Privacy and Personal Data Processing Policy
Effective Date: 10 July 2026 Last Updated: 10 July 2026
1. General Provisions
FORTISEC, hereinafter referred to as “FORTISEC”, the “Company”, “we”, “us”, or “our”, respects every individual’s right to privacy and is committed to protecting personal data responsibly.
This Privacy and Personal Data Processing Policy, hereinafter referred to as the “Policy”, explains:
- what personal data we may collect;
- the purposes for which we use it;
- the legal grounds on which processing is carried out;
- how long we retain personal data;
- to whom personal data may be disclosed;
- how we use the SendPulse service;
- what rights data subjects have;
- how consent may be withdrawn or how you may contact us.
This Policy applies to users of the FORTISEC website, email newsletter subscribers, representatives of clients and partners, prospective clients, event participants, and other individuals who interact with us through the website, email, telephone, contact forms, or other communication channels.
We process personal data in accordance with the laws of Ukraine governing personal data protection and, where applicable, Regulation (EU) 2016/679 of the European Parliament and of the Council — the General Data Protection Regulation, or GDPR.
2. Personal Data Controller
For the purposes of this Policy, FORTISEC acts as the controller of personal data because it determines the purposes and means of processing.
Controller contact details:
FORTISEC
Email: info@fortisec.com.ua
Telephone: +38 (044) 333-49-40
Address: Office 304–306, 11 Kurortna Street, Kyiv, 04075, Ukraine
Website: https://fortisec.com.ua/
3. Key Definitions
For the purposes of this Policy, the following terms have the meanings set out below.
Personal Data means any information relating to an identified or identifiable natural person.
Processing of Personal Data means any operation or set of operations performed on personal data, including collection, recording, organisation, storage, use, alteration, disclosure, restriction, or deletion.
Personal Data Controller means a person or organisation that determines the purposes and means of processing personal data.
Personal Data Processor means a person, company, or service provider that processes personal data on behalf of the controller.
Data Subject means the natural person to whom the personal data relates.
Consent means any freely given, specific, informed, and unambiguous indication of a person’s wishes regarding the processing of their personal data.
4. Personal Data We May Collect
The amount and type of personal data we collect depends on how you interact with FORTISEC.
4.1. Contact Details
We may collect:
- first name;
- last name;
- email address;
- telephone number;
- country;
- city or region;
- preferred method of communication.
4.2. Professional and Corporate Information
In the course of business interactions, we may process:
- company or organisation name;
- job title;
- professional role;
- department;
- industry or field of activity;
- corporate email address;
- corporate telephone number;
- information about professional interests;
- information relating to a project, technical specification, or commercial enquiry.
4.3. Information You Provide During Communications
We may process:
- message content;
- consultation requests;
- technical questions;
- comments;
- information submitted through contact forms;
- attached documents;
- business correspondence history;
- information provided during meetings, presentations, webinars, or other events.
Please do not submit passwords, payment details, state secrets, special categories of personal data, confidential technical documentation, or any other restricted information through general website forms without prior agreement with FORTISEC.
4.4. Technical Data
When you use the website, the following information may be collected automatically:
- IP address;
- browser type and version;
- operating system;
- device type;
- language settings;
- date and time of visit;
- pages viewed;
- time spent on the website;
- referral source;
- technical logs;
- diagnostic information;
- cookie identifiers and similar technologies.
4.5. Newsletter Subscription Data
If you subscribe to the FORTISEC email newsletter, we may process:
- email address;
- first name;
- company name;
- job title;
- date and time of subscription;
- subscription source;
- IP address, where recorded by the form or service;
- subscription confirmation status;
- information relating to withdrawal of consent;
- unsubscribe date;
- email delivery information;
- email open information;
- link click data;
- technical delivery errors;
- other engagement metrics relating to the email newsletter.
5. How We Obtain Personal Data
We may obtain personal data:
- directly from you;
- through forms on the website;
- through the newsletter subscription form;
- by email;
- during a telephone conversation;
- during a business meeting;
- during webinars, conferences, exhibitions, and other professional events;
- from the company or organisation you represent;
- from partners where they have a lawful basis for sharing the data;
- from publicly available professional or corporate sources, to the extent permitted by law;
- automatically when you use the website.
The fact that an individual’s contact details are publicly available does not automatically constitute consent to include that person in a marketing mailing list.
6. Purposes of Personal Data Processing
We may use personal data for the following purposes.
6.1. Responding to Enquiries and Providing Consultations
- processing communications;
- responding to enquiries;
- providing technical consultations;
- preparing commercial proposals;
- clarifying client requirements;
- arranging meetings, demonstrations, and presentations.
6.2. Business and Contractual Interaction
- conducting negotiations;
- preparing and implementing business arrangements;
- organising deliveries;
- providing technical support;
- providing warranty and post-warranty services;
- managing relationships with clients and partners;
- fulfilling obligations to clients and partners.
6.3. Email Communications
Where we have an appropriate legal basis, we may send:
- FORTISEC news;
- information about products and solutions;
- technical materials;
- catalogues;
- presentations;
- case studies;
- analytical materials;
- professional reviews;
- invitations to webinars;
- invitations to training sessions;
- invitations to conferences, presentations, and other events;
- notifications about product and service updates;
- surveys;
- other information that may be useful to clients, partners, and members of our professional audience.
6.4. Improving the Website and Communications
- analysing website usage;
- improving page structure and content;
- identifying the most useful materials;
- resolving technical errors;
- evaluating the effectiveness of communications;
- improving email newsletters;
- adapting materials to the professional interests of our audience.
6.5. Information Security
- protecting the website and information systems;
- detecting unauthorised activity;
- preventing fraud;
- preventing misuse;
- investigating incidents;
- maintaining network and information security.
6.6. Compliance with Legal Requirements
- fulfilling legal obligations;
- protecting the rights and legitimate interests of FORTISEC;
- handling claims;
- responding to competent public authorities where required by law;
- retaining information for legally prescribed periods.
7. Legal Bases for Processing
Depending on the circumstances, personal data may be processed on one or more of the following legal bases.
7.1. Consent
We may process personal data on the basis of your freely given consent, including for the purpose of sending marketing and informational emails.
You have the right to withdraw your consent at any time.
Withdrawal of consent does not affect the lawfulness of processing carried out before the consent was withdrawn.
7.2. Taking Steps Before Entering into a Business Relationship
Processing may be necessary for:
- responding to your enquiry;
- preparing a commercial proposal;
- providing a consultation;
- arranging a demonstration;
- conducting negotiations;
- preparing for cooperation.
7.3. Performance of Contractual Obligations
Personal data may be processed where necessary to organise and perform arrangements with a client, partner, or counterparty.
7.4. Compliance with Legal Obligations
We may process personal data where necessary to comply with applicable legal requirements.
7.5. Legitimate Interests
We may process personal data on the basis of legitimate interests for:
- developing and administering FORTISEC’s activities;
- maintaining business relationships;
- improving services;
- protecting information systems;
- preventing fraud;
- protecting FORTISEC’s rights;
- analysing the effectiveness of professional communications.
When relying on this legal basis, we consider the rights, interests, and freedoms of the data subject.
8. Email Newsletter
Subscription to FORTISEC’s marketing and informational newsletter is voluntary.
By subscribing, you agree to receive electronic communications at the address provided in the subscription form.
We may use the information you provide to:
- administer your subscription;
- send email communications;
- verify and record your consent;
- personalise professional content;
- analyse the effectiveness of communications;
- improve newsletter content;
- prevent erroneous or unauthorised subscriptions.
We do not sell subscriber lists or disclose them to third parties for those parties’ independent marketing purposes.
9. Use of SendPulse
FORTISEC uses SendPulse to create subscription forms, manage subscriber lists, automate communications, and send email newsletters.
When using SendPulse:
- FORTISEC determines the purposes of the newsletter;
- FORTISEC determines the categories of recipients;
- FORTISEC determines the content of communications;
- FORTISEC determines which personal data is used for the newsletter;
- SendPulse provides the technical infrastructure for list storage, automation, and message delivery;
- SendPulse may process personal data on behalf of FORTISEC as the provider of the relevant service.
The following data may be transferred to SendPulse:
- email address;
- first name;
- company name;
- job title;
- subscription date and source;
- subscription confirmation status;
- email delivery information;
- email open information;
- link click information;
- unsubscribe information;
- technical data required for operation of the service.
SendPulse may use third-party service providers and technical infrastructure in accordance with its own terms, policies, and data processing agreements.
You may review SendPulse’s official Data Processing Agreement at:
https://sendpulse.com/legal/processing
SendPulse’s general legal documents page is available at:
SendPulse’s Privacy Policy is available at:
https://sendpulse.com/legal/pp
FORTISEC does not control the content, update schedule, or availability of SendPulse documents. The current versions of those documents are determined and maintained by SendPulse.
10. Subscription Confirmation
Depending on the technical settings of the subscription form, we may use:
- single opt-in, where an address is added to the list once the form is submitted;
- double opt-in, where the user must additionally confirm the email address by following a link in a confirmation email.
FORTISEC may use double opt-in in order to:
- verify the accuracy of the email address;
- reduce the risk of unauthorised subscriptions;
- confirm the user’s interest;
- record evidence of consent;
- maintain an accurate and up-to-date subscriber list.
11. Email Analytics
Emails may contain technical identifiers, tracked links, or pixels that allow us to collect information about engagement with the newsletter.
We may receive information about:
- successful delivery;
- delivery failure;
- whether an email was opened;
- the time an email was opened;
- whether a link was clicked;
- the type of device used;
- the browser or email client used;
- whether the recipient unsubscribed.
This information may be used to:
- assess newsletter effectiveness;
- improve the content of communications;
- determine the relevance of materials;
- remove inactive or invalid email addresses;
- reduce the number of irrelevant communications.
Depending on the settings of the recipient’s email client, some of this information may not be collected or may be recorded inaccurately.
12. Unsubscribing
You may unsubscribe from FORTISEC’s marketing and informational emails at any time.
You may do so by:
- using the unsubscribe link included in an email;
- sending a request to info@fortisec.com.ua.
After you unsubscribe, your email address will be removed from the active marketing mailing list within the time reasonably required for technical and organisational processing.
FORTISEC may retain a minimal record of your opt-out in order to:
- demonstrate that consent was withdrawn;
- prevent the address from being added again without a new lawful basis;
- comply with legal requirements;
- protect FORTISEC in the event of claims.
Unsubscribing from marketing communications does not necessarily stop service-related communications that are required for:
- responding to your enquiry;
- performing business arrangements;
- providing technical support;
- maintaining security;
- complying with legal obligations.
13. Recommended Consent Wording for the Subscription Form
The following wording may be used in the subscription form:
“I consent to FORTISEC processing my personal data for the purpose of sending me news, technical materials, product information, and invitations to professional events by email in accordance with the Privacy Policy. I understand that I may withdraw my consent at any time by using the unsubscribe link in an email or by contacting FORTISEC.”
The consent checkbox for marketing communications:
- must not be pre-selected;
- must use clear and understandable wording;
- must contain a link to this Policy;
- must be separate from other terms where the form is used for purposes other than newsletter subscription.
Where a user submits an enquiry through a contact form, consent to receive marketing communications must be separate from the action used to submit the enquiry.
14. Cookies and Similar Technologies
The FORTISEC website may use cookies and similar technologies.
Cookies are small text files that may be stored on a user’s device when they visit the website.
Cookies may be used to:
- enable the website to function;
- maintain security;
- remember user preferences;
- analyse website traffic;
- identify technical errors;
- improve the website structure;
- evaluate the effectiveness of content and communications.
Cookies may include:
Strictly Necessary Cookies — required for the basic operation and security of the website.
Functional Cookies — used to remember user preferences.
Analytics Cookies — used to understand how users interact with the website.
Marketing Cookies — used to evaluate the effectiveness of marketing campaigns.
Non-essential cookies are used only where an appropriate legal basis exists and, where required, after obtaining the user’s consent.
Users may manage cookies through their browser settings or through the relevant tool on the website, where available.
Disabling certain cookies may affect the operation of some website features.
15. Disclosure of Personal Data to Third Parties
We may provide access to personal data only to persons and service providers that require such access for a defined purpose.
These recipients may include:
- SendPulse;
- hosting providers;
- cloud infrastructure providers;
- information system providers;
- IT contractors;
- cybersecurity service providers;
- consultants;
- auditors;
- service partners;
- public authorities, courts, or other authorised bodies where required by law.
Service providers may process personal data:
- in accordance with FORTISEC’s instructions;
- for the technical provision of the relevant service;
- as independent controllers where they independently determine the purposes and means of a particular processing activity in accordance with the law.
FORTISEC does not sell personal data.
FORTISEC does not disclose subscriber lists to third parties for those parties’ independent marketing activities.
16. International Transfers of Personal Data
Certain technology providers may store or process personal data outside Ukraine, the European Union, or the European Economic Area.
Where personal data is transferred to a country that has not been recognised as providing an adequate level of data protection, the following safeguards may be used:
- data processing agreements;
- standard contractual clauses;
- technical and organisational security measures;
- access restrictions;
- other mechanisms permitted by applicable law.
Information about SendPulse’s processing arrangements and international data transfers is available in SendPulse’s official agreement:
https://sendpulse.com/legal/processing
17. Personal Data Retention Periods
We retain personal data only for as long as necessary for the purposes for which it was collected, unless a longer period is required by law or is necessary to protect legal rights.
17.1. Subscriber Data
Subscriber data may be retained:
- until consent is withdrawn;
- until the subscriber unsubscribes;
- until the relevant newsletter is discontinued;
- until the data is no longer current;
- until the purpose for which the data was collected has been fulfilled.
After a subscriber opts out, minimal information may be retained on a suppression list to prevent the newsletter from being resumed without a new lawful basis.
17.2. Enquiries Submitted Through the Website or by Email
Data may be retained for as long as necessary to:
- provide a response;
- maintain business communications;
- prepare a proposal;
- defend against claims;
- comply with legal obligations.
17.3. Client and Partner Data
Data may be retained for the duration of the business relationship and, after it ends, for as long as necessary to:
- comply with legal requirements;
- demonstrate fulfilment of obligations;
- protect the rights and interests of the parties;
- address potential disputes.
17.4. Consent Records
Information evidencing the granting or withdrawal of consent may be retained after communications cease for as long as necessary to demonstrate compliance with legal requirements.
Once the applicable retention period expires, personal data is deleted, anonymised, or restricted in accordance with technical capabilities and legal requirements.
18. Personal Data Security
FORTISEC applies organisational and technical measures to protect personal data against:
- unauthorised access;
- unlawful use;
- accidental loss;
- destruction;
- alteration;
- disclosure;
- copying;
- other unlawful actions.
Such measures may include:
- access controls and role-based permissions;
- password protection;
- multi-factor authentication, where available;
- secure transmission of information;
- backups;
- software updates;
- anti-malware protection;
- access controls for employees and contractors;
- data minimisation;
- confidentiality agreements;
- incident response procedures;
- regular access reviews.
Despite the security measures applied, no method of transmitting or storing information can guarantee absolute security.
19. Security Incidents
If a personal data breach is identified, FORTISEC may:
- assess the nature and scope of the incident;
- restrict or stop unauthorised access;
- determine the potential consequences;
- document the incident;
- take steps to mitigate its effects;
- notify competent authorities or affected individuals where required by law;
- take measures to prevent recurrence.
20. Data Subject Rights
Depending on applicable law, you may have the right to:
- receive information about the processing of your personal data;
- learn the sources from which the data was obtained;
- learn the purposes of processing;
- obtain confirmation as to whether your personal data is being processed;
- access your personal data;
- receive a copy of your personal data;
- request correction of inaccurate or incomplete data;
- request deletion of personal data;
- request restriction of processing;
- object to processing;
- withdraw consent;
- request that marketing communications cease;
- receive personal data in a structured and machine-readable format where provided by law;
- lodge a complaint with a competent authority;
- seek judicial protection.
These rights are not absolute.
In certain circumstances, FORTISEC may continue to retain or process personal data where necessary to:
- comply with a legal obligation;
- protect legal rights;
- resolve a dispute;
- preserve evidence;
- maintain information security.
21. How to Exercise Your Rights
To exercise your rights or withdraw consent, send a request to:
Your request should preferably include:
- your first and last name;
- the email address to which the request relates;
- a description of the request;
- information that will help us locate the relevant data;
- your preferred method of receiving a response.
To protect personal data, we may ask you to provide information necessary to verify your identity.
We will not request more information than is necessary to verify and fulfil your request.
Your request will be handled within the period prescribed by applicable law.
22. Automated Processing and Segmentation
FORTISEC does not use solely automated decision-making that produces legal effects or similarly significant effects for an individual unless the user is expressly informed otherwise.
We may carry out limited subscriber segmentation based on:
- professional role;
- company;
- industry;
- stated interests;
- interaction with emails;
- participation in events;
- requests for specific materials.
Segmentation may be used to send more relevant professional content.
It is not used for discrimination, creditworthiness assessment, employment decisions, or other decisions that produce significant legal effects.
23. Children’s Personal Data
The FORTISEC website, products, services, and newsletters are intended for a professional B2B audience.
We do not knowingly collect personal data relating to children.
If you believe that a child has provided personal data to us without an appropriate legal basis, please contact us at:
After reviewing the request, we will take appropriate action.
24. Links to Third-Party Resources
The FORTISEC website and emails may contain links to third-party websites, platforms, or services.
FORTISEC does not control the content or personal data processing practices of third-party resources.
Before using any third-party resource, we recommend reviewing its privacy policy, terms of use, and other legal documents.
25. Changes to This Policy
FORTISEC may update this Policy from time to time due to:
- changes in applicable law;
- changes in data processing practices;
- the launch of new features;
- the use of new services;
- changes in service providers;
- improvements to information security measures.
The current version of the Policy is published on the FORTISEC website.
The date of the latest update is stated at the beginning of the document.
Where changes materially affect users’ rights or the way personal data is processed, FORTISEC may provide additional notice through the website or by email.
26. Complaints
If you believe that your personal data is being processed unlawfully, you may:
- contact FORTISEC;
- request that processing be stopped or restricted;
- withdraw your consent;
- lodge a complaint with the competent data protection authority;
- use any other remedies available under applicable law.
If you are located in the European Union or the European Economic Area, you may contact the relevant supervisory authority in the country of your habitual residence, place of work, or the place of the alleged infringement.
27. Contact Information
For questions regarding this Policy, the processing of personal data, withdrawal of consent, termination of email communications, or the exercise of your rights, please contact:
FORTISEC
Email: info@fortisec.com.ua
Telephone: +38 (044) 333-49-40
Address: Office 304–306, 11 Kurortna Street, Kyiv, 04075, Ukraine
Website: https://fortisec.com.ua/
28. Acknowledgement
By providing personal data through the FORTISEC website, you confirm that you have had the opportunity to review this Policy.
Where the processing of personal data requires separate consent, such consent will be requested before the relevant processing begins.
Subscription to marketing communications is voluntary and may be cancelled at any time.