Privacy Policy

Last Updated: May 11, 2026

1. Introduction and Operator

This Privacy Policy (hereinafter referred to as the "Policy") explains how the Lorent Bloom platform (hereinafter referred to as "Platform", "Service", "Lorent Bloom", "we", "us", or "our") collects, uses, stores, discloses, and protects your personal data when you access or use the Platform.

For the purposes of this Policy and Law No. 133 of 07.08.2011 of the Republic of Moldova on Personal Data Protection, Lorent Bloom acts as the data controller of personal data processed through the Platform. Information about the legal entity operating the Platform is set out in Section 17 of this Policy.

This Policy applies to all personal data processed in connection with your use of the Platform. By using the Platform, you confirm that you have read, understood, and accepted the terms of this Policy together with our Terms of Policy.

If you do not agree with this Policy, please do not use the Platform.

2. Regulatory Framework

We process personal data in compliance with the applicable laws of the Republic of Moldova and recognized international standards, including, in particular:

  • the Constitution of the Republic of Moldova (in particular Article 28 on the right to personal privacy);
  • Law No. 133 of 07.08.2011 on Personal Data Protection;
  • Government Resolution No. 1123 of 14.12.2010 on the security requirements for the processing of personal data;
  • Government Resolution No. 296 of 15.05.2012 approving the Register of Personal Data Operators;
  • Law No. 105/2003 on Consumer Protection;
  • Law No. 284/2004 on Electronic Commerce;
  • Law No. 308/2017 on Preventing and Combating Money Laundering and Terrorism Financing (in the event Lorent Bloom introduces payment functionality in the future);
  • the Civil Code of the Republic of Moldova;
  • internationally recognized data protection principles, including those reflected in Council of Europe Convention 108+ and, by reference, Directive 95/46/EC and the GDPR.

We are committed to ensuring lawful, fair, transparent, and proportionate processing of your personal data at all times.

3. Data We Collect

We collect personal data in three categories: data you provide directly, data collected automatically, and data received from third parties. We treat the Moldovan personal identification number (IDNP) and identity document data as sensitive personal data requiring special protection.

3.1. Data You Provide Directly

When you register, create listings, communicate with other users, or interact with the Platform, we collect data you actively provide, including:

  • email address (required for registration);
  • first and last name;
  • phone number;
  • authentication credentials (password, in hashed form only);
  • Moldovan personal identification number (IDNP) and identity document data, when identity verification is required (see Section 3.4);
  • listing content, including item descriptions, categories, and photographs;
  • messages and photographs exchanged through the in-Platform chat at each stage of a rental transaction;
  • rental agreements electronically acknowledged by both parties through the Platform;
  • any other information you voluntarily submit through forms, support requests, or feedback.

3.2. Data Collected Automatically

When you use the Platform, certain technical and behavioral information is collected automatically, including:

  • IP address and approximate geographic location derived from it;
  • device information (type, model, operating system, browser, screen resolution, language settings);
  • Platform activity (pages visited, search queries, clicks, time spent, referring URLs);
  • authentication and session data (login times, session identifiers, password change events);
  • cookies and similar technologies (see the separate Cookie Policy).

3.3. Data from Third Parties and Public Sources

We may receive limited data about you from third parties, including: technical and statistical information from analytics providers; data from authentication providers if you use a third-party login service; information from fraud-prevention or compliance providers; and data lawfully available in public registries. We use such data only for the purposes set out in this Policy and only where there is a lawful basis to do so.

3.4. Sensitive Data — IDNP and Identity Documents

The Moldovan personal identification number (IDNP) and data from identity documents are treated as sensitive personal data under Law No. 133/2011. We process such data only where it is strictly necessary, on the dual legal basis of (a) your explicit consent, given at the moment of identity verification, and (b) performance of the contract between you and Lorent Bloom. You may withdraw your consent at any time, in which case we will cease using your IDNP for further processing and delete it unless retention is required by law (for example, for fraud investigation, dispute resolution, or accounting purposes).

4. Purposes of Processing

We process personal data exclusively for the following purposes:

  • creation, authentication, and security of user accounts;
  • publication, administrative review, and management of listings;
  • verification of user identity through IDNP and supporting documents;
  • facilitation of rental agreements between users (including electronic signature flow) and preservation of chat and photographic records as described in our Terms of Policy;
  • trust and safety, including detection and prevention of fraud, abuse, harassment, and content that violates these Terms or applicable law;
  • communication with you, including transactional notifications, service announcements, and responses to support requests;
  • compliance with legal obligations (including tax, accounting, regulatory, and judicial requirements);
  • operation, maintenance, security, debugging, and improvement of the Platform and its features;
  • exercise and defense of legal claims, both by users and by Lorent Bloom.

We do not currently make decisions about you based solely on automated processing that produce significant legal or similar effects on you. If we ever introduce such automated decision-making, this Policy will be updated and you will be informed in advance.

5. Legal Bases for Processing

We process personal data on the following legal bases under Law No. 133/2011 art. 5:

  • (a) performance of the contract between you and Lorent Bloom (these Terms and the Privacy Policy), or steps taken at your request prior to entering into a contract (such as account registration);
  • (b) compliance with legal obligations to which Lorent Bloom is subject (for example, tax, anti-fraud, and judicial requirements);
  • (c) legitimate interests pursued by Lorent Bloom in operating, securing, and improving the Platform, including fraud prevention, system integrity, and user trust — provided such interests are not overridden by your rights and freedoms;
  • (d) your explicit consent, where required (in particular for IDNP processing and any non-essential marketing communications). You may withdraw consent at any time without affecting the lawfulness of processing performed prior to withdrawal.

Specifically, processing of the IDNP and identity document data is performed on a dual legal basis: explicit consent (Law No. 133/2011 art. 6) and contract performance. This is the strongest legal posture available under Moldovan data protection law for sensitive identifiers.

6. Data Retention

We retain personal data only for as long as necessary to achieve the purposes for which it was collected, in accordance with applicable law. Specific retention periods are as follows:

  • data necessary for the operation of an active account is retained for as long as the account remains active;
  • after account closure, personal data is retained for up to 3 (three) years for legal, tax, accounting, fraud-prevention, and dispute-resolution purposes, unless a longer retention period is required by law;
  • IDNP and identity document data is deleted upon account closure or earlier upon withdrawal of consent, unless retention is required by applicable law or by an ongoing investigation or dispute;
  • chat content, photographs uploaded through chat, and electronically signed rental agreements may be retained for the same period as other transactional records and may be relied upon as evidentiary material in disputes between users;
  • technical logs (access logs, security logs, error logs) are retained for up to 12 (twelve) months unless a longer period is required for security or legal reasons;
  • if an account remains inactive for more than 12 (twelve) consecutive months, we may notify you and, in the absence of any response or pending obligation, delete the account and associated personal data;
  • where retention is no longer justified, data is securely deleted or irreversibly anonymized.

7. Who We Share Your Data With

We do not sell your personal data. We share data only as necessary to operate the Platform, comply with law, or protect the rights of users and Lorent Bloom, and only with the following categories of recipients:

  • hosting and cloud infrastructure providers, who store and process data on our behalf under contractual obligations of confidentiality and security;
  • communication providers (for example, email and SMS providers) used to deliver transactional notifications;
  • identity-verification providers, where applicable, for the limited purpose of confirming IDNP and identity documents;
  • analytics providers, who receive aggregated or pseudonymized data to help us understand Platform usage;
  • professional advisors (legal, accounting, audit), bound by confidentiality;
  • government, regulatory, judicial, or law-enforcement authorities, where required by a binding legal request or applicable law;
  • successor entities, in the event of a merger, acquisition, reorganization, or sale of assets, in which case this Policy will continue to apply to your data unless and until a new policy is communicated to you in accordance with Section 15.

All recipients acting on our behalf are bound by written agreements requiring them to maintain a level of data protection at least equivalent to that required by Moldovan law and to use personal data exclusively for the purposes we specify. We do not currently list specific vendor names in this Policy; the categories above describe the types of recipients that may process data on our behalf as our vendor stack evolves.

Information that you choose to make public on the Platform (such as parts of your listings or profile visible to other users) is accessible to third parties by design. You should exercise discretion regarding any information you choose to make publicly visible.

8. International Data Transfers

Personal data may be processed by Lorent Bloom or by our service providers in locations outside the Republic of Moldova, for example where hosting, communication, or analytics services are provided from servers located abroad.

Where personal data is transferred outside the Republic of Moldova, we ensure that an adequate level of protection is in place by relying on one or more of the following safeguards: (a) transfers to jurisdictions recognized as providing an adequate level of protection under Moldovan or European Commission decisions; (b) transfers to parties to the Council of Europe Convention 108 and its modernized version 108+; (c) standard contractual clauses or equivalent contractual safeguards binding the recipient to data-protection obligations comparable to those imposed by Law No. 133/2011; (d) other safeguards approved by the National Centre for Personal Data Protection of the Republic of Moldova.

9. Your Rights

Under Law No. 133/2011 you have the following rights with respect to your personal data:

  • the right of access — to obtain confirmation as to whether we process your data and to receive a copy of such data;
  • the right of rectification — to request correction of inaccurate or incomplete data;
  • the right of erasure ("right to be forgotten") — to request deletion of your data where the legal basis for processing no longer exists, subject to legal retention obligations;
  • the right to restriction of processing — to request that we limit processing in specific circumstances (for example, while we verify the accuracy of disputed data);
  • the right to object — to processing based on our legitimate interests, including for direct marketing;
  • the right to data portability — to receive your data in a structured, commonly used, machine-readable format and, where technically feasible, to have it transmitted to another controller;
  • the right to withdraw consent — at any time, without affecting the lawfulness of processing performed prior to withdrawal (in particular for IDNP processing);
  • the right to lodge a complaint with the National Centre for Personal Data Protection of the Republic of Moldova (contact details in Section 16).

10. How to Exercise Your Rights

To exercise any of the rights listed in Section 9, please contact us at support@lorentbloom.com. So that we can respond securely, we may ask you to confirm your identity before acting on a request.

We aim to respond to all requests within 1 (one) calendar month from the date of receipt. If a request is particularly complex or if several requests are received together, we may extend this period by up to 2 (two) additional months, in which case we will inform you of the extension and the reasons.

Exercising your rights is free of charge. However, where a request is manifestly unfounded, repetitive, or excessive, we may either charge a reasonable fee or refuse to act on the request, in accordance with Law No. 133/2011.

If you believe that our processing of your personal data infringes applicable law, you may at any time lodge a complaint with the National Centre for Personal Data Protection of the Republic of Moldova (see Section 16). We encourage you to contact us first so that we may seek to resolve your concerns directly.

11. Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage, taking into account the nature of the data, the risks involved, and the state of the art.

Technical measures include: encryption in transit (TLS/HTTPS); encryption of sensitive data at rest where appropriate; access controls and role-based permissions; audit logging of access to personal data; regular security assessments and penetration testing of the Platform; secure password storage using cryptographic hashing; and segregation of production data from development environments.

Organizational measures include: a need-to-know principle for staff access to personal data; confidentiality obligations binding our personnel and contractors; training on data protection and information security; incident response and breach notification procedures; and regular review of our security posture.

Despite these measures, no system or means of transmission over the Internet can be guaranteed to be entirely secure. You are responsible for keeping your authentication credentials confidential and for promptly notifying us at support@lorentbloom.com of any suspected unauthorized access to your account.

In the event of a personal data breach likely to result in a high risk to your rights and freedoms, Lorent Bloom will notify you and the National Centre for Personal Data Protection of the Republic of Moldova without undue delay, in accordance with Law No. 133/2011. Notifications to you will describe the nature of the breach, the likely consequences, the measures taken or proposed to address it, and steps you may take to protect yourself.

12. Marketing Communications

We may send you transactional communications that are necessary for the operation of the Platform — for example, account confirmations, security notifications, listing status updates, and responses to your support requests. Because these messages are necessary to deliver the Service, you cannot opt out of them while you maintain an account.

We will send promotional or marketing communications only with your prior consent, where consent is required by law, or where permitted on the basis of our legitimate interest in informing existing users of related services. You may opt out of all promotional communications at any time, free of charge, by using the unsubscribe mechanism included in such communications or by contacting support@lorentbloom.com.

At present, Lorent Bloom does not conduct any active marketing campaigns. Should this change, this Policy will be updated in accordance with Section 15.

13. Cookies

We use cookies and similar technologies for authentication, session management, security, preferences, and analytics. Details of the categories of cookies used, your choices, and how to manage cookie preferences are set out in our separate Cookie Policy, which forms part of this Privacy Policy.

14. Children's Privacy

The Platform is intended exclusively for persons aged 18 years or older who have full legal capacity to enter into binding contracts under the laws of the Republic of Moldova, as set out in Section 2.1 of our Terms of Policy. We do not knowingly collect personal data from minors. If we become aware that we have collected personal data from a person under 18 without verifiable parental authority, we will delete that data and close the account as soon as practicable. If you believe a minor has provided personal data to the Platform, please contact support@lorentbloom.com.

15. Changes to This Policy

Lorent Bloom may modify this Policy from time to time. Material changes will be notified to users at least 14 (fourteen) calendar days before they take effect, by posting the updated Policy on this page with an updated "Last Updated" date and by sending a notice to your registered email address or displaying a notice within the Platform. Purely editorial or technical changes that do not affect users' rights may take effect immediately upon posting. Changes do not apply retroactively to processing performed before their effective date. Your continued use of the Platform after the effective date constitutes acceptance of the updated Policy.

16. Data Protection Authority

The supervisory authority for personal data protection in the Republic of Moldova is the National Centre for Personal Data Protection (Centrul Național pentru Protecția Datelor cu Caracter Personal). You have the right to lodge a complaint with this authority at any time.

Address: 48 Sergei Lazo Street, Chișinău MD-2004, Republic of Moldova. Website: datepersonale.md.

17. Contact Us

Lorent Bloom is currently operated as a pre-launch platform. A legal entity for the Platform's operation is in the process of being established in the Republic of Moldova; upon completion of registration, the updated entity details (registered name, IDNO, and registered office address) will be published in this Section and in Section 17 of our Terms of Policy.

For any questions about this Privacy Policy, to exercise any of your rights, or to make a complaint about the way we handle your personal data, please contact us at support@lorentbloom.com.

This Privacy Policy may be made available in multiple languages for the convenience of users. In the event of any inconsistency or conflict between language versions, the Romanian version shall prevail as the official text, in line with Section 16.5 of our Terms of Policy.