Privacy Policy

Last updated: 2026-05-15

This Policy explains how Balkan DealFlow processes personal data when you use the Platform. It is based on the Law on Personal Data Protection of the Republic of North Macedonia; the consolidated text is available from the Directorate for Personal Data Protection (dzlp.mk). For users in the EEA we also apply the GDPR. We act as data controller and always seek to process data with maximum respect for your privacy.

1. Data we collect

• Account data: first and last name, email, password hash, company name, and stated interest.
• Listing data: business details, financials, company registration number (EMBS), location, and the contact phone you provide.
• Technical data: IP address, device and browser data, and approximate location; map tiles (OpenStreetMap/Leaflet, Google Maps) may transmit your IP to those providers when a map is shown.
• Transaction data: subscription and listing-payment records. Card data is processed by Stripe over an encrypted connection; we never see or store card numbers.
• Sign-in and communications: if you use social login (Google, Facebook, Apple) we receive your name, email, and a unique user ID; plus messages and consents (e.g. newsletter opt-in).

2. How we use data

• To operate the marketplace and provide paid buyer and seller features.
• To review and phone-verify listings and to contact you about them.
• To process payments and to prevent fraud and abuse (including IP logging).
• For direct marketing (e.g. the bi-weekly newsletter) only with your prior consent, which you can withdraw at any time.

3. Legal bases

We rely on performance of a contract (providing the service and processing payments), our legitimate interests (security, fraud prevention, improving the Platform), consent (direct marketing and non-essential analytics/marketing cookies), and compliance with legal obligations (accounting and tax records). We do not sell personal data and do not disclose it to third parties without a legal basis or your consent.

4. Sharing, authorities and transfers

• Payment processor: Stripe, for subscriptions and listing fees.
• Infrastructure and service providers: hosting/database (e.g. Vercel, Supabase), maps, and social-login providers, under confidentiality and security terms.
• Analytics/marketing: Google and Meta, only where those tags are enabled and consented.
• Authorities: in cases of fraud or abuse and only upon the request of a competent official body, we cooperate with the police/Ministry of Interior and may disclose identity via IP address or phone number.

Some providers are outside North Macedonia/the EEA; such transfers rely on adequacy decisions or standard contractual clauses. Note that any phone number you publish on a listing is, by design, shown to subscribed buyers so they can contact you directly. We do not control third-party sites linked from the Platform or their privacy practices.

5. Retention

We keep account and listing data while your account is active. After an account is closed, data is archived for no longer than twelve (12) months for legal, accounting, and dispute-resolution purposes (or longer where a statutory period requires) and is then deleted. Expired listings may be retained in unpublished form. Deletion requests are actioned within 30 days, subject to mandatory legal retention duties; marketing data is removed within 14 days of opt-out.

6. Your rights

You have the right to be informed and to access, rectify, erase, restrict, and port your data, to object to processing based on legitimate interests, and to withdraw consent at any time. To exercise these rights or to submit a request to provide information about, or to stop, processing, contact our data protection officer at privacy@balkandealflow.com (include your name, phone, the reply email, and the reason). You may also lodge a complaint with the Directorate for Personal Data Protection of the Republic of North Macedonia (dzlp.mk).

7. Cookies

We use cookies grouped by purpose: strictly necessary (site function and security), performance/statistics (e.g. Google Analytics — anonymous usage), functionality (preferences such as language), and marketing/social (e.g. Google Tag Manager, Meta Pixel) which load only with consent. Necessary cookies last from session length up to ~2 years; marketing cookies typically up to 1 year. You can block or delete cookies via your browser settings; some features may then not work. Data controller / cookies contact: privacy@balkandealflow.com.