Privacy Policy

Personal Identification Information

• Account Information: Name, email address, phone number, job title, company name
• Authentication Data: Username, encrypted passwords, authentication credentials
• Professional Information: Professional credentials, areas of expertise, industry sector
• Billing Information: Billing address and payment-related data (payment card information is processed by third-party payment processors and is not stored on our systems)

Usage Data & Technical Information

• Platform Usage Data: Features accessed, time spent, interaction patterns, user preferences, session information
• Technical Data: IP address, browser type and version, device type, operating system, time zone settings
• Log Data: Access times, pages viewed, page response times, errors encountered, navigation paths
• Performance Metrics: System performance data, error reports, diagnostic information

Customer Data & Content

• Business Data: Data you upload or input into our platforms for analysis, process documentation, performance metrics, custom configurations
• Project Data: Information related to quality assurance projects, improvement initiatives, analysis results
• Communications: Emails, chat messages, support requests, feedback, survey responses
• Consultation Records: Notes from consulting engagements (with your consent), meeting summaries

Cookies & Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities. For detailed information, please see Section 10 (Cookies & Tracking Technologies) and our separate Cookies Policy.

Service Delivery & Platform Operation

• Providing access to and functionality of our AI platforms and services
• Processing and analyzing data through our AI systems as requested
• Delivering consulting services and implementation support
• Managing user accounts and authentication
• Processing payments and managing subscriptions

Service Improvement & Development

• Analyzing usage patterns to improve platform functionality and user experience
• Developing new features and services based on user needs
• Conducting research and development in AI technologies (using aggregated, anonymized data only)
• Performance optimization, bug fixing, and system maintenance

Communication & Support

• Responding to inquiries and providing customer support
• Sending service-related notifications and essential updates
• Providing training materials and educational resources
• Soliciting feedback to improve our services

Marketing & Business Communications

• Sending promotional materials and product updates (only with your explicit consent)
• Organizing webinars, events, and training sessions
• Conducting market research to understand user needs and preferences

Security, Fraud Prevention & Legal Compliance

• Detecting and preventing fraud, abuse, and security incidents
• Ensuring platform security, data integrity, and system availability
• Complying with legal obligations and regulatory requirements under Greek, European Union, and applicable international law
• Enforcing our Terms of Service and other policies
• Protecting our rights, property, and safety, as well as those of our users

AI Processing Activities

Our AI systems may perform the following types of processing, depending on the services you use:

• Data Analysis: Identifying patterns, trends, and insights in operational and business data
• Natural Language Processing: Understanding and processing text data for quality assurance and analytics purposes
• Pattern Recognition: Detecting anomalies, root causes, and correlations in business processes
• Predictive Analytics: Generating forecasts and recommendations based on historical data patterns
• Decision Support: Providing AI-generated insights and recommendations to assist human decision-making

Automated Decision-Making & Profiling

• All AI-generated insights and recommendations are subject to review and validation by qualified personnel
• Users and clients maintain full control over final decisions and actions based on AI outputs
• You have the right to request human review of any AI-generated recommendation that affects you
• You have the right to object to automated processing and request manual processing instead

AI Model Training & Data Use

We employ privacy-preserving techniques in our AI systems, including data minimization, pseudonymization, and aggregation. When training or improving AI models, we use only aggregated and anonymized data that cannot reasonably identify individuals.

Your Rights Regarding AI Processing

You have specific rights related to AI processing of your data under GDPR:

• Right to be informed about the logic involved in AI processing and its significance
• Right to object to automated processing and profiling in certain circumstances
• Right to request human intervention in AI-driven decisions
• Right to challenge and contest AI-generated outcomes or recommendations
• Right to request explanations of how AI systems reached particular conclusions

Service Providers & Processors

We may engage carefully selected third-party service providers to support our operations. These processors are contractually obligated to protect your data and use it only for the specific purposes we authorize. Examples may include:

• Cloud Infrastructure Providers: For secure hosting and data storage (e.g., AWS, Microsoft Azure, Google Cloud)
• Payment Processing Services: For secure payment transactions (e.g., Stripe, PayPal)
• Analytics Services: For usage analytics and platform performance monitoring
• Communication Tools: For email delivery and customer communications
• Customer Support Platforms: For managing support tickets and customer inquiries
• AI Service Providers: For AI model access and processing (e.g., Anthropic, OpenAI, Google)

Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website at least 30 days prior to any such change in ownership or control of your personal information, and you will have the opportunity to delete your account before the transfer.

Legal Requirements & Protection

We may disclose personal data when required by law or when we believe in good faith that disclosure is necessary to:

• Comply with legal obligations, court orders, or government requests under Greek or EU law
• Enforce our Terms of Service and other agreements
• Protect our rights, property, or safety, or that of our users or the public
• Detect, prevent, or address fraud, security, or technical issues
• Respond to claims of violation of third-party rights

Aggregated & Anonymized Data

We may share aggregated, anonymized data that cannot reasonably be used to identify you with research institutions, business partners, or the public through reports and case studies. Such data does not constitute personal data under GDPR.

Technical Security Measures

We employ industry-standard security practices including:

• Encryption: Data encrypted in transit (TLS 1.2/1.3) and at rest where technically feasible
• Access Controls: Role-based access control (RBAC) and authentication mechanisms
• Network Security: Firewalls and network monitoring to detect and prevent unauthorized access
• Regular Backups: Automated backups with appropriate retention periods
• Security Monitoring: Ongoing monitoring for security threats and vulnerabilities

Organizational Security Measures

• Confidentiality Agreements: All employees and contractors with data access sign confidentiality agreements
• Access Logging: Audit trails of data access and modifications where technically implemented
• Security Training: Regular security awareness training for team members
• Incident Response: Documented procedures for responding to security incidents

Data Breach Notification

In the event of a personal data breach, we will notify affected individuals and the Hellenic Data Protection Authority (HDPA) within 72 hours of becoming aware of the breach, as required by GDPR Article 33. Notifications will include the nature of the breach, likely consequences, and measures taken or proposed to address it.

Limitations of Security

General Retention Periods

• Account Information: Duration of active account plus 90 days after account closure (unless longer retention is required by law)
• Platform Usage Data: Up to 24 months from collection, then aggregated or anonymized
• Customer Business Data: As specified in service agreements, with minimum retention as legally required
• Billing & Payment Records: 7 years as required by Greek tax and accounting law
• Support Communications: Up to 3 years from last interaction
• Marketing Data: Until consent is withdrawn or 2 years of inactivity, whichever comes first
• Security Logs: Up to 12 months for incident investigation purposes

Data Deletion Procedures

When retention periods expire or upon valid deletion requests:

• Personal data is securely deleted or anonymized from active systems
• Backups are purged according to our backup retention schedule (typically within 90 days)
• We make reasonable efforts to delete data from third-party processors
• Anonymized or aggregated data may be retained indefinitely for analytics and research

Extended Retention

We may retain data beyond standard periods when:

• Required by Greek, EU, or other applicable law
• Necessary for litigation, investigation, or dispute resolution
• Essential for security, fraud prevention, or safety purposes
• Explicitly consented to by the data subject for specific purposes

Right of Access (Article 15)

You have the right to request confirmation of whether we process your personal data and to obtain a copy of your personal data. We will also provide information about the processing, including purposes, categories of data, recipients, and retention periods.

Right to Rectification (Article 16)

You have the right to request correction of inaccurate personal data and to have incomplete personal data completed.

Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal data when:

• The data is no longer necessary for the purposes for which it was collected
• You withdraw consent (where processing is based on consent)
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• Erasure is required for compliance with legal obligations

This right is not absolute. We may need to retain certain data to comply with legal obligations (e.g., tax records) or for the establishment, exercise, or defense of legal claims.

Right to Restriction of Processing (Article 18)

You have the right to request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format (such as CSV or JSON) and to transmit that data to another controller, where technically feasible.

Right to Object (Article 21)

You have the right to object to:

• Processing based on legitimate interests
• Direct marketing (including profiling for marketing purposes)
• Processing for scientific, historical research, or statistical purposes

Right to Withdraw Consent (Article 7(3))

Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significantly affect you. You have the right to obtain human intervention, express your point of view, and contest such decisions.

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Right to Lodge a Complaint

You have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) if you believe we have violated your data protection rights:

Transfer Mechanisms & Safeguards

For transfers to countries without an adequacy decision from the European Commission, we rely on:

• Standard Contractual Clauses (SCCs): EU Commission-approved contractual terms for data transfers to third countries
• Adequacy Decisions: Transfers to countries recognized by the EU Commission as providing adequate data protection
• Supplementary Measures: Additional technical and organizational safeguards as required by GDPR and CJEU case law (Schrems II)

Data Locations

• Primary Processing: Athens, Greece (European Union)
• Cloud Infrastructure: May include EU and non-EU regions depending on service provider
• Backup Storage: Geographically distributed for reliability (may include non-EU locations with appropriate safeguards)
• Third-Party Processors: Various locations globally, all subject to GDPR-compliant data processing agreements

Your Rights Regarding International Transfers

You have the right to:

• Obtain information about where your data is stored and processed
• Request copies of the appropriate transfer safeguards (e.g., Standard Contractual Clauses)
• Object to transfers in certain circumstances
• Request data localization within the EU/EEA where technically feasible (additional fees may apply for enterprise customization)

Types of Cookies We Use

• Strictly Necessary Cookies: Essential for platform functionality, authentication, and security (no consent required under GDPR)
• Performance Cookies: Collect analytics about site usage and performance (requires consent)
• Functional Cookies: Remember preferences and personalization settings (requires consent)
• Targeting/Marketing Cookies: Track visits across websites for marketing purposes (requires explicit consent)

Tracking Technologies

• First-Party Cookies: Set directly by FQ Central for essential functions
• Third-Party Cookies: Set by service providers (e.g., Google Analytics) with your consent
• Web Beacons: Small graphics used in emails and on websites for tracking
• Local Storage: Browser storage for application state and preferences
• Session Storage: Temporary storage cleared when browser closes

Managing Cookies & Consent

You can control cookies through:

• Cookie Consent Banner: Customize your preferences when you first visit our website
• Browser Settings: Configure your browser to block, delete, or alert you about cookies
• Opt-Out Tools: Use industry opt-out mechanisms for advertising cookies
• Cookie Settings Page: Access our cookie preferences center at any time on our website

Blocking strictly necessary cookies may affect platform functionality and prevent you from using certain features. For detailed information, please see our separate Cookies Policy.

Notification of Changes

• Material Changes: We will notify you via email (to your registered address) and/or prominent notice on our website at least 30 days before material changes take effect
• Non-Material Changes: We will update the "Last Updated" date at the top of this policy and notify you through the platform
• Version History: Previous versions are available upon request for your reference

Your Acceptance

Your continued use of our services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you may:

• Discontinue use of our services before the changes take effect
• Request deletion of your account and personal data
• Exercise your GDPR rights, including the right to object or restrict processing

Review Recommendation

We encourage you to review this Privacy Policy regularly to stay informed about how we protect your information. The most current version is always available at https://fq-central.com/privacy-policy.