Privacy Policy
Last updated: July 25, 2025
- 1. IntroductionThis Privacy Policy describes how your personal data is collected, used, stored and protected in the context of using the Appointments portal (hereinafter "Appointments"). We are committed to ensuring the protection of your fundamental rights and freedoms, in accordance with Law no. 195/2024 on the protection of personal data and other applicable normative acts.
- 2. Personal data operatorIdentity and contact details of the operator: the main operator responsible for processing your data in the context of the technical functioning of the Portal is:
Public Institution "Electronic Governance Agency" (EGA)
• IDNO: 1010600034203
• Address: Chisinau, Stefan cel Mare si Sfant blvd., 134, MD-2012
• Email: office@egov.md - 3. Categories of personal data processedDepending on how you interact with the Portal, we may process the following categories of personal data:
• Identification data: name, surname, personal identification number (IDNP), date of birth, citizenship, gender.
• Contact data: email address, phone number, domicile/residence address.
• Technical data: IP address, browser type and version, operating system, location data (if enabled), cookie identifiers, activity logs. - 4. Purposes and legal grounds for processingWe process your personal data for legitimate and well-defined purposes, for each of which there is a clear legal basis, according to the table below:
- 5. Detailed data processing table
Processing purpose Categories of data processed Legal basis (art. 6, Law 195/2024) Storage period Creating and managing user account Name, surname, IDNP, email, phone number, encrypted password. Performance of a task in the public interest ensuring secure access to public services. Duration of account existence + 3 years from last activity, for resolving potential disputes. User authentication on Portal Access credentials via mPass, technical data IP, user-agent. Performance of a task in the public interest user identity verification. Authentication logs are stored for 1 year. Processing payments for public services MPay Identification data, transaction details, depersonalized card data. Compliance with legal obligation payment of taxes/duties and Performance of a task in the public interest facilitating electronic payments. 5 years, according to Accounting Law. Communication with user technical support, system notifications Name, email, phone number, communication content. Performance of a task in the public interest providing support for using public services. 3 years from support request resolution. Ensuring security and fraud prevention Activity logs, IP address, technical data. Performance of a task in the public interest protecting integrity of state information systems. 1 year, except in case of security investigation, where period may be extended. - 6. Recipients or categories of data recipientsYour data may be disclosed, strictly as necessary, to the following categories of recipients:
• Other public authorities and institutions: for the purpose of providing the requested public service or based on legal obligations.
• Payment service providers: for processing financial transactions (in case of services involving payments).
• Postal and courier service providers: for delivery of documents or results of public services.
• Technical service providers (authorized persons): companies that provide us with hosting, software maintenance, cybersecurity services, etc. They act on the basis of our instructions and are contractually obliged to ensure the confidentiality and security of data.
• Law enforcement agencies and courts: upon their request, under the conditions of the law. - 7. Data transfers to third countries or international organizationsAs a rule, your data is processed and stored on the territory of the Republic of Moldova or in the European Economic Area.
We do not transfer your personal data outside the European Economic Area.
In case a transfer is absolutely necessary (e.g., using a technical service hosted in a third country), it will be carried out only with compliance with the guarantees provided by Law no. 195/2024, such as:
• Existence of an adequacy decision issued by the competent authority
• Conclusion of standard contractual clauses approved by CNPDCP - 8. Data storage periodWe keep your personal data only for the period necessary to fulfill the purposes for which they were collected, in accordance with legal provisions. Upon expiration of the storage period, the data will be deleted or irreversibly anonymized.
- 9. Your rights as a data subjectAccording to Law no. 195/2024, you benefit from the following rights:
• Right to information: the right to receive clear and transparent information about processing activities.
• Right of access: the right to obtain confirmation that your data is being processed and to access this data.
• Right to rectification: the right to request correction of inaccurate data or completion of incomplete data.
• Right to erasure ("right to be forgotten"): the right to request deletion of data, under certain conditions provided by law.
• Right to restriction of processing: the right to obtain restriction of data processing, in certain cases.
• Right to data portability: the right to receive data in a structured format, commonly used and machine-readable, and to transmit it to another operator.
• Right to object: the right to object to data processing for reasons related to your particular situation.
• Right not to be subject to automated individual decision-making: the right not to be the subject of a decision based solely on automated processing, including profiling, which produces legal effects concerning you.
• Right to lodge a complaint: the right to lodge a complaint with the National Center for Personal Data Protection (CNPDCP) at the address: Chisinau, Serghei Lazo str., no. 48, MD-2004.
To exercise these rights, you can submit a written and signed request to the contact details mentioned in section 2. - 10. Security MeasuresEGA implements appropriate technical and organizational measures to protect your personal data against destruction, loss, alteration, unauthorized disclosure or unauthorized access.
These measures include, but are not limited to:
• Communication encryption
• Strict role-based access control
• Information security policies
• Periodic audits and staff training
All in accordance with the Requirements approved by Government Decision no. 1123/2010 and international best practices. - 11. Use of cookiesThe service uses cookie files to ensure the proper functioning of the site and to improve the browsing experience.
- 12. Privacy policy updatesThis Privacy Policy may be updated periodically to reflect legislative or operational changes. The updated version will be published on this page, and the effective date will be revised. We encourage you to periodically consult this policy.