The controller is Andrey Pustovoitov, acting as an individual, with contact address at Sacko 20a, Ukraine, no company registration number, email pusto.sk.com@gmail.com, and support email pusto.sk.com@gmail.com (the “Controller”). No data protection officer has been appointed at the date of this version. If an EU representative is appointed, the details will be published here.
2. Categories of personal data
We may process: account data (name, email, phone number, Telegram username or identifier, password hash, verification status); listing data (text, price, category, images, location, metadata, edits); communication data (messages sent to support, reports, appeals, verification documents, fraud checks); payment and billing data (transaction identifiers, invoices, VAT details where applicable); technical data (IP address, device/browser information, log data, session identifiers); and public source data (public listings, public usernames, public profile elements, and related metadata from publicly accessible sources). We do not intentionally collect special categories of personal data unless such data is contained in material voluntarily provided to us, required by law, or necessary for the establishment, exercise, or defence of legal claims.
3. Purposes and legal bases
We process account and listing data to provide the Platform, operate accounts, publish and manage listings, and respond to requests. Legal basis: performance of a contract or steps taken at the request of the user before entering into a contract. We process technical and security data to protect the Platform, detect abuse, maintain logs, prevent fraud, and preserve service integrity. Legal basis: legitimate interests in security, safety, and service administration. We process payment and invoice data to sell paid features, issue invoices, process accounting records, and comply with tax obligations. Legal basis: performance of a contract and compliance with legal obligations. We process reports, complaints, moderation records, and evidence in order to review illegal content notices, enforce our Terms, protect users, and comply with legal duties. Legal basis: legitimate interests and, where applicable, compliance with legal obligations. We process public source data to index, organize, deduplicate, classify, search, and display public listings for user convenience and platform functionality. Legal basis: legitimate interests in operating an aggregation and discovery service, balanced against the rights and freedoms of data subjects. We process analytics data only where required consent has been obtained, except for strictly necessary technologies that are required for the delivery or security of the service. Legal basis: consent, or legitimate interests / necessity where the technology is strictly necessary under applicable ePrivacy rules.
4. Where data comes from
We collect data directly from users when they register, submit a listing, contact support, buy paid features, complete verification, or send a report. We may also obtain data from public sources, including public Telegram channels and other publicly accessible sources, from payment service providers, hosting and infrastructure vendors, anti-fraud tools, or public authorities where legally permitted.
5. Recipients and processors
We may share personal data with service providers acting as processors or independent
controllers as appropriate, including hosting providers, CDN providers, analytics vendors,
customer support tools, anti-spam and anti-fraud providers, payment service providers
(where applicable), email delivery providers, and professional advisers.
We may also disclose data to public authorities, courts, regulators, or law enforcement
where required by law or where necessary for legal claims, safety, or fraud prevention.
The Platform currently uses the following service providers or categories in operations:
Hosting provider: Time4VPS (VPS infrastructure)
Payment processing:
- Direct payments handled by the Operator (e.g., bank transfer)
- Third-party payment providers (if and when implemented)
Analytics provider: Google Analytics (consent-based)
Security provider: Google reCAPTCHA
Email delivery: Django backend (server-side email infrastructure).
6. International transfers
Where personal data is transferred outside the European Economic Area, we will use an approved transfer mechanism where required, such as an adequacy decision, Standard Contractual Clauses, or another lawful safeguard. Information about the relevant safeguard can be requested from us at pusto.sk.com@gmail.com. Depending on the provider used and the location of processing, data may be processed inside or outside the EEA with the applicable safeguard used where required.
7. Retention periods
Account data is retained while the account is active and for a limited period after closure where necessary for disputes, security, legal claims, or accounting. Listing data is retained for the period during which the listing is active and for a reasonable archive period after expiry or deletion where necessary for moderation history, anti-fraud controls, legal claims, or backup integrity. Support and complaint records may be retained for up to 24 months after closure of the case, unless longer retention is needed for legal claims or legal obligations. Security logs are typically retained for up to 90 days unless a longer period is reasonably necessary for fraud detection, abuse investigation, or security incidents. Accounting and invoice records are retained for the period required by applicable tax and accounting law. These retention periods should be read together with any mandatory Slovak, EU, Ukrainian, or other applicable legal obligations.
8. Data subject rights
Subject to the conditions of applicable law, data subjects may request access to their personal data, rectification, erasure, restriction of processing, portability, or objection to processing based on legitimate interests. Where processing is based on consent, consent may be withdrawn at any time without affecting prior lawful processing. We may need to verify identity before acting on a request, especially where deletion, access to documents, or ownership claims are involved.
9. Right to lodge a complaint
Data subjects have the right to lodge a complaint with the supervisory authority in the Member State of their habitual residence, place of work, or place of the alleged infringement. In Slovakia, the supervisory authority is the Office for Personal Data Protection of the Slovak Republic, Námestie 1. mája 18, 811 06 Bratislava, Slovakia. Official contact details are published by the authority.
10. Public listing display and balancing test
Because the Platform may index and display publicly available listing data, we seek to minimize privacy impact by limiting the scope of collection to publicly accessible content, avoiding access to private communications, and providing routes for correction, ownership linking, objection, or removal requests where justified. Where we rely on legitimate interests, we consider the nature of the source, the expectations of the data subject, the context in which the data was made public, the benefits of discoverability, and the safeguards available through moderation and takedown procedures.
11. Cookies, local storage, and similar technologies
The Platform uses cookies, local storage, and similar technologies as described in the Cookie and Local Storage Policy below. Some technologies are strictly necessary for security, login, language preferences, or consent records; others may require user consent before activation.
12. Security
We implement appropriate technical and organizational measures designed to protect personal data, including access controls, moderation controls, logging, role-based permissions, backup measures, and reasonable safeguards against unauthorized disclosure or abuse. No method of storage or transmission is completely secure.
13. Children
The Platform is not directed to children. We do not knowingly provide the service to children below the minimum age required under applicable law for the relevant feature. If a parent or guardian believes that a child has provided personal data without authorization, they should contact us.
14. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. The current version will be published on the Platform with the revised date. Material changes may be highlighted through the interface or by email where appropriate.
15. Contact
Privacy requests, objections, deletion requests, and identity or ownership claims can be sent to pusto.sk.com@gmail.com. Postal address: Sacko 20A, Kamenskoe, Ukraine.
