Privacy Policy

This Privacy Notice explains how Flarmio (t/a Quickord), a company registered in Greece and the UK (hereinafter "Quickord," "we," "us," or "our"), collects, uses, stores, and protects your personal data when you access or use our website and SaaS platform available at www.quickord.com (the "Services").

We are committed to protecting your privacy and complying with the General Data Protection Regulation (EU) 2016/679 ("GDPR").

If you have questions or concerns regarding how we process your personal data, please contact us at info@quickord.com or our Data Protection Officer (DPO) at info@quickord.com.

Quickord

Registered Address: London, United Kingdom, 124 City Road, EC1V 2NX, and Patras, Greece, Gounari 69, 26223

Email: info@quickord.com

Website: www.quickord.com

Quickord acts as the Data Controller for all personal data collected through our website, application, and related services.

We process your personal data only when one of the following legal bases under Article 6 GDPR applies:

• Consent: e.g., when you agree to receive marketing emails.
• Contract: when processing is necessary to deliver our Services or fulfil an agreement with you.
• Legal Obligation: when required by tax, accounting, or regulatory law.
• Legitimate Interest: to maintain, secure, and improve our Services and customer support operations.

We use your personal data to:

• Provide, manage, and improve our SaaS platform.
• Authenticate users and manage access to accounts.
• Respond to inquiries and provide customer support.
• Send administrative updates (e.g., changes to terms or policies).
• Comply with legal and regulatory requirements.
• Prevent and detect fraud or misuse of our Services.
• Communicate marketing updates (only with your consent).

We only share your data when necessary and in compliance with the GDPR. This may include:

• Service Providers (Data Processors): trusted third parties providing hosting, analytics, payment processing, and communication services.
• Business Partners: where joint marketing or integrations are offered, with your consent.
• Legal Authorities: when required by law or court order.

All data processors operate under data processing agreements (DPAs) ensuring GDPR-compliant safeguards.

We primarily process and store your personal data within the European Economic Area (EEA).

If data is transferred outside the EEA, we ensure it is protected by appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission or other equivalent mechanisms under Articles 44–49 GDPR.

We retain personal data only as long as necessary for the purposes described in this Notice, unless a longer period is required by law.

Typical retention periods:

• Account and transactional data: up to 5 years after account closure.
• Marketing data: until consent is withdrawn.
• Analytical and website logs: anonymized after 26 months.

When data is no longer needed, it is securely deleted or anonymized.

We apply industry-standard security measures to protect your data, including encryption, restricted access, regular backups, and system monitoring.

While we take all reasonable precautions, no system can guarantee absolute security. We continuously improve our safeguards in line with best practices.

As a data subject in the EU or Greece, you have the right to:

• Access your personal data (Art. 15)
• Rectify inaccuracies (Art. 16)
• Erase your data ("right to be forgotten") (Art. 17)
• Restrict processing (Art. 18)
• Port your data to another controller (Art. 20)
• Object to processing based on legitimate interest (Art. 21)
• Withdraw consent at any time (Art. 7)

To exercise these rights, email us at privacy@quickord.com.

If you believe your data has been processed unlawfully, you also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA):

www.dpa.gr | Email: contact@dpa.gr

Our Services are intended for business users aged 18 and over.

We do not knowingly collect personal data from individuals under 18. If such data is identified, it will be promptly deleted.

We may update this Privacy Notice periodically to reflect changes in our practices or legal obligations.

The updated version will be posted on this page with a new "Last Updated" date.

We encourage you to review this Notice regularly to stay informed.

You may request to review, update, correct, or delete any personal data we hold about you at any time.

To do so, please contact us at info@quickord.com and include:

• Your full name and the email address associated with your account.
• The specific request (e.g., data access, correction, or deletion).
• Any additional details necessary to verify your identity.

Upon receiving your request, we will:

1. Acknowledge receipt within 5 business days.
2. Verify your identity to protect against unauthorized access.
3. Respond within 30 calendar days, as required under Article 12(3) GDPR.

If your request is complex or requires extended verification, we may extend this period by an additional 30 days and will inform you accordingly.

Deletion requests are processed in compliance with applicable legal retention requirements (e.g., accounting or tax laws). Where complete deletion is not possible, your data will be securely anonymised.

Quickord does not perform any automated decision-making or profiling that produces legal or significant effects on you as defined under Article 22 GDPR.

Any use of analytics or performance data is conducted in an aggregated and anonymised format solely for service improvement, performance optimisation, and product development.

Our Services may include links to third-party websites, APIs, or integrations (for example, payment gateways or social login providers).

Please note:

• We are not responsible for the content, privacy practices, or compliance of such third-party entities.
• We recommend reviewing the privacy policies of all third-party platforms you interact with through Quickord.

When integrations (such as social logins or API connectors) are used, data sharing occurs only with your explicit consent and in accordance with GDPR Article 6(1)(a).

As a SaaS platform operating primarily in Greece/UK and serving clients across the European Economic Area (EEA), Quickord ensures that all customer data is hosted within the EEA unless explicitly stated otherwise.

Data storage and backup facilities are managed through GDPR-compliant European cloud providers with active Data Processing Agreements (DPAs).

If you are located outside the EEA and use our Services, your data may be processed within the EEA under equivalent safeguards ensuring adequate protection standards consistent with Articles 44–49 of the GDPR.

We maintain a formal Incident Response Plan to manage and report any personal data breaches.

In the event of a breach that poses a risk to your rights and freedoms, Quickord will:

• Notify the Hellenic Data Protection Authority (HDPA) within 72 hours of becoming aware of the incident (Article 33 GDPR).
• Notify affected data subjects without undue delay when there is a high risk to their personal data (Article 34 GDPR).

All security incidents are logged, investigated, and documented in accordance with our internal Data Breach Management Policy.

All employees, contractors, and authorized personnel who handle customer data receive regular GDPR and data security training.

Access to personal data is restricted to individuals with legitimate business needs under role-based access control (RBAC) principles.

Employees are bound by confidentiality agreements and are subject to disciplinary measures in case of unauthorized access or misuse of personal data.

In compliance with Article 30 GDPR, Quickord maintains an up-to-date Record of Processing Activities, detailing:

• The categories of data processed.
• The purpose of each processing operation.
• The categories of recipients and any transfers outside the EEA.
• The applied technical and organizational security measures (TOMs).

This record is available for inspection by the Hellenic Data Protection Authority upon request.

Quickord maintains a Privacy Management Framework designed to ensure ongoing compliance, transparency, and accountability, incorporating:

• Data Protection Impact Assessments (DPIAs) for new products or integrations.
• Annual internal audits of data handling processes.
• Vendor risk assessments for all third-party data processors.
• Continuous monitoring of legal updates from the European Data Protection Board (EDPB) and HDPA.

This framework aligns with industry standards such as ISO/IEC 27001 (Information Security Management) and ISO/IEC 27701 (Privacy Information Management).

This Privacy Notice and any dispute arising from its interpretation or execution shall be governed by and construed in accordance with the laws of Greece.

Any disputes shall be subject to the exclusive jurisdiction of the competent courts of Athens, Greece.

If you have questions about this Privacy Notice or your data, please contact:

Quickord

Email: info@quickord.com