Contents
At IZUUK we take the protection of your personal data very seriously. This policy explains, clearly and transparently, what data we collect, for what purpose, on what legal basis, how long we keep it, and what rights you can exercise over it.
1. Applicable legal framework
The processing of personal data carried out by IZUUK is mainly governed by the following regulations:
- Law 29/2021, of 28 October, qualified law on personal data protection of the Principality of Andorra (hereinafter, "LQPD").
- Decree 391/2022, of 14 September, approving the Implementing Regulation of the LQPD.
- Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016 (hereinafter, "GDPR"), where data of individuals resident in the European Economic Area is processed.
The Principality of Andorra has an adequacy decision from the European Commission (Decision 2010/625/EU), enabling the free flow of personal data between the European Union and Andorra without additional safeguards.
2. Data controller
- Controller
- [FULL LEGAL NAME, SL/SA] ("IZUUK")
- NRT
- [X-XXXXXX-X]
- Address
- [Street, number, building, postcode, Parish, Principality of Andorra]
- info@izuuk.com
- Phone
- [+376 XXX XXX]
- Data Protection Officer (DPO)
- dpo@izuuk.com [if applicable; if not appointed, remove this line]
Pursuant to article 38 of the LQPD, IZUUK [has appointed / is not required to appoint] a Data Protection Officer. [If appointed, this has been notified to the APDA in accordance with the established procedure].
3. Processing purposes
We process your personal data for the following purposes, depending on when and how you provide it to us:
| Purpose | Description |
|---|---|
| Handle your contact request | Respond to enquiries, requests for information or proposals submitted via the web form or by email. |
| Delivery of contracted services | Manage the contractual relationship, billing and support of contracted services (Helpdesk, EDR, CISO, Audits). |
| Marketing communications | Sending newsletters, service updates and educational content (only if you have given express consent). |
| Compliance with legal obligations | Comply with accounting, tax, commercial and any other obligations under applicable Andorran regulations. |
| Website improvement | Anonymous statistical analysis of Website use to improve the experience (where applicable and pursuant to the Cookie Policy). |
4. Legal basis
The legal basis legitimising the processing of your data depends on the specific purpose and is grounded in article 7 of the LQPD (concordant with article 6 of the GDPR):
- Consent of the data subject (art. 7.1.a LQPD): for submitting the contact form and for marketing communications.
- Performance of a contract (art. 7.1.b LQPD): for the delivery of contracted services and management of the contractual relationship.
- Compliance with a legal obligation (art. 7.1.c LQPD): for keeping invoicing records and complying with accounting and tax requirements of the Principality of Andorra.
- Legitimate interest (art. 7.1.f LQPD): to maintain Website security, prevent fraud and improve our services.
5. Categories of data processed
We will only process the data you voluntarily provide. In the contact form on the Website we process:
- Identification data: first and last name, company.
- Contact data: email address and, optionally, phone number.
- Professional data: company size, services of interest.
- Message content: any information you choose to include in the free-text message.
We do not process special categories of data (sensitive data under article 9 of the LQPD).
6. Retention period
Personal data will be kept for the time necessary to fulfil the purpose for which it was collected:
- Commercial contact data: until you request its deletion or, at most, for 2 years from the last interaction if no contractual relationship is established.
- Customer data: for the duration of the contractual relationship and, once ended, during the legal limitation periods of derived obligations under Andorran tax and commercial regulations (generally up to 6 years for accounting and tax obligations under Law 95/2010, of 29 December, on corporate income tax and concordant regulations).
- Marketing communications data: until you withdraw your consent.
7. Recipients and processors
Your data will not be transferred to third parties except where required by law. However, we work with service providers acting as processors who only access data to provide their services to us, under contract and with the safeguards required by the LQPD and the GDPR:
| Processor | Service | Location |
|---|---|---|
| Web3Forms | Receipt and delivery of the contact form | United States (with Standard Contractual Clauses) |
| [Hosting provider] | Website hosting | [EU / Andorra / US] |
| [Email provider] | Receipt of emails to info@izuuk.com | [EU / Andorra / US] |
8. International transfers
Pursuant to Chapter V of the LQPD, international data transfers are only carried out:
- To countries with an adequate level of protection recognised by the APDA or by the European Commission (including all EEA Member States).
- Through appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission or the APDA, in transfers to countries without an adequacy decision (such as the United States).
You may request a copy of the safeguards in place by writing to info@izuuk.com.
9. Data subject rights
As the owner of the data, you have the following rights set out in Chapter III of the LQPD (concordant with articles 15 to 22 of the GDPR):
- Access: obtain confirmation of whether we are processing your data and, if so, access it.
- Rectification: request the correction of inaccurate or incomplete data.
- Erasure ("right to be forgotten"): request the deletion of data when no longer necessary.
- Objection: object to the processing of your data on grounds related to your particular situation.
- Restriction of processing: request that processing of your data be restricted in certain cases.
- Portability: receive your data in a structured, commonly used and machine-readable format.
- Withdraw consent: at any time, without affecting the lawfulness of prior processing.
- Not be subject to automated decisions: including profiling that produces legal effects.
You can exercise these rights by emailing info@izuuk.com, indicating the right you wish to exercise and enclosing a copy of your passport, national identity document or equivalent.
You also have the right to lodge a complaint with the Andorran Data Protection Agency (APDA), the independent supervisory authority of the Principality of Andorra, if you believe that the processing of your data does not comply with current regulations:
- Supervisory authority
- Agència Andorrana de Protecció de Dades (APDA)
- Address
- C/ Doctor Vilanova, 15-17, Edifici Thaïs, basement floor
AD500 Andorra la Vella · Principality of Andorra - Phone
- +376 808 115
- apda@apda.ad
- Website
- www.apda.ad
10. Security measures
IZUUK has adopted the technical and organisational measures necessary to ensure the security of personal data and prevent its alteration, loss, processing or unauthorised access, in accordance with article 32 of the GDPR and Chapter IV of the LQPD, taking into account the state of the art, the nature of the data and the risks. Measures include, among others: encryption in transit (TLS), encryption at rest, role-based access control, activity logging, regular backups, strong password policies and ongoing staff training.
11. Policy changes
IZUUK reserves the right to amend this Privacy Policy to adapt it to legislative developments or Website practices. In such cases, the new version will be published with the update date. Where changes substantially affect data processing, data subjects will be notified individually.