Privacy Policy
This Privacy Policy was last updated on 1st October 2019.
Who we are?
The purpose of this Privacy Policy is to describe how BIT SENTINEL SECURITY S.R.L. (“BIT SENTINEL,” “BSS,” “us,” “we,” or “our”) collects, uses and shares information about you through our online interfaces (e.g., websites and mobile applications) owned and controlled by us, including www.bit-sentinel.com, rohacked.bit-sentinel.com (collectively referred to herein as the “Site”). Please read this notice carefully to understand what we do. If you do not understand any aspects of our Privacy Policy, please feel free to contact us at [email protected].
BIT SENTINEL SECURITY SRL is a Romanian limited liability company headquartered at Bucharest, Phoenicia Business Center, str. Turturelelor 11A, 7th floor.
What categories of personal data we collect and why we collect them?
The personal data that we process may include:
- Contact information (including when fill-in the Site contact form): including your name, position/role/job title, company or organisation, email address, postal address;
- Business information: data identifying you in relation to matters on which you instruct us or in which you are involved;
- In the context of the recruitment process, you may send us your contact details and other information as contained in your job application, curriculum vitae and cover letter, as well as any references provided or obtained, for the purposes of processing your application and for general recruitment and selection purposes;
- Details of your visits at our offices for security purposes or any other details on how you interact with us;
- Events data: attendance at and provision of feedback forms in relation to our events;
- Supplier data: contact details and other information about you or your company or organization where you provide services to us;
- Social Media: posts, likes, tweets and other interactions with our social media presence;
- Data resulting from your browsing on our Website, collected via cookies according to our Cookies Policy and our technology services being IP address, browser type and version (e.g. Internet Explorer, Firefox, Safari, etc.), time zone setting, browser plug-in in types and versions, operating system you are using (e.g. Vista, Windows XP, MacOS, etc.);
- Online data: when you access this Site and our technology services, information about your visit including URL clickstream to, through and from our website (including date and time), information about your network as such as information about devices, nodes, configurations, connection speeds and network application performance; pages viewed or searched for, page response times, download errors, length of visits and interaction information (such as scrolling, clicks, mouse-overs) and whether you click on particular links or open our emails;
- Online Comments: when you leave comments on the Site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment;
- Media Data: If you upload images to the Site, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the Site can download and extract any location data from images on the website.
- Contact forms and Cookies Data:
- If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
- If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
- When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
- If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
- Embedded content from other websites. Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.
- Analytics. We may use Analytics to understand better how users are performing on our website in order to improve their stay on the site.
Purposes for the processing of your personal data
We may use your personal data for the following purposes:
- Providing professional services including penetration testing services, code review, start-up security essentials, social engineering, blockchain security; incident response & CSIRT; managed security services; cybersecurity consultancy; trainings & cybersecurity awareness; responsible disclosure program;
- Business and contractual relationship: managing our relationship with you, your company or organization including keeping records about business contacts and of the work we have carried out for you (or the company on behalf of which you instruct us), services and payments so we can customize our offering for you, develop our relationship and target our marketing and promotional campaigns;
- Communication sending emails, newsletters and other electronic marketing materials relating to cyber security news, market insights and of our services, to invite you to trainings or other events hosted by us or in cooperation with us;
- Events for running cyber security briefings, roundtables and other events;
- Client surveys and feedback: including events feedback and client listening exercises as well as answering issues and concerns which may arise;
- Complying with our legal obligations: client due diligence (such as anti-money laundering and anti-terrorism financing obligations), obligations of reporting to the tax authorities, sanctions screening and other crime prevention and detection laws and regulatory requirements. This may include automated checks of personal data you provide about your identity against relevant databases and contacting you to confirm your identity, or making records of our communications with you for compliance purposes;
- Website monitoring: to check the website and our other technology services are being used appropriately and to optimize their functionality;
- Online security: protecting our information assets and technology platforms from unauthorized access or usage and to monitor for malware and other security threats;
- Site security: to provide security to our offices (normally collecting your name and contact details on entry to our buildings);
- Managing suppliers: who deliver services to us;
- Legitimate interest: to pursue the legitimate business interests such as monitoring CCTV system in our offices.
Legal basis for the data processing
Your personal data may be processed using the following legal grounds:
- your personal data sent to us voluntarily by you via this Website (newsletter, careers and/or contact – get in touch -, testimonials sections) are processed on the ground of explicit consent;
- the data is necessary for us to perform an agreement with you or your organization for providing our services;
- compliance with our legal obligations as well as to keep records of our compliance processes or tax records;
- processing is necessary for our legitimate interests or those of a third party provided that those interests are not overridden by your interests or fundamental rights and freedoms.
- Special category of data in the EU and certain other jurisdictions refers to sensitive data such as your racial or ethnic origin, religious beliefs or health data. We may also collect data about criminal convictions. We will process this data where:
- we have your explicit consent for the particular processing;
- this is necessary to protect your vital interests or those of another person: for example, in medical emergencies; you have manifestly made the data public: e.g. where you have published it on social media;
- this is necessary for substantial public interest: e.g. to prevent or detect unlawful acts;
- as permitted by applicable law: outside the EU and other jurisdictions where these restrictions apply.
We have legitimate business interests in:
- providing our services;
- managing our business and relationship with you or your company or organization;
- understanding and responding to inquiries and client stories, feedback and testimonials;
- understanding how our clients use our services and website;
- identifying what our clients want and developing our relationship with you, your company or organization;
- improving our services and offerings;
- enforcing our terms of engagement and website and other terms and conditions;
- ensuring our systems and premises are secure;
- managing our supply chain;
- developing relationships with business partners;
- operating suppressors to exclude you from direct marketing if you unsubscribe;
- sharing data in connection with acquisitions and transfers of our business.
Who we share your data with?
- Our members firm: including our management, staff and contractors in order to provide our services;
- Suppliers: who support our business including IT and communication suppliers, outsourced business support, marketing and advertising agencies. Our suppliers have to meet minimum standards as to information security and they will only be provided data in line with their function;
- Appropriate parties in the event of emergencies: in particular to protect health and safety of our clients, staff and organizations;
- Your company or organization: in relation to us providing our services;
- Screening service providers: so that we can comply with legal obligations in relation to the prevention or protection of crime, anti-money laundering, sanctions screening and other required checks;
- Advertising networks and analytics service providers: to support and display ads on our website, apps and other social media tools;
- Third parties: in the context of the acquisition or transfer of any part of our business or in connection with the business reorganization;
- Other delegates: where your name will appear on the attendee list for events where you have told us you plan to attend.
We will not transfer your personal data abroad, unless specifically indicated by you.
Where we send your data?
Visitor comments may be checked through an automated spam detection service.
External Links
For your convenience we may provide links to sites operated by organizations other than BIT SENTINEL (“Third Party Sites”) that we believe may be of interest to you. We do not disclose your Personally Identifiable Information to these Third-Party Sites without obtaining your consent. We do not endorse and are not responsible for the privacy practices of these Third-Party Sites. If you choose to click on a link to one of these Third-Party Sites, you should review the privacy policy posted on the other site to understand how that Third-Party Site collects and uses your Personally Identifiable Information.
How long we retain your data?
If you reside or are located in the EEA, we keep your Personally Identifiable Information for no longer than necessary for the purposes for which the Personally Identifiable Information is processed. The length of time we retain Personally Identifiable Information for depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
We retain our services contracts for a period of 10 years; with the mention that the personal data found in any supporting documents that are the basis of the records in the financial accounting are kept in our archive for 10 years from the closing of the financial year in which the supporting documents were prepared, according to the provisions of the accounting law; in the defence and exercise of our legal rights and interests, the personal data necessary to achieve this purpose will be kept according to the general terms of limitation.
Confidentiality & Security of Personally Identifiable Information
We consider the confidentiality and security of your information to be of the utmost importance. We will use industry standard physical, technical and administrative security measures to keep your Personally Identifiable Information confidential and secure and will not share it with third parties, except as otherwise provided in this Privacy Policy, or unless such disclosure is necessary in special cases, such as a physical threat to you or others, as permitted by applicable law. Because the Internet is not a 100% secure environment, we cannot guarantee the security of Personally Identifiable Information, and there is some risk that an unauthorized third party may find a way to circumvent our security systems or that transmission of your information over the Internet will be intercepted. It is your responsibility to protect the security of your login information. Please note that e-mails communications are typically not encrypted and should not be considered secure.
No Information from Children Under 16
BIT SENTINEL strongly believes in protecting the privacy of children. In line with this belief, we do not knowingly collect or maintain Personally Identifiable Information on our Site from persons under 16 years of age, and no part of our Site is directed to persons under 16 years of age. If you are under 16 years of age, then please do not use or access this Site at any time or in any manner. We will take appropriate steps to delete any Personally Identifiable Information of persons less than 16 years of age that has been collected on our Site without verified parental consent upon learning of the existence of such Personally Identifiable Information.
What rights you have over your data
Subject to the provisions of the data protection legislation in force, you have the following rights in relation to the processing of your personal data:
- Access to your personal data and the right to request a copy of your personal data which we hold;
- Correction of any inaccurate or incomplete personal data;
- Object to or restrict our use of your personal data;
- Erasure of your personal data, when you withdrew your consent, the processing is no longer necessary, or such processing is unlawful;
- Data portability which allows you to receive a copy of the processed data which we received from you or to share them with another entity nominated by you;
- Automated decisions you may contest any automated decision made about you where this has a legal or similar significant effect and ask for it to be reconsidered;
- Withdraw your consent for the consent-based processing. Please note that withdrawal of consent shall not affect the lawfulness of processing based on consent before consent withdrawal. If you withdraw your consent, we will no longer process your personal data and we shall take the necessary measures to erase your personal data. We may however process your personal data if there is another legal basis for such processing.
If you wish to exercise the rights detailed above, please contact us using the following email address: [email protected]
We try to answer every email promptly where possible and provide our response within the time period stated by applicable law, meaning 30 days that might be prolonged up to 2 months depending on the volume of requests. Keep in mind, however, that there will be residual information that will remain within our databases, access logs and other records, which may or may not contain your Personally Identifiable Information. Please also note that certain Personally Identifiable Information may be exempt from such requests in certain circumstances, which may include if we need to keep processing your Personally Identifiable Information to comply with a legal obligation.
When you email us with a request, we may ask that you provide us with information necessary to confirm your identity. You also have a right to lodge a complaint with a data protection supervisory authority, in particular in Romania you can make a complaint to The National Supervisory Authority for Personal Data (ANSPDCP), headquartered in 28-30 Gheorghe Magheru, District 1, postal code 010336, Bucharest, in the form of a written address at the headquarters of the institution or by e-mail at [email protected]. You are also granted the right to address to the courts to defence any rights guaranteed by the applicable law in the field of personal data protection that have been violated.
Questions, Suggestions and Complaints
If you have any privacy-related questions, suggestions, unresolved problems, or complaints you may contact us via [email protected].
Changing Our Privacy Policy
Please note that we review our privacy practices from time to time, and that these practices are subject to change. Any change, update, or modification will be effective immediately upon posting on our Site. We will notify you of any material change to this Privacy Policy by posting a notice on our Site’s homepage for a reasonable period of time following such update, and by changing the effective date (located at the bottom of this page). Be sure to return to this page periodically to ensure familiarity with the most current version of this Privacy Policy.