Privacy Policy
Last updated: March 29, 2026
This Privacy Policy explains how Aslanos collects, uses, stores, and shares your personal data. We are committed to transparency and compliance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Data We Collect
- Identity: Full name, username, date of birth (age verification)
- Contact: Email address, phone number, postal/shipping address
- Payment: Billing details processed by PCI-DSS compliant providers — we do not store raw card numbers
- Transaction: Purchase history, listings, offers, and messages
- Technical: IP address, browser type, device identifiers, cookies
- Usage: Pages visited, search queries, click behaviour, session duration
- Communications: Support tickets, emails, and in-platform messages
2. Lawful Basis for Processing (GDPR)
- Contract performance: To provide and operate our marketplace services
- Legitimate interests: Fraud prevention, platform security, service improvement
- Legal obligation: Tax records, regulatory compliance, law enforcement requests
- Consent: Marketing emails and non-essential cookies — you may withdraw at any time
3. How We Use Your Data
- Creating and managing your account
- Processing orders and facilitating transactions between users
- Detecting, preventing, and investigating fraud and abuse
- Providing customer support and resolving disputes
- Sending transactional notifications — order confirmations, security alerts
- Marketing communications (consent only — unsubscribe at any time)
- Complying with legal and regulatory obligations
- Improving platform functionality and user experience
4. Data Sharing
We do not sell your personal data. We may share it with:
- Other users: Your public profile and listings are visible to all users. Name and address shared with transaction counterparty to fulfil orders
- Payment processors: PCI-DSS compliant providers processing payments on our behalf
- Shipping providers: To arrange delivery of purchased goods
- Service providers: Cloud hosting, analytics, fraud detection — bound by data processing agreements
- Legal authorities: Where required by law, court order, or to protect the safety of any person
- Business transfers: In the event of a merger or acquisition — we will notify you in advance
5. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data | Duration of account + 3 years after closure | Legal and audit purposes |
| Transaction records | 7 years | Tax and accounting obligations |
| Support communications | 3 years from last interaction | Dispute resolution |
| Marketing consent records | Until withdrawal + 1 year | Compliance evidence |
| Technical / log data | 12 months | Security monitoring |
After the applicable period, data is securely deleted or irreversibly anonymised.
6. International Data Transfers
Your data may be processed in countries outside your own. Where data is transferred outside the European Economic Area (EEA), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other lawful transfer mechanisms.
7. Security
- TLS/SSL encryption for all data in transit
- Encryption of sensitive data at rest
- Two-factor authentication available for all accounts
- Regular security audits and vulnerability testing
- Strict internal access controls and principle of least privilege
No system is completely secure. If you believe your account has been compromised, contact security@aslanos.com immediately. In the event of a personal data breach affecting your rights and freedoms, we will notify you and relevant supervisory authorities as required by applicable law.
8. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal data we hold about you
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data, subject to legal retention obligations
- Restriction: Request that we limit processing of your data
- Portability: Receive your data in a structured, machine-readable format
- Objection: Object to processing based on legitimate interests or for direct marketing
- Withdraw consent: At any time where processing is based on consent
- Lodge a complaint: With your local data protection authority (e.g. ICO in the UK, CNIL in France, BfDI in Germany)
To exercise any right, email privacy@aslanos.com. We will respond within 30 days. Identity verification may be required before processing your request.
9. California Residents — CCPA Rights
California residents have additional rights under the CCPA, including the right to know what personal information is collected, the right to deletion, and the right to opt-out of any sale of personal information. We do not sell personal information. To submit a CCPA request, email privacy@aslanos.com with subject line "CCPA Request".
10. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated by email or prominent platform notice, and — where required — we will seek fresh consent. The "last updated" date at the bottom of this page reflects the most recent revision.
11. Contact & Data Protection Officer
- General privacy enquiries: privacy@aslanos.com
- Data Protection Officer: dpo@aslanos.com
- Security incidents: security@aslanos.com