What legal basis does NIS2 Manager use for data processing?

We use 4 bases: contract performance (Art. 6(1)(b)), legitimate interest (Art. 6(1)(f)), legal obligation (Art. 6(1)(c)), and consent (Art. 6(1)(a)) for marketing communications.

How can I file a GDPR complaint?

Contact our DPO at gdpr@nis2manager.ro or file a complaint with ANSPDCP (Romania's National Supervisory Authority for Personal Data Processing) at www.dataprotection.ro.

Is my data transferred outside the EU?

Data is stored in the EU. For international transfers, we apply safeguards such as EU standard contractual clauses and European Commission adequacy decisions.

GDPR Compliance | NIS2 Manager

Our commitment

BetterQA SRL is committed to protecting the personal data of its users in compliance with the General Data Protection Regulation (GDPR - EU Regulation 2016/679) and applicable national legislation.

1. Data controller

BetterQA SRL

VAT ID: RO38595620

Address: Str. Anton Pann 28-30, Cluj-Napoca, Romania

DPO Email: [email protected]

2. Legal basis for processing

We process your personal data on the following legal bases:

Contract performance (Art. 6(1)(b) GDPR)

Processing necessary to provide NIS2 Manager platform services according to the usage agreement.

Legitimate interest (Art. 6(1)(f) GDPR)

Service improvement, platform security, fraud prevention.

Legal obligation (Art. 6(1)(c) GDPR)

Maintaining tax records and complying with applicable legal requirements.

Consent (Art. 6(1)(a) GDPR)

Marketing communications, where applicable (with right to withdraw at any time).

3. Your GDPR rights

You have the following rights regarding personal data:

Right of access

You can request a copy of the personal data we hold about you.

Right to rectification

You can request correction of inaccurate or incomplete data.

Right to erasure

You can request deletion of data in certain circumstances ("right to be forgotten").

Right to restriction

You can request limitation of processing in certain situations.

Right to portability

You can request transfer of data to another controller, in structured format.

Right to object

You can object to processing in certain circumstances, including direct marketing.

4. How to exercise your rights

To exercise any of the above rights:

Send a request to [email protected]
Specify the right you wish to exercise
Provide information for identity verification

We will respond to your request within 30 days. In complex cases, this term may be extended by an additional 60 days, with prior notification.

5. International data transfers

Your data is primarily processed and stored in the European Union. If we transfer data outside the EEA/EU, we ensure that appropriate safeguards exist, such as:

European Commission adequacy decisions
EU-approved standard contractual clauses
Recognized certifications or codes of conduct

6. Data security

We implement technical and organizational measures to ensure an appropriate level of security:

Encryption in transit (TLS 1.3) and at rest
Secure authentication with hashed passwords (bcrypt)
Role-based access control
Incident monitoring and detection
Regular backups with restoration testing
Periodic security audits

7. Incident notification

In the event of a data security breach that poses a risk to your rights and freedoms, we will notify you without undue delay, in accordance with Art. 34 GDPR.

8. Complaints

If you believe that the processing of your data violates GDPR, you have the right to lodge a complaint with the supervisory authority:

National Supervisory Authority for Personal Data Processing (ANSPDCP)

B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest, Romania

Website: www.dataprotection.ro

9. DPO Contact

For any questions regarding personal data protection, contact our Data Protection Officer:

Data Protection Officer (DPO)

BetterQA SRL

Email: [email protected]

Phone: +40 751 289 399

GDPR Compliance