Privacy Policy and GDPR Notice – Iceberg+

1. Introduction

This Privacy Policy outlines how Iceberg+ ("we", "our", or "us") processes personal data, in compliance with the General Data Protection Regulation (GDPR). By using our website and services, you agree to the collection and use of your personal data as described in this policy.

2. Data Controller

Iceberg+ is the data controller for the personal data we collect and process. If you have any questions or concerns regarding the processing of your data, you can contact us at:

Email: com@iceberg.plus
Address: Str. Mihail Sadoveanu nr. 6, et. 1, ap. 5, Brasov, Romania

3. Types of Personal Data We Process

We may collect and process the following types of personal data, depending on your interactions with us:

  • Identification Data: Name, email address, phone number, address.
  • Professional Data: CVs, job application details, qualifications.
  • Financial Data: Payment information, bank details, invoices.
  • Technical Data: IP address, device/browser details, location data, cookies, session data.
  • Footage & Visitor Logs: CCTV recordings (for security purposes at our premises).
  • Behavioral Data: Information on how you interact with our website, including your clicks, browsing behavior, and time spent on specific pages.

4. Purposes of Data Processing

We process your personal data or other confidential data submitted via forms on our website for the following purposes:

  • Creating user accounts or facilitating service access;
  • Service Delivery: To provide services, manage customer relationships, and process orders.
  • Contractual Fulfillment: To execute contracts and provide agreed-upon services.
  • Marketing & Communication: To send newsletters, promotions, and other relevant information (if you have opted-in).
  • Website Optimization: To improve website performance, analyze user behavior, and enhance user experience.
  • Compliance with Legal Obligations: To fulfill legal and regulatory requirements, such as tax and financial obligations.
  • Security & Safety: To ensure the safety and security of our physical and digital infrastructure.
  • Customer Support: To address inquiries, troubleshoot issues, and provide customer assistance.

5. Legal Basis for Processing Personal Data

We process your data based on the following legal grounds, as outlined in Article 6 of the GDPR:

  • Consent (Art. 6(1)(a)): When you have provided explicit consent, such as subscribing to newsletters.
  • Contractual Necessity (Art. 6(1)(b)): When processing is necessary for the performance of a contract (e.g., service agreements).
  • Legal Obligation (Art. 6(1)(c)): When processing is necessary to comply with legal requirements.
  • Legitimate Interests (Art. 6(1)(f)): For purposes such as fraud prevention, direct marketing, and improving services.
  • Vital Interests (Art. 6(1)(d)): To protect the life or physical integrity of individuals.
  • Public Task (Art. 6(1)(e)): When processing is necessary for the performance of a task carried out in the public interest.

6. Data Sharing & Third-Party Providers

We may share your personal data with trusted third parties, including:

  • Service Providers: Hosting companies, cloud infrastructure providers, and payment processors.
  • Analytics Providers: Providers of analytics and marketing services.
  • Public Authorities: When required by law, such as in response to legal requests or obligations.
  • Business Partners: If you have opted in, we may share your data with selected business partners for joint marketing purposes.

We ensure that all third parties involved in processing your data adhere to GDPR requirements and have appropriate data processing agreements in place.

7. Cookies and Tracking Technologies

We use cookies and similar technologies on our website to improve your experience and optimize performance:

  • Essential Cookies: Necessary for the basic functionality of the website.
  • Preference Cookies: To remember your settings and preferences.
  • Analytics Cookies: For tracking visitor behavior and performance (e.g., Google Analytics).
  • Marketing Cookies: To provide personalized advertising and content.
  • Social Media Cookies: To enable social media sharing and interactions.

You can control your cookie preferences through your browser settings or via our cookie consent tool. You may withdraw your consent for non-essential cookies at any time.

8. Data Retention

We retain personal data only for as long as necessary for the purposes outlined in this Privacy Policy. Specifically:

  • Service Delivery: Data is retained for the duration of the contractual relationship and for a reasonable period thereafter for administrative purposes.
  • Legal Obligations: Data may be retained longer if required by law (e.g., tax records, financial documents).
  • Marketing Communications: Data will be retained until you withdraw consent or unsubscribe from communications.
  • Security & Audit: Data may be retained for a reasonable period to comply with our security and audit obligations.

9. Your Rights as a Data Subject

Under GDPR, you have the following rights regarding your personal data:

  • Right to Access (Art. 15): You can request a copy of the personal data we hold about you and information on how it is processed.
  • Right to Rectification (Art. 16): You can request that we correct any inaccurate or incomplete data.
  • Right to Erasure (Art. 17): You can request that we delete your personal data, subject to certain exceptions (e.g., legal obligations).
  • Right to Restriction (Art. 18): You can request that we limit the processing of your data in certain circumstances.
  • Right to Data Portability (Art. 20): You can request to receive your personal data in a structured, commonly used format or transfer it to another controller.
  • Right to Object (Art. 21): You can object to the processing of your personal data based on legitimate interests.
  • Right to Withdraw Consent (Art. 7): If processing is based on consent, you can withdraw your consent at any time.
  • Right to Lodge a Complaint (Art. 77): If you believe your data protection rights have been violated, you can file a complaint with a supervisory authority.

10. Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Data Encryption: For sensitive data during transmission.
  • Access Control: Limited access to personal data to authorized personnel only.
  • Regular Security Audits: Ongoing monitoring of systems and practices to detect and address vulnerabilities.
  • Staff Training: Employees are trained on data protection best practices and security protocols.
  • Data Minimization: We ensure that only the minimum necessary personal data is collected and retained.

11. International Data Transfers

If your personal data is transferred outside the EU/EEA, we ensure that such transfers comply with GDPR requirements, including the use of Standard Contractual Clauses (SCCs) or other appropriate safeguards to ensure the protection of your data. If you are located outside the EU, please note that the processing of your data may be subject to different legal frameworks.

12. Updates to this Privacy Policy

We may update this Privacy Policy to reflect changes in our services or legal requirements. Any significant changes will be communicated to you, and if required, we will ask for your renewed consent for processing your data. Please review this policy regularly to stay informed about our practices.

13. Contact Information

If you have any questions, concerns, or requests related to the processing of your personal data, please contact us at:Email: com@iceberg.plusAddress: Str. Mihail Sadoveanu nr. 6, et. 1, ap. 5, Brasov, Romania

Stay up to date

Leave your email for insights, projects, and calls — straight to your inbox.