Home
Compliance Services
ISO 27001 — ISMS ISO 27701 — PIMS ISO 42001 — AIMS EU DORA EU NIS2 SOC 2 NIST CSF PCI-DSS IT Audit
Advisory Services
IT GRC Cyber Strategy vCISO Services Business Continuity Risk Management Training & Awareness
Offensive Security Partners
Company
About Us Trust Centre Partners Resources Careers Contact Us
Talk to Us
Legal

Privacy Policy

Last updated: 10 March 2026

1. Who We Are

Bitsecura ("we", "us", "our") is a cybersecurity consultancy providing compliance, risk management, and offensive security services. We are the data controller for any personal data collected through this website.

You can contact us at: [email protected]

2. What Data We Collect

Data you provide directly

  • Your name and email address when booking a discovery call through our scheduling tool
  • Any information you share with us during correspondence via email

Data collected automatically

  • Website usage data such as pages visited, time on site, and referral source — collected via Google Analytics, only when you have provided consent
  • Technical data such as browser type, device type, and IP address
  • Cookie consent preferences stored locally in your browser

3. How We Use Your Data

We use the data we collect to:

  • Arrange and conduct discovery calls or consultations you have requested
  • Respond to enquiries sent directly to us by email
  • Understand how visitors use our website so we can improve it (analytics, subject to consent)
  • Comply with legal and regulatory obligations

We do not use your personal data for automated decision-making or profiling, and we do not sell your data to third parties.

4. Legal Basis for Processing

We process your personal data on the following legal bases under the UK GDPR and EU GDPR:

  • Consent — for analytics cookies and marketing communications, where you have given explicit consent
  • Legitimate interests — for responding to enquiries and improving our website, where our interests are not overridden by your rights
  • Contract — where processing is necessary to fulfil an engagement or pre-contractual steps you have requested
  • Legal obligation — where we are required to retain data by law

5. Third-Party Services

We use a small number of trusted third-party services that may process your data on our behalf:

  • OneCal — our scheduling tool used to book discovery calls. Subject to OneCal's own privacy policy.
  • Google Analytics — website analytics. Data is only collected with your consent. Google may transfer data outside the EEA under standard contractual clauses.
  • Clickio — our consent management platform, which stores your cookie preferences locally in your browser.
  • LinkedIn — if you follow our LinkedIn company page, LinkedIn's own privacy policy applies.

We do not share your personal data with any other third parties without your explicit consent, except where required by law.

6. Data Retention

We retain personal data only for as long as necessary for the purpose it was collected:

  • Enquiry and booking data is retained for up to 2 years after last contact, unless an ongoing engagement requires longer retention
  • Analytics data is retained for 14 months in accordance with Google Analytics defaults
  • Cookie consent records are stored in your browser until you clear them or they expire (typically 12 months)

7. International Transfers

Some of our third-party service providers are based outside the European Economic Area (EEA). Where data is transferred internationally, we ensure appropriate safeguards are in place — such as the use of standard contractual clauses approved by the European Commission — to protect your rights.

8. Your Rights

Under GDPR, you have the following rights in relation to your personal data:

  • Right of access — to request a copy of the personal data we hold about you
  • Right to rectification — to request correction of inaccurate or incomplete data
  • Right to erasure — to request deletion of your data, where no overriding legal obligation requires us to retain it
  • Right to restrict processing — to request that we limit how we use your data
  • Right to data portability — to receive your data in a structured, commonly used format
  • Right to object — to object to processing based on legitimate interests
  • Right to withdraw consent — at any time, where processing is based on consent

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

9. Cookies

We use cookies on this website. For full details of the cookies we use, the purposes they serve, and how to manage your preferences, please see our Cookie Policy.

10. Security

We take the security of your personal data seriously. Our website is served over HTTPS and we apply appropriate technical and organisational measures to protect against unauthorised access, loss, or disclosure. As a cybersecurity consultancy, security is not an afterthought — it is central to how we operate.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The date at the top of this page reflects when it was last revised. We encourage you to review this page periodically. Continued use of our website after changes are posted constitutes acceptance of those changes.

12. Complaints

If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with your local data protection authority. In the EU, this is your national supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.

We would, however, appreciate the opportunity to address your concerns directly before you escalate to a regulator — please contact us first at [email protected].

Contact Us About Privacy

For any questions about this Privacy Policy or how we handle your data, please contact us:

Bitsecura
Email: [email protected]
Phone: Chat on WhatsApp