Privacy Policy

Last Updated: January 25, 2026

LLC "Flashmarkets" (hereinafter referred to as "Flashmarket", "we", "us", or "our"), company ID No. 405768076, with registered address at Georgia, Tbilisi, Vake District, Zura Avalishvili Street, No. 12, operates the website flashmarket.md and the corresponding mobile application (collectively, the "Platform").

We are committed to protecting your privacy and handling your personal data responsibly in accordance with applicable data protection laws, including the Law of the Republic of Moldova No. 195/2024 on Personal Data Protection (the "Data Protection Law") and other relevant regulations.

This Privacy Policy explains how we collect, use, disclose, store, protect, and otherwise process your personal data when you access or use the Platform, create an account, participate as a Seller or Bidder, purchase tickets, place bids, communicate through the Platform, or otherwise interact with our Services (collectively, the "Services").

By using the Platform or Services, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Platform or contact us to discuss alternatives.

LLC "Flashmarkets" acts as the controller of your personal data for the purposes described herein.

Contact details:

Address: Georgia, Tbilisi, Vake District, Zura Avalishvili Street, No. 12

Email: support@flashmarket.md

If required under applicable law, we will appoint a Data Protection Officer and provide updated contact information.

We collect the following categories of personal data:

Account and Registration Data: Full name, email address, phone number, date of birth (to verify eligibility), password, profile picture (if uploaded), and any other information you provide during registration or account updates.

Identity and Verification Data: Government-issued ID details (if required for specific transactions or verification), payment method details (though card data is processed by PCI-compliant third-party providers and not stored by us).

Transaction and Auction Data: Details of items listed or bid on, number of tickets purchased, bids placed, auction participation, winning status, delivery arrangements, and related communications between Sellers and Bidders.

Payment-Related Data: Transaction amounts, dates, payment method type (not full card details), and bank account information for refunds or payouts (processed via third-party payment providers).

Technical and Usage Data: IP address, device type, browser type, operating system, unique device identifiers, login times, pages viewed, time spent on pages, referral sources, and cookies or similar technologies (see Section 9).

Communication Data: Messages, support tickets, emails, or other communications sent through the Platform or to us.

Other Data: Any additional information you voluntarily provide (e.g., in listings, profiles, or feedback).

We do not intentionally collect special categories of personal data (sensitive data such as health, racial/ethnic origin, political opinions, religious beliefs, or biometric data) unless directly relevant and with explicit consent or legal obligation.

We collect personal data:

Directly from you (e.g., during registration, listing items, purchasing tickets, bidding, communications).

Automatically through your use of the Platform (e.g., cookies, logs, analytics).

From third parties (e.g., payment processors confirming transactions, fraud prevention services).

We process your personal data only for specified, explicit and legitimate purposes and on lawful bases permitted under the Data Protection Law.

We primarily rely on the following lawful bases:

Performance of a contract – Processing is necessary for the performance of the agreement between you and Flashmarket (as set out in the Terms and Conditions), including to provide you with access to the Platform, enable account creation and management, facilitate auctions, process ticket purchases, manage bids, handle payments and refunds, and enable communication between Sellers and Bidders for delivery of won items.

Legitimate interests – Processing is necessary for our legitimate interests (or those of a third party) provided they are not overridden by your interests or fundamental rights and freedoms. This includes improving and developing the Services, ensuring platform security, preventing and detecting fraud, conducting analytics (where possible in aggregated or anonymized form), resolving disputes, enforcing our Terms, and protecting our rights and those of our users.

Legal obligation – Processing is necessary to comply with legal requirements, such as tax reporting, anti-money laundering rules, responding to court orders, or other mandatory obligations under Moldovan or applicable law.

Consent – Where required (particularly for non-essential marketing communications such as promotional emails or SMS), we will process your personal data only with your freely given, specific, informed and unambiguous consent. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Examples of how these bases apply in practice include:

Using your registration and transaction data to enable you to participate in auctions and receive won items (performance of contract);

Monitoring for suspicious activity to protect the integrity of the Platform and prevent fraud (legitimate interests);

Retaining certain transaction records to comply with accounting and tax laws (legal obligation);

Sending you updates about new features or promotions only if you have expressly consented (consent).

We share personal data only as necessary and under appropriate safeguards:

With other users of the Platform where required for the provision of the Services (for example, a Seller will see relevant contact and delivery details of the winning Bidder, and vice versa, to coordinate item handover).

With trusted service providers acting as processors on our behalf (such as payment processors, cloud hosting providers, analytics services, and communication tools) under strict data processing agreements that ensure confidentiality and security.

With public authorities, courts, or law enforcement when required or permitted by law (for example, in response to a valid court order or to comply with regulatory obligations).

In the context of a corporate transaction (such as a merger, acquisition, or sale of assets), provided that the recipient agrees to process the data in a manner consistent with this Privacy Policy and applicable law.

We do not sell your personal data to third parties for their own marketing purposes.

As our company is registered in Georgia and we may engage service providers located outside the Republic of Moldova (including in countries that may not be subject to an adequacy decision under Moldovan law), your personal data may be transferred to, and processed in, such jurisdictions. Whenever we transfer personal data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses, binding corporate rules, or other mechanisms recognized under the Data Protection Law.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or to satisfy legal, accounting, or reporting obligations:

Account and profile data: retained for the duration your account remains active, and for a reasonable period thereafter (up to 3 years) to handle potential disputes, refunds, or legal claims.

Transaction and payment-related data: retained for up to 7 years to comply with accounting, tax, and anti-money laundering requirements.

Technical logs and security-related data: retained for up to 12 months for fraud prevention and system integrity purposes.

After the applicable retention period, personal data is securely deleted or irreversibly anonymized, unless longer retention is required by law.

Under the Data Protection Law you have the following rights in relation to your personal data (subject to applicable exceptions and conditions):

Right of access – to obtain confirmation whether we process your data and to receive a copy of it.

Right to rectification – to have inaccurate or incomplete data corrected.

Right to erasure ("right to be forgotten") – to request deletion of your data when it is no longer necessary or when processing is unlawful.

Right to restriction of processing – to limit processing in certain circumstances (e.g., while accuracy is contested).

Right to object – to object to processing based on legitimate interests or for direct marketing purposes.

Right to data portability – to receive your data in a structured, commonly used and machine-readable format and to transmit it to another controller.

Right to withdraw consent – at any time, where processing is based on consent.

Right not to be subject to automated decision-making – including profiling, that produces legal effects concerning you (we do not currently carry out such automated decision-making).

To exercise any of these rights, please contact us at the email address provided in Section 1. We will respond within the statutory time limits (generally one month). You also have the right to lodge a complaint with the National Center for Personal Data Protection of the Republic of Moldova.

We use cookies, web beacons, pixels, and similar tracking technologies to enable core functionality, analyze usage, improve the user experience, and ensure security. You can manage your cookie preferences through the cookie banner displayed on the Platform. For more information, please refer to our separate Cookie Policy.

We implement appropriate technical and organizational measures (including encryption of data in transit, access controls, regular security assessments, and PCI DSS compliance for payment processing) to protect your personal data against unauthorized access, loss, misuse, or alteration. However, no method of transmission over the Internet or electronic storage is completely secure. You are responsible for keeping your account credentials confidential and for promptly notifying us of any suspected unauthorized access.

The Platform and Services are not intended for individuals under the age of 18. We do not knowingly collect or process personal data from minors. If we learn that we have collected personal data from a person under 18, we will delete such data as quickly as possible.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The updated version will be posted on the Platform with a revised "Last Updated" date. Where changes are material, we will provide additional notice (e.g., via email or a prominent notice on the Platform). Your continued use of the Platform after such changes constitutes your acceptance of the revised Policy.

If you have any questions, requests, or concerns regarding this Privacy Policy or our data processing practices, please contact us at:

Email: support@flashmarket.md

Address: LLC "Flashmarkets", Georgia, Tbilisi, Vake District, Zura Avalishvili Street, No. 12

This Privacy Policy is governed by the laws of the Republic of Moldova.