Privacy Notice
AdminISO privacy policy and data protection
Last updated: March 30, 2025
1. Introduction
At AdminISO, we are committed to protecting and respecting your privacy. This Privacy Notice explains how we collect, use, store, and protect your personal information when you use our services, including our website (adminiso.io) and our SaaS platform. By using AdminISO, you agree to the practices described in this notice. This notice applies to both visitors to our website and customers of our platform.
2. Data Controller
The data controller for your personal data is AdminISO. For purposes of this notice, we act as data controllers for personal data we collect directly. When you use our platform to manage your organization's data, you act as the data controller and we act as data processors for such data.
3. Scope of Notice
This notice covers two types of data processing: (a) Data we collect directly from you as a visitor to our website or AdminISO customer; (b) Data you process through our platform to manage your enterprise quality systems. For the second type of data, you maintain primary responsibility as the data controller.
4. Information We Collect
We collect different types of information depending on your interaction with our services:
Website Data
When you visit our website or use our contact form, we collect: full name, email address, phone number, company name, message or inquiry, contact preference, and technical cookies necessary for site functionality.
Account and Billing Data
For AdminISO customers we collect: business registration information, contact details of administrators and users, billing and payment information, subscription and service usage history, technical support communications, and account configuration preferences.
Platform-Processed Data
Data you enter into AdminISO to manage your quality system, including: quality documents, process records, audit information, non-conformity data, quality objectives, supplier information, training records, and any other content related to your management system. This data remains under your control and ownership.
Technical and Usage Data
Technical information necessary to operate the service: system logs, performance metrics, aggregated and anonymized usage data, security information, automated backups, and file metadata.
5. How We Use Your Information
We use your personal information for the following legitimate purposes:
Service Provision
Provide access to AdminISO, process your registration and authentication, manage your account and subscription, facilitate use of platform functionalities, process payments and billing, provide specialized technical support, and perform data backups.
Improvement and Development
Analyze platform usage to improve functionalities, develop new features based on real needs, optimize performance and speed, personalize user experience, perform security analysis and fraud prevention, and develop educational content about quality systems.
Communication
Respond to contact form inquiries, send important service notifications, communicate updates and new functionalities, provide educational content about ISO and quality, send newsletters (with consent only), and facilitate communication during the sales process.
Legal Compliance and Security
Comply with legal and tax obligations, respond to requests from competent authorities, protect our legal rights and intellectual property, prevent fraud and illegal activities, maintain platform security, and resolve contractual disputes.
6. Legal Basis for Processing
The processing of your personal data is based on the following legal bases: (a) Contract performance: to provide AdminISO contracted services; (b) Legitimate interest: to improve our services, perform usage analysis and communicate with you about updates; (c) Consent: for sending promotional communications and processing sensitive data; (d) Legal obligation compliance: to meet applicable legal and tax requirements.
7. Information Sharing
We do not sell, rent, or share your personal information with third parties for commercial purposes. We share information only in the following limited circumstances:
Service Providers
We share information with specialized service providers who help us operate AdminISO, including: cloud hosting providers (with security certifications), payment processors (with PCI DSS compliance), web analytics services (with anonymized data), technical support providers, data backup services, and security infrastructure providers. All are contractually obligated to protect your information.
Legal Requirements
We may disclose information when required by law, court order, legal process, government investigation, or to protect our rights, property, security, or that of our users. In such cases, we limit disclosure to the minimum necessary and when legally possible, we will notify you about the request.
Business Transfers
In case of merger, acquisition, asset sale, or corporate restructuring, your information may be transferred as part of the transaction, always notifying you at least 30 days in advance and ensuring the acquirer maintains the same privacy protections.
8. Data Security
We implement enterprise-level technical, physical, and organizational security measures to protect your information: AES-256 encryption for data at rest, TLS 1.3 encryption for data in transit, multi-factor authentication, role-based access controls, 24/7 security monitoring, daily automated backups, regular security audits, continuous staff training in data protection, and compliance with international security standards.
9. Data Retention
We retain your personal information for different periods depending on the type of data: (a) Website contact data: 3 years after last contact; (b) Active account data: during your subscription term; (c) Billing data: 10 years per tax obligations; (d) Platform data: 1 month after subscription cancellation, or immediately if you request deletion. You can delete all your platform data at any time from your account, in which case we will no longer have access to such information; (e) Security logs: 1 year for security investigations; (f) Anonymized data: indefinitely for statistical analysis.
10. Your Rights
You have the following rights regarding your personal information:
Right of Access
Request information about what personal data we have about you, how we use it, who we share it with, and how long we will keep it.
Right of Rectification
Request correction of inaccurate, incomplete, or outdated information. You can update certain data directly from your account.
Right of Cancellation
Request deletion of your personal information when you consider it is not necessary for the purposes for which it was collected or when you withdraw your consent.
Right of Portability
Request the transfer of your data to another service provider in a structured and commonly used format.
Right of Objection
Object to the processing of your personal data for specific purposes such as direct marketing or when you consider it may cause you harm.
Exercising Rights
To exercise your rights, you can contact us at [email protected]. We will respond to your request within the legally established timeframes. Some data may be retained if legal or contractual obligations require it.
11. International Transfers
Your data may be transferred and processed in countries other than Mexico, primarily for cloud hosting services and technical support. When this occurs, we ensure adequate safeguards exist including: approved standard contractual clauses, international privacy certifications, and security measures equivalent to or superior to Mexican standards.
12. Business Data Processing
For data you process through AdminISO to manage your quality system: (a) You maintain full ownership and control of this data; (b) We act only as data processors under your instructions; (c) We do not access this data except to provide authorized technical support; (d) We implement security measures to protect this data; (e) You are responsible for obtaining necessary consents from your employees and third parties.
13. Minors
AdminISO is directed exclusively to businesses and professionals. We do not intentionally collect personal information from minors under 18 years of age. If we discover we have collected information from a minor, we will delete it immediately and take measures to prevent future collection.
14. Changes to this Notice
We may update this Privacy Notice occasionally to reflect changes in our practices, new functionalities, or for legal reasons. For significant changes, we will notify you at least 30 days in advance by email and through a prominent notice on our website. Your continued use of the service after changes constitutes your acceptance of the updated notice.
15. Contact
If you have questions about this Privacy Notice, wish to exercise your rights, or need more information about our privacy practices, you can contact us: