Under the Law regarding information society services dated 22 July 2004, providers of information services processing personal data, shall comply with confidentiality obligations and implement appropriate technical and organisational measures to protect personal data against unlawful or accidental access, destruction, alteration, blocking, copying, unauthorised disclosure, or any other unlawful processing.

Service providers shall publish the terms and conditions governing the processing of personal data and provide clear information regarding:

• the categories of data collected, the purposes of collection, and the manner of processing;
• the rights of the consumer as a data subject, in particular the rights of access, rectification and objection, and the procedures for exercising those rights;
• the circumstances in which personal data may be disclosed to third parties;
• the contact point for data protection-related requests;
• the mechanisms used to monitor online activity (including cookies) for marketing purposes and the procedure for obtaining consent;
• the right to refuse the collection of personal data;
• the procedure for withdrawing consent.

The service provider shall also provide general information on the technical and organisational measures implemented to ensure data security.

Furthermore, where a consumer considers that his/her data protection rights have been infringed, he/she may lodge a complaint with the NCPDP. Under the Moldovan legislation, the NCPDP shall supervise the lawfulness of such processing operations, and shall inform the complainant on the results of the verifications performed.