Privacy Policy

Last updated: June 15, 2026

This Privacy Policy explains how BBF FACILITY MANAGEMENT CY LTD(“BBF FACILITY MANAGEMENT”, “we”, “us”, “our”) collects, uses, stores and protects personal data when you use the the Wise House mobile application, web portal, administrative panel, manager tools, technician tools, security tools, websites and related digital services together referred to as the “Service”.

We are committed to protecting your privacy and processing personal data in accordance with applicable data protection laws, including the General Data Protection
Regulation (EU) 2016/679 (“GDPR”), where applicable.

1. Who we are
The Service is provided by:
BBF FACILITY MANAGEMENT CY LTD
Registered address: 4046, Linassol. 28, Ampelakion Street
TIC: CY12322741H
Email for privacy requests: care@bbf.com

If you use the Service through a residential complex, property developer, property management company, homeowners association, employer, hotel, office building or another organization, that organization may also be responsible for how your personal data is processed.

2. Our role under GDPR
Depending on how the Service is used, the Wise House may act either as a Data Controller or as a Data Processor.

In many cases, user profiles, account access and permissions are created and managed by a property developer, property management company, homeowners association, residential complex, employer, hotel, office building or another organization that uses the Wise House to manage access to its digital ecosystem.

In such cases, the relevant organization determines why and how personal data is processed. That organization usually acts as the Data Controller, and the Wise House processes personal data on its behalf as a Data Processor, based on the organization’s instructions and the applicable agreement.

the Wise House acts as a Data Controller when we process personal data for our own purposes, for example in relation to our website, support communications, service operation, security logs, product analytics, billing, legal compliance and communication
with clients.

If you are not sure who the Data Controller is for your profile, you may contact us, and we will help identify the relevant organization.

3. Personal data we may collect
Depending on the features enabled for your building, organization or account, we may process the following categories of personal data.

Account and identification data
We may process:
  • name and surname
  • phone number
  • email address
  • profile photo or avatar, if provided
  • language preferences
  • user role, permissions and access rights
  • authentication and authorization data
Property, community and access data
We may process:
  • residential complex, building, entrance, floor, apartment, house, parking place, storage unit or other property-related information
  • status as owner, tenant, co-resident, representative, employee, guest or another authorized user
  • vehicle information, license plate number or parking access data, if enabled
  • access permissions, passes, QR codes, NFC access or other access-related records, if enabled
  • history of changes related to access rights, where required for security and audit purposes
Service request and communication data
We may process:
  • service requests, maintenance requests, incident reports and related descriptions
  • photos, videos, documents or other files uploaded by you or by authorized users
  • chat messages with managers, technicians, security staff or other authorized representatives
  • comments, reactions, votes, survey answers, event registrations and other interactions within the Service
  • status history and communication related to requests, tasks or incidents
Payment and billing data
Where payment or billing features are enabled, we may process:
  • invoices, charges, payment status and transaction references
  • payment history related to services, utilities, rent, bookings or other enabled payment flows
  • limited payment-related information received from payment providers
  • billing identifiers required to display or reconcile payments
We do not intentionally store full payment card details. Payments are processed by
third-party payment providers, where applicable.
Technical and device data
We may process:
  • IP address
  • device type, device name and operating system
  • app version, browser type and language settings
  • push notification token
  • crash reports, error logs and diagnostic data
  • date, time and duration of use
  • actions performed in the Service for security, support and audit purposes
Support and communication data
We may process:
  • messages sent to our support team
  • email correspondence
  • information you provide when requesting help, reporting an issue or requesting deletion of your profile access or personal data

4. How we receive personal data
We may receive personal data in the following ways:
  • directly from you when you use the Service
  • from the organization that manages your access to the Service
  • from administrators, managers, security staff, technicians or other authorized representatives
  • automatically from your device when you use the app, website or web portal
  • from third-party service providers used to deliver the Service
  • from integrated systems, if such integrations are enabled by the relevant organization

5. Why we process personal data
We process personal data for the following purposes.
To provide access to the Service
We use personal data to create, verify and manage user profiles, connect users to the correct building, property or organization, assign permissions and provide access to available features.

To manage property, residential and community services
We process data to support service requests, maintenance workflows, communication with property managers, announcements, news, polls, events, documents, bookings, access control, passes and other features enabled by the relevant organization.

To provide support
We use personal data to respond to questions, investigate technical issues, fix errors, process support requests and improve the quality and reliability of the Service.

To process payments and billing information
Where payment features are enabled, we process payment-related information to display invoices, confirm payment status, provide transaction history and support financial reconciliation.

To send notifications
We may send push notifications, service messages, status updates, reminders, security alerts or administrative notifications related to your use of the Service.

To protect the Service and users
We process technical, security and audit data to prevent fraud, unauthorized access, misuse, technical errors and security incidents.

To improve the Service
We may use technical, diagnostic and usage data to understand how the Service works, improve performance, develop new features and ensure reliability.

To comply with legal obligations
We may process and retain data where required by applicable law, court order, regulatory request, accounting rules or other legal obligations.

6. Legal basis for processing
Where the Wise House acts as a Data Controller, we rely on one or more of the following legal bases:
  • Performance of a contract — when processing is necessary to provide the Service or support a contractual relationship.
  • Legitimate interests — when processing is necessary for service operation, security, fraud prevention, support, analytics, product improvement or business administration, provided that such interests are not overridden by your rights and freedoms.
  • Consent — where consent is required, for example for certain optional features, marketing communications, cookies or similar technologies.
  • Legal obligation — where processing is necessary to comply with applicable laws and regulations.
Where the Wise House acts as a Data Processor, the relevant organization acting as Data Controller is responsible for determining the appropriate legal basis for processing personal data.

7. Third-party service providers
We may use trusted third-party service providers to operate, maintain and improve the Service. These providers may process personal data only as necessary to provide their services to us or to the relevant organization.

Such providers may include:
  • hosting and cloud infrastructure providers
  • database and backup providers
  • SMS, email and push notification providers
  • payment service providers
  • analytics, crash reporting and diagnostics providers
  • customer support tools
  • authentication and security providers
  • AI or automation service providers, where enabled
  • integration partners connected to the relevant organization’s systems
We require service providers to implement appropriate technical and organizational measures to protect personal data and to process it only under appropriate instructions and legal safeguards.

8. AI and automation features
Some features of the Service may use AI or automation to help generate service request descriptions, classify requests, improve support workflows or assist administrators and managers.

When such features are enabled, the content you provide, such as request text, photos or related metadata, may be processed to deliver the requested functionality.

We do not use your personal data to train public AI models unless this is explicitly agreed with the relevant organization or permitted under applicable law.

9. Data sharing
We may share personal data with:
  • the organization that manages your profile or access to the Service
  • authorized administrators, managers, technicians, security staff or service providers connected to your building, property or organization
  • payment providers, where payment functionality is enabled
  • third-party service providers that help us deliver the Service
  • public authorities, regulators, courts or law enforcement agencies where required by law
  • professional advisers, auditors or legal representatives where necessary
We do not sell your personal data.

10. International data transfers
We aim to store and process personal data within the European Economic Area where reasonably possible.
However, some third-party service providers may process data outside the European Economic Area. Where this happens, we use appropriate safeguards, such as adequacy decisions, Standard Contractual Clauses or other lawful transfer mechanisms required by applicable data protection law.

11. Data retention
We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required by law or by the lawful instructions of the relevant organization acting as Data Controller.
Retention periods may depend on the type of data, the organization’s settings, legal requirements and the nature of the Service.

As a general rule:
  • account and access data is retained while your profile is active or while required by the relevant organization
  • service requests, chats, photos and related records are retained according to the organization’s retention settings or contractual requirements
  • payment and billing records are retained for the period required by applicable accounting and tax laws
  • technical logs and security records are retained for a limited period necessary for security, diagnostics and audit purposes
  • backup copies may remain for a limited period until they are securely overwritten or deleted
When data is no longer needed, we delete it, anonymize it or securely restrict access to it.

12. Account access and data deletion requests
The the Wise House app does not provide public self-registration and does not allow users to create accounts independently.

User profiles, account access and permissions are created, assigned and managed by the relevant property developer, property management company, homeowners association, residential complex, employer, hotel, office building or another organization that uses the Wise House to manage access to its digital ecosystem. Because user access is managed by the relevant organization, users cannot independently delete their account directly in the app. However, users may request deletion of their profile access and personal data by contacting us at: care@bbf.com

After receiving a deletion request, we will review and process it in accordance with applicable data protection laws, including the GDPR where applicable.

If the user profile is managed by an organization acting as the Data Controller, we may forward the request to that organization or process the request based on that organization’s lawful instructions.

Where applicable, the user’s access to the Service may be removed, and personal data may be deleted, anonymized or restricted, unless certain data must be retained for legal, accounting, security, audit, dispute resolution, property management or legitimate operational purposes.

Please note that deleting or restricting a profile may result in loss of access to the app, residential complex services, service requests, documents, chats, bookings, passes, access permissions, payment history or other features connected to that profile.

13. Your GDPR rights
Where GDPR applies, you may have the following rights:
  • the right to access your personal data
  • the right to correct inaccurate or incomplete personal data
  • the right to request deletion of your personal data
  • the right to restrict processing
  • the right to object to processing
  • the right to data portability
  • the right to withdraw consent where processing is based on consent
  • the right to lodge a complaint with a data protection supervisory authority
To exercise your rights, contact us at: care@bbf.com

If your profile is managed by an organization acting as Data Controller, we may redirect your request to that organization or assist that organization in responding to your

14. Security
We use appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration or disclosure.

These measures may include access controls, role-based permissions, authentication controls, encryption where appropriate, secure hosting, backups, monitoring, logging and internal security procedures.

However, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security, but we work to protect personal data using commercially reasonable and industry-standard measures.

15. Cookies and similar technologies
Our website and Service may use cookies, SDKs or similar technologies to operate the Service, remember preferences, analyze usage, detect errors and improve performance.

Some third-party services integrated into the app or website may also use cookies or similar technologies.

Where required by law, we will ask for your consent before using non-essential cookies or similar technologies.

You may manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the Service.

16. Push notifications
The app may send push notifications related to your profile, service requests, news, announcements, payments, bookings, access rights or other Service features. You may disable push notifications through your device settings. Some important service messages may still be displayed inside the app.

17. Children’s privacy
The Service is not intended for use by children without appropriate authorization from a parent, guardian, relevant organization or another legally authorized person. We do not knowingly collect personal data from children without an appropriate legal basis. If we become aware that personal data of a child has been processed unlawfully, we will take reasonable steps to delete or restrict such data.

If you believe that a child’s personal data has been provided to us without proper authorization, please contact us at: care@bbf.com

18. Links to other websites and services
The Service may contain links to third-party websites, payment pages, documents or external services.

We are not responsible for the privacy practices, content or security of third-party websites or services. We recommend reviewing their privacy policies before providing any personal data.

19. Changes to this Privacy Policy
We may update this Privacy Policy from time to time.
If we make material changes, we may notify users by posting the updated Privacy Policy on our website, inside the app or through another appropriate communication channel.

The updated version will apply from the date stated at the top of this Privacy Policy.

20. Contact us
If you have questions about this Privacy Policy, your personal data or your privacy rights, please contact us:

BBF FACILITY MANAGEMENT CY LTD
Registered address: 4046, Linassol. 28, Ampelakion Street
Email for privacy requests: care@bbf.com