ISO POLICIES & CERTIFICATES

The management of S.C. TEC SOFTWARE SOLUTIONS S.R.L pays special attention to the implementation of the policy created to ensure the quality of the products and the services that are being offered. Because through our presence on the market we want an upward evolution, our policy in the field of quality is:

CUSTOMER SATISFACTION THROUGH THE QUALITY OF OUR PRODUCTS AND SERVICES!

In order to efficiently achieve the objectives, the management of TEC SOFTWARE SOLUTIONS has adopted a proactive management style through which it analyzes and implements actions that mitigate the risks. The company’s management determines the risks for the conformity of the products / services and the customer satisfaction. The proactive approach to risks involves reducing the need for further corrective action.

Thus, the quality policy for S.C. TEC SOFTWARE SOLUTIONS S.R.L is expressed as follows:

The quality is for S.C. TEC SOFTWARE SOLUTIONS S.R.L one of the important principles in business, it means the creation of products and the provision of services specific to the field of activity, products and services that through their professionalism and correctness to fully satisfy the explicit and implicit requirements of the clients.

The general objective of S.C. TEC SOFTWARE SOLUTIONS S.R.L is gaining and maintaining an exceptional reputation in the following field:

“Tailor-made software development”

All employees will meet the needs and expectations of customers and suppliers, by introducing and maintaining a high level of quality in all activities.

Improving the quality of our products and the services we offer is the responsibility of our entire team.

SC TEC SOFTWARE SOLUTIONS S.R.L has the following strategic objectives:

• ensuring and continuous improvement of the quality of the products and services provided by our company;
• the quality and reliability in the partnerships guarantee the preservation of the current market share as well as its expansion;
• building an excellent brand supported by professionalism and efficiency;
• approaching customer relations in an advantageous way for all parties involved;
• increasing the efficiency of company’s activities and internal organization;
• the quality of our products and services must not be a random result, but one obtained with perseverance, patience, allocation of important material and human resources – and a lot of professional competence;
• satisfying clients’ requirements in real time, achieving a high degree of satisfaction;
• training the staff in order to improve their professional knowledge;
• knowledge of the quality management system documents, acquisition and application of regulations by all employees, according to the ISO 9001: 2015 standard;
• development of prevention and control activities to protect the allocated resources against losses due to waste, abuse, errors or fraud;
• improving the communication between employees in order to ensure the operative circulation of information, without distortions, so that they can be used efficiently in the activity of prevention and internal control;
• ensuring the long-term functioning of the company;
• ensuring good working conditions, motivating and appealing for the employees;

To fulfill this desideratum, the employees of S.C. TEC SOFTWARE SOLUTIONS S.R.L must be fully aware of its personal responsibility for the quality of the products made and the services provided. In order to ensure the continuity of operation and improvement of the Quality Management System throughout the company and in all its activities, all employees have the obligation to adopt and apply without any derogation the provisions of the QMS documents and to respect our business principle – which places the CLIENT in the center of attention of all the company’s activities.

We are open to any suggestions for improving the Quality Management System. As a manager, I express my commitment to ensuring material, human, time and personal involvement in order to develop, maintain and continuously improve the effectiveness of the QMS and to follow the requirements by increasing the quality of products / services and customer satisfaction.

CEO,
RUS EMIL TRAIAN
July 19, 2023 
Cluj-Napoca

INTRODUCTION

TEC respects your privacy. As part of the Privacy Policy, this Privacy Statement informs you about our privacy practices including details of the personal data we collect, use, disclose and transfer as well as choices you can make and rights you can exercise in relation to your personal data. This Privacy Statement is available from a link on the footer of every TEC web page.

TEC respects and considers the major privacy principles and best practices/frameworks known, in terms of securing the information, including EU General Data Protection Regulation 2016/679 (GDPR) and ISO27001.

This Privacy Statement applies to all owned websites, domains, services, applications, and products, except that a privacy policy or statement specific to a particular TEC program, product or service may supersede or be supplemented by this Privacy Statement.  This statement is in accord with our Privacy Policy

1. HOW WE USE PERSONAL DATA

We collect personal data only if required to provide our products or services, fulfil our legitimate business purposes and/or comply with applicable laws and regulations. Depending on your relationship with TEC we collect and process your personal data as follows:

Our products and services: contact details and login credentials for the following main purposes: entering into and performing agreements with you or your organization; providing support and tools to activate licenses and request support; managing and fulfilling orders; deploying and delivering products and services; conducting quality controls; operating and providing access to customer portals and hosted management services; consulting; developing and improving our products and services and ensuring compliance with regulatory requirements.

Sales and marketing: contact details, identification information, information required to purchase our products and services, profile, role and preferences, login credentials, digital activity information and other information as may be relevant (e.g. information from publicly available sources) for the following main purposes: sales and marketing; advertising; creating and delivering targeted adverts and offers; conducting marketing campaigns; managing contacts and preferences; generating leads and opportunities; organizing and managing events; and engaging in social media interactions.

Online Data Collection Tools: digital activity information for the following main purposes: enabling efficient use of our websites, products and services; collecting statistics to optimize the functionality of our websites, products and services; improving user experience and delivering content tailored to their interests; and improving marketing and advertising campaigns.

Online surveys: contact details, login credentials, comments and feedback for the following main purposes: conducting customer satisfaction and engagement surveys.

Partner and supplier programs: contact details for the following main purposes: managing relations with partners and suppliers; engaging and delivering products and services to customers in which case we may receive personal data directly from you or from our partners.

Training and education: contact details for the main purpose of conducting internships, trainings and education programs for interns, customers, partners and suppliers.

Security and authentication: contact details, identification information and CCTV footage for the following main purposes: ensuring safety and security of TEC staff and premises; login credentials, protecting TEC’s network and other digital assets; providing access to restricted areas and information assets and protecting personal data from unauthorized access.

Non-TEC web sites and social media features. TEC sites or services may provide links to third-party applications, products, services or websites for your convenience or information. We may also provide social media features that enable you to share information with your social networks and to interact with TEC on various social media sites. TEC does not control third party sites or their privacy practices and we do not endorse or make any representations about third party sites. The personal data you choose to provide to or that is collected or shared by these third parties is not covered by this Privacy Statement. We encourage you to review the privacy policy of any site you interact with before allowing the collection and use of your personal data.

2. HOW WE SHARE PERSONAL DATA

TEC does not sell, rent or lease personal data to others except as described in this Privacy Statement. We may share and/or disclose your personal data as follows:

Disclosure to third parties. TEC retains suppliers and service providers to manage or support its business operations, provide professional services, deliver products, services and customer solutions and to assist TEC with marketing and sales communication initiatives. Those third parties may receive and process your personal data under appropriate instructions, as necessary to support and facilitate how we use your personal data. Suppliers and service providers are required by contract to keep confidential and secure the information they process on behalf of TEC and may not use it for any purpose other than to carry out the services they are performing for TEC.

Where TEC engages with partners, TEC may disclose your personal data to them in order to facilitate sales and delivery of its products and services. Partners are required by contract to keep confidential and secure the information received from TEC and may use it only for the said purposes, unless otherwise authorized by you or applicable laws and regulations.

Except as described in this Privacy Statement, TEC will not share your personal data with third parties without your permission, unless to: (i) respond to duly authorized information requests of police and governmental authorities; (ii) comply with law, regulation, subpoena, or court order; (iii) enforce/protect the rights and properties of TEC or its subsidiaries; or (iv) protect the rights or personal safety of TEC, our employees, and third parties on or using TEC property when allowed and in each case in accordance with applicable law.

Circumstances may arise where, whether for strategic or other business reasons, TEC decides to sell, buy, merge or otherwise reorganize businesses in some countries. Such a transaction may involve the disclosure of personal data to prospective or actual purchasers, or the receipt of it from sellers. It is TEC’s practice to seek appropriate contractual protection for personal data in these types of transactions.

3. HOW WE TRANSFER PERSONAL DATA INTERNATIONALLY

TEC may transfer your personal data as necessary within the TEC group of companies and to other third parties. The recipients may be located in EU or US, which do provide the same or similar level of data protection. TEC will take steps to ensure personal data we transfer is adequately protected as required by applicable data protection laws.

TEC’s privacy practices described in this Privacy Statement comply with EU General Data Protection Regulation, including transparency, accountability, and choice regarding the collection and use of personal data.

Transfers to third parties. With respect to transfers to third parties located in countries which provide an adequate level of data protection, TEC will take appropriate safeguards such as signing Data Processing Agreements with the recipient and making sure that the country of the recipient is within the list of secure third countries for which the European Commission has confirmed a suitable level of protection in a decision of appropriateness

4. HOW TO MANAGE COMMUNICATIONS AND PREFERENCES

TEC may provide you with information that complements our products and services and/or communications about our new products, services and offers. If you or your organization purchased our products or services, you may receive alerts, software updates or responses to support requests that are part of our products and services. If you choose to receive TEC communications, you may also choose to subscribe to receive specific newsletters and publications.

Unsubscribe from communications. In the event you no longer wish to receive TEC communications, you can unsubscribe from such communications by:

• Following opt-out or unsubscribe link and/or instructions included in each email subscription communication;
• Indicating to the caller that you do not wish receive calls from TEC anymore.

In the event your opt-out or unsubscribe request has not been resolved in a timely manner, please contact TEC with details of your name, contact information, and description of the communications you no longer wish to receive from TEC.

Please note that these options do not apply to communications relating to the administration of orders, contracts, support, product safety warnings, or other administrative and transactional notices, where the primary purpose of these communications is not promotional in nature.

5. AUTOMATIC DATA COLLECTION TOOLS

How TEC uses Automatic Data Collection Tools. TEC web sites use cookies, web beacons and other similar technologies (collectively, Automatic Data Collection Tools), to remember log-in details, collect statistics to optimize site functionality, improve your user experience and deliver content tailored to your interests.

When you enter your contact details on a web form on an TEC site, in order to subscribe to a service, download a white paper or request information about TEC’s products and service, your contact details may be stored in a cookie on your device. This information is then accessed on subsequent visits to TEC.com sites, allowing us to track and record the sites you have visited and the links you have clicked, in order to better personalize your on-line experience, and future TEC communications.

If you choose to receive marketing emails or newsletters from TEC, we may track whether you’ve opened those messages and whether you’ve clicked on links contained within those messages, through the use of web beacons and personalized URLs embedded in these communications. This allows TEC to better personalize future communications and limit these communications to subjects that are of interest to you.

Since cookies allow you to take advantage of some of our web sites’ features, we recommend that you leave them turned on. If you block, turn off or otherwise reject our cookies, some web pages may not display properly or you will not be able, for instance to use any web site services that require you to sign in.

Some of our websites use Google Analytics cookies. Information collected by Google Analytics cookies will be transmitted to and stored by Google on servers in the United States of America in accordance with its privacy practices. To see an overview of privacy at Google and how this applies to Google Analytics, visit https://www.google.com/policies/privacy/. You may opt out of tracking by Google Analytics by visiting https://tools.google.com/dlpage/gaoptout.

6. HOW TO ACCESS, UPDATE OR DELETE PERSONAL DATA

TEC strives to keep your personal data accurately recorded. We have implemented technology, management processes and policies to help maintain data accuracy. In accordance with applicable laws, TEC provides individuals with reasonable access to personal data that they provide to TEC and the reasonable ability to review and correct it.

To protect your privacy and security, we will take reasonable steps to verify your identity, such as the requirement to provide a copy of a user ID, before granting access to your personal data. To view and update the personal data you provided directly to TEC, you can return to the web page where you originally submitted your data and follow the instructions on that web page, use TEC Passport where enabled, or contact.

7. HOW WE KEEP PERSONAL DATA SECURE

TEC takes seriously the trust you place in us to protect your personal data. In order to protect your personal data from loss, or unauthorized use, access or disclosure, TEC utilizes reasonable and appropriate physical, technical, and administrative procedures to safeguard the information we collect and process. All systems used to support TEC’s business are governed by TEC’s Information Security policies, which are built upon industry standards and best practices like the International Organization for Standardization (ISO) 27001 family of standards.

When collecting or transferring sensitive information we use a variety of additional security technologies and procedures to help protect your personal data from unauthorized access, use, or disclosure. The personal data you provide us is stored on computer systems locked in controlled facilities which have limited access or on our online secure spaces in cloud. Access to your information is restricted to TEC employees or authorized third parties who need to know that information in order to process it for us, and who are subject to strict confidentiality obligations. When we transmit sensitive information over the internet, we protect it through the use of encryption, such as the Transport Layer Security (TLS), Internet Protocol Security (IPSec), or Secure Socket Layer (SSL).

8. HOW LONG WE KEEP PERSONAL DATA

Typically, we keep personal data for the length of any contractual relationship and, to the extent permitted by applicable laws, after the end of that relationship for as long as necessary to perform purposes set out in this Privacy Statement, to protect TEC from legal claims and administer our business. When we no longer need to use personal data, we will delete it from our systems and records or take steps to anonymize the data unless we need to keep it longer to comply with a legal or regulatory obligation.  If you would like to receive more information about our data retention policies, please contact TEC.

Your rights in relation to your personal data. You may have the following rights to:

• Request access or copies of personal data TEC processes about you;
• Rectify your personal data, if inaccurate or incomplete;
• Delete your personal data, unless an exception applies. For instance, we may need to keep your personal data to comply with legal obligation;
• Restrict the processing of your personal data, in certain circumstances. For instance, if you contest accuracy of your personal data you may request that we restrict processing of your personal data for the time enabling us to verify the accuracy of your personal data;
• Data portability, in certain circumstances. For instance, you may request us to transmit some of your personal data to another organization if the processing is based on your consent or a contract;
• Object to processing of your personal data, in certain circumstances. For instance, you may object to direct marketing including use of your personal data for profiling for direct marketing or where we process your personal data because we have legitimate interest in doing so.

These rights may be limited in some situations such as where TEC can demonstrate that TEC has a legal requirement or legitimate interest to process your personal data.

If you would like to exercise your rights, please contact us here dpo@tecss.com.

Complaint with a supervisory authority. If you consider that the processing of your personal data infringes the GDPR, you have a right to lodge a complaint with a supervisory authority in the country where you live, or work, or where you consider that data protection rules have been breached.

If TEC processes your personal data on behalf of an TEC customer, then we will, in the first instance, refer your complaint to our customer to handle.

9. HOW TO CONTACT US

We value your opinions. If you have any questions about our Privacy Statement, any concerns or complaint regarding our collection and use of your personal data or wish to report a possible breach of your privacy, please contact TEC at dpo@tecss.com by email or write to us at the appropriate address below office@tecss.com. We will treat your requests and complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to address your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in timely and appropriate manner.

INTRODUCTION

TEC is firmly committed to respect the privacy of any individual and takes any necessary technical and organizational measures to ensure privacy and protection of all operations that involves, directly or indirectly, processing of personal data, against unauthorized and unlawfulness processing of those.

This policy will also take into consideration the new law, 679/2016, also known as General Data Protection Regulation (GDPR), which updates the rules of the Directive 95/46/CE, which is replacing.

AUDIENCE

TEC’s Privacy policy applies equally to all TEC personnel, that have access to any resources, computing and communications that involves processing of personal data and 3rdParties with/from whom TEC will send and/or receive personal data.

PURPOSE

The Privacy policy is aimed to inform interested parties regarding the collection, use of personal data and rights of the individulas.

PRINCIPLES

Confidentiality of data is considered crucial in our line of business. All our policies and procedures do have a strong focus on ensuring that processing and storage is appropriate and lawfully of all personal data and security of information, which also includes protecting its confidentiality, integrity and availability, as required by the GDPR law, starting 25 May 2018.

Processing of personal data will be done ensuring:

• Lawfulness, fairness and transparency
• Having purpose limitations, specific/explicit scope(s)
• Data minimization, to only gather what is needed to fulfill the stated scope and kept no longer than the intended scope
• Taking reasonable steps to ensure Accuracy of personal data
• Storage limitations, considering the scope, period needed, and retention policies organization has in place. Where is the case, old data will be removed or corrected without unnecessary delays
• Integrity and confidentiality, as any important information it’s security should be preserved, as part of our ISMS. Only authorized personnel and agreed 3^rd parties will have access to process this data
• Individual rights are preserved:
  • Right to be informed
  • Right to Access
  • Right to Rectification
  • Right to Erasure
  • Right to Restriction of processing
  • Right to Data portability
  • Right to Object

Privacy Statement will provide more details on how you can use your rights.

COLLECTION AND PROCESSING OF PERSONAL DATA

We’re processing personal data of:

• individuals that are part of a contract or looking to get into a commercial relation with our organization
• individuals that are part of an organization that is in a commercial relation with our organization or interesting in getting into such relationship
• individuals that are interested in joining our organization, on any of the open positions
• individuals that are interested in what we do or services that we’re offering.

Privacy Statement will provide more details on how we use personal data.

3^RD PARTIES/OTHER DATA CONTROLLERS & PROCESSORS

In our commercial agreements, TEC may play the role of either Data Controller or Data Processor, with different 3^rd Parties, Customers or Suppliers.  When appropriate, TEC will be signing a Data Processing Agreement (DPA) that will ensure that this policy is followed by them and privacy of individuals is protected accordantly.

Data Controllers – we may receive personal data from clients or other 3^rd parties, as part of a commercial contract or legal requirement. In such situations, TEC will play the role of a Data Processor, as such will comply with Data Controller’s DPA.

Data Processor – we may send personal data that we collect, to clients or other 3^rd parties, as part of a commercial contract or legal requirement. In such situations, TEC will play the role of a Data Controller.

DATA TRANSFERS

TEC will take appropriate measures and controls to ensure data is transferred only to accepted countries and using appropriate communication channels that will ensure security of the data in transit.

Privacy Statement will provide more details on how we transfer personal data internationally.

PRIVACY CONTACT

In case of any issues or questions related to this policy or related to Privacy Statement, please contact Marian Sababei at marian.sababei@tecss.com.

Marian Sababei

CISO OFFICE – Cluj-Napoca, Plopilor 68, Ground Floor, Office 1, 400383, Romania

INTRODUCTION

In accordance with the provisions of this document, the Information and Communication Resources (ICR) provided and administered by TEC:AGENCY, the considered strategic assets of the firm should be managed accordingly.

The sphere of activity of TEC:AGENCY is CAEN 6201 Custom software development (customer-oriented software)/Tailor-made software development.

Compromising the security of these resources may affect the company’s ability to provide information and communication services, may lead to fraud or destruction of data, violation of contractual terms, disclosure of secrets, damage to the credibility of the company partners.

This policy is set:

• To be in accordance with the statute, regulations, laws and other official documents in force on public information resource management.
• To establish prudent and acceptable practices regarding the use of TEC:AGENCY’s ICR.
• To train users who are entitled to use the ICR on the responsibilities associated with such use.

AUDIENCE

TEC:AGENCY’s ISMS policy applies equally to all TEC:AGENCY personnel that are allowed access to any resources, computing and communications.

The following entities and users are covered separately by the provisions of the Policy:

• Employees with fixed-term employment contract or indefinite period having access to information and communication system;
• The 3^rd parties (collaborators or suppliers), who have access to TEC:AGENCY’s ICR;
• Other persons, entities or organizations, interesed parties that have access to of TEC:AGENCY’s ICR.

PURPOSE

The ISMS policy is aimed to ensure the integrity, confidentiality and availability of information.

• Confidentiality refers to the protection of data against unauthorized access.
• Electronic files created which are sent, received or stored using the system’s own ICR, managed or under the custody and control of TEC:AGENCY may be categorized as confidential and can be accessed only by authorized personnel.
• Integrity refers to the measures and procedures used to protect data against unauthorized modifications or destruction.
• The availability ensures the continuous operation of all components of the ICR. Different applications require different levels of availability depending on the impact or damage as a result of ICR not working properly.
• The security policy aims also to establish the necessary framework for the development of regulations and safety procedures. These are mandatory for all users ICR.

OBJECTIVES

ISMS is intended to protect information to an appropriate extent by maintaining the level of risks to the organization at an acceptable level. Effective ISMS enables information to be used and shared while protecting its value. In this way, our organization can maintain efficient operations, achieve legal compliance/contractual or other requirements and maintain its reputation. Our organization will have its way of dealing with information risk and will take this into account when deciding what controls to implement. All users are responsible for contributing to TEC:AGENCY’s ISMS: their actions, or inaction, can protect or expose information to risk. In conducting specific activities, the followings will be applicable:·   compliance with applicable legal and regulatory requirements and contractual obligations regarding information security;·   identification, analysis, evaluation, communication and treatment of information security risks/opportunities, annually or whenever necessary;·   establishing, updating and communication system rules and working on information security;·   controlled access to the building, facilities, assets, networks, documents, files and media;·   monitoring and recording company’s interested parties and access to ICR;·   monitoring and recording the remote access to files and servers of the Organization;·   signaling and processing security incidents and deficiencies, application security measures prompt and effective action analysis;

• develop plans and response capacity in emergency situations;
• continual improvement of the Information Security Management System.

For the application of its ISMS, TEC:AGENCY’s CEO named CISO (Chief Information Security Officer) as responsible for operational management and maintenance of the it.             All employees, contractors, 3^rd parties or interested parties who have access to TEC:AGENCY’s ICR have a duty to comply with this established policy and safety procedures/policies and to report all suspected incidents of actual or by CISO.       In applying this policy safety procedures are established. This policy is available for all TEC:AGENCY’s employees and interested parties, on demand.

We are aware that there is a growing need to protect the environment in which our organization operates, so we want to comply with the requirements of the ISO 14001 environmental management standard, as well as all defined legal requirements.

For this reason, the management team is committed to:

• define and periodically evaluate the organizational context,
• meet the requirements of all stakeholders,
• comply with all legal requirements and the environmental regulations in force, as well as with the requirements of all interested parties,
• protect the environment by preventing pollution and making rational use of available resources,
• improve continuously the environmental management system and its defined processes.

In order to fulfill these commitments, we set the following general goals:

• to fully comply with the requirements established in the authorizations, licenses and approvals we hold, the requirements of the national legislation in our field of activity and the environmental legislation,
• to fulfill all our commitments in relation to our stakeholders in order to maximize their satisfaction level,
• to identify, control and reduce environmental impacts through staff and stakeholders regular trainings,
• to initiate collaborations and new projects for the protection of the environment.

This policy is communicated, displayed and appropriated by all staff, available to the public and may be amended / supplemented whenever necessary.

Date of entry into force: 15.12.2020
Project Manager: Marian Sababei