MPay Privacy Policy

The Public Institution “Electronic Governance Agency” (hereinafter referred to as AGE) attaches due importance to the protection of your personal data and respects your privacy when accessing the Government Electronic Payment Service (MPay) (hereinafter referred to as the MPay Service), which is administered by the institution.

The Privacy Policy regarding the protection of individuals with respect to the processing of personal data when using the MPay Service (hereinafter referred to as the Privacy Policy) is based on national legislation (Law No. 133/2011 on the protection of personal data) and European legislation (Council of Europe Convention No. 108 for the protection of individuals with regard to automatic processing of personal data), as well as on the regulatory acts governing the use of the MPay Service.

The Privacy Policy covers both the official website of AGE and the dedicated website of the MPay Service. You may browse most of these websites without providing personal data.

However, you may sometimes be asked to provide personal data in order for certain electronic services to be delivered to you. In such cases, you will be informed about the processing of your personal data and the rights you have in this regard.

This Privacy Policy describes how AGE, acting as a data controller, ensures the protection of personal data and provides you with information regarding relevant aspects related to the processing of your personal data.

The main terms used in this Privacy Policy are defined in Article 3 of Law No. 133/2011 on the protection of personal data, as follows:

• Personal data – any information relating to an identified or identifiable natural person (data subject). An identifiable person is a person who can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to their physical, physiological, psychological, economic, cultural or social identity;
• Processing of personal data – any operation or set of operations performed upon personal data by automated or non-automated means, such as collection, recording, organization, storage, preservation, retrieval, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination or otherwise, alignment or combination, blocking, erasure or destruction;
• Controller – the natural or legal person under public or private law, including a public authority, any other institution or organization which, alone or jointly with others, determines the purposes and means of processing personal data, as expressly provided by the applicable legislation;

1. In accordance with the legislation on the protection of personal data, AGE, as a controller, is obliged to process personal data provided to it securely and solely for the specified purposes.
2. Where processing is based on Article 5(1) of Law No. 133/2011 on the protection of personal data and is carried out on the basis of your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing carried out on the basis of consent prior to its withdrawal. Accordingly, you may modify or withdraw your consent at any time, and we will act immediately in this regard, except where there is a legal ground or a legitimate interest not to do so.
3. Your personal data are processed for the purpose of fulfilling the legal obligations incumbent upon the controller (AGE), in accordance with Article 5(1) and (5)(a), (b), (d) and (e) of Law No. 133/2011 on the protection of personal data. Thus, the data we request and collect serve a range of essential purposes, all aimed at facilitating seamless interaction between you and AGE when accessing and using the MPay Service. These purposes include:
   • efficient use of the MPay Service – data are processed to assist you, process requests, and facilitate the use of the service;
   • user assistance and communication – the collected data are essential for fulfilling your instructions, addressing inquiries, providing responses to feedback or petitions, and managing any interactions you have with AGE. This helps maintain a robust communication channel between you and AGE and, where applicable, with other public authorities and institutions;
   • improvement of the MPay Service based on user needs – in order to continuously improve the service, we monitor and track its usage. This helps us understand user behavior, identify trends, and understand preferences, leading to improvements in the administration and use of the service. The collected data are also used to generate anonymized reports and statistics for both internal and external purposes;
   • ensuring data continuity – your data are securely stored and backed up, ensuring data continuity in the event of unforeseen incidents or interruptions;
   • prevention and investigation of fraud, cyberattacks, and other illegal activities – we use the collected data to detect and prevent fraudulent or illegal activities associated with your account, even in the absence of suspicions;
   • management of notifications and complaints – analysis and resolution of requests, notifications, or complaints received in connection with the use of the MPay Service;
   • communication with you – we use data to communicate with you through various means, such as email, push notifications, and other forms of communication available depending on the capabilities of the MPay Service;
   • performance of a contract related to the provision of services associated with the MPay Service, to which you are a party, or taking steps at your request prior to entering into a contract;
   • data exchange in accordance with the applicable legislation on data exchange and interoperability.
4. If you do not agree to provide personal data, AGE will not be able to satisfy your requests to access the MPay Service or to conclude contracts for the provision of services through it.

1. Within the MPay Service, AGE obtains personal data from the following sources:
   • directly from the personal data subject;
   • from users’ personal devices;
   • through automated data consumption, via the interoperability platform (MConnect), from state information systems and resources (e.g., the State Population Register);
2. The personal data obtained may be accessed exclusively by employees of AGE’s structural subdivisions and processed solely for the purposes mentioned in Section 3 of this Privacy Policy.

1. The Privacy Policy is to collect only the personal data necessary to achieve the purposes mentioned in Section 3 of this Policy and to request data subjects to provide only those personal data strictly necessary for achieving those purposes.
2. 5.2. When accessing the MPay Service, depending on the case, some of the following categories of personal data may be processed; the list is not exhaustive:
   1. identification data: first and last name; state personal identification number (IDNP); date of birth;
   2. your contact details, which are essential for effective communication. We collect information such as your phone number and email address, ensuring that we can keep you informed and connected;
   3. device information – in order to improve your experience and provide personalized services, we collect certain information from your device. This includes, but is not limited to, IP address (Internet Protocol address), network interfaces, device type and model, and other relevant data related to your device;
   4. other data provided directly by the user – while most data will be retrieved from state information systems and resources and pre-filled to simplify your experience, certain functionalities you access may require additional data that you manually enter or upload to complete a request. You will be specifically informed of the exact data required at the time of requesting the respective service.
   5. voice – recorded during telephone conversations when contacting AGE’s customer support service.

1. 1.1. As a personal data subject (data subject), you benefit from the rights provided by Law No. 133/2011 on the protection of personal data – the right of access; the right of rectification; the right to object; the right not to be subject to an individual decision; the right to withdraw at any time previously given consent regarding the processing of personal data, without affecting the lawfulness of processing carried out prior to such withdrawal, except where there is a legal ground or a legitimate interest not to do so;
2. To exercise your rights, please submit an electronic request to the following email address: office@egov.md;

1. AGE, while ensuring the administration and use of the MPay Service, carries out data exchange between state information systems owned by public participants in data exchange (legal entities under public law), as well as between those information systems and information systems owned by private participants in data exchange (legal entities under private law), through the interoperability platform (MConnect), under the conditions established by the regulatory acts in the field of data exchange and interoperability, acting as a technical intermediary.
2. To ensure security and confidentiality during data exchange, as well as when accessing information with restricted accessibility, in addition to standard security measures, the interoperability platform (MConnect) provides the possibility of data transmission through encryption/decryption mechanisms. Data encryption/decryption is ensured by the data provider and, respectively, the data consumer.
3. The transfer and disclosure of personal data is carried out as follows:
   1. data transfer within the provision of the MPay Service: in order to provide the requested service, your data are securely transmitted, through interoperability and information security mechanisms, from the public entity holding the state register to you or to a relevant public or private entity, in strict accordance with the purpose of the service;
   2. disclosure to third parties: AGE does not sell, rent, or transfer personal data to third parties for marketing purposes. Data disclosure is carried out only in the following strictly regulated situations:
      1. to public entities, where there is an explicit legal obligation to do so or upon their official and reasoned request, within the limits of their legal competences;
      2. to AGE’s contractual partners authorized by AGE, within the volume and limits necessary to achieve the purposes for which the data are processed, based on contractual relationships imposing strict confidentiality and security obligations;

1. Personal data are retained in a form that allows your identification for a period not exceeding the time necessary to fulfill the purposes for which the data are processed, as mentioned in Section 3 of this Privacy Policy;
2. The storage period of personal data within the MPay Service is 10 years from the date of completion of the transaction. After the expiration of this period, personal data will be anonymized and stored exclusively for statistical, historical research, or scientific purposes;
Upon expiration of the storage period, personal data shall be destroyed in accordance with the procedure established by law;

AGE reserves the right to unilaterally amend this Privacy Policy in order to ensure compliance with applicable legal requirements or for operational reasons. Any update shall be published on the dedicated website of the MPay Service and shall enter into force as of the date of publication

Name: Public Institution “Electronic Governance Agency”
Headquarters: 134 Ștefan cel Mare și Sfânt Blvd., Chișinău, MD-2012, Republic of Moldova
Phone: +373 (022) 820 026
Official website: https://egov.md/
Email: Office@egov.md