure to Third Parties

Gidaah does not share, sell, or rent biometric data to any third parties outside of Veriff. The only scenarios under which biometric data may be disclosed are
  • As required by law or in response to a legally binding request (e.g., court order, law enforcement subpoena)
  • With the user’s explicit, written consentWith the user’s explicit, written consent
We do not disclose biometric data for commercial use, marketing, or profiling purposes

8. User Rights and Control

Users have full control over their biometric data and may:
  • Request details about the biometric data collected
  • Withdraw their consent at any time (subject to verification implications)
  • Request permanent deletion of their biometric data (subject to legal and verification constraints)
To make any such requests, users may contact our Data Protection Officer at compliance@gidaah.com.

Note: Withdrawal of consent or request for deletion may affect your ability to continue using Gidaah’s platform if your identity cannot be verified through other means

9. Compliance with Global Laws

Gidaah and its partners operate in accordance with international data protection regulations, including:
  • GDPR (General Data Protection Regulation – European Union)
  • PIPEDA (Personal Information Protection and Electronic Documents Act – Canada)
  • BIPA (Biometric Information Privacy Act – U.S., where applicable)
  • Other relevant global privacy frameworks
We continuously monitor compliance requirements and update our policies as needed to reflect changes in legal and technological standards.

10. Policy Updates

This Biometric Information Policy may be revised periodically to reflect changes in laws, best practices, or platform operations. When updates are made, users will be notified by email or via a prominent notice on our platform.

10. Contact Information

If you have any questions about this policy, how your biometric data is handled, or your rights, please contact us:

Gidaah
Email: compliance@gidaah.com
Headquarters: Namibia