This is an info Alert.
Single logo
  • Home
  • Properties
  • Blog
  • About
  • Contact
Add your listingSign in

Privacy Policy

Last updated: 1 June 2025

1. Who We Are

Imosto SRL is the data controller for personal data processed through the Imosto platform. We are registered in Romania and our primary place of business is Bucharest, Romania. Contact: privacy@imosto.com.

This policy applies to all personal data we process about users of our platform, visitors to our website, and anyone who contacts us.

2. Data We Collect and Why

The table below summarises the personal data we process, its purpose, and our legal basis under GDPR Regulation (EU) 2016/679:

Data categoryPurposeLegal basis (GDPR Art. 6)
Name, email, phoneAccount creation, authentication, communicationArt. 6(1)(b) — contract performance
Listing content (photos, descriptions, address)Publishing and managing property listingsArt. 6(1)(b) — contract performance
Payment and billing dataProcessing subscriptions; VAT complianceArt. 6(1)(b) — contract; Art. 6(1)(c) — legal obligation
Usage data (pages visited, feature interactions)Platform analytics, performance, fraud preventionArt. 6(1)(f) — legitimate interests
IP address, device infoSecurity, abuse prevention, diagnosticsArt. 6(1)(f) — legitimate interests
Email correspondenceCustomer supportArt. 6(1)(b) — contract performance

We do not process special categories of personal data (Article 9 GDPR) and we do not use personal data for automated individual decision-making or profiling with legal or similarly significant effects.

3. Cookies

We use strictly necessary cookies (authentication session), functional cookies (language preference, UI settings), and analytics cookies (platform usage). Analytics cookies are set only with your consent. You can manage cookie preferences at any time via the cookie banner or your browser settings.

4. How We Share Your Data

We share personal data only in the following circumstances:

  • Service providers: Cloud infrastructure (AWS), email delivery, payment processors — bound by data processing agreements under Art. 28 GDPR.
  • Your organisation: If you join a team on Imosto, your name and profile information are visible to other members of that team.
  • Legal requirements: When required by Romanian or EU law, court order, or to protect the rights and safety of others.

We do not sell personal data to third parties and we do not share it for third-party advertising purposes.

5. International Transfers

Some of our service providers are located outside the European Economic Area. Where transfers occur, we rely on the European Commission's Standard Contractual Clauses (SCCs) or adequacy decisions to ensure an equivalent level of protection.

6. Data Retention

We retain personal data only as long as necessary for the purposes described above:

  • Account data: retained for the lifetime of your account plus 90 days after deletion.
  • Listing content: deleted upon account deletion, subject to any legal retention obligations.
  • Billing records: retained for 10 years under Romanian accounting law (Legea 82/1991).
  • Server logs: retained for 90 days for security purposes.
7. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

  • Access (Art. 15): Request a copy of the personal data we hold about you.
  • Rectification (Art. 16): Correct inaccurate or incomplete data.
  • Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
  • Restriction (Art. 18): Ask us to restrict processing in certain circumstances.
  • Portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Objection (Art. 21): Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any right, email privacy@imosto.com. We will respond within 30 days. You may also exercise the right to erasure directly from your account settings.

8. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These include encryption in transit (TLS), encryption at rest, access controls, and regular security reviews.

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the supervisory authority within 72 hours and, where required, notify affected individuals without undue delay.

9. Supervisory Authority

You have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP):

  • Website: www.dataprotection.ro
  • Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 București
  • Email: anspdcp@dataprotection.ro
10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or a prominent notice in the platform at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact

For any privacy-related questions or to exercise your rights, contact our privacy team at privacy@imosto.com.

Single logo

Ogłoszenia nieruchomości dla domów, mieszkań i nieruchomości komercyjnych. Kup, sprzedaj lub wynajmij z zaufanymi agentami i aktualizacjami w czasie rzeczywistym.

Firma
O nasKarieraBlogSkontaktuj sięFAQ
Prawne
RegulaminPolityka prywatności
Kontakt
support@imosto.com

© Wszelkie prawa zastrzeżone.

Single logoOgłoszenia nieruchomości dla domów, mieszkań i nieruchomości komercyjnych. Kup, sprzedaj lub wynajmij z zaufanymi agentami i aktualizacjami w czasie rzeczywistym.
O nasRegulaminPolityka prywatnościSkontaktuj się
© Wszelkie prawa zastrzeżone.
Strona głównaSzukaj
ZapisaneZaloguj się