GDPR RIGHTS AND DATA PROTECTION

Last Updated: January 2025

What is GDPR?

The General Data Protection Regulation (GDPR) is an EU regulation that protects personal data and privacy rights. It applies to all organizations processing EU residents’ data, giving individuals control over their personal information.

Who This Applies To

This page explains GDPR rights for all individuals whose data we process:

  • Website visitors and marketing contacts
  • Job applicants and candidates
  • Current and former employees
  • Contractors and freelancers
  • Client contacts and users
  • Business partners and vendors

Your GDPR Rights

Under GDPR, you have eight fundamental rights:

1. Right to Information (Articles 13-14)

What it means: You have the right to know how we collect and use your data.

How we comply:

  • Our Privacy Policy explains data collection
  • We provide privacy notices during collection
  • This GDPR page details your rights

How to exercise: Read our Privacy Policy at betterqa.co/privacy

2. Right of Access (Article 15)

What it means: You can request a copy of all personal data we hold about you.

What we provide:

  • Categories of data processed
  • Processing purposes
  • Recipients of your data
  • Retention periods
  • Source of data
  • Any automated decision-making

How to exercise: Email privacy@betterqa.co with “Data Access Request”

Response time: 30 days (extendable by 60 days for complex requests)

3. Right to Rectification (Article 16)

What it means: You can correct inaccurate or incomplete personal data.

Examples:

  • Update email address or phone number
  • Correct spelling of your name
  • Update job title or company
  • Fix incorrect information in our records

How to exercise: Email privacy@betterqa.co with corrections needed

Response time: 30 days

4. Right to Erasure / “Right to be Forgotten” (Article 17)

What it means: You can request deletion of your personal data.

When applicable:

  • Data no longer needed for original purpose
  • You withdraw consent
  • You object to processing
  • Data was unlawfully processed
  • Legal obligation requires erasure

Exceptions:

  • Legal obligations (tax records, contracts)
  • Legal claims establishment/defense
  • Public interest
  • Employment records (statutory periods)

How to exercise: Email privacy@betterqa.co with “Deletion Request”

Response time: 30 days

5. Right to Restrict Processing (Article 18)

What it means: You can limit how we use your data while disputes are resolved.

When applicable:

  • You contest data accuracy
  • Processing is unlawful but you don’t want deletion
  • We no longer need data but you need it for legal claims
  • You’ve objected pending verification

How to exercise: Email privacy@betterqa.co specifying restrictions

Response time: 30 days

6. Right to Data Portability (Article 20)

What it means: Receive your data in a machine-readable format.

What’s portable:

  • Data you provided to us
  • Data processed based on consent or contract
  • Only automated processing

Format provided: CSV, JSON, or similar structured format

How to exercise: Email privacy@betterqa.co requesting data export

Response time: 30 days

7. Right to Object (Article 21)

What it means: Object to certain types of processing.

Object to:

  • Direct marketing (absolute right)
  • Processing based on legitimate interests
  • Processing for research/statistics

How to exercise:

  • Marketing: Click “unsubscribe” in any email
  • Other: Email privacy@betterqa.co with objection

Response time: Immediate for marketing; 30 days for others

8. Rights Related to Automated Decision-Making (Article 22)

What it means: Not to be subject to purely automated decisions with legal effects.

Our practice: We don’t make fully automated decisions about individuals.

If we did, you could:

  • Request human intervention
  • Express your viewpoint
  • Contest the decision

Special Categories of Data Subjects

Job Applicants and Candidates

Data we process:

  • Application materials (CV, cover letter)
  • Assessment results
  • Interview notes
  • References
  • Background checks (with consent)

Legal basis: Pre-contractual steps, legitimate interests

Retention:

  • Rejected candidates: 12 months
  • Hired candidates: Transferred to employee records

Your additional rights:

  • Withdraw application anytime
  • Request deletion after rejection
  • Access interview feedback
  • Correct application information

Current Employees

Data we process:

  • Employment contract details
  • Payroll and tax information
  • Performance reviews
  • Training records
  • Benefits enrollment
  • Emergency contacts
  • IT access logs

Legal basis: Contract performance, legal obligations

Retention: Employment duration + statutory periods (typically 3-7 years)

Special considerations:

  • Some data must be retained by law
  • Tax records: 7 years
  • Payroll records: 3 years
  • Work permits: Duration of validity

Contractors and Freelancers

Data we process:

  • Contract details
  • Tax identification
  • Banking information
  • Work deliverables
  • Time tracking
  • Invoices

Legal basis: Contract performance, legal obligations

Retention: Contract duration + 7 years (tax requirements)

Former Employees/Contractors

What we keep:

  • Basic employment history
  • Tax and legal records
  • Reference information
  • Pension/benefit records

Why we keep it:

  • Legal obligations
  • Reference requests
  • Pension administration
  • Legal defense

How to Exercise Your Rights

Step 1: Submit Request

Email: privacy@betterqa.co Subject: [Right Type] Request – [Your Name] Include:

  • Full name
  • Email address used with us
  • Specific right you’re exercising
  • Details of your request
  • Preferred response format

Step 2: Identity Verification

For security, we may ask for:

  • Additional identifying information
  • Proof of identity (if necessary)
  • Authorization (if requesting for someone else)

Step 3: Processing

  • Acknowledgment: Within 3 business days
  • Response: Within 30 days
  • Complex requests: Up to 90 days total (we’ll explain why)

Step 4: Resolution

  • Request fulfilled
  • Explanation if request denied
  • Information about appeals

Legal Bases for Processing

We process personal data under these legal bases:

1. Consent

  • Marketing communications
  • Cookies (non-essential)
  • Newsletter subscriptions

2. Contract

  • Employee data for employment
  • Contractor data for services
  • Client data for service delivery

3. Legal Obligation

  • Tax records
  • Social security
  • Work permits
  • Health and safety

4. Legitimate Interests

  • Business development
  • Security and fraud prevention
  • Internal administration
  • Network security

5. Vital Interests

  • Emergency contact use
  • Health emergencies

International Transfers

Within EU/EEA

Data moves freely within EU/EEA countries.

Outside EU/EEA

We transfer data outside EU only with:

  • Adequacy decisions
  • Standard Contractual Clauses
  • Your explicit consent

Current transfers:

  • Email (Google Workspace – SCCs)
  • Analytics (Google Analytics – SCCs)
  • Recruitment tools (various – SCCs)

Data Security

We implement appropriate measures:

Technical:

  • Encryption at rest and in transit
  • Access controls and authentication
  • Regular security testing
  • Backup and recovery

Organizational:

  • Staff training
  • Confidentiality agreements
  • Access on need-to-know basis
  • Regular reviews

Certifications:

  • ISO 27001:2013 (Information Security)
  • ISO 9001:2015 (Quality Management)

Children’s Data

We don’t knowingly process data of individuals under 16. If we discover such processing, we delete it immediately.

Complaints

If you’re unsatisfied with our response:

Step 1: Internal Review

Email: legal@betterqa.co We’ll review and respond within 14 days.

Step 2: Supervisory Authority

You can lodge a complaint with:

Romania (Our Location): Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP) Website: www.dataprotection.ro Email: anspdcp@dataprotection.ro

Your Country: Find your authority at: edpb.europa.eu/about-edpb/board/members

Data Protection Officer

Contact our DPO: Email: privacy@betterqa.co Phone: +40 751 289 399 Post: Data Protection Officer Better Quality Assurance S.R.L. Strada Transilvaniei 202 Baciu, 407055, Cluj County, Romania

Updates to This Page

We update this page when:

  • GDPR guidance changes
  • Our processing changes
  • New rights are clarified

Last review: January 2025 Next review: July 2025

Quick Reference

RightEmail SubjectResponse Time
AccessData Access Request30 days
RectificationCorrection Request30 days
ErasureDeletion Request30 days
RestrictionRestriction Request30 days
PortabilityData Export Request30 days
ObjectObjection – [Specify]30 days
Marketing Opt-outUnsubscribeImmediate

Additional Resources

Your privacy rights matter to us. If you have any questions about your rights or how to exercise them, please don’t hesitate to contact our Data Protection Officer at privacy@betterqa.co.