This version was updated in July 2020
GENERAL CONSIDERATIONS – This Policy explains how we may process your information. This Policy may be amended or updated from time to time to reflect changes in our practices with respect to the Processing of your information, or changes in applicable law. We encourage you to read this Policy carefully and to regularly check this page for any revisions that may be made.
1. Data Controller
The Data Controller for your personal data is Iordache Quality Services srl, (“iQS”) a training & consultancy company founded in 2016. The main activities performed by iQS called ”Services” are related to security consulting, managing security risk and professional training courses & assessments including, but not limited to Quality Management Systems, Information Security Management Systems, Anti-Bribery Management Systems and European Union’s General Data Protection Regulation (GDPR).
IMPORTANT! Nothing found in this portal constitutes legal advice.
This Privacy Policy applies to information collected about you by iQS regardless of how it is collected or stored, and describes, among other things, the types of information collected about you, how your information may be used, when your information may be disclosed, how you can control the use and disclosure of your information, and how your information is protected.
Except as otherwise noted in this Privacy Policy, iQS is a data controller (as that term is used under the EU General Data Protection Regulation (“GDPR”), which means that we decide how and why the information you provide to us is processed.
This Policy covers information collected by iQS through various means of communication including but not limited to the following website: https://ioniordache.com
2. Which personal data do we collect?
Types of data that we collect for specified purposes are your name, phone number, job role, country of residence, IP address, email address, and other data that is specified in the Privacy Notice displayed next to every form where we collect your personal data.
“Personal Information” means information about any individual, or from which any individual is directly or indirectly identifiable.
“Process”, “Processing” or “Processed” means anything that is done with any Personal Information, including but not limited to collection, recording, organization, structuring, storage, retrieval, and use, disclosure by transmission, erasure or destruction.
Purpose and manner of personal data collection and use
iQS collects and processes personal data in accordance with the provisions of the European Union General Data Protection Regulation (EU GDPR) and other regulations in force in Romania and the European Union.
Your personal data are processed only on the basis of your approval a free and express consent to process your personal data for the purposes related to the use of the Content available through the Websites. Your consent for the collection and processing of your personal data for a given purpose shall be requested when completing the appropriate form published on https://ioniordache.com.
Your personal data shall be used in order to provide Content, reply to queries concerning the Content available on the Websites, inform you about existing and new content, materials, functionalities, services, and other offers that may interest you, and in order to improve the quality of the Content and the Websites. You will find a precise disclosure of the purpose of collecting your personal data in the Privacy Notice displayed next to every form where we collect your personal data.
All collected data are electronically stored, and appropriate measures and procedures are applied in order to prevent unauthorized access, maintain the level of personal data protection, and use the data collected online in an appropriate manner.
Even though we take all appropriate measures to ensure against unauthorized disclosure of your personal data, we cannot guarantee that some of the collected personal data shall never be disclosed in a manner that is not in accordance with these Terms. Accidental disclosure may be, for example, a consequence of false misrepresentation when accessing websites that contain such data, with the purpose of correcting possible errors in the data. Our liability shall be limited, to the fullest extent permitted by law, for any damage caused to users or third parties relating to accidental disclosure of personal data.
3. Communication and disclosure of personal data to third parties
Your personal data will be hosted and stored using services that are located in the European Union and the United States, as well as other countries that might not have the adequacy decision of the European Union.
Whenever we are sending data to countries that are not providing the same level of protection as the EU’s General Data Protection Regulation (GDPR), we are going to use appropriate safeguards to protect your personal data, including but not limited to Standard Contractual Clauses for Processors.
Your personal data (including your email) will never be shared with any third parties for marketing purposes.
4. Processing of personal data & Security Terms
Definitions
Applicable Data Protection Law: means all applicable international, federal, national, and state privacy and data protection laws that apply to the processing of Personal Data that is the subject matter of these Terms (including, where applicable, European Data Protection Law).
Controller: means the entity that determines the purposes and means of the processing of Personal Data, which for the purposes of these Terms means the Client.
European Data Protection Law: means: (i) prior to May 25, 2018, the EU Data Protection Directive 95/46/EC, and any applicable national implementation of it; and (ii) on and after May 25, 2018, the EU General Data Protection Regulation 2016/679 (“GDPR”) and any applicable national laws made under the GDPR.
Personal Data (“Data”): means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Processor: means an entity that processes Personal Data on behalf of the Controller, which for the purposes of these Terms means iQuality Services (iQS).
5. Data protection
Relationship of the Parties: As between the Parties, the Client is the Controller and appoints iQS as a Processor to process the Personal Data described in Personal Data (“Data”).
Purpose limitation: The Processor shall process the Data as a Processor only for the purposes described in Appendix A and strictly in accordance with the documented instructions of the Client (the “Permitted Purpose”). In no event shall the Processor process the Data for its own purposes or those of any third party.
International transfers of Data: The Processor shall at all times provide an adequate level of protection for the Data, wherever processed, in accordance with the requirements of Applicable Data Protection Law including, but not limited to, Standard Contractual Clauses that are required by the European Union.
Confidentiality of processing: The Processor shall keep strictly confidential all Personal Data that it processes on behalf of the Client. The Processor shall ensure that any person whom it authorizes to process the Data (including the Processor’s staff, agents, and subcontractors) (each an “Authorized Person”) shall be subject to a strict duty of confidentiality (whether a contractual duty or a statutory duty), and shall not permit any person to process the Data who is not under such a duty of confidentiality. The Processor shall ensure that only Authorized Persons will have access to, and process, the Data, and that such access and processing shall be limited to the extent strictly necessary to achieve the Permitted Purpose.
Security: The Processor shall implement appropriate technical and organizational measures to protect the Data from (i) accidental or unlawful destruction, and (ii) loss, unauthorized alteration, unauthorized disclosure of, or unauthorized access to the Data. At a minimum, such measures shall include the security measures identified in Annex 2 to these Terms.
Subcontracting: The Controller consents to the Processor’s engagement of third-party sub-Processors, including Certified Partners of the Processor, to process the Data, provided that the Processor provides to the Client an up-to-date list of its then-current sub-Processors upon request.
The Processor shall impose the data protection terms on any sub-Processor it appoints that, at a minimum, meets the requirements provided for by these Terms.
Cooperation and individuals’ rights: To the extent permitted by Applicable Law, the Processor shall provide reasonable and timely assistance to the Client to enable the Client to respond to: (i) any request from an individual to exercise any of its rights under Applicable Data Protection Law; and (ii) any other correspondence, inquiry, or complaint received from an individual, regulator, court, or other third party in connection with the processing of the Data. In the event that any such communication is made directly to the Processor, the Processor shall instruct such individual to contact the Client directly.
Data Protection Impact Assessment: If the Processor believes or becomes aware that its processing of the Data is likely to result in a high risk to the data protection rights and freedoms of individuals, it shall promptly inform the Client of the same. The Processor shall provide the Client with all such reasonable and timely assistance as the Client may require in order to conduct a data protection impact assessment and, if necessary, consult with its relevant data protection authority.
Security incidents: Upon becoming aware of a Security Incident, the Processor shall inform the Client without undue delay (and, in any event, within 72 hours) and shall provide such timely information and cooperation as the Client may require in order for the Client to fulfill its data breach reporting obligations under (and in accordance with the timeliness required by) Applicable Data Protection Law and relevant contractual obligations owed by the Client to its subscribers. The Processor shall cooperate with the Client in taking all appropriate measures and actions as are necessary to remedy or mitigate the effects of the Security Incident, shall manage and modify its systems to remedy or mitigate such Security Incident and the likelihood of future similar Security Incidents, and shall keep the Client informed of all developments in connection with the Security Incident. The Processor shall not notify any third parties of a Security Incident affecting the Data unless and to the extent that: (a) the Client has agreed to such notification, and/or (b) notification is required to be made by the Processor under Applicable Data Protection Laws. For the avoidance of doubt, the Processor shall have the right to comply with the terms of its contracts with other customers with respect to their data.
Deletion or return of Data: Upon termination or expiration of these Terms, the Processor shall (at Client’s request) destroy all Data (including all copies of the Data) in its possession or control (including any Data subcontracted to a third party for processing), provided, however, that customer data (including Data) may be retained on backup for a period of up to two (2) years for legal and compliance purposes. Notwithstanding the foregoing, the Processor shall not reduce the security measures at any time until such Data is permanently deleted.
General cooperation to remediate: In the event that Applicable Data Protection Law, or a data protection authority or regulator, provides that the transfer or processing of Personal Data under these Terms is no longer lawful or otherwise permitted, then the Parties shall agree to remediate the processing (by amendment to these Terms or otherwise) to the extent practical in order to meet the necessary standards or requirements. If the Processor is unable to remediate the processing, then the Client will be entitled to terminate usage of the Conformio service (and any other agreement between the Parties relating to the provision of services by the Processor to the Client) without penalty.
6. Security Terms
The obligations placed upon the Processor under these Terms shall survive so long as the Processor and/or its sub-Processors process Personal Data on behalf of the Client.
Appendix A – Details of processing of controller’s personal data
This Appendix A, includes certain details of the processing of the Controller’s Personal Data as required by Article 28(3) of the GDPR.
Subject matter and duration of the processing of Controller’s Personal Data.
The subject matter and duration of the processing of the Controller’s Personal Data are set out in the General Terms and Conditions of Use & Privacy Policy and this Addendum.
The types of Controller’s Personal Data to be processed: email, name, and other Personal Data provided to the Processor by the Controller or by the Controller’s end users.
The categories of Data Subject to whom the Controller’s Personal Data relates: Registered users of the iQS services.
Appendix B – Description of the technical and organizational security measures implemented by the Processor:
Physical Access Controls: The Processor shall take reasonable measures to prevent physical access, in order to prevent unauthorized persons from gaining access to Personal Data.
System Access Controls: The Processor shall take reasonable measures to prevent Personal Data from being used without authorization. These controls shall vary based on the nature of the processing undertaken and may include, among other controls, authentication via passwords, authorization processes, and control of access.
Data Access Controls: The Processor shall take reasonable measures to ensure that Personal Data is accessible and manageable only by properly authorized staff, that any direct database query access is restricted to authorized personnel, and that application access rights are established and enforced to ensure that persons entitled to use a data processing system only have access to the Personal Data to which they have privilege of access; and, that personal data is prohibited from being read, copied, modified, or removed without authorization in the course of processing.
Transmission Controls: The Processor shall take reasonable measures to ensure that Personal Data cannot be read, copied, modified, or removed without authorization during electronic transmission or transport.
Input Controls: The Processor shall take reasonable measures to ensure that it is possible to check and establish whether Personal Data has been entered into data processing systems, modified, or removed, and by whom. The Processor shall also take reasonable measures to ensure that (i) the Personal Data source is under the control of the data exporter; and (ii) Personal Data integrated into the Processor’s systems is managed by secured file transfer from the Processor and the Data Subject.
Data Backup: The Processor shall ensure that backups are taken on a regular basis, are secured, and are encrypted when storing Personal Data to protect against accidental destruction or loss when hosted by the Processor.
7. How we collect or create information
We may collect or obtain User Information about you: directly from you (e.g., if you contact us by phone, email, or social media channels); in the course of our interactions with you (e.g., if you interact with our marketing, sales, or customer support); when you make your Personal Information public (e.g., if you make a public post about us on social media); when you download, share or use any of our Training or Consulting; or when you interact with any third party content on the Training and Consulting. We may also receive User Information about you from third parties (e.g., social network sites). We may also create User Information about you, such as records of your interactions with us. iQS is not responsible for Personal Information you volunteer about yourself in public areas of the Training and Consulting.
This Policy does not cover the practices of third parties who may provide information about you to iQS.
8. Collection and processing of personal data by other users or third parties
https://ioniordache.com contains Interactive Content and may contain links to third-party websites, through which other users or third parties may gain authorized or unauthorized access to your personal data. These Terms do not apply to the collection, processing, or use of personal data that you communicate to other users and/or third parties. It is in your best interest to acquaint yourself with the rules of personal data protection, and the protection of privacy applied by other users and/or third parties. Since we cannot control the data you provide when accessing or using interactive content, links or third-party websites, or in other circumstances in which you communicate your personal data to other users and/or third parties, we shall not be liable for any damage caused to you, other users and/or third parties, arising from the fact that you communicated your personal data, in relation to the use of https://ioniordache.com.
We DO NOT TRANSFER your Personal Information to other locations in other countries. iQS will Process Personal Information when we receive your data in accordance with this Policy.
If you are a European individual with a privacy-related complaint, concern or question about iQS’ privacy practices, please contact us directly at ion@ioniordache.com, and we will respond within a reasonable time after receiving your request.
9. Modification and deletion of personal data
You are legally entitled to request modification or deletion of your personal data, or deletion from the registered user database at any time. Modification or deletion of data shall be effected on the basis of an appropriate notice addressed to the contact identified on https://ioniordache.com.
10. Cookies Policy
Cookies are small pieces of information stored on your computer with information about your visit to our website. No other website can use or view the cookies set by Ioniordache.com. We may use cookies on the website in order to make our website experience more convenient for you (such as saving your preferences and for you). These cookies do not typically contain personally identifiable information. Please note that advertisers that serve advertisements on our Website may use their own cookies that are subject to the advertiser’s Privacy Policy and not this one.
Most web browsers automatically accept cookies, but if you are concerned about the storage and use of cookies, you can edit your browser option to block them in the future. You may also delete cookies manually from your hard drive through your internet browser.
Third-Party Cookies: In the course of serving advertisements to this website, our third-party advertisers may place or recognise a unique “cookie” on your browser.
Details of the WordPress cookie policy can be found HERE (https://automattic.com/cookies/).
Our site may contain links to other sites that are solely maintained by third parties. Third-party sites are not subject to this policy and we are not responsible for their content or privacy practices. We strongly encourage you to read the privacy policy of each site you visit.
11. Data minimization
We take reasonable steps to ensure that your User Information that we Process is limited to that reasonably necessary in connection with the purposes set out in this Policy or as required to provide you services or to access and use products and the Services.
12. Retention time
Any personal data held by us for marketing and service update notifications will be kept by us until such time that you notify us that you no longer wish to receive this information.
We will keep your personal data as long as your account is open – after this period, your personal data will be irreversibly destroyed.
13. Your rights
If you are an EU resident, you have certain rights including but not limited to:
- the right not to provide your Personal Information to us;
- the right of access to your Personal Information;
- the right to request data portability;
- the right to request rectification of inaccuracies;
- the right to request the erasure;
- the right to request a restriction to process;
- the right to object;
- the right to control your automated individual decision-making, including profiling
- the right to lodge complaints with supervisory authorities.
We may require proof of or need to verify your identity before we can give effect to these rights.
You may directly take steps to change your preferences as follows:
Marketing Materials: At any time, you can opt out or unsubscribe to any marketing emails at any time by following the instructions on emails you receive. Please allow ten to fifteen business days for changes to take effect. If you opt out to receive marketing materials, you may still be contacted for other business purposes.
EU Residents. According to GDPR, You may decline to share certain information with us, in which case some of the functionality of the Services may not be available. These rights include, in accordance with applicable law, the right to object to or request the restriction of processing of your information and to request access to, or erasure of your own information.
In the event that you wish to lodge a complaint about how we have handled your personal data, please contact our support team. We will then look into your complaint and work with you to resolve the matter.
Requests regarding your information must be submitted by contacting us using the information below. If you are an EU resident and have any unresolved privacy concern that we have not addressed satisfactorily after contacting us, you have the right to contact the appropriate EU Supervisory Authority and lodge a complaint.
14. Contact Details
If you have any questions or concerns regarding this Policy, you may contact us at the address set out below or by emailing at ion@ioniordache.com
IORDACHE QUALITY SERVICES srl.
Attention: Management & Legal
Piata 1 Decembrie 1918, 24, Resita, Caras-Severin, 320067
Romania
Our Data Protection Coordinator may be contacted at ion@ioniordache.com
15. Changes of Privacy Policy
iQuality Services may change this Policy from time to time, to reflect changes to our data privacy policies and collection of personal information practices. The latest Privacy Policy will be posted on our website at https://ioniordache.com/
We strongly encourage you to check this Privacy Policy to ensure that you are aware of the most recent version.