Legal
Privacy Policy
Last updated: April 2026 · Effective date: April 2026
This Privacy Policy explains how Atlantis FMCG collects, uses, and protects your personal data when you use our B2B marketplace platform. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and applicable European data protection law.
1. Who We Are
Atlantis FMCG ("Atlantis", "we", "our", "us") operates a B2B wholesale marketplace platform available at marketpl7ce.vercel.app. Our registered address is in Romania, and we serve businesses across Europe and the Gulf region. For privacy-related questions, contact us at: Info@atlantisfmcg.com
2. What Data We Collect
We collect information you provide directly: • Account information: full name, email address, company name, VAT number, phone number • Identity verification (KYC): national ID, passport copy, selfie/liveness check, business registration documents • Financial information: IBAN and SWIFT/BIC codes (stored encrypted using AES-256), Stripe Connect account data • Order and transaction data: purchases, payments, shipping addresses, order history • Communication data: support messages, dispute submissions, product reviews We also collect data automatically: • Usage data: pages visited, features used, session duration • Technical data: IP address, browser type, device identifiers • Security data: login attempts, suspicious activity flags
3. How We Use Your Data
We use your personal data for the following purposes: • To create and manage your account (Legal basis: Contract performance) • To verify your identity and business (KYC) as required by law (Legal basis: Legal obligation) • To process orders, payments and escrow transactions (Legal basis: Contract performance) • To communicate about orders, disputes and platform updates (Legal basis: Contract performance / Legitimate interest) • To detect fraud and ensure platform security (Legal basis: Legitimate interest) • To comply with EU financial regulations and VAT reporting (Legal basis: Legal obligation) • To send marketing communications, only with your consent (Legal basis: Consent — you may withdraw at any time)
4. Data Sharing
We share your data only in the following circumstances: • Stripe, Inc. — payment processing and supplier payouts (Stripe's Privacy Policy applies) • Supabase — secure file storage for KYC documents • Hostinger — email delivery via SMTP • Railway — cloud infrastructure (your data is processed within the EU where possible) • Vercel — frontend hosting • Other platform users: your company name, product listings, and ratings are visible to other registered users • Law enforcement: we will disclose information when required by applicable law or court order We do not sell your personal data to third parties.
5. Data Retention
We retain your data for as long as your account is active or as needed to provide services. • Account data: retained for 7 years after account closure (EU financial regulation requirements) • KYC documents: retained for 5 years per AML/KYC regulations • Financial audit logs: retained permanently (append-only records required by regulation) • Marketing preferences: until you withdraw consent • Login security logs: 90 days You may request deletion of your data at any time (subject to legal retention requirements — see Section 7).
6. Your Rights Under GDPR
As a resident of the European Economic Area, you have the following rights: • Right of Access: Request a copy of all data we hold about you • Right to Rectification: Correct inaccurate or incomplete data • Right to Erasure ("Right to be Forgotten"): Request deletion of your data (subject to legal retention obligations) • Right to Data Portability: Receive your data in a structured, machine-readable format • Right to Restriction: Ask us to limit how we process your data • Right to Object: Object to processing based on legitimate interests or for direct marketing • Rights related to automated decision-making: We do not make solely automated decisions with legal effects To exercise any of these rights, email us at: Info@atlantisfmcg.com You also have the right to lodge a complaint with your local data protection authority.
7. Security
We implement industry-standard security measures including: • AES-256 encryption for all sensitive financial data (IBAN, SWIFT, 2FA secrets) • JWT-based authentication with short-lived access tokens (15 minutes) and rotating refresh tokens • HTTPS/TLS for all data in transit • Two-factor authentication (2FA) available for all accounts • Account lockout after repeated failed login attempts • Continuous threat detection and security monitoring • PCI DSS-compliant payment processing via Stripe (we never store card data) Despite these measures, no system is 100% secure. If you believe your account has been compromised, contact us immediately.
8. Cookies
We use cookies and similar tracking technologies. For full details, please read our Cookie Policy at /cookie-policy. Essential cookies are required for the platform to function. You may decline non-essential cookies via the cookie consent banner.
9. International Transfers
Your data may be transferred to and processed in countries outside the EEA (for example, Stripe's servers in the United States). Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes by email or via an in-platform notification. The date of the most recent revision is shown below. Last updated: April 2026
11. Contact Us
For any privacy-related questions, requests, or complaints: Email: Info@atlantisfmcg.com Platform: marketpl7ce.vercel.app Data Controller: Atlantis FMCG
Questions about this policy?
Contact our team at Info@atlantisfmcg.com