Sari la conținut
Live · MD
Legal / № 03 / GDPR compliance

GDPR
compliance statement.

Last reviewed · 2026-04-18 · v2.1

S.R.L. „MEGA PROMOTING" processes personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679) and the Moldovan Law No. 195/2024 on personal data protection. This document describes how we meet those obligations.

Who is the data controller

S.R.L. „MEGA PROMOTING"
MD-6800, s. Dănceni, r-ul Ialoveni, Republic of Moldova
IDNO: 1019600021765
Moldova IT Park resident
Contact: privacy@megapromoting.com

For processing activities where we act as a data processor on behalf of a client (SaaS deployments of aichat.md, Kallina voice agents, custom applications), the client is the data controller and we sign a Data Processing Agreement (see our DPA).

What personal data we process

  • Website visitors — IP (anonymised), browser fingerprint (session only), analytics cookies (only with consent).
  • Contact form submissions — name, email, phone (if provided), message content.
  • Client engagements — contact details of designated client representatives, invoicing data.
  • Kallina / aichat.md end-user data — as controller: not ours. As processor: see the client's DPA with us.
  • Job applicants — CV, cover letter, interview notes (retained 6 months post-decision).

Legal basis for processing

  • Consent — analytics cookies, marketing emails.
  • Contract — processing necessary to deliver the service you ordered.
  • Legal obligation — invoicing, tax records (kept 10 years per MD law).
  • Legitimate interest — fraud prevention, security logging, direct B2B outreach (opt-out at any time).

Your rights as a data subject

  • Access — request a copy of everything we hold on you.
  • Rectification — correct anything that's wrong.
  • Erasure — the right to be forgotten (within legal-retention limits).
  • Restriction — pause processing while a dispute is resolved.
  • Portability — machine-readable export.
  • Objection — to legitimate-interest processing.
  • Withdraw consent — whenever it was the basis.
  • Complaint — to the Moldovan Data Protection Authority or your EU DPA.

To exercise any right: email privacy@megapromoting.com. We respond within 30 days.

Retention periods

  • Contact-form messages: 2 years (sales follow-up), then deleted.
  • Invoices and contracts: 10 years (Moldovan tax law).
  • Kallina call transcripts (processor role): per client DPA, typically 90 days.
  • aichat.md message logs (processor role): per client DPA, typically 30 days.
  • Analytics (if consented): 14 months.
  • Job applicants: 6 months post-decision.

International transfers

Our infrastructure uses EU-based providers (OVH Cloud — France & Germany; Google Cloud — europe-central2 / Warsaw). Some sub-processors are US-based (OpenAI, Anthropic, ElevenLabs, Stripe) — these transfers rely on Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework.

Security measures

  • TLS 1.3 everywhere. HSTS. No mixed content.
  • At-rest encryption on all databases (AES-256).
  • Access control: principle of least privilege, MFA on all admin accounts.
  • Audit logs retained 180 days.
  • Backups: daily incremental, encrypted, off-site.
  • Penetration testing: annual, by an independent third party.

Breach notification

If we detect a personal-data breach with likely risk to individuals, we notify the relevant supervisory authority within 72 hours and affected data subjects without undue delay. Our internal runbook (IR-01) is rehearsed quarterly.

Sub-processors

Current sub-processors we rely on to deliver services: OVH Cloud, Google Cloud, Stripe, Supabase, OpenAI, Anthropic, ElevenLabs, Deepgram, Twilio, Postmark, Intercom, Slack, GitHub, Vercel. Full per-service list and their locations: request the sub-processor register.

Questions?

Email privacy@megapromoting.com, or write to us at Bd. Ștefan cel Mare 202, MD-2004 Chișinău, Republic of Moldova.

Privacy policy →Cookie policy →DPA template →Terms →