Legal

Security and Compliance

This page describes the baseline controls we use to protect data, systems, and operational workflows, and how we map those controls to the relevant duties under the GDPR.

Last updated: 4/16/2026

1. Our security program at a glance

Nesqual Tech SRL maintains a security and privacy program built around least privilege, environment separation, traceability, and continuous improvement. The program supports software delivery, operational support, account administration, and incident handling.

Nesqual Tech SRL

VAT: RO50341187

Address: Strada 22 Decembrie 1989, Nr. 25, Camera 1, Oras Rovinari, Judet Gorj, Cod postal 215400, Romania

Representative: Norbert-Vasile Vaduva-Lapadatescu

2. Governance, accountability, and access control

Article 24 GDPR requires the controller to implement appropriate measures and to be able to demonstrate compliance. In practice, we restrict administrative access by role, business need, and system responsibility, and for sensitive workflows we use additional controls such as authentication, secure sessions, and reviews of operational changes.

Article 25 GDPR influences how we design products and processes: we use data minimization, separation of administrative and public logic, cautious defaults, and consent controls for non-essential technologies.

3. Vendors, processors, and the operational chain

When we use suppliers for hosting, observability, edge, communications, ticketing, or other critical functions, we assess their contractual and technical role. Article 28 GDPR is relevant where a vendor processes personal data on our behalf; for that reason we seek appropriate guarantees, documented instructions, and confidentiality and security obligations.

4. Security of processing - Article 32 GDPR

  • Encryption in transit through TLS and edge protection for publicly exposed traffic.
  • Role-based access models, segregation between public and administrative areas, and careful credential handling.
  • Audit-oriented logging, observability, and diagnostics for anomaly detection and issue investigation.
  • Backup, recovery, and continuity practices proportionate to the risk and the nature of the service.
  • Consent and control mechanisms for analytics, telemetry, and other non-essential components.

5. Incident detection, triage, and notification

We monitor production availability, errors, and suspicious activity. Incidents are triaged by severity, operational impact, and potential effect on personal data. If an incident qualifies as a personal data breach, we assess the obligations in Articles 33 and 34 GDPR regarding notification of the authority and affected individuals.

6. Limits, compliance statements, and shared responsibility

When we say a control or process is "aligned" to a framework, that means we have mapped it operationally to that framework. It does not automatically mean an external certification, formal assurance report, or legal opinion. Real security outcomes also depend on customer configuration, endpoint access control, and operational discipline within the customer organization.

Security: security@nesqualtech.com

Privacy: privacy@nesqualtech.com

Legal: legal@nesqualtech.com

Strada 22 Decembrie 1989, Nr. 25, Camera 1, Oras Rovinari, Judet Gorj, Cod postal 215400, Romania

Privacy and cookie preferences

We use strictly necessary cookies to run the site. Analytics, marketing, and AI assistant telemetry are optional and disabled until you choose. You can update consent any time in Cookie Settings.

Some infrastructure cookies, such as load balancer routing cookies, are essential for service delivery. Details: Cookie Policy