Legal
Privacy Policy
How we collect, use, and protect your personal data in compliance with the GDPR and European data protection regulations.
Last updated: February 2, 2026
Table of Contents
1. Data Controller
SECFORIT SRL ("SECFORIT", "we", "us", or "our") is the data controller responsible for processing your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us at:
Email: razvan@secforit.ro
2. Personal Data We Collect
We may collect and process the following categories of personal data:
Information you provide directly:
- Name, email address, company name, and any message content submitted through our contact form
- Communication records when you correspond with us via email or other channels
- Business contact information provided in the context of a professional relationship
Information collected automatically:
- IP address (anonymised where technically feasible)
- Browser type and version, operating system
- Pages visited, time and date of access, time spent on pages
- Referring website address
We do not knowingly collect special categories of personal data (e.g., racial or ethnic origin, political opinions, health data) unless you explicitly provide such information.
3. Legal Basis for Processing
Under the General Data Protection Regulation (GDPR) and applicable European data protection laws, we process your personal data on the following legal bases:
- Consent (Art. 6(1)(a) GDPR): When you voluntarily submit a contact form or subscribe to communications, you consent to the processing of your data for those purposes. You may withdraw your consent at any time.
- Legitimate Interest (Art. 6(1)(f) GDPR): We process certain data for our legitimate business interests, such as improving our website, ensuring security, and responding to enquiries, provided these interests do not override your fundamental rights and freedoms.
- Contractual Necessity (Art. 6(1)(b) GDPR): Where processing is necessary for the performance of a contract or to take pre-contractual steps at your request.
- Legal Obligation (Art. 6(1)(c) GDPR): Where we are required by law to process your data, for example for tax, accounting, or regulatory purposes.
4. Purposes of Processing
We use your personal data for the following purposes:
- Responding to your enquiries and providing requested information
- Delivering and improving our cybersecurity consulting services
- Operating and maintaining our website, including analytics
- Communicating updates, security advisories, or promotional material (only with your consent)
- Complying with legal obligations and protecting our legitimate interests
- Ensuring the security of our systems and detecting fraudulent activity
5. Data Sharing and Transfers
We do not sell your personal data. We may share your data with the following categories of recipients:
- Service providers: Trusted third-party processors that assist us in operating our website and delivering services (e.g., hosting providers, analytics services, email platforms). All processors are bound by data processing agreements.
- Legal requirements: Competent authorities, courts, or regulatory bodies when required by law or to protect our legal rights.
- Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction, with equivalent protections in place.
International transfers: If your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or an adequacy decision under Art. 45 GDPR.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:
- Contact form submissions: Retained for up to 12 months after the last communication, unless a business relationship is established.
- Contractual data: Retained for the duration of the contract and for the applicable statutory limitation period thereafter.
- Analytics data: Aggregated and anonymised data may be retained indefinitely. Identifiable data is deleted or anonymised within 26 months.
- Legal obligations: Data required for tax or regulatory compliance is retained as required by applicable law.
After the retention period, personal data is securely deleted or irreversibly anonymised.
8. Your Rights
Under the GDPR and applicable European data protection legislation, you have the following rights:
- Right of access (Art. 15): You may request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): You may request correction of inaccurate or incomplete data.
- Right to erasure (Art. 17): You may request deletion of your data where there is no compelling reason for its continued processing.
- Right to restriction (Art. 18): You may request that we restrict the processing of your data in certain circumstances.
- Right to data portability (Art. 20): You may request your data in a structured, commonly used, and machine-readable format.
- Right to object (Art. 21): You may object to processing based on legitimate interests at any time. We will cease processing unless we can demonstrate compelling legitimate grounds.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
- Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement.
To exercise any of these rights, please contact us at razvan@secforit.ro. We will respond within one month, as required by the GDPR. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit (TLS/SSL)
- Access controls and authentication mechanisms
- Regular security assessments and vulnerability testing
- Employee training on data protection
- Incident response procedures
While we take all reasonable precautions, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to protecting your data to the highest industry standards.
10. Children's Privacy
Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us immediately and we will take steps to delete such information.
11. Third-Party Links
Our website may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any external sites you visit.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
13. Contact Information
For any questions, concerns, or requests related to this Privacy Policy or the processing of your personal data, please contact us:
SECFORIT SRL
Email: razvan@secforit.ro
If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.