Privacy Policy
This Privacy Policy explains how Bit Sentinel Security SRL collects, uses, shares and protects your personal data when you interact with our websites and services. Last updated: 1 January 2026.
The purpose of this Privacy Policy is to describe how Bit Sentinel Security SRL (“Bit Sentinel”, “BSS”, “us”, “we”, or “our”) collects, uses and shares information about you through our online interfaces (e.g. websites and applications) owned and controlled by us, including www.bit-sentinel.com and affiliated sites (collectively, the “Site”). Please read it carefully. If anything is unclear, contact us at [email protected].
Bit Sentinel Security SRL is a Romanian limited liability company headquartered at Maria Rosetti no. 6, Bucharest, Romania. We act as the data controller for the personal data processed through the Site.
What data we collect and why
The personal data we process may include:
- Contact information — name, role or job title, company, email address and postal address (for example, when you submit our contact form).
- Business information — data identifying you in relation to engagements you instruct us on or are involved in.
- Recruitment data — details contained in your application, CV, cover letter and references, processed for recruitment and selection purposes.
- Events data — attendance and feedback in relation to our events.
- Supplier data — contact details and other information where you provide services to us.
- Social media — posts, reactions and other interactions with our social media presence.
- Browsing data — collected via cookies (see our Cookies Policy): IP address, browser type and version, time zone, operating system, pages viewed, response times, and interaction information such as clicks and scrolling.
- Analytics — we may use analytics to better understand how visitors use our Site so we can improve it.
Purposes of processing
We may use your personal data to:
- Deliver our professional services — penetration testing, code review, incident response & CSIRT, managed security services, consultancy, training and our responsible disclosure program.
- Manage our business and contractual relationship with you and your organization.
- Send newsletters, market insights and invitations to trainings or events (where you have consented).
- Run security briefings, roundtables and other events.
- Conduct client surveys and gather feedback.
- Comply with legal obligations, including due diligence, tax reporting and crime prevention requirements.
- Monitor and secure our website, technology platforms and offices.
Legal basis for processing
We process your personal data on one or more of the following grounds:
- Consent — for data you provide voluntarily via the Site (newsletter, careers, contact and testimonials sections).
- Performance of a contract — where processing is necessary to provide our services to you or your organization.
- Legal obligation — to keep records of our compliance processes or tax records.
- Legitimate interests — provided they are not overridden by your interests or fundamental rights, for example operating, securing and improving our services.
Where we process special categories of data, we do so only with your explicit consent, to protect vital interests, for reasons of substantial public interest, or as otherwise permitted by applicable law.
Who we share your data with
- Our team — management, staff and contractors, in order to provide our services.
- Suppliers — IT and communications providers, outsourced support, and marketing partners that meet our minimum security standards.
- Appropriate parties in emergencies — to protect the health and safety of clients, staff and organizations.
- Your organization — in relation to the services we provide.
- Screening & analytics providers — for compliance checks and to measure how our Site is used.
- Third parties in corporate transactions — in connection with an acquisition, transfer or reorganization of our business.
We will not transfer your personal data abroad unless specifically indicated by you or required to deliver a service you requested, and always subject to appropriate safeguards.
How long we keep your data
We keep personal data for no longer than necessary for the purposes for which it is processed, or as required to comply with applicable laws and to establish, exercise or defend our legal rights. Service contracts and supporting accounting documents are retained for 10 years in line with Romanian accounting law. Other data is retained according to the relevant statutory limitation periods.
Confidentiality & security
We treat the confidentiality and security of your information as a top priority and apply industry-standard physical, technical and administrative measures. However, no transmission over the Internet is completely secure, so we cannot guarantee absolute security. Please protect your login credentials and remember that email is generally not encrypted and should not be considered secure.
No data from children under 16
We do not knowingly collect personal data from persons under 16 years of age, and no part of our Site is directed to them. If you are under 16, please do not use this Site. We will take appropriate steps to delete any such data collected without verified parental consent once we become aware of it.
Your rights
Subject to applicable data protection law, you have the right to:
- Access your personal data and request a copy of it.
- Rectify inaccurate or incomplete data.
- Object to or restrict our use of your data.
- Erase your data where the relevant conditions are met.
- Data portability — receive a copy of the data you provided or have it transferred.
- Contest automated decisions that have a legal or similarly significant effect.
- Withdraw consent at any time, without affecting the lawfulness of prior processing.
To exercise these rights, contact us at [email protected]. We respond within the period required by law (typically 30 days, extendable to 2 months depending on volume). You may also lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP), B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest.
Changes to this policy
We review our privacy practices periodically and may update this policy. Any change is effective immediately upon posting on our Site, and we will update the effective date above. Please revisit this page from time to time to stay informed.
Questions & complaints
For any privacy-related questions, suggestions or complaints, contact us at [email protected].
Questions About Your Data?
Our Data Protection team is here to help you understand and exercise your rights. Reach out any time.