POSFix Logo
PricingContactSearch CompaniesFAQ
Sign Up
Fiscal POSE-InvoiceInvoicingAnti-FraudInventory ManagementCRM

Learn more

Online Cash RegisterOnline POS RegisterOnline AccountingRestaurants & Cafés
PricingContactSearch CompaniesFAQ
ROENRU
Sign Up
POSFix Logo

Complete solution for managing your business.

Get it on Google Play

Products

  • Fiscal POS
  • E-Invoice
  • Invoicing
  • Anti-Fraud

Solutions

  • Getting started

Legal

  • Privacy policies
  • Terms and Conditions
© 2014 - 2026 M373 SRL 1014600018610

Your privacy matters. We use strictly necessary cookies to run the website and, only with your consent, analytics and marketing cookies. You can accept all, reject non-essential ones, or choose individually. Cookie Policy

Înapoi la pagina principală

Privacy Policy

Last updated: June 2026

M373 SRL ("the operator", "we") respects your privacy and processes your data in accordance with Law no. 195/2024 on personal data protection. This policy explains, for each category of data, why we use it, on what legal basis, and how long we keep it.

1. Who the operator is and how to contact us

  • Operator: M373 SRL, IDNO 1014600018610, bd. Mircea cel Bătrîn 11/6, of. 102, Chișinău, Republica Moldova
  • Email: info@m-373.com · Phone: +373 60 100 698
  • Data Protection Officer (DPO): info@m-373.com

2. What data we collect, why, on what basis and for how long

We process only the data needed for the purposes below (data minimization, art. 5).

Identification and account data (name, email, phone, hashed password)

  • Purpose: creating and managing the account, authentication, service-related communication.
  • Legal basis: performance of the contract (art. 6(1)(b)).
  • Retention: for the life of the account plus 90 days after deletion (backups).

Fiscal data (tax code/IDNO, company name, registration details)

  • Purpose: issuing fiscal documents and compliance with the State Tax Service.
  • Legal basis: legal obligation (art. 6(1)(c)).
  • Retention: for the period required by accounting law (Law no. 287/2017, art. 17 — terms set by the State Archive Service) and aligned with the 4-year tax limitation period (Tax Code, art. 264).

Billing and payment data

  • Purpose: processing payments and issuing invoices.
  • Legal basis: contract and legal obligation (art. 6(1)(b) and (c)).
  • Retention: for the period required by accounting and tax law (see fiscal data above).

Technical and usage data (IP address, access logs, device identifiers)

  • Purpose: security, fraud prevention, service operation and audit.
  • Legal basis: legitimate interest in keeping the service secure (art. 6(1)(f)).
  • Retention: technical logs ~30 days; fiscal audit logs 7 years.

Analytics and marketing cookies

  • Purpose: traffic analysis and site improvement; campaign measurement.
  • Legal basis: your consent (art. 6(1)(a)) — managed from the cookie banner.
  • Retention: up to 12 months or until consent is withdrawn.

The full list of cookies — name, purpose, provider and duration — is in the Cookie Policy.

Data processed on behalf of our customers (processor role)

When a merchant uses the PosFix platform to process its own customers’ or employees’ data, that merchant is the operator and we act as a processor (art. 28), strictly on their documented instructions. For such data, contact the merchant directly; retention follows their instructions and applicable law.

3. Who we share data with (recipients and sub-processors)

  • State Tax Service (SFS): for fiscal documents and e-Invoicing, as required by law.
  • Google (Firebase / Google Wallet): push notifications and digital loyalty cards.
  • Apple (PassKit / APNs): push notifications and Apple Wallet passes.
  • Hosting/infrastructure providers: to operate the platform.
  • Public authorities, where required by law.

4. Transfers outside the Republic of Moldova

Some sub-processors (Google, Apple) may process data outside the Republic of Moldova, including in the USA. Such transfers rely on adequate safeguards (standard contractual clauses), per art. 44-49. Transfers to the European Economic Area need no special authorization (art. 44(2)).

5. Your rights

You have the right to: access, rectification, erasure ("right to be forgotten"), restriction, objection and portability, and to withdraw consent at any time without affecting prior processing.

Exercise your rights via the data request form or by writing to info@m-373.com. We respond without undue delay, within one month (art. 12), free of charge. If you have an account, you can manage some data directly in cp.posfix.md.

6. Right to lodge a complaint

If you are dissatisfied, you may contact the National Center for Personal Data Protection (CNPDCP), datepersonale.md — email centru@datepersonale.md, phone 022 820 801.

7. Is providing data mandatory?

Account and fiscal data are necessary to provide the service and to issue fiscal documents; without them we cannot enter into or perform the contract. Analytics and marketing cookies are optional and consent-based.

8. Automated decisions and security

We do not make decisions based solely on automated processing that produce legal effects on you (art. 22). We apply appropriate technical and organizational measures (art. 32): encryption, access control, audit logging and tenant data isolation.

9. Children

Our services target businesses. For information-society services offered directly to a child, consent is valid from the age of 14 (art. 8).

10. Changes

We may update this policy. We will notify you of significant changes via the platform or email.

M373 SRL ("the operator", "we") respects your privacy and processes your data in accordance with Law no. 195/2024 on personal data protection. This policy explains, for each category of data, why we use it, on what legal basis, and how long we keep it.

1. Who the operator is and how to contact us

Operator: M373 SRL, IDNO 1014600018610, bd. Mircea cel Bătrîn 11/6, of. 102, Chișinău, Republica MoldovaEmail: info@m-373.com · Phone: +373 60 100 698Data Protection Officer (DPO): info@m-373.com

2. What data we collect, why, on what basis and for how long

We process only the data needed for the purposes below (data minimization, art. 5).

Identification and account data (name, email, phone, hashed password)

Purpose: creating and managing the account, authentication, service-related communication.Legal basis: performance of the contract (art. 6(1)(b)).Retention: for the life of the account plus 90 days after deletion (backups).

Fiscal data (tax code/IDNO, company name, registration details)

Purpose: issuing fiscal documents and compliance with the State Tax Service.Legal basis: legal obligation (art. 6(1)(c)).Retention: for the period required by accounting law (Law no. 287/2017, art. 17 — terms set by the State Archive Service) and aligned with the 4-year tax limitation period (Tax Code, art. 264).

Billing and payment data

Purpose: processing payments and issuing invoices.Legal basis: contract and legal obligation (art. 6(1)(b) and (c)).Retention: for the period required by accounting and tax law (see fiscal data above).

Technical and usage data (IP address, access logs, device identifiers)

Purpose: security, fraud prevention, service operation and audit.Legal basis: legitimate interest in keeping the service secure (art. 6(1)(f)).Retention: technical logs ~30 days; fiscal audit logs 7 years.

Analytics and marketing cookies

Purpose: traffic analysis and site improvement; campaign measurement.Legal basis: your consent (art. 6(1)(a)) — managed from the cookie banner.Retention: up to 12 months or until consent is withdrawn.

The full list of cookies — name, purpose, provider and duration — is in the Cookie Policy.

Data processed on behalf of our customers (processor role)

When a merchant uses the PosFix platform to process its own customers’ or employees’ data, that merchant is the operator and we act as a processor (art. 28), strictly on their documented instructions. For such data, contact the merchant directly; retention follows their instructions and applicable law.

3. Who we share data with (recipients and sub-processors)

State Tax Service (SFS): for fiscal documents and e-Invoicing, as required by law.Google (Firebase / Google Wallet): push notifications and digital loyalty cards.Apple (PassKit / APNs): push notifications and Apple Wallet passes.Hosting/infrastructure providers: to operate the platform.Public authorities, where required by law.

4. Transfers outside the Republic of Moldova

Some sub-processors (Google, Apple) may process data outside the Republic of Moldova, including in the USA. Such transfers rely on adequate safeguards (standard contractual clauses), per art. 44-49. Transfers to the European Economic Area need no special authorization (art. 44(2)).

5. Your rights

You have the right to: access, rectification, erasure ("right to be forgotten"), restriction, objection and portability, and to withdraw consent at any time without affecting prior processing.

Exercise your rights via the data request form or by writing to info@m-373.com. We respond without undue delay, within one month (art. 12), free of charge. If you have an account, you can manage some data directly in cp.posfix.md.

6. Right to lodge a complaint

If you are dissatisfied, you may contact the National Center for Personal Data Protection (CNPDCP), datepersonale.md — email centru@datepersonale.md, phone 022 820 801.

7. Is providing data mandatory?

Account and fiscal data are necessary to provide the service and to issue fiscal documents; without them we cannot enter into or perform the contract. Analytics and marketing cookies are optional and consent-based.

8. Automated decisions and security

We do not make decisions based solely on automated processing that produce legal effects on you (art. 22). We apply appropriate technical and organizational measures (art. 32): encryption, access control, audit logging and tenant data isolation.

9. Children

Our services target businesses. For information-society services offered directly to a child, consent is valid from the age of 14 (art. 8).

10. Changes

We may update this policy. We will notify you of significant changes via the platform or email.