Privacy Policy
Last updated: March 14, 2026
This Privacy Policy explains how NIS Solutions collects, uses, stores, shares, and protects personal data when you visit https://nis-solutions.eu, use our tools, or contact us.
1. Who we are
Website: https://nis-solutions.eu
Controller / legal owner: Olimpia Oancea
Contact email: contact@itadviser.com
Country: Romania
For the purposes of applicable data protection law, including the General Data Protection Regulation (GDPR), the controller of personal data collected through this website is Olimpia Oancea.
2. What personal data we collect
We may collect personal data that you provide directly, including your name, business name, job title, email address, phone number, country, company size, sector, and any information you include in a contact form, consultation request, assessment form, or message.
If you use the NIS2 Eligibility Checker, the NIS2 Readiness Assessment, or similar tools, we may collect your responses, information about your organisation, and assessment-related details needed to generate your results.
We may also collect technical and usage data automatically when you use the website, such as IP address, browser type, device information, pages viewed, referring website, date and time of access, and server or diagnostic log data.
3. How we use your personal data
- to operate, maintain, and secure the website;
- to respond to messages, enquiries, and requests;
- to provide on-screen and emailed results for the Eligibility Checker and Readiness Assessment;
- to help users understand whether NIS2 may apply to their organisation and where they are in their compliance journey;
- to improve the website, content, tools, and user experience;
- to monitor performance, detect technical issues, and prevent abuse or misuse;
- to comply with legal obligations and to establish, exercise, or defend legal claims.
4. Legal bases for processing
We process personal data only where we have a lawful basis to do so. Depending on the context, we may rely on one or more of the following legal bases:
Consent, where you voluntarily submit information through forms, opt in to communications, or accept non-essential cookies.
Legitimate interests, where processing is necessary for operating, improving, and securing the website, responding to business enquiries, and improving our content and assessment tools.
Steps prior to entering into a contract, where you contact us regarding services, consultations, or potential engagement.
Legal obligation, where processing is required to comply with applicable laws or lawful requests from authorities.
5. Assessment tools and informational use
Our Eligibility Checker and Readiness Assessment are intended to provide general informational and assessment support only.
Unless explicitly stated otherwise, any score, summary, recommendation, status, or emailed output generated by these tools is indicative only, is based on the information submitted by the user, and does not constitute legal, regulatory, cybersecurity, or compliance advice.
Use of these tools does not guarantee whether NIS2 applies or does not apply to a specific organisation and does not guarantee compliance or preparedness.
6. Who we share your data with
We do not sell your personal data.
We may share personal data with trusted third parties only where reasonably necessary, including website hosting providers, WordPress maintenance or security providers, analytics providers, email or form-processing providers, cloud or infrastructure providers, professional advisers, and public authorities where required by law.
7. International data transfers
Some service providers may process personal data outside the European Economic Area or outside the country in which you are located.
Where that happens, we will take reasonable steps to ensure appropriate safeguards are in place, such as adequacy decisions, standard contractual clauses, or another valid transfer mechanism under applicable law.
8. Data retention
We keep personal data only for as long as necessary for the purposes for which it was collected, including legal, regulatory, security, operational, and record-keeping reasons.
Retention periods may vary depending on the type of data involved.
Contact form enquiries may be retained for up to 24 months after the last relevant interaction.
Assessment submissions and emailed results may be retained for up to 24 months unless a longer period is needed for service delivery, follow-up, or legal reasons.
Analytics, server, and security log data may be retained according to the settings and operational needs of the relevant systems.
9. Cookies
We may use cookies and similar technologies for core website functionality, security, preferences, and analytics.
Strictly necessary cookies may be used to support security, session handling, form submission, and core WordPress functionality.
Where legally required, non-essential cookies will be used only after you have given consent.
Additional details can be provided in a separate Cookie Policy or cookie notice.
10. Embedded content and third-party links
Pages on this website may include embedded content or links to third-party websites and services.
If you interact with such content, the relevant third party may collect data about you in accordance with its own privacy practices. We are not responsible for the privacy practices of third-party websites or services.
11. Security
We take reasonable technical and organisational measures to protect personal data against unauthorised access, disclosure, loss, misuse, or alteration.
However, no website, internet transmission, or storage system can be guaranteed to be completely secure.
12. Your rights
Depending on applicable law, you may have the right to request access to your personal data, request correction of inaccurate or incomplete data, request deletion, request restriction of processing, object to processing based on legitimate interests, withdraw consent where processing is based on consent, request portability of certain personal data, and lodge a complaint with a supervisory authority.
To exercise any of these rights, please contact: contact@itadviser.com
13. Supervisory authority
If you are located in the European Union and believe that your personal data has been processed unlawfully, you have the right to lodge a complaint with your local data protection authority.
If the controller is established in Romania, the competent supervisory authority is generally the National Supervisory Authority for Personal Data Processing (ANSPDCP).
14. Children’s privacy
This website is not intended for children, and we do not knowingly collect personal data from children.
15. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in the website, our tools, legal obligations, or data processing practices.
Any updates will be posted on this page with a revised ‘Last updated’ date.
16. Contact
If you have questions about this Privacy Policy or how personal data is handled, please contact:
Olimpia Oancea
Email: contact@itadviser.com
Website: https://nis-solutions.eu