Legal

Privacy Policy

Unofficial translation. This English version is provided for convenience only. The legally binding version of this Privacy Policy is the Romanian one, available here. In case of any discrepancy, the Romanian text prevails.

PRIVACY POLICY

on the processing of personal data

"Democrația Acasă" Political Party (PDA) – pda.md

Last updated: 25 June 2026

The confidentiality of personal data is important to the "Democrația Acasă" Political Party (hereinafter – "PDA", "the party" or "the controller"). This Policy explains how PDA processes the personal data of members, former members, applicants for membership, donors, supporters, volunteers, event participants, visitors to the pda.md website, and persons who communicate with PDA.

This Policy is adopted in application of Law no. 195/2024 on the protection of personal data, in force as of 23 August 2026, in particular the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality and accountability of the controller.

PDA processes personal data only for specified, explicit and legitimate purposes, to the extent necessary for carrying out its statutory, political, civic, organisational, financial, electoral and legal activities.

For questions regarding this Policy or the exercise of data subjects' rights, PDA may be contacted using the details indicated in Section 1.

1. Who we are. The data controller

The controller that determines the purposes and means of processing personal data is:

Name: "Democrația Acasă" Political Party (PDA).
IDNO: 1011620006096.
Registered office: 31 Alexei Mateevici St., MD-2009, Chișinău, Republic of Moldova.
General e-mail: partidulda@gmail.com.
Data protection e-mail: date@pda.md.
Phone: +373 600 22 564.

PDA has appointed a data protection officer for personal data: Vasile Costiuc, e-mail: date@pda.md, phone: +373 600 22 564. If the appointment of a data protection officer is mandatory under Article 37 of Law no. 195/2024, or if PDA decides on a voluntary appointment, their contact details will be published on the website and communicated to the National Centre for Personal Data Protection.

Data subjects may contact the data protection officer or the internal contact point for any matter relating to the processing of their data and the exercise of the rights provided by Law no. 195/2024.

2. Categories of data subjects and data processed

PDA collects and processes different data depending on how the person interacts with the party. PDA applies the principle of data minimisation and does not request information that is not necessary for the stated purpose.

2.1. Membership applicants and PDA members

To examine membership applications and manage member records, PDA may process: surname, first name, contact details, locality, date of birth or confirmation of being 18 years of age, citizenship, information strictly necessary to verify the membership conditions set out in the PDA statute and legislation, the date the application was submitted, the date of acceptance or rejection, membership history, positions held in party structures, signatures, sworn statements, correspondence and organisational communications.

The field regarding the reason for joining is optional. The person is asked not to include in this field data concerning health, ethnic origin, religious denomination, private life, convictions, third-party data or other information not necessary for analysing the membership application. PDA may delete, anonymise or disregard excessive, irrelevant or non-compliant information.

2.2. Supporters, volunteers and persons interested in PDA activities

For persons who request information, register as supporters, get involved as volunteers or maintain ongoing contact with PDA regarding the party's purposes, the following may be processed: surname, first name, contact details, locality, communication preferences, availability for involvement, activities or events the person has registered for or attended, and related correspondence.

2.3. Donors and persons making financial contributions

For receiving, verifying, recording and reporting donations, PDA may process: surname, first name, contact details, donation amount, donation date, payment method, strictly necessary banking data, data required by financial-accounting, tax, electoral and political party financing legislation, supporting documents and related correspondence.

If a donation is made by bank card or through a payment processor, the card data is entered on the secure platform of the payment processor and is not stored by PDA, except for the data necessary to confirm payment and fulfil legal obligations.

2.4. Persons who contact PDA

If a person contacts PDA by e-mail, telephone, online form, post or other means, PDA may process the surname, first name, contact details, message content, date of communication, documents transmitted and the history of responses.

2.5. Event participants

For organising events, PDA may process surname, first name, contact details, the event the person registered for, date of attendance, the person's role at the event and related communications. Photographs, video or audio recordings at events are made only with prior notice and, where applicable, on the basis of separate consent, in particular where a person's image is used individually in promotional materials.

2.6. Visitors to the pda.md website

When accessing the pda.md website, PDA may process technical data such as IP address, online identifiers, browser type, device type, operating system, pages accessed, date and time of access, visit duration, technical errors, security data and strictly necessary cookies. Non-essential cookies, including analytics, marketing or similar technologies, are used only under the conditions of Section 10.

2.7. Social media interactions

If a person interacts with PDA's social media pages or accounts, PDA may see the profile name, profile photo, comments, reactions, shares, messages sent and other data visible according to the settings of that platform. Social media platforms act in accordance with their own privacy policies, and PDA recommends that data subjects consult these policies before interacting.

3. Special categories of data. Political opinions

Joining PDA, applying for membership, supporting PDA, donating to PDA, volunteering with PDA, participating in party activities or maintaining ongoing interaction with PDA may reveal the political opinions or political preferences of the data subject. Such data constitute special categories of personal data within the meaning of Article 9 of Law no. 195/2024.

PDA processes such data only within its legitimate activities, with appropriate safeguards, for persons who are members, former members, candidates for membership, supporters, volunteers, donors or persons with whom PDA has ongoing contact in connection with its political, civic, organisational or statutory purposes.

Data revealing political opinions is not disclosed to third parties, except where: the data subject has given explicit consent; disclosure is required by law; disclosure is necessary to defend a right in administrative, judicial or extrajudicial proceedings; disclosure is necessary for reporting to competent authorities under the law; or another basis expressly provided by Law no. 195/2024 applies.

PDA does not request or process data concerning racial or ethnic origin, religious denomination, philosophical beliefs, trade union membership, genetic data, biometric data for unique identification, data concerning health, sex life or sexual orientation, except in cases strictly provided by law and only where such data is indispensable for a specific legal purpose.

4. Purposes and legal bases of processing

The processing of data is lawful only if it is based on at least one of the grounds provided in Article 6 of Law no. 195/2024, and for special categories of data on one of the exceptions provided in Article 9(2) of the same law. PDA applies the following matrix of purposes and legal bases:

Purpose of processing	Main data categories	Basis Art. 6 Law 195/2024	Basis Art. 9, if special data
Managing membership applications and member records	Identification, contact, locality, declarations, membership history	Art. 6(1)(b), (c) and (f)	Art. 9(2)(d); where applicable (a) or (f)
Organisational communications with members and former members	Contact details, membership status, internal communications	Art. 6(1)(f) and, where applicable, (c)	Art. 9(2)(d)
Newsletter, invitations and public communications to supporters	Name, e-mail, phone, communication preferences	Art. 6(1)(a) or (f), as applicable	Art. 9(2)(a) or (d), as applicable
Organising volunteering and field activities	Identification, contact, availability, locality, participation	Art. 6(1)(a), (b) or (f)	Art. 9(2)(a) or (d)
Receiving, verifying, recording and reporting donations	Identification, financial data, amount, date, supporting documents	Art. 6(1)(c) and (f)	Art. 9(2)(d), (f) or (g), as applicable
Responding to requests, petitions and data-related requests	Contact details, request content, responses, attached documents	Art. 6(1)(c) and (f)	Art. 9(2)(f), if necessary
Website security and prevention of unauthorised access	IP, technical logs, security data	Art. 6(1)(f)	Processing of special data is not intended
Non-essential cookies, analytics, online marketing	Online identifiers, cookie preferences, statistical data	Art. 6(1)(a)	Only if separate notice and corresponding basis exist
Defending PDA's rights in administrative, judicial or extrajudicial proceedings	Data necessary to formulate, support or defend claims	Art. 6(1)(f) and, where applicable, (c)	Art. 9(2)(f)

Providing data for membership, donation, volunteering or event participation is, in principle, voluntary. However, if certain data is necessary to fulfil a legal or statutory obligation, or to process a request, refusal to provide it may prevent PDA from examining the application, accepting the donation, allowing participation or responding to the request.

5. Consent

Where processing is based on consent, PDA requests consent through a clear affirmative action, separate from other statements, in plain and accessible language. Consent is not presumed from silence, inactivity, pre-ticked boxes, continued browsing of the site or global acceptance of general terms.

The data subject may withdraw consent at any time, by a means as simple as giving it. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal and does not affect processing that PDA must carry out on the basis of a legal obligation or to defend its rights.

If a statement, form or request contains several options, consent for the processing of personal data will be presented separately from other matters, in accordance with Article 7 of Law no. 195/2024.

6. Data minimisation and the national identification number

PDA does not collect the IDNP (national identification number), the series and number of the identity document, a copy of the identity document or other documents containing a national identification number, unless such collection is required by law or strictly necessary for verifying a legal obligation, for financial records, reporting to authorities, verifying donation eligibility, fraud prevention or defending a right.

Where such data is processed, PDA applies additional safeguards, including limited access, separate storage, password protection or encryption, access records, training of authorised persons and clear deadlines for deletion or review for deletion.

PDA does not ask data subjects to provide third-party data, except where transmission is necessary and based on a legal ground. If a person transmits excessive or irrelevant data, PDA may delete or anonymise such data.

7. How long we keep data

PDA keeps data only for the period necessary for the purposes for which it was collected, in compliance with legal obligations regarding record-keeping, archiving, financial-accounting reporting, electoral reporting, defence of rights and dispute resolution. PDA does not keep data indefinitely without a legal basis or a specific purpose.

In principle, the following retention criteria apply:

Accepted membership applications: for the duration of membership and thereafter for the period necessary to prove statutory relationships, fulfil legal obligations and defend PDA's rights.
Rejected, withdrawn or incomplete membership applications: for the period necessary to examine the application and, where applicable, for a limited period necessary to prove how the application was resolved.
Former members' data: for the period required by statutory, financial-accounting, electoral and archiving obligations, as well as to defend PDA's rights.
Donation data: for the period provided by financial-accounting, tax, electoral and political party financing legislation.
Messages and requests: for the period necessary to resolve them and thereafter for the period necessary to prove the response given or to defend PDA's rights.
Newsletter and public communication data: until consent is withdrawn, unsubscription, or until the data is no longer necessary for the communication purpose.
Cookies: according to the durations indicated in Section 10 or in the cookie table published on the site.
Technical security data: for the period necessary to investigate incidents, prevent unauthorised access, prevent fraud and ensure system security.

PDA periodically reviews the data it keeps and deletes, anonymises or archives data that is no longer necessary.

8. Data subjects' rights

Under Law no. 195/2024, data subjects have the following rights:

The right of access, under Article 15, including the right to obtain confirmation of processing and a copy of the data processed.
The right to rectification, under Article 16, including completion of incomplete data.
The right to erasure of data, under Article 17, in the cases provided by law.
The right to restriction of processing, under Article 18.
The right to data portability, under Article 20, where processing is based on consent or contract and is carried out by automated means.
The right to object, under Article 21, in particular to processing based on legitimate interest and to direct marketing.
The right not to be subject to a decision based solely on automated processing, including profiling, under Article 22.
The right to withdraw consent, where processing is based on consent.

To exercise these rights, the data subject may send a request to date@pda.md or to PDA's registered office. PDA responds without undue delay and, as a rule, within one month of receiving the request. This period may be extended by two months where necessary, taking into account the complexity and number of requests, with the data subject being informed within the period provided by law.

If PDA has reasonable doubts about the identity of the applicant, it may request additional information strictly necessary to confirm identity. The exercise of rights is free of charge, except where requests are manifestly unfounded or excessive, in particular due to their repetitive nature, in which case PDA may charge a reasonable fee or refuse the request, in accordance with Article 12 of Law no. 195/2024.

The right to erasure, objection or withdrawal of consent does not affect processing that PDA must continue on the basis of a legal obligation, to defend its rights or to fulfil tasks imposed by applicable legislation.

9. To whom we may disclose data

PDA does not sell, rent or transfer databases of members, former members, donors, supporters or volunteers to third parties for commercial purposes or for purposes incompatible with its legitimate activities. Data may be disclosed only to the extent necessary and only to recipients who have a legitimate basis for access.

Depending on the purpose, data may be disclosed to the following categories of recipients:

the website hosting and maintenance provider;
the provider of e-mail, newsletter or electronic communication services;
the payment processing provider, if donations are made online;
the bank or banks through which donations are processed;
providers of IT, cybersecurity, accounting, audit, legal consultancy, archiving or other auxiliary services;
the Central Electoral Commission, the State Tax Service, electoral bodies, courts, law enforcement bodies or other public authorities, where disclosure is required or permitted by law;
authorised persons within PDA, territorial organisations, representatives, candidates or activity managers, only to the extent necessary for exercising statutory, organisational, financial, electoral or legal duties.

Providers who process data on behalf of PDA act as processors and must process the data only on the basis of PDA's documented instructions, under a written contract or another binding legal act, including confidentiality and security obligations.

PDA does not transmit lists of members, donors, supporters or volunteers to advertising platforms, social networks, other parties, candidates, electoral blocs, political analysis companies or marketing firms unless there is a distinct legal basis, explicit consent where necessary and appropriate safeguards under Law no. 195/2024.

10. Transfer of data to other states

Data may be stored or accessed from outside the Republic of Moldova only if Articles 44–49 of Law no. 195/2024 are observed. Transfers to member states of the European Economic Area do not require special authorisation under Article 44(2) of Law no. 195/2024.

For transfers to other states or international organisations, PDA verifies the existence of an adequacy decision regarding the level of protection or applies appropriate safeguards, including standard data protection clauses approved by the National Centre for Personal Data Protection or adopted by the European Commission, together with additional technical and organisational measures, if necessary.

PDA will not transfer lists of members, donors, supporters or volunteers to third countries, advertising platforms or behavioural analysis providers in the absence of a documented transfer assessment, appropriate safeguards and, where applicable, the explicit consent of the data subject.

On request, data subjects may ask for information regarding the safeguards applicable to data transfers to other states or international organisations.

11. Cookies and similar technologies

The pda.md website may use cookies and similar technologies. Cookies are small files stored in the browser or on the device, necessary for the operation of the site, security, preferences, statistical analysis or, where applicable, online communications.

PDA uses strictly necessary cookies for the technical operation and security of the site. These cookies do not require consent, but may be blocked through browser settings, with the possible effect of the site not functioning properly.

Analytics, marketing, political advertising, remarketing, pixel tracking or similar cookies are used only if the data subject expresses consent through an affirmative, separate and documentable action. PDA does not use pre-ticked boxes, implicit acceptance or mechanisms that make refusal difficult.

The cookie banner and/or separate cookie policy must include at least: the cookie name, provider, purpose, duration, category, whether it involves third parties, whether it involves external transfer, and the possibility of acceptance, rejection or granular configuration.

PDA will not load technologies such as Meta Pixel, TikTok Pixel, Google Ads remarketing, custom audience, lookalike audience or similar tools before obtaining valid consent and before documenting the legal basis, risks, external transfers and applicable safeguards.

12. Profiling, microtargeting and automated decisions

PDA does not make decisions based solely on automated processing that produce legal effects on the data subject or similarly significantly affect them.

PDA does not create individual political profiles of members, donors, supporters, volunteers or website visitors and does not use their data for political microtargeting, behavioural advertising or invasive segmentation, unless there is separate notice, a corresponding legal basis, explicit consent where necessary, an impact assessment and appropriate safeguards.

Data concerning members, donors, supporters or volunteers is not uploaded to advertising platforms for creating custom audiences, lookalike audiences or other profiling mechanisms, in the absence of a separate and documented legal analysis.

13. How we protect data

PDA applies technical and organisational measures appropriate to the level of risk, in accordance with Articles 24, 25 and 32 of Law no. 195/2024. The measures aim to protect data against unauthorised access, loss, destruction, alteration, unauthorised disclosure or unlawful processing.

The measures may include, as applicable:

differentiated access on a need-to-know basis;
complex passwords and multi-factor authentication where possible;
encryption or password protection of files containing special categories of data;
periodic backups and measures to restore data availability;
updating systems, applications and technical components;
logging or recording access where possible and proportionate;
training of persons authorised to process data;
confidentiality commitments for persons who have access to data;
verification of providers and conclusion of processing agreements;
an internal procedure for security incidents;
periodic review of access to lists of members, donors, supporters and volunteers.

Lists of members, former members, donors, supporters and volunteers are accessible only to authorised persons within PDA who genuinely need access to perform statutory, organisational, financial, electoral or legal duties.

For card payments, card data is processed through the secure channels of the payment processor, in accordance with applicable payment industry standards.

14. Personal data security breaches

In the event of a personal data security breach, PDA promptly assesses the nature of the incident, the categories of data affected, the number of data subjects, the likely consequences and the necessary remedial measures.

If the incident is likely to result in a risk to the rights and freedoms of natural persons, PDA notifies the National Centre for Personal Data Protection without undue delay and, where feasible, no later than 72 hours after becoming aware of the incident, in accordance with Article 33 of Law no. 195/2024.

If the incident is likely to result in a high risk to the rights and freedoms of natural persons, PDA also informs the data subjects, without undue delay, under the conditions of Article 34 of Law no. 195/2024.

PDA documents all security incidents, including the facts, the effects of the incident, the risk assessment, the measures taken and the decision on whether or not to notify the authority or the data subjects.

15. Data concerning minors

PDA's website and services are, as a rule, intended for adults. Membership and donations require meeting the age conditions provided by legislation and the PDA statute. PDA does not knowingly collect data of persons under 18 for membership or donations.

If PDA finds that it has received a minor's data without a legal basis, the data will be deleted or restricted, as appropriate. In the context of information society services, where Article 8 of Law no. 195/2024 applies, PDA will verify the existence of consent of a child who has reached the age of 14 or, for a child under 14, the agreement or authorisation of the legal representative, to the extent and under the conditions of the law.

16. Records, accountability and impact assessment

PDA applies the principle of controller accountability and keeps internal records of processing activities where this is required by Article 30 of Law no. 195/2024 or is necessary to demonstrate compliance. Given that PDA's activity may include the non-occasional processing of special categories of data, PDA will document at least the purposes of processing, the categories of data subjects, the categories of data, recipients, external transfers, storage periods and general security measures.

If a type of processing, by its nature, scope, context or purposes, is likely to result in a high risk to the rights and freedoms of natural persons, PDA carries out a data protection impact assessment before starting the processing, under the conditions of Article 35 of Law no. 195/2024. This assessment is particularly important in the case of large-scale processing of data revealing political opinions, the use of new technologies, profiling or online political advertising based on personal data.

If the impact assessment indicates that the processing would result in a high risk in the absence of sufficient mitigation measures, PDA consults the National Centre for Personal Data Protection before processing, in accordance with Article 36 of Law no. 195/2024.

17. Where a complaint can be lodged

If the data subject considers that the processing of their data infringes Law no. 195/2024, they have the right to lodge a complaint with the National Centre for Personal Data Protection of the Republic of Moldova, without prejudice to the right to apply to the competent court. The contact details of the NCPDP can be found on the authority's official page. PDA recommends that data subjects first contact PDA at the address indicated in Section 1, to allow prompt examination and remediation of the situation reported.

18. Changes to this policy

PDA may update this Policy when legislation, internal practices, the structure of providers, the technologies used or the manner of data processing change. The updated version will be published on the pda.md website, indicating the date of the last update.

In the case of substantial changes affecting the rights and freedoms of data subjects or changing the main purposes or bases of processing, PDA will ensure appropriate information and, if necessary, request new consent.

19. Final provisions

This Policy must be interpreted and applied together with Law no. 195/2024 on the protection of personal data, the legislation on political parties, electoral legislation, financial-accounting legislation, tax legislation and the other normative acts applicable to PDA's activity.

Where a particular processing operation is not expressly described in this Policy, PDA will carry out the processing only if there is a specific purpose, a valid legal basis, appropriate information to the data subject and corresponding safeguards for the protection of personal data.