MKOR Privacy Policy
Version: 3.0
Last updated: 2026-01-24
DPO Contact: [email protected]
Visual Summary
| Key Information | |
|---|---|
| 🏢 | Data Controller: MKOR Consultanta SRL (Tax ID: RO30954519) |
| 📧 | DPO Contact: [email protected] |
| 📊 | Collected data: Identification, contact, demographic, professional |
| ⚖️ | Legal basis: Consent, contract, legal obligation, legitimate interest |
| 🔗 | Sharing: IT providers, research partners, authorities |
| 🌍 | Transfers: EU, USA (Data Privacy Framework), other countries (SCC) |
| ⏱️ | Retention: 30 days – 75 years (depending on purpose) |
| ✅ | Your rights: Access, rectification, erasure, portability, objection |
Exercise your rights: mkor.eu/contact or [email protected]
Table of Contents
1. About Us
Data Controller
| Details | |
|---|---|
| Name | MKOR Consultanta SRL |
| Tax ID (CUI) | RO30954519 |
| EUID | ROONRC.J2015015742405 |
| Trade Register No. | J2015015742405 |
| Registered Office | 6 Constantin Titel Petrescu St., Bl. C38, Apt. 69, Sector 6, Bucharest |
| Phone | +40 728 853 359 |
Data Protection Officer (DPO)
| Details | |
|---|---|
| [email protected] | |
| Correspondence address | 2d Mărgelelor St., Villa 3, Bragadiru, Ilfov |
About MKOR
MKOR Consultanta SRL is a market research agency providing surveys, opinion polls, and consumer preference analysis. We operate the MKOR Panel, a community of participants who contribute to our research studies.
This policy describes how we collect, use, and protect your personal data, in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Romanian legislation.
2. Definitions
| Term | Explanation |
|---|---|
| Personal data | Any information that identifies you directly or indirectly (name, email, Personal Identification Number, IP address, etc.) |
| Processing | Any operation on data: collection, storage, use, transmission, deletion |
| Controller | MKOR Consultanta SRL – we decide the purposes and means of processing |
| Processor | Third parties who process data on our behalf (IT providers, cloud services) |
| Consent | Your free, specific, informed, and unambiguous agreement |
| Data subject | You – the person whose data is being processed |
3. What Data We Collect
We organize information based on your relationship with MKOR:
3.1 MKOR Panel Members
If you have joined the MKOR Panel or participate in our studies:
| Data Category | Examples | Purpose | Legal Basis | Retention |
|---|---|---|---|---|
| Identification | First name, last name, phone, email, gender, year of birth | Panel registration, communication, study selection | Consent | Duration of panel membership + 3 years |
| Household | Number of household members | Demographic segmentation | Consent | Duration of panel membership + 3 years |
| Location | City/commune, county | Geographical selection for studies | Consent | Duration of panel membership + 3 years |
| Education and profession | Education level, occupation, professional level, income | Profiling for relevant studies | Consent | Duration of panel membership + 3 years |
| Study participation | Questionnaire responses | Market research | Consent | Duration of the study + 3 years |
| Raffles | Name, delivery address, postal code | Awarding prizes | Consent | Duration of the raffle + 3 years |
Anonymization of Study Responses
Important: To protect your privacy, we apply the following anonymization measures:
- Data decoupling: Your questionnaire responses are separated from personal identification data. This means that responses cannot be directly associated with your identity.
- Anonymous codes: Instead of names or emails, responses are stored using anonymous codes or pseudonyms.
- Aggregated reporting: Study results are delivered to our clients exclusively in aggregated and statistical form, without the possibility of identifying individual respondents.
- ESOMAR Standards: We comply with international market research standards (ESOMAR/ICC) regarding respondent protection.
Thus, even if you participate in our studies, your identity remains protected, and responses cannot be traced back to you.
Note: The MKOR Panel has its own detailed privacy policy, available upon registration.
3.2 Website Visitors
When you visit the mkor.eu website or subscribe to the newsletter:
| Data Category | Examples | Purpose | Legal Basis | Retention |
|---|---|---|---|---|
| Technical data | IP address, browser type, device, operating system | Website functionality, security | Legitimate interest | Session – 26 months |
| Browsing data | Visited pages, time spent, actions | Experience improvement, analysis | Consent (cookies) | 14-26 months |
| Contact form | Name, email, message | Response to requests | Contract (pre-contractual steps) | 2 years |
| Newsletter | Name, email | Sending information of interest | Consent | Until unsubscription |
For cookies: Consult the Cookie Policy for full details.
3.3 Employees and Candidates
Job Candidates
| Data Category | Examples | Purpose | Legal Basis | Retention |
|---|---|---|---|---|
| Identification | Name, date of birth, gender, citizenship | Eligibility assessment | Pre-contractual steps | Recruitment + 1 year |
| Contact | Phone, email, address | Communication in the recruitment process | Pre-contractual steps | Recruitment + 1 year |
| Education | Diplomas, certifications, qualifications | Skills verification | Pre-contractual steps | Recruitment + 1 year |
| Experience | CV, professional history | Fit assessment | Pre-contractual steps | Recruitment + 1 year |
| References | Data of persons recommending you | Reference check | Pre-contractual steps | Recruitment + 1 year |
Talent database: With your consent, we may keep your CV for future opportunities for 2 years.
Employees
| Data Category | Examples | Purpose | Legal Basis | Retention |
|---|---|---|---|---|
| Full identification | Name, Personal Identification Number (CNP), ID card, birth certificate | Personnel file, legal obligations | Contract + Legal obligation | Duration of employment contract + 75 years |
| Contact | Address, phone, personal email | Communication | Contract | Duration of employment contract + 75 years |
| Financial | Bank account, salary data | Payment of salary rights | Contract + Legal obligation | Duration of employment contract + 75 years |
| Family | Data of dependents | Benefits, tax deductions | Legal obligation | Duration of employment contract + 75 years |
| Health | Medical leaves, OHS (SSM) file | Occupational health and safety | Legal obligation | Duration of employment contract + 75 years |
| Professional | Evaluations, trainings, timekeeping | Personnel administration | Contract | Duration of employment contract + 75 years |
Applicable legislation: Labor Code, Fiscal Code, Law 319/2006 (OHS), GD 905/2017 (REVISAL).
Exit Interview: Upon termination of the employment contract, we may collect feedback (legitimate interest), kept for 2 years.
3.4 Business Partners
Clients, suppliers, and collaborators:
| Data Category | Examples | Purpose | Legal Basis | Retention |
|---|---|---|---|---|
| Professional identification | Name, position, workplace | Signing and execution of contracts | Contract | Contract duration + 10 years |
| Professional contact | Email, work phone | Contractual communication | Contract | Contract duration + 10 years |
| Signature | Signature on documents | Validation of commitments | Contract | Contract duration + 10 years |
| Events | Photos, recordings (with consent) | Event promotion | Consent | 5 years |
| Audit | Data from audited documents | Compliance, efficiency improvement | Legitimate interest | Audit + 2 years, then 10 years archiving |
| Complaints/Litigation | Relevant data for resolution | Protection of interests | Legitimate interest | Resolution + 3 years |
Video conferences (Zoom, Teams): We only record with participants’ consent, retention 30 days.
4. Legal Basis for Processing
We process your data only based on a valid legal basis:
| Legal Basis | When We Use It | Examples |
|---|---|---|
| Consent (Art. 6(1)(a)) | When you give your explicit consent | Panel registration, newsletter, marketing cookies, event photos |
| Contract (Art. 6(1)(b)) | To execute a contract or pre-contractual steps | Service delivery, order processing, employment |
| Legal obligation (Art. 6(1)(c)) | When the law requires us | Tax records, REVISAL, ANAF reporting |
| Legitimate interest (Art. 6(1)(f)) | Business interests that do not unfairly affect you | IT security, fraud prevention, service improvement |
Withdrawal of Consent
- You can withdraw it at any time, as easily as you granted it
- Withdrawal does not affect the lawfulness of processing prior to it
- To withdraw: mkor.eu/contact or [email protected]
5. Who We Share Data With
Categories of Recipients
| Category | Examples | Purpose |
|---|---|---|
| IT and cloud providers | Google Cloud, Microsoft, Zoho, Orange, DIGI | Hosting, email, communications |
| Analytics services | Google Analytics | Understanding website usage |
| Clients (for studies) | Companies ordering research | Delivery of results (aggregated/anonymized data) |
| HR service providers | Payroll companies, occupational medicine, SSM, PSI | Personnel administration |
| Financial services | Banks (BCR, ING), EDENRED, Benefit | Payments, vouchers |
| Legal services | Lawyers, consultants | Counseling, litigation |
| Authorities | ANAF, ITM, ISU, courts | Legal obligations |
Important regarding research studies: Our clients receive exclusively aggregated data and statistics. We never share respondents’ personal data with clients who order studies. Responses are decoupled from participants’ identity before any analysis or reporting.
Main Infrastructure Providers
- IT and communications: Orange, DIGI, Google Cloud, Zoho, Microsoft Teams, Zoom, Tracking Time
- Financial services: BCR Bank, ING Bank, EDENRED, Benefit
- HR services: Occupational medicine companies, Health and Safety (SSM), Fire Safety (PSI), payroll
- Archiving: Global Archive Management
- Recruitment: E-jobs, Bestjobs
6. International Transfers
Some data may be transferred outside the European Economic Area (EEA).
Transfer Mechanisms
| Destination | Mechanism | Details |
|---|---|---|
| Countries with an adequacy decision | Free transfer | United Kingdom, Switzerland, Canada (PIPEDA), Japan, South Korea |
| USA – DPF certified organizations | EU-US Data Privacy Framework | Google, Microsoft, Zoom, Salesforce |
| USA – other organizations | Standard Contractual Clauses (SCC) | Meta, TikTok |
| Other third countries | Standard Contractual Clauses (SCC) | With additional technical measures |
Protection Measures
- Encryption in transit: TLS for all transfers
- Data minimization: We transfer only the strictly necessary data
- Impact assessments (TIA): We have evaluated the legislation in third countries
You can request a copy of the Standard Contractual Clauses at: [email protected]
Third-Party Provider Policies
For details about data processing by our providers:
- Google Privacy Policy
- Meta/Facebook Privacy Policy
- TikTok Privacy Policy
- Microsoft Privacy Policy
- Zoom Privacy Policy
- Zoho Privacy Policy
7. How Long We Keep the Data
| Category | Retention Period | Reason |
|---|---|---|
| Panel Members | Duration of panel + 3 years | Prevention of duplicate registrations, archiving |
| Study responses | Duration of study + 3 years | Verification, client audits |
| Site visitors (cookies) | Session – 26 months | According to the type of cookie |
| Contact forms | 2 years | Relationship management |
| Newsletter | Until unsubscribing + 30 days | Request processing |
| Candidates | Recruitment process + 1 year | Legal protection (discrimination) |
| Talent pool | 2 years from consent | Future opportunities |
| Employees | Duration of employment contract + 75 years | Legal obligations (pensions, archiving) |
| Commercial contracts | Duration of contract + 10 years | Legal obligations, archiving |
| Tax documents | 10 years | Tax obligations |
| Video conferences | 30 days | Operational |
After the periods expire, the data is deleted or anonymized.
8. Your Rights
Summary Table of Rights
| Your Right | What It Means | How to Exercise It | Deadline |
|---|---|---|---|
| Access | Obtain a copy of all your data. | mkor.eu/contact or [email protected] | 1 month |
| Rectification | Correct inaccurate or incomplete data | mkor.eu/contact or [email protected] | 1 month |
| Erasure | Request the deletion of data when it is no longer necessary | mkor.eu/contact or [email protected] | 1 month |
| Restriction | Temporarily limit processing | mkor.eu/contact or [email protected] | 1 month |
| Portability | Receive data in a structured electronic format | mkor.eu/contact or [email protected] | 1 month |
| Objection | Stop processing based on legitimate interest | mkor.eu/contact or [email protected] | 1 month |
| Withdrawal of consent | Revoke previously given consent | mkor.eu/contact or [email protected] | Immediately |
| Complaint | Notify the supervisory authority (ANSPDCP) | See below | – |
Deadlines and Costs
- Response time: Maximum 1 month from receipt of the request
- Extension: For complex or multiple requests, the deadline may be extended by another 2 months (we will notify you)
- Cost: Exercising your rights is free of charge
- Exception: For additional copies or unjustified repetitive requests, we may charge a reasonable fee
Identity Verification
To protect your data, we may request additional information to confirm your identity.
Limitations
Certain rights may be limited when:
- We have legal retention obligations (e.g., tax documents, HR)
- Data is necessary for defense in court
- The rights and freedoms of others would be affected
Filing a Complaint with ANSPDCP
If you are not satisfied with the way we handled your request, you can file a complaint with:
National Supervisory Authority for Personal Data Processing (ANSPDCP)
| Contact Details | |
|---|---|
| Address | 28-30 G-ral. Gheorghe Magheru Blvd., District 1, Bucharest, postal code 010336 |
| Phone | +40.318.059.211 / +40.318.059.212 |
| Fax | +40.318.059.602 |
| [email protected] | |
| Website | www.dataprotection.ro |
Complaints can be filed in Romanian or English, online, by mail, or in person.
Recommendation: Before contacting ANSPDCP, please contact us at [email protected]. We will make every effort to resolve your issue.
9. Data Security
Protection Measures
| Category | Implemented Measures |
|---|---|
| Technical security | Firewall, antivirus, TLS encryption, regular backup |
| Access control | Unique passwords, authentication, role-based access |
| Confidentiality | Agreements with employees and collaborators |
| Training | Periodic training for staff |
| Risk assessment | Periodic analysis of processing activities |
Incident Reporting
In case of a data security breach:
- We will notify the ANSPDCP within a maximum of 72 hours (if there is a risk)
- We will notify the affected persons without delay (if there is a high risk)
10. Cookies
The mkor.eu website uses cookies for:
- Correct functioning of the website
- Analysis of usage
- Personalization of experience
- Marketing (with your consent)
For complete information, see the Cookie Policy
MKOR Panel
The MKOR Panel platform has its own privacy policy, available upon registration.
11. Policy Changes
Change History
| Date | Version | Main Changes |
|---|---|---|
| 2026-01-24 | 3.0 | Complete restructuring: visual summary with icons, consolidation by user categories, improved rights table, links to third-party policies, detailed section on study response anonymization |
| 2025-01-24 | 2.0 | Added executive summary, table of contents, new sections |
| 2018-05-25 | 1.5 | Update for GDPR compliance (Regulation 679/2016): extended user rights, detailed legal bases, DPO designation |
| 2017-03-01 | 1.0 | Initial version – privacy policy for the MKOR website |
How We Inform You About Changes
- Email: For panel members and newsletter subscribers
- Website banner: For all visitors
- Reconfirmation request: If the changes affect the legal basis
Previous versions are available upon request: [email protected]
12. Contact
Data Protection Officer (DPO)
| Details | |
|---|---|
| [email protected] | |
| Online form | mkor.eu/contact |
| Address | str. Mărgelelor 2d, vila 3, Bragadiru, Ilfov |
| Phone | +40 728 853 359 |
DPO Responsibilities
- Information and advice regarding GDPR obligations
- Monitoring compliance
- Point of contact for ANSPDCP and data subjects
- Coordination of data subject requests
We will respond as soon as possible, but no later than 1 month.
MKOR Consultanta SRL
Website: www.mkor.eu
Contact: [email protected]