Data Protection and Privacy

Applicable data protection law: imotreg manages personal data of users in compliance with Law No.06/L-082 on Protection of Personal Data (2019) of Kosovo and other applicable privacy regulations. This law closely aligns with the EU’s General Data Protection Regulation (GDPR). Our data processing practices are further detailed in our Privacy Policy, which is incorporated into these Terms by reference.

Data collected and its use: We only collect personal data that is necessary for providing our services or which you voluntarily provide. Typical data include information provided during registration (name, contact details), listing details (which may indirectly contain personal data such as a contact phone number or an owner’s address), and communications via the Platform (messages, inquiries). We also collect technical usage data (like IP addresses and device information) for security and analytical purposes. Purpose: We use personal data solely for the purposes for which it was collected – primarily to operate the Platform and facilitate property matchmaking. This includes: creating and maintaining your account, displaying your public profile and listings, transmitting messages between users, processing payments via our bank partner, sending you notifications or service messages, and enforcing our Terms. If we intend to use personal data for any other purpose, we will obtain your consent unless otherwise permitted by law.

Sharing of data: imotreg treats your personal data with confidentiality. We do not disclose personal data to third parties except in the following circumstances:

  • Service provision: We may share data with other users or companies strictly as needed for the service. For example, if you send a message to a property provider through the Platform, we share your name and contact details with that provider in the context of that inquiry. If you purchase a paid service, necessary payment information will be shared with our payment processor (e.g., ProCredit Bank) to complete the transaction (see section 7.4).
  • Legal obligations: If we are required by law, regulation, court order, or governmental authority to disclose your data, we will do so to the extent necessary (e.g., to law enforcement or tax authorities).
  • With consent: We will share or publish your information if you have given us explicit consent to do so. For instance, if we wanted to use your testimonial or success story on our website, we would ask your permission.
  • Processors: We may use trusted third-party service providers (under contract with us) to process data on our behalf (e.g., IT hosting providers, email service providers). Such processors are bound by confidentiality and data protection obligations consistent with our own and will not use the data for any other purpose.
  • Merger or acquisition: In the event that imotreg’s business is transferred or merged with another company, personal data may be transferred to the successors or new owners so that the service can continue. In such case, users would be notified and their rights protected as per law.

User rights regarding data: Under data protection law, you have certain rights concerning your personal data held by imotreg:

  • Right of access: You may request a confirmation of whether we process personal data about you, and if so, request a copy of that data along with information on how we use it.
  • Right to rectification: You have the right to ask us to correct or update any inaccurate or incomplete personal data we hold about you. You can also edit much of your data yourself via your profile settings.
  • Right to erasure: You may request deletion of your personal data (“right to be forgotten”) if the data is no longer needed for the purposes for which it was collected, or if you believe it is being processed unlawfully, or if you withdraw consent (where the processing was based on consent), or other circumstances specified by law. We will honour such requests to the extent required by law. Please note that we cannot delete data that we are legally obliged to keep (e.g., transaction records for accounting) until those obligations expire.
  • Right to restriction: You can ask us to restrict (temporarily halt) processing of your data if you contest its accuracy, or object to processing (see below) while we consider your request, or if the processing is unlawful but you do not want full erasure.
  • Right to object: You have the right to object to certain processing activities. For example, you can object to processing of your data for direct marketing at any time, and we will stop using your data for that purpose. If we are processing your data based on legitimate interests, you can object if you have reasons related to your particular situation. We will then review the objection and only continue if we have compelling legitimate grounds.
  • Right to data portability: For data that you provided to us and which we process by automated means on the basis of consent or to perform a contract, you have the right to receive that data from us in a structured, commonly used and machine-readable format, and to have it transmitted to another data controller where technically feasible.

To exercise any of these rights, you can contact us at privacy@imotreg.com. We may need to verify your identity to process your request. We will respond in accordance with applicable law (generally within one month).

Data retention: We retain personal data only for as long as necessary to fulfil the purposes outlined in these Terms or as required by law. For instance, if you delete your account or it is terminated, we will remove or anonymise personal data associated with your account within a reasonable time after closure. However, we may keep certain data for longer if needed for legal compliance (e.g., records of transactions might be kept for several years for tax/audit purposes), or if there is an ongoing dispute or investigation that requires us to retain data. We store usage logs and technical data for security and improvement purposes typically for a shorter period, unless they are being used in an active investigation of abuse or fraud.

Security: imotreg implements appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Despite this, no system can be completely secure. Users are advised to also take precautions, such as using a unique and strong password for imotreg.

Supervisory authority: In Kosovo, the independent agency overseeing personal data protection is the Information and Privacy Agency (Agjencia për Informim dhe Privatësi – AIP). If you believe your data protection rights have been violated, you have the right to lodge a complaint with the AIP. We encourage you, however, to contact us first to resolve any issue.

(For further details on how we handle personal data, please refer to our full Privacy Policy on the website. By using the Platform or services, you acknowledge our processing of personal data as described therein and in this section.)