RORUEN
IVO.md
Marketplace boxes

Privacy Policy – IVO Marketplace SRL

Version: 1.0
Effective date: 1 January 2026

This Privacy Policy describes how Limited Liability Company IVO MARKETPLACE ("IVO", "we") collects, uses, stores, and protects the personal data of users of the IVO.md platform (website and applications), including customers, merchants, merchants’ representatives, and visitors.

1. Who we are – Data Controller

The personal data controller is:

Limited Liability Company IVO MARKETPLACE
IDNO: 1024602014330
Status: Active
Registration date: 14.11.2024
Registered office: mun. Bălți, str. Filip Nicolae, nr. 2, Republic of Moldova
Data protection email: [email protected]

2. Applicable legal framework

We process personal data in accordance with the legislation of the Republic of Moldova, in particular:

  • Law no. 133/2011 on the protection of personal data, applicable as of the date of this Policy.

Please note that Law no. 195/2024 on the protection of personal data has been published and will enter into force on 23 August 2026, replacing Law no. 133/2011. IVO will update this Policy accordingly when the new law becomes applicable.

The national supervisory authority is the National Center for Personal Data Protection (CNPDCP).

3. What data we collect

Depending on how you interact with the IVO.md platform, we may collect the following categories of data:

A. Identification and contact data

  • first and last name;
  • email address;
  • phone number;
  • delivery and/or billing address.

B. Account and authentication data

  • user account data;
  • login history;
  • account settings and preferences.

C. Order and transaction data

  • ordered products;
  • order status;
  • delivery details;
  • billing information (where applicable).

D. Merchant data (B2B)

  • company name;
  • IDNO;
  • registered office;
  • legal representative details;
  • bank account (exclusively for settlements);
  • compliance documents, if legally or contractually required.

E. Technical and usage data

  • IP address;
  • device type;
  • operating system and browser;
  • cookies and similar technologies;
  • visited pages and interactions on the platform;
  • technical and security logs.

F. Communication and support

  • messages sent via forms or email;
  • support requests;
  • feedback;
  • conversation recordings only if previously announced and permitted by law.

IVO does not request and does not intentionally process sensitive data (e.g., health, political opinions, religious beliefs). Users are kindly asked to avoid providing such data in free-text fields.

4. Purposes of processing

We process personal data for:

  • creating and managing accounts on IVO.md;
  • processing orders, deliveries, returns, and complaints;
  • issuing fiscal documents and accounting records, where applicable;
  • merchant onboarding and managing the commercial relationship;
  • platform security and fraud prevention;
  • audits, technical investigations, and service improvements;
  • statistical and performance analyses;
  • sending marketing communications, only based on consent;
  • complying with legal obligations and responding to authority requests.

5. Legal basis

We process personal data based on one or more of the following legal bases:

  • performance of a contract;
  • user consent;
  • legal obligations;
  • IVO’s legitimate interest, while respecting users’ rights.

6. Data recipients

Data may be disclosed, strictly as necessary, to:

  • merchants on the platform (for fulfilling orders);
  • courier and delivery companies;
  • payment processors and banks;
  • IT and infrastructure providers;
  • public authorities, based on legal obligations.

7. Vendors and international transfers

IVO uses the following vendors:

  • Cloudflare – security services, CDN, and protection against attacks;
  • Hetzner – hosting and IT infrastructure services;
  • Google Analytics – traffic and platform usage analytics.

If certain data is transferred outside the Republic of Moldova, IVO ensures appropriate safeguards are applied, in accordance with applicable legislation.

8. Retention period

Data is retained:

  • for the duration of the contractual relationship;
  • in accordance with legal archiving periods;
  • until consent is withdrawn, where consent is the legal basis.

Technical and security logs are retained for limited periods, necessary for the purposes for which they were collected.

9. Data subject rights

Users have the right to:

  • be informed;
  • access their data;
  • rectify data;
  • erase data;
  • restrict processing;
  • object;
  • withdraw consent;
  • file a complaint with CNPDCP.

Requests can be sent to [email protected].

10. Data security

IVO applies appropriate technical and organizational measures to protect data against unauthorized access, loss, alteration, or disclosure.

11. Policy changes

This Policy may be updated periodically. The updated version will be published on the IVO.md platform, indicating the effective date.