Effective Date: 24 November 2025 Controller: 4SPACES LTD (“4SPACES,” “we,” “us”), Registration No. HE432168, VAT No. CY10432168P, registered at Spyrou Araouzou 165, LORDOS WATERFRONT, Flat/Office 401, 3036 Limassol, Cyprus. Contact (Privacy): support@cheap.market
Welcome to cheap.market’s Privacy Policy. This policy explains how we collect, use, share, and protect your personal data when you use the cheap.market platform (our website and any related services) and when you otherwise interact with us (e.g., contacting support). It also describes your rights regarding your personal data under the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.
This Privacy Policy applies to: * All visitors and users of the cheap.market website and mobile application worldwide (“Platform”). * Individuals who use our Platform to browse products, place orders, or utilize any services provided by 4SPACES LTD through cheap.market. * Anyone contacting us via our support channels or providing us personal information in connection with the use of cheap.market.
4SPACES LTD is the “data controller” responsible for the processing of personal data under this Policy. As a data controller, we determine the purposes and means of processing your personal data. We may utilize data processors (service providers) who process data on our behalf (for example, payment processing by Stripe, or cloud hosting services). Such processors act under our instructions and are bound by data protection agreements.
By using cheap.market, you agree to the collection and use of your information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use the Platform. We may update this Policy from time to time (see Section 10 on changes).
We collect various types of personal data about you in order to provide our services. The data we collect can be grouped into the following categories:
When you use our Platform, certain data gets collected automatically by our systems and third-party analytics tools. This includes: * Usage Data: We log usage information such as pages or products you view, how you navigate the site, times of access, and what features you use. For example, we may record that you searched for a term or added an item to your cart. This helps us understand what products are popular and how users interact with the Platform. * Device and Technical Data: We collect technical information about the device and browser you use. This can include your IP address, browser type and version, device type (e.g., mobile or desktop), operating system, screen resolution, and unique device identifiers. We also note the website or ad that referred you to our Platform (if applicable). * Cookies and Tracking Technologies: We use cookies, beacons, and similar technologies to collect data automatically. Cookies are small text files stored on your browser. They help the site function (e.g., keeping you logged in, remembering your cart) and help us understand usage (via analytics cookies). We also use cookies for personalization (like remembering your language preference) and possibly for marketing (to track conversions from ads). Section 7.2 and 7.3 of our Terms of Service outline user consent for receiving communications; similarly, we abide by ePrivacy directives for cookies – on your first visit, you will see a cookie notice. You can manage cookie preferences through your browser settings. Note that disabling some cookies might affect Platform functionality (e.g., you might not be able to log in or add items to cart). * Approximate Location: From your IP address, we infer a rough geographic region (e.g., city or country). We use this to display appropriate currency, language, or to calculate shipping options. This is not precise geolocation (we do not track your exact GPS coordinates unless you explicitly allow it via some feature). It’s primarily based on IP-to-location mapping, which is approximate.
Sometimes we receive personal data from third-party sources: * Payment Processors: As mentioned, our payment provider (Stripe) gives us confirmation of payment and limited billing info (like whether a payment was successful, last four digits of card, etc.). This ensures we can process your order. * Logistics Partners: If a shipping carrier or customs broker collects information during delivery (like confirming your ID or receiving special instructions), they may share necessary info back with us – for instance, a carrier might notify us of a failed delivery attempt and the reason. * Social Media or External Accounts: If you choose to log in through a third-party account or interact with us on social media (like signing in via Google OAuth, or messaging us on a social platform), we may receive data that you’ve authorized those platforms to share (e.g., your social media username, profile information). We handle that data according to this Policy (and of course, the third-party’s privacy policy also applies in how they handle it).
We do not intentionally collect any sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health information, or biometrics. Please do not provide this to us, as it’s not necessary for our services. The only exception is if local laws require a specific ID document that incidentally reveals some sensitive info (for example, a passport might indicate religion on rare cases). Even in those cases, we only use the data for identification and do not use it for any discriminatory purpose.
We also do not knowingly collect personal data from children. Our services are 18+ (or age of majority in your country). If we discover someone under that age has provided personal data, we will delete it. If you’re a parent/guardian and believe your minor child has provided personal data, please contact us to remove it.
We process personal data for various purposes, each of which must have a legal basis under GDPR. Below are the main purposes for which we use your data, along with the corresponding legal bases: * To Provide and Operate the Service: We use your account, order, and payment data to process transactions and deliver goods to you. For example, we use your name and address for shipping, and your email to send order confirmations  . This processing is necessary for the performance of a contract (Article 6(1)(b) GDPR) – specifically, fulfilling the User Agreement (Terms of Service) and the Agent Agreement by executing your orders. Without this data, we cannot complete your purchase or deliver your items. * To Communicate with You (Service-related): We use your contact details to send transactional communications: order confirmations, shipping updates, delivery notifications, and responses to your inquiries  . These are not marketing messages but essential service information. Legal basis: performance of contract (to keep you informed about your order) and our legitimate interest (Article 6(1)(f) GDPR) in providing good customer service and ensuring you have up-to-date information about your orders. Users cannot opt out of critical service communications, as noted in our Terms , because they are necessary for using the service. * To Send Marketing Communications: If you have agreed (or as permitted by applicable law under a soft opt-in), we might send newsletters or promotional offers to your email or via SMS . For example, we may announce new product arrivals or special discount codes. The legal basis for sending marketing emails is typically consent (Article 6(1)(a) GDPR) – we will only send you such communications if you gave consent (e.g., by ticking a box during signup or not opting out when provided the chance). In some cases, if you are an existing customer, we rely on legitimate interest to send relevant offers about similar products, but always with a clear opt-out option in each message . You can unsubscribe at any time (see Section 6 on your rights). * To Personalize Your Experience: We may use data like your browsing history, search queries, and approximate location to personalize the content you see on cheap.market. For instance, we might show you products in your local currency, recommend items similar to those you viewed, or present the website in your preferred language  . This improves usability and relevance. The legal basis is legitimate interest in improving our service and sales (we believe showing you relevant content benefits both you and us) and/or consent in the case of cookies that track personalization (depending on cookie consent given via our banner). Under GDPR, where purely analytics/personalization cookies are used, we ask for consent via the cookie notice when required. * To Analyze, Improve, and Develop Our Services: We continuously work on making cheap.market better – fixing bugs, optimizing user flows, and deciding on new features. We use aggregated usage data and device information to perform analytics on how the Platform is used  . For example, we might see that a lot of users drop off at a certain checkout step, indicating a need for improvement. We also use error logs to debug technical issues. These uses are generally based on legitimate interests (ensuring the stability and improvement of our service, Article 6(1)(f) GDPR). We take care to use this data in a way that minimally impacts privacy – often it’s aggregated or pseudonymized for analysis. We do not use this analysis to make any decisions that have legal or significant effects on individuals; it’s to improve the overall service for all users. * For Customer Support: If you reach out for support, we will use your data to assist you – this might involve looking up your orders, reviewing communications, or verifying your identity if needed. This is part of performing our contract (helping you use the service properly) and our legitimate interest in maintaining high customer satisfaction. * To Process and Prevent Fraud or Misuse: We may process certain data to protect against fraud, security incidents, or other malicious activity. For example, we might use IP address and payment attempt information to detect multiple failed transactions that could indicate fraud. Or we might verify if a user is in a sanctioned location (for legal compliance). The legal basis is legitimate interest in keeping our platform secure and preventing fraudulent transactions (which also protects users), as well as legal obligation (Article 6(1)(c) GDPR) where we must comply with laws (e.g., anti-money laundering, sanctions lists). If we suspect a violation of our Terms or illegal activity, we may process and share data as needed to investigate and involve law enforcement if appropriate  . * For Legal Compliance and Enforcement of Terms: We will use and retain personal data as needed to comply with legal obligations. This includes keeping records for tax and accounting purposes (e.g., retaining invoice data as required by law), complying with consumer protection laws (like honoring data access or deletion requests), and responding to lawful requests by public authorities (e.g., for law enforcement). We also may use data to enforce our agreements (for instance, to handle chargeback disputes by providing proof of delivery). Legal bases include Article 6(1)(c) GDPR (compliance with EU/Cyprus law) and Article 6(1)(f) GDPR (our legitimate interest in establishing, exercising, or defending legal claims). For example, under EU e-commerce regulations, we might need to keep transaction data for a certain number of years; under GDPR, we document consent records.
In summary, we process personal data only for purposes necessary to provide our services, for legitimate business improvement goals, or to meet legal requirements. We do not sell personal data to third parties for their own marketing. Any processing for a new purpose incompatible with those above would either be communicated to you or would require your consent.
We treat your personal data with care and confidentiality. However, in order to run our business and fulfill your orders, we must share some data with third parties. We only share the data that is necessary for the specific purpose, and where possible, data is limited or pseudonymized. Here are the types of recipients of your data and why we share with them: * Sellers and Merchants: As an agent platform, when you place an order, we essentially place an order on your behalf with the third-party seller or merchant that offers the product. In doing so, we have to provide them with certain information to process the purchase and ship the item. This includes details like the product you purchased and your delivery name and address. For example, if you buy a gadget from a retailer in another country, we will communicate your name and shipping address to that retailer so they can send the item . We do not provide sellers with your contact info beyond what’s needed for fulfillment (they shouldn’t need your email or phone except perhaps on a shipping label, and in many cases, they send to our logistics hub first). The Seller uses your data as needed to complete the sale (under their own privacy policy likely, acting as an independent controller once they have your info for shipping). We ensure sellers we work with are reputable and also expect them to safeguard your data. * Logistics and Delivery Partners: We share data with courier companies, postal services, and freight forwarders who physically transport the goods. This is essential to get the product to you. For international shipments, this often means: (a) providing a parcel service with your name, address, and phone (the phone is given so the courier can contact you if needed for delivery). We also attach customs documentation to packages, which includes a description of contents and value, and your name/address as the importer/receiver  . If a local delivery attempt fails, the courier might have access to your email or phone to notify you (depending on how we arrange delivery notifications). We only share the necessary delivery information with these partners. * Customs Brokers and Border Agencies: To clear customs, we may need to provide certain data to customs authorities or brokers, such as your name, address, and identification number (if required by law) along with the details of the shipment (what the product is, its value)  . This is mandated by law for importing personal goods. For example, in some countries a copy of your ID or a national tax ID must be declared. We pass this to the customs agency through official forms. Customs authorities and brokers use this data strictly to clear your parcel and comply with import regulations. They might retain records as required by law. We also may share data if a government authority requests information (e.g., to check a shipment for compliance or to investigate fraud), but such sharing will be limited to what is legally necessary. * Payment Service Providers: When you make a payment, you directly provide your payment details to our payment processor (Stripe). In that sense, they collect it directly (as a controller for processing your payment). We share with Stripe the transaction details like amount and order ID, and receive from them confirmation and basic card info (like card type, expiry, last 4 digits) . Stripe may also have obligations to screen transactions for fraud (so they might use some of your personal data for fraud prevention and to comply with financial regulations like anti-money laundering). We have a data processing agreement with Stripe and they are PCI-DSS compliant. * Cloud Hosting and IT Infrastructure: cheap.market runs on software and hardware provided by third-party tech companies. For instance, our website might be hosted on servers of a cloud provider (like Amazon Web Services or similar). Data you provide (account info, order records) is stored in databases on those servers. We use secure hosting partners located in the EU (or other jurisdictions with adequate protection) to store data. These infrastructure providers technically have the ability to access data on their systems, but they generally do not access it except for maintaining the service. We ensure via contracts that our hosting and IT providers must implement strong security measures and cannot use your data for any purpose other than providing us the service. * Analytics and Advertising Partners: We utilize analytics tools (like Google Analytics) to understand how users use our Platform . These tools often operate by placing cookies or trackers in your browser. They collect information like page views, clicks, and technical device data (often IP addresses are anonymized or truncated in the case of GA’s EU compliance). We configure these services to avoid collecting unnecessary personal data. The analytics providers process data as our processors to give us aggregated insights. Similarly, if we run targeted advertisements (say on Google or social media), we might share some hashed identifiers or use cookies for retargeting ads to people who visited cheap.market. For example, we could use Facebook Pixel or Google Ads conversion tracking – these tools would mean we’re indirectly sharing some of your usage data (via your browser) with those platforms to measure campaign effectiveness. We obtain consent for marketing cookies where required. You can opt out of these through our cookie settings or by using platform-level opt-outs (like Google Analytics opt-out browser add-on, or ad settings on Google/Facebook). * Service Providers and Business Support: Apart from the above, we may also share data with other service providers who help us run business operations. This includes: customer support software providers (if we use a CRM or helpdesk platform, your communications and profile may go through their system), email service providers (for sending out emails – your email address and name are used to send you order updates or newsletters, via a service like SendGrid or Mailchimp), and professional advisors (lawyers, accountants, auditors) who might review certain records if needed for audits or legal advice. All such parties are bound by confidentiality and data protection obligations. For instance, an accountant might see transaction records (which include personal data like names and amounts) to prepare our financial statements or tax filings – they are legally obligated to keep that information confidential. * Within Our Corporate Group: If 4SPACES LTD ever establishes affiliates or subsidiaries that play a role in service delivery, we might share data within our corporate group. Currently, cheap.market is run by 4SPACES LTD in Cyprus; if in the future another branch or entity is involved (say a tech development arm or a local office), personal data could be accessed by that affiliate. Any internal sharing would still uphold this Privacy Policy and applicable data laws (our staff are trained and authorized only to use data as needed for their job functions). * Legal and Compliance Sharing: If we are under a duty to disclose or share your personal data in order to comply with a legal obligation, we will do so. This could mean providing information in response to a lawful request by public authorities (e.g., for law enforcement or national security). We will carefully review each request to ensure it has proper authority and scope. Additionally, if we need to share data to enforce our Terms of Service or Agent Agreement, or to protect our rights, property, or safety (or that of our users or others), we may share information as necessary. For example, we might provide transaction evidence to a bank in the case of a chargeback dispute, or we might report a fraudulent transaction (with related data) to law enforcement . * Business Transfers: In the unlikely event that our company or the cheap.market business is involved in a merger, acquisition, bankruptcy, or sale of assets, personal data may be transferred to the successor or new owner as part of that transaction . We would ensure that the new owners understand they must treat the personal data in line with this Privacy Policy (or a policy that gives at least similar protections). If such a change in ownership happens, we will notify users (for example, via email or posting on our site) about the new controller of their data. You would then have the choice to discontinue using the service if you do not agree with any new policies.
Important: We do not sell your personal data to third parties for monetary consideration. We also do not share data with third-party advertisers in a way that they can identify you personally without your consent. Any sharing with advertising networks is typically via pseudonymous cookie IDs, etc., as described above.
Whenever we share data, we aim to only share the minimum required for the task and to do so securely. We also assess the data protection practices of our partners. For partners outside the European Economic Area (EEA), if we transfer personal data internationally, we rely on adequacy decisions (if the country is deemed by the European Commission to have adequate protection, e.g., perhaps you are in an adequacy-approved country), or we use standard contractual clauses (SCCs) or other approved transfer mechanisms to safeguard data across borders (see Section 5 below).
Given the global nature of our service (we enable purchases from all over the world to users in various countries), your personal data may be transferred to and processed in countries other than your own. Notably: * Our company 4SPACES LTD is based in Cyprus (which is an EU member state). If you are a user outside the EU/EEA, know that any personal data you provide will be transferred to and stored in the EU (on our servers or those of our providers) . The EU is considered to have a high standard of data protection (GDPR). * We also deal with sellers and logistics providers globally. This means your data might be transferred to countries outside the EU that might not have the same level of data protection laws. For example, if you order a product from a seller in China, your name and address will be processed in China to fulfill that order  . Similarly, if our cloud service or certain support tools are in the United States or other jurisdictions, your data might be stored or routed through those places.
Whenever we transfer personal data out of the EU/EEA, we will ensure appropriate safeguards are in place to protect it, as required by GDPR Chapter V. These include: * Adequacy Decisions: Some countries have been deemed by the European Commission to provide an adequate level of data protection (meaning they essentially have laws comparable to the EU’s). If we transfer data to such a country, we rely on that decision. For example, if you are in the UK or we transfer to a partner in the UK (post-Brexit the UK has an adequacy from the EU), that’s covered. Cyprus being in the EU covers intra-EU flows automatically. * Standard Contractual Clauses (SCCs): For transfers to countries without an adequacy decision (like the US currently, or China, etc.), we typically use European Commission-approved Standard Contractual Clauses with the receiving party . For instance, our contract with Stripe, or with a US-based cloud provider, includes SCCs obligating them to protect EU personal data. We also conduct transfer impact assessments as recommended by the European Data Protection Board to ensure that, in practice, the data remains secure and inaccessible to government overreach without proper safeguards. * Other Measures: We also may use additional technical measures like encryption (data in transit and at rest) and pseudonymization to add layers of security to cross-border data. For example, sensitive fields might be encrypted such that even if data passes through servers abroad, it’s not intelligible without keys we hold in the EU. * User Consent: In rare cases, if none of the above safeguards are feasible, we might ask for your explicit consent to a particular transfer after informing you of potential risks. However, our aim is to rely on structured legal mechanisms rather than consent for routine transfers.
By using our services and providing your information, you acknowledge that your information may be transferred to our facilities and those third parties with whom we share it as described in this policy, which may be located in different jurisdictions around the world. Rest assured, no matter where your data is processed, we apply the same level of care and follow the principles of this Privacy Policy and GDPR.
If you’d like more information about cross-border transfers or want to obtain a copy of the SCCs we use, you can contact us at support@cheap.market.
As a user of cheap.market and as a data subject, especially if you are in the European Economic Area (EEA) or a jurisdiction with similar data protection laws, you have certain rights regarding your personal data. We are committed to honoring these rights. Below is a summary of those rights and how you can exercise them: * Right to Access: You have the right to request confirmation whether we are processing your personal data and, if so, to obtain a copy of that data along with supplemental information (what data we have about you, how we use it, who we share it with, etc.) . This is often referred to as a “Data Subject Access Request”. Upon verification of your identity, we will provide you with an overview or copy of your personal data that we process, usually within one month of your request (or up to two months if it’s a complex request, but we’ll inform you if an extension is needed). * Right to Rectification: If any of your personal data we hold is inaccurate or incomplete, you have the right to ask us to correct it. For example, if you change your phone number or notice a typo in your address in our records, you can update some of this via your account settings. For any details you cannot self-edit, contact us and we will make the corrections. We strive to ensure data is accurate, but we rely on you to inform us of changes. In many cases you can log into your account and modify basic info directly. * Right to Erasure (Right to be “Forgotten”): You have the right to request deletion of your personal data in certain circumstances  . This isn’t absolute, but we will erase data upon request if: the data is no longer needed for the original purpose, or you withdraw consent (in cases where consent was the basis), or you object to processing and we have no overriding legitimate grounds, or if the processing was unlawful, etc. Note that we may retain certain information if necessary for legal obligations or legitimate interests (for instance, we might keep transaction records if required for tax and accounting). However, in our App, we provide a convenient way to delete your account and associated data: there is a “Delete Account” or similar option in your account settings on the cheap.market app/website, which you can use to initiate deletion . Using that will erase or anonymize personal data associated with your account that we are not required to keep. For any additional deletion requests, you can also email support@cheap.market. We will comply and confirm once done (within a month or as required). Keep in mind that once deleted, your account can’t be recovered, and you would need to sign up again to use our service. * Right to Restrict Processing: You have the right to ask us to restrict (pause) processing of your data under certain conditions – e.g., if you contest the accuracy of data (until corrected), or if you have objected to processing (until we determine if our grounds override yours), or if processing is unlawful but you don’t want full erasure . When processing is restricted, we will just store the data and not actively use it. We’ll inform you when the restriction is lifted. * Right to Data Portability: For data you provided to us and which we process based on your consent or on a contract, you can request a copy in a structured, commonly used, machine-readable format, and you have the right to have that data transmitted to another controller where technically feasible . For example, you could ask us for an export of your account information and order history to take to a competing service (should one exist). We will provide such exports typically in CSV or JSON format. Note: this right applies to personal data you actively provided and some data generated by your activities (like order logs), but it doesn’t apply to data we derived or inferred. * Right to Object: You have the right to object to certain processing activities. Direct marketing: you can always object to and opt-out of processing of your personal data for direct marketing purposes  . If you object, we will stop using your data for marketing. E.g., you can unsubscribe from emails via the link in them or by adjusting preferences; we’ll then cease sending promotional messages. Legitimate interests: if we process data on the basis of our legitimate interest, you may object if you have grounds relating to your particular situation. We will then evaluate your objection and will stop processing unless we have compelling legitimate grounds that override your interests, rights, and freedoms or unless it’s needed for legal claims. For instance, you can object to our processing of your data for statistical purposes if you feel it impacts you – we’d likely comply because we don’t have a strong need to use your data specifically if you object (we can aggregate without it). * Right to Withdraw Consent: In cases where we process your personal data based on your consent, you have the right to withdraw that consent at any time . If you withdraw consent, we will stop the processing that was based on consent. For example, if you consented to receive our newsletter, you can unsubscribe (withdraw consent) and we’ll stop sending it. Withdrawal doesn’t affect the lawfulness of processing that happened before the withdrawal. Also, note that if you withdraw consent for some essential data uses (like perhaps use of an ID for customs), we might not be able to provide certain services (in that case, we’d inform you if a service is halted due to withdrawal). * Right Not to be Subject to Automated Decision-Making: We do not make any decisions about you that have legal or similarly significant effects solely by automated means (without human involvement). If that changes, you would have rights to not be subject to such decisions in certain cases and/or to get an explanation. As of now, any automated processing we do (like basic fraud flagging) is coupled with human review. * Right to Lodge a Complaint: If you believe our handling of your personal data infringes the law, you have the right to lodge a complaint with a supervisory authority. For EU users, this would typically be an authority in the country of your residence or in Cyprus (where we are based). In Cyprus, the supervisory authority is the Office of the Commissioner for Personal Data Protection. We encourage you to reach out to us first, so we can try to address your concerns directly, but you are free to go to the authority at any time.
Exercising Your Rights: To exercise any of these rights, you can contact us at support@cheap.market. Please specify which right you are exercising and provide relevant details. We may need to verify your identity (to ensure we’re dealing with the correct person and avoiding unauthorized data disclosures). Verification might involve confirming information we already have on file or asking for a form of ID (we’ll do the least intrusive verification sufficient for security). Once verified, we will do our best to fulfill your request or inform you why we cannot (if an exception applies).
There is no fee for making a request, except in rare cases of manifestly unfounded or excessive/repetitive requests (where we might charge a reasonable fee or refuse, per GDPR).
For deletion requests via the app’s delete function: when you press delete account in the app, you will likely be asked to confirm, and upon confirmation, your account enters a deletion process. We will erase personal data that is not needed to retain. Data that we must keep (e.g., for transactions) will be archived securely and isolated from active use, and deleted after the retention period expires.
Data Retention: We generally retain your personal data for as long as your account is active or as needed to provide you services. If you deactivate your account or it’s deleted, we will either delete or anonymize personal data, or if we must keep it, we will restrict processing of it to only those purposes. For example, we retain order records for X years to comply with accounting laws. We also retain info as needed to resolve disputes or enforce agreements. See Section 7 on retention specifics.
Security Measures: We implement a variety of technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our measures include: * Encryption: The cheap.market website is served over HTTPS. This means that any data transferred between your browser and our servers is encrypted in transit using TLS (Transport Layer Security) . For instance, when you enter personal information or payment details, they are transmitted securely. We also encrypt sensitive data at rest when appropriate (for example, passwords are stored hashed & salted, not in plain text). For any identification documents or sensitive files we might store (say, if you send a passport scan for verification), we keep them in encrypted storage with limited access. * Access Control: Internally, we restrict access to personal data to employees and contractors who need it to operate, develop, or improve our services . They operate under strict confidentiality obligations. We segment our data so that not everyone can see everything – for example, support agents can look up order details to assist you, but only staff with special clearance can access the database directly. We also use role-based access control for our systems. * Authentication and Account Security: Users are responsible for keeping their account credentials secure (see our Terms about not sharing login details) . On our side, we encourage using strong passwords. We also monitor for suspicious login attempts. If we implement features like two-factor authentication (2FA), we will recommend you use them for added security. Internally, our systems require multi-factor authentication for administrative access. * Network and System Security: We maintain firewalls and monitoring systems to guard our infrastructure. We regularly update our software and promptly apply security patches to known vulnerabilities. Our hosting environment is secured and we run penetration tests or code audits periodically to find and fix potential security weaknesses. * Payment Security: We are PCI DSS compliant via our payment provider. We do not store full card numbers on our servers to reduce risk. All payment processing is done by certified processors who comply with high security standards. * Staff Training: We train our staff about privacy and security best practices. They know how to handle personal data safely and are aware of social engineering risks and how to avoid data breaches. * Incident Response: While we strive to prevent any security incidents, we have a response plan in place. If a data breach were to occur, we will notify users and authorities as required by law (GDPR has a 72-hour notification rule for significant breaches). We would also take steps to mitigate any damage and prevent future occurrences.
No system is 100% secure, and we cannot guarantee absolute security of data. However, we make commercially reasonable efforts to protect your information. You also play a role in security: protect your password, use unique passwords for different accounts, and notify us if you suspect any unauthorized account access.
Data Retention: We keep your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law  . The criteria we use to determine retention periods include: * Account Data: We retain your account information for as long as your account exists. If you delete your account, we will remove or anonymize personal data within 30 days, except for data we are required to keep (see next points). * Order and Transaction Data: We keep records of your purchases, transactions, and communications related to those for at least the duration required by law. In Cyprus (and generally EU), financial and commercial transaction records must be kept for about 7 to 10 years for tax and accounting purposes. This means that even if you delete your account, we might retain invoice data, payment history, and order details in our archives until that retention period lapses. However, that data will not be actively used; it is retained for compliance and will be securely stored. * Customer Support Interactions: We may retain support tickets or emails for a certain time (e.g., 2 years) in case you have follow-up issues or for training and quality assurance. After that period, they are deleted or anonymized if not needed. * Marketing Data: If you have subscribed to newsletters, we retain that until you unsubscribe. If you unsubscribe (withdraw consent), we will stop sending and will typically delete your contact from the marketing list, keeping maybe a minimal record to remember not to send you in future (if needed). * Cookies and Analytics: Cookies have varying lifespans. Some session cookies are only around while your browser is open. Persistent cookies on our site (like to remember your login or preferences) may last a few months or a year, unless you clear them. Analytics data is usually aggregated; raw logs may be retained for a short time (maybe 14 months in Google Analytics by default) before being deleted or anonymized. * Legal and Dispute Data: If we are engaged in a legal dispute or investigation, we may retain relevant data for as long as that is ongoing, even if it exceeds normal retention. We also preserve data as needed to enforce our Terms or to resolve any complaints or disputes. For instance, if you filed a chargeback, we would keep data about that transaction and communication until the issue is resolved, and potentially longer to prevent abuse.
After the retention period expires, we will either delete your personal data or anonymize it (so it can no longer be associated with you). For example, we might convert records into statistical data that no longer identify you. If deletion is technically impossible (like stored in backups), we ensure it’s isolated and secured until eventual deletion.
Anonymization and Aggregation: In some cases, instead of outright deletion, we might anonymize data. For instance, we might keep overall sales statistics but not data tied to you personally. We also use aggregated data (which doesn’t identify individuals) for business purposes and we may retain that indefinitely since it has no personal data.
In summary, we aim to minimize retention and not keep personal data longer than necessary. We regularly review our databases and purge data that is no longer needed. If you have specific questions about retention of certain data, you can contact us.
Our Platform uses cookies and similar tracking technologies to provide, customize, and improve the user experience and to understand usage of our services. Here we explain what these technologies are and how we use them:
What are Cookies? Cookies are small text files that websites store on your device (computer, smartphone, etc.) when you visit them. They are widely used to make websites work or to work more efficiently, as well as to provide information to the site owners. Cookies can be “persistent” (lasting until you or your browser delete them, or until they expire on a set date) or “session” (lasting only until you close your browser).
We also sometimes use related technologies like web beacons (tiny graphics that monitor browsing behavior) and local storage (which is similar to cookies in storing information in your browser). For simplicity, we refer to all these as “cookies” in this policy.
Types of Cookies We Use: cheap.market uses cookies in the following categories: * Essential / Strictly Necessary Cookies: These are cookies required for the operation of our website and to fulfill your requests. For example, they enable you to log into secure areas, keep your session active as you browse (so you don’t have to log in repeatedly), and remember items in your cart  . Without these cookies, services you’ve asked for (like placing an order) cannot be provided. These cookies do not gather information for marketing or remembering where you have been on the internet. They are typically first-party cookies set by cheap.market. For logged-in users, an example would be a session ID cookie. * Functional Cookies: These cookies allow our site to remember choices you make and provide enhanced, more personal features. For instance, they might remember your preferred language or region, so we can show you the site in the correct language and currency without asking each time . They may also remember other preferences like display settings. Functional cookies may also be used to provide services you have asked for, such as watching a video or using live chat. While not strictly necessary, they enhance your experience. They are usually first-party, but we might use third-party tools for certain functionalities (e.g., an embedded map or video might set its own cookie). * Analytics / Performance Cookies: We use these cookies to collect information about how visitors use our site – for example, which pages are visited most often, and if users get error messages on certain pages  . These cookies don’t directly identify you (the data is aggregated), but they help us improve how the site works and understand user interests. We might use Google Analytics or similar, which sets cookies to gather usage stats. For instance, GA might use cookies named _ga etc., which track your interactions with our site. We configure our analytics tools in line with privacy best practices (IP anonymization, etc., when possible). Data from analytics cookies is used internally to make decisions like improving navigation or content. * Advertising / Targeting Cookies: As of the writing of this policy, we primarily focus on service usage, not heavy advertising. However, we may use targeting cookies to deliver advertisements that are relevant to your interests, both on cheap.market and possibly on other sites. These cookies remember that you visited our site and may track your browsing across other sites. If we run advertising campaigns, cookies could be set by advertising networks with our permission. For instance, if we use Google Ads or Facebook Pixel, those would drop a cookie so that we can later show you an ad on Google or Facebook related to cheap.market (this is called retargeting)  . These cookies also help us measure the effectiveness of campaigns – for example, seeing if someone who clicked an ad actually ended up registering or ordering. Targeting cookies may collect device identifiers and browsing information. They often involve third party providers. You can manage preferences for such cookies via our cookie banner or through settings on platforms (like Google’s ad settings or Facebook’s ad preferences). * Social Media Cookies: If our website integrates with social media (e.g., a “Share” or “Like” button, or a login via social account), the social network may set its own cookie on your device. That cookie can recognize you when you visit our site and also when you visit other sites that have integrated the same social network. These cookies might be used by the social network for various purposes, including analytics and ad targeting. For instance, if we allow login via Facebook, Facebook might set a cookie to remember that you logged in via them. Social media cookies are controlled by the respective platform’s privacy policies.
Cookie Consent and Control: Upon your first visit to cheap.market (or if you come back after clearing cookies), you will see a cookie notice/banner. Except for strictly necessary cookies, we will ask for your consent to place cookies on your device. You can choose to accept all, or customize your preferences (if our banner supports granular control). * If you click “Accept All Cookies,” you consent to our use of all categories including analytics and targeting as described. * If you select preferences or “Reject Non-Essential Cookies,” we will not set analytics/advertising cookies. Only essential cookies will run. * You can also manage cookies through your browser settings. All major browsers allow you to block or delete cookies. However, please note that if you block essential cookies, our website may not function properly for you. * We also respect Do Not Track (DNT) signals where possible. But given the complexity of third-party integrations, it’s best to use the provided consent tools or browser settings.
Even after initially consenting, you can always change your mind: * If we have a cookie management tool on our site (like a “Cookie Settings” link in the footer), you can revisit that to adjust your preferences. * Or manually clear cookies via your browser (for cheap.market and possibly third-party cookies). * For Google Analytics, you can opt out with a browser add-on: Google Analytics Opt-out Browser Add-on. * For interest-based ads from participating networks, you can visit sites like Your Online Choices (EU) or NAI Opt-Out (US) to manage preferences.
Note: Some analytics and functionality may still occur without cookies (for example, server logs or essential operation). But anything optional will be disabled if you decline.
Web Beacons and Pixels: We or our partners might use small graphic images or scripts (called web beacons or pixels) in emails or on the site to count users or understand behavior. For example, if we send an email, it might contain a tiny pixel that tells us if you opened the email (this helps us gauge engagement). These pixels work in conjunction with cookies.
By using our site with cookies enabled in your browser, you consent to our use of cookies unless you take action to opt out or disable them.
We provide this information to be transparent about our use of tracking technologies and your choices regarding them. If you have questions about specific cookies or tech on our site, feel free to reach out.
cheap.market is not directed to or intended for use by children under the age of 18 (or the age of majority in your jurisdiction if that is higher). We do not knowingly collect personal data from children. Our services involve purchasing and financial transactions, which require users to be of legal age to form a binding contract and to handle payment. * No Child Accounts: You must be at least 18 years old to register an account and use our platform. By agreeing to our Terms of Service and this Privacy Policy, you affirm that you meet the eligible age. * No Targeting to Children: We do not design any part of our website or marketing to appeal to children. For example, we don’t feature children’s cartoon characters in a way to attract underage users, and we don’t offer toys or games for direct sale to minors (a parent or adult must make any purchase). * Parental Responsibility: If you are a parent or guardian and you allow a minor in your care to use your account, you take responsibility for that usage. However, officially we discourage and do not permit minors to use an account or make purchases. * If We Collect Data from a Child: In the unlikely event that we discover we have collected personal information from someone under 18, we will delete that information promptly. For instance, if a 16-year-old registers using a false birth date and we later find out their true age (through support conversation or ID verification), we will close that account and remove data insofar as no legal necessity to retain (if they made a purchase, we might need to keep a transaction record but would flag and not use it further). * Contact Us If Needed: If you are a parent or guardian and suspect that your child (under 18) has provided personal information to us or has an account on cheap.market, please contact us at support@cheap.market. We will take steps to delete the information and (if applicable) terminate the child’s account.
We adhere to relevant laws meant to protect children’s privacy online, such as the US Children’s Online Privacy Protection Act (COPPA) and similar, although our user base is not intended to include minors. Since we do not knowingly collect data from children, we do not have specific mechanisms for parental consent in our process; our approach is to avoid data collection from minors entirely.
If laws in a user’s jurisdiction define “children” with a different age threshold (for example, under 13, or under 16), we apply the local definition when determining our responsibilities. But overall, our service is 18+.
We may update or modify this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational or legitimate reasons. We will notify users of significant changes in the following ways: * Policy Version Date: At the top of this Privacy Policy, we state the effective date. If we update it, we will change that date to the date of the latest revision. * Notification of Material Changes: If we make any material changes that affect your rights or the way we use your personal data, we will take appropriate steps to inform you in advance. This might include: posting a prominent notice on our website (like a banner or modal on cheap.market when you log in), sending you an email to the address associated with your account, or other direct communication. The notification will outline the key changes and, if required by law, we might seek your consent again for certain new uses of data. * Minor or Non-Material Changes: For more minor updates (like clarifications, grammatical fixes, or changes that do not significantly affect how we handle data), we may not send out direct alerts, but we will still update the effective date and the policy available on our site. It’s a good idea to review our Privacy Policy periodically to stay informed on how we protect your information.
If we require your consent for changes (for example, if we plan to use your data for a new purpose that originally required consent), we will obtain that consent from you. If you disagree with any changes to the Privacy Policy, you should stop using our services and you may request that we delete your personal data (as per Section 6 regarding your rights).
Continuing to use cheap.market after a revised Privacy Policy has become effective will indicate your acceptance of the changes, to the extent permitted by law. We will always indicate the date of the latest revision and we keep previous versions of this Privacy Policy archived for reference (you can request older versions from us to see what changed, or we may link to them if possible).
If you have any questions or concerns about changes to this Policy, please contact us via the methods below.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please feel free to contact us: * Email: You can reach our data protection/contact person at support@cheap.market. This is the preferred and quickest method for privacy-related inquiries or requests (like exercising your rights). * Postal Mail: 4SPACES LTD, Spyrou Araouzou 165, LORDOS WATERFRONT, Flat/Office 401, 3036 Limassol, Cyprus. (Attn: Privacy/Compliance) – If you wish to send us a written letter or any official correspondence. * Contact Form: If available on our website, you may use a contact form for privacy inquiries. Ensure you mention it’s regarding privacy so it gets routed correctly.
We will respond to your inquiry as soon as possible, generally within 30 days or earlier for data access/erasure requests as required by law. If you are making a request to exercise your data rights, we may need to verify your identity as mentioned in Section 6.
Our goal is to be transparent and helpful in addressing any issues related to your privacy. If something in this Privacy Policy is unclear, reach out and we’ll gladly clarify.
Thank you for trusting cheap.market with your personal data. We value your privacy and work hard to protect it.
⸻
This Privacy Policy is an integral part of cheap.market’s Terms of Service and Agent Agreement. By using cheap.market, you acknowledge that you have read and understood this Privacy Policy.