Politica de Confidentialitate

1. Who We Are

Finds ("we", "us", "our") operates finds.ro, an online auction platform for classic and collector vehicles. We are based in Romania and serve users across the European Union.

For questions about this policy or your data, contact us at: [email protected]

2. What Data We Collect

Account Information

Email address (required for registration)
Name (optional, but required for bidding)
Phone number (optional, for transaction notifications)
Password (stored as a secure hash, never in plain text)

Transaction Data

Bid history and auction participation
Listings submitted for auction
Payment method details (stored by our payment processor)
Transaction records and invoices

Technical Data

IP address (for security and fraud prevention)
Browser type and device information
Pages visited and actions taken on the platform
Cookies and similar technologies (see Cookie Policy)

Communication Data

Questions and comments on listings
Support requests and correspondence

3. Why We Collect Your Data

Purpose	Legal Basis (GDPR)
Provide the auction platform	Contract performance
Process transactions and payments	Contract performance
Verify user identity for bidding	Contract performance, Legitimate interest
Prevent fraud and abuse	Legitimate interest
Send auction updates and notifications	Contract performance
Marketing communications	Consent (opt-in only)
Improve the platform	Legitimate interest
Legal compliance	Legal obligation

4. How Long We Keep Your Data

Account data: Retained while your account is active, deleted within 30 days of account deletion request
Transaction records: Retained for 7 years for tax and legal compliance
Security logs: Retained for 12 months
Marketing consent: Retained until you withdraw consent

5. Who We Share Data With

Payment Processor

We use Stripe to process payments. Stripe handles your payment card details directly and is PCI-DSS compliant. We do not store your full card number.

Other Users

Sellers see bidder usernames (not full names or emails) until an auction ends. After a successful auction, buyer and seller contact details are shared to complete the transaction.

Service Providers

Cloud hosting (Railway, Cloudflare)
Email delivery (Resend)
Real-time notifications (Pusher)

Legal Requirements

We may disclose data if required by law or to protect our rights and the safety of users.

We do not sell your personal data. We do not share data with advertisers or data brokers.

6. Your Rights Under GDPR

As an EU resident, you have the following rights:

Access: Request a copy of your personal data
Rectification: Correct inaccurate data
Erasure: Request deletion of your data ("right to be forgotten")
Portability: Receive your data in a machine-readable format
Restriction: Limit how we process your data
Objection: Object to processing based on legitimate interests
Withdraw consent: Revoke any consent you have given

To exercise these rights, email [email protected] or use the data export/deletion tools in your account settings.

You also have the right to lodge a complaint with your national data protection authority.

7. Data Security

All data is encrypted in transit (HTTPS/TLS)
Passwords are hashed using bcrypt
Database access is restricted and monitored
Regular security audits are conducted
Two-factor authentication is available for accounts

8. International Transfers

Your data is primarily stored within the European Union. If data is transferred outside the EU (for example, to service providers), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

9. Children

Finds is not intended for users under 18 years of age. We do not knowingly collect data from minors.

10. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email or a notice on the platform. The "Last updated" date at the top indicates when this policy was last revised.

11. Contact

For privacy-related inquiries:
Email: [email protected]