BetterQA

Policies

Every published policy that governs how BetterQA and the people acting on its behalf operate. We keep them here so clients, prospects, candidates, suppliers, and regulators can read the same thing we do.

All policies apply across every country we operate in, are reviewed annually by the Managing Director, and route to a single confidential channel: [email protected].

Owner: Tudor Brad, Managing Director-Established April 2024-Last refreshed 1 June 2026

Information Security

→

Information Security Policy

How we protect client and BetterQA information across managed laptops, BetterQA tooling, and client environments. Covers access control, endpoint security, code and data protection, network controls, HR security, business continuity, and the six-stage incident response.

ISO 27001 + NIST CSF + GDPR Art. 32

Privacy and Data

→

Privacy Policy & Terms of Service

How we collect, use, and protect information from website visitors, marketing contacts, candidates, clients, and Flows extension users. The master document for everything personal-data and platform-use related.

GDPR aligned →

GDPR Rights and Data Protection

Your eight rights under the EU General Data Protection Regulation, how to exercise them, and how we respond. Includes processing legal bases, retention, and routes to file with ANSPDCP.

EU 2016/679

Financial Crime and Integrity

→

Anti-Bribery and Corruption

Zero tolerance, no facilitation payments, zero gifts to public officials. Applies wherever we work.

UK Bribery Act 2010 + Law 78/2000 →

Anti-Money Laundering (AML)

KYC on every counterparty, no cash, sanctions and PEP screening, SARs filed to ONPCSB.

Law 129/2019 →

Fraud

Internal and external fraud, segregation of duties, quarterly review of expense and payment runs.

Internal control →

Gifts and Hospitality

EUR 100 receipt threshold, central register held by the Managing Director, no gifts during active negotiation.

Conduct, People, and Supply Chain

→

Conduct Risk

How we protect the end customers of our regulated financial services clients from harm caused by our work.

FCA / DORA aware →

Modern Slavery and Human Trafficking Statement

Annual statement, supplier due diligence, no labour brokers in our supply chain.

UK Modern Slavery Act 2015, s.54 →

Supplier and Third-Party Management

Tiered due diligence, ISO 27001 alignment, annual review of Critical and Important suppliers, exit plans.

ISO 27001 Annex 5.19-5.22 →

Whistleblowing

Anonymous channel, no retaliation, 7-day acknowledgement, 90-day outcome. Internal and external routes.

EU 2019/1937 + Law 361/2022

Reporting a concern

Any matter falling under any of these policies, including financial crime, conduct risk, supply-chain harm, fraud, or breaches of our own published rules, can be reported through a single confidential channel.

Anonymous reports are accepted. We acknowledge every report within 7 days and provide an outcome within 90 days, in line with EU Directive 2019/1937. Retaliation against anyone who reports in good faith is itself a breach of policy.

[email protected]

About this page. Policies listed here are owned by the Managing Director (Tudor Brad, Administrator of Better Quality Assurance S.R.L.) and reviewed at least annually, or sooner if law, operations, or any reported incident requires it. For audit, certification, or procurement due diligence packs, request the current version from [email protected].