UA|EN

Privacy and Personal Data Processing Policy

Effective Date: 10 July 2026 Last Updated: 10 July 2026

1. General Provisions

FORTISEC, hereinafter referred to as “FORTISEC”, the “Company”, “we”, “us”, or “our”, respects every individual’s right to privacy and is committed to protecting personal data responsibly.

This Privacy and Personal Data Processing Policy, hereinafter referred to as the “Policy”, explains:

This Policy applies to users of the FORTISEC website, email newsletter subscribers, representatives of clients and partners, prospective clients, event participants, and other individuals who interact with us through the website, email, telephone, contact forms, or other communication channels.

We process personal data in accordance with the laws of Ukraine governing personal data protection and, where applicable, Regulation (EU) 2016/679 of the European Parliament and of the Council — the General Data Protection Regulation, or GDPR.

2. Personal Data Controller

For the purposes of this Policy, FORTISEC acts as the controller of personal data because it determines the purposes and means of processing.

Controller contact details:

FORTISEC

Email: info@fortisec.com.ua

Telephone: +38 (044) 333-49-40

Address: Office 304–306, 11 Kurortna Street, Kyiv, 04075, Ukraine

Website: https://fortisec.com.ua/

3. Key Definitions

For the purposes of this Policy, the following terms have the meanings set out below.

Personal Data means any information relating to an identified or identifiable natural person.

Processing of Personal Data means any operation or set of operations performed on personal data, including collection, recording, organisation, storage, use, alteration, disclosure, restriction, or deletion.

Personal Data Controller means a person or organisation that determines the purposes and means of processing personal data.

Personal Data Processor means a person, company, or service provider that processes personal data on behalf of the controller.

Data Subject means the natural person to whom the personal data relates.

Consent means any freely given, specific, informed, and unambiguous indication of a person’s wishes regarding the processing of their personal data.

4. Personal Data We May Collect

The amount and type of personal data we collect depends on how you interact with FORTISEC.

4.1. Contact Details

We may collect:

4.2. Professional and Corporate Information

In the course of business interactions, we may process:

4.3. Information You Provide During Communications

We may process:

Please do not submit passwords, payment details, state secrets, special categories of personal data, confidential technical documentation, or any other restricted information through general website forms without prior agreement with FORTISEC.

4.4. Technical Data

When you use the website, the following information may be collected automatically:

4.5. Newsletter Subscription Data

If you subscribe to the FORTISEC email newsletter, we may process:

5. How We Obtain Personal Data

We may obtain personal data:

The fact that an individual’s contact details are publicly available does not automatically constitute consent to include that person in a marketing mailing list.

6. Purposes of Personal Data Processing

We may use personal data for the following purposes.

6.1. Responding to Enquiries and Providing Consultations

6.2. Business and Contractual Interaction

6.3. Email Communications

Where we have an appropriate legal basis, we may send:

6.4. Improving the Website and Communications

6.5. Information Security

6.6. Compliance with Legal Requirements

7. Legal Bases for Processing

Depending on the circumstances, personal data may be processed on one or more of the following legal bases.

7.1. Consent

We may process personal data on the basis of your freely given consent, including for the purpose of sending marketing and informational emails.

You have the right to withdraw your consent at any time.

Withdrawal of consent does not affect the lawfulness of processing carried out before the consent was withdrawn.

7.2. Taking Steps Before Entering into a Business Relationship

Processing may be necessary for:

7.3. Performance of Contractual Obligations

Personal data may be processed where necessary to organise and perform arrangements with a client, partner, or counterparty.

7.4. Compliance with Legal Obligations

We may process personal data where necessary to comply with applicable legal requirements.

7.5. Legitimate Interests

We may process personal data on the basis of legitimate interests for:

When relying on this legal basis, we consider the rights, interests, and freedoms of the data subject.

8. Email Newsletter

Subscription to FORTISEC’s marketing and informational newsletter is voluntary.

By subscribing, you agree to receive electronic communications at the address provided in the subscription form.

We may use the information you provide to:

We do not sell subscriber lists or disclose them to third parties for those parties’ independent marketing purposes.

9. Use of SendPulse

FORTISEC uses SendPulse to create subscription forms, manage subscriber lists, automate communications, and send email newsletters.

When using SendPulse:

The following data may be transferred to SendPulse:

SendPulse may use third-party service providers and technical infrastructure in accordance with its own terms, policies, and data processing agreements.

You may review SendPulse’s official Data Processing Agreement at:

https://sendpulse.com/legal/processing

SendPulse’s general legal documents page is available at:

https://sendpulse.com/legal

SendPulse’s Privacy Policy is available at:

https://sendpulse.com/legal/pp

FORTISEC does not control the content, update schedule, or availability of SendPulse documents. The current versions of those documents are determined and maintained by SendPulse.

10. Subscription Confirmation

Depending on the technical settings of the subscription form, we may use:

FORTISEC may use double opt-in in order to:

11. Email Analytics

Emails may contain technical identifiers, tracked links, or pixels that allow us to collect information about engagement with the newsletter.

We may receive information about:

This information may be used to:

Depending on the settings of the recipient’s email client, some of this information may not be collected or may be recorded inaccurately.

12. Unsubscribing

You may unsubscribe from FORTISEC’s marketing and informational emails at any time.

You may do so by:

After you unsubscribe, your email address will be removed from the active marketing mailing list within the time reasonably required for technical and organisational processing.

FORTISEC may retain a minimal record of your opt-out in order to:

Unsubscribing from marketing communications does not necessarily stop service-related communications that are required for:

13. Recommended Consent Wording for the Subscription Form

The following wording may be used in the subscription form:

“I consent to FORTISEC processing my personal data for the purpose of sending me news, technical materials, product information, and invitations to professional events by email in accordance with the Privacy Policy. I understand that I may withdraw my consent at any time by using the unsubscribe link in an email or by contacting FORTISEC.”

The consent checkbox for marketing communications:

Where a user submits an enquiry through a contact form, consent to receive marketing communications must be separate from the action used to submit the enquiry.

14. Cookies and Similar Technologies

The FORTISEC website may use cookies and similar technologies.

Cookies are small text files that may be stored on a user’s device when they visit the website.

Cookies may be used to:

Cookies may include:

Strictly Necessary Cookies — required for the basic operation and security of the website.

Functional Cookies — used to remember user preferences.

Analytics Cookies — used to understand how users interact with the website.

Marketing Cookies — used to evaluate the effectiveness of marketing campaigns.

Non-essential cookies are used only where an appropriate legal basis exists and, where required, after obtaining the user’s consent.

Users may manage cookies through their browser settings or through the relevant tool on the website, where available.

Disabling certain cookies may affect the operation of some website features.

15. Disclosure of Personal Data to Third Parties

We may provide access to personal data only to persons and service providers that require such access for a defined purpose.

These recipients may include:

Service providers may process personal data:

FORTISEC does not sell personal data.

FORTISEC does not disclose subscriber lists to third parties for those parties’ independent marketing activities.

16. International Transfers of Personal Data

Certain technology providers may store or process personal data outside Ukraine, the European Union, or the European Economic Area.

Where personal data is transferred to a country that has not been recognised as providing an adequate level of data protection, the following safeguards may be used:

Information about SendPulse’s processing arrangements and international data transfers is available in SendPulse’s official agreement:

https://sendpulse.com/legal/processing

17. Personal Data Retention Periods

We retain personal data only for as long as necessary for the purposes for which it was collected, unless a longer period is required by law or is necessary to protect legal rights.

17.1. Subscriber Data

Subscriber data may be retained:

After a subscriber opts out, minimal information may be retained on a suppression list to prevent the newsletter from being resumed without a new lawful basis.

17.2. Enquiries Submitted Through the Website or by Email

Data may be retained for as long as necessary to:

17.3. Client and Partner Data

Data may be retained for the duration of the business relationship and, after it ends, for as long as necessary to:

17.4. Consent Records

Information evidencing the granting or withdrawal of consent may be retained after communications cease for as long as necessary to demonstrate compliance with legal requirements.

Once the applicable retention period expires, personal data is deleted, anonymised, or restricted in accordance with technical capabilities and legal requirements.

18. Personal Data Security

FORTISEC applies organisational and technical measures to protect personal data against:

Such measures may include:

Despite the security measures applied, no method of transmitting or storing information can guarantee absolute security.

19. Security Incidents

If a personal data breach is identified, FORTISEC may:

20. Data Subject Rights

Depending on applicable law, you may have the right to:

These rights are not absolute.

In certain circumstances, FORTISEC may continue to retain or process personal data where necessary to:

21. How to Exercise Your Rights

To exercise your rights or withdraw consent, send a request to:

info@fortisec.com.ua

Your request should preferably include:

To protect personal data, we may ask you to provide information necessary to verify your identity.

We will not request more information than is necessary to verify and fulfil your request.

Your request will be handled within the period prescribed by applicable law.

22. Automated Processing and Segmentation

FORTISEC does not use solely automated decision-making that produces legal effects or similarly significant effects for an individual unless the user is expressly informed otherwise.

We may carry out limited subscriber segmentation based on:

Segmentation may be used to send more relevant professional content.

It is not used for discrimination, creditworthiness assessment, employment decisions, or other decisions that produce significant legal effects.

23. Children’s Personal Data

The FORTISEC website, products, services, and newsletters are intended for a professional B2B audience.

We do not knowingly collect personal data relating to children.

If you believe that a child has provided personal data to us without an appropriate legal basis, please contact us at:

info@fortisec.com.ua

After reviewing the request, we will take appropriate action.

24. Links to Third-Party Resources

The FORTISEC website and emails may contain links to third-party websites, platforms, or services.

FORTISEC does not control the content or personal data processing practices of third-party resources.

Before using any third-party resource, we recommend reviewing its privacy policy, terms of use, and other legal documents.

25. Changes to This Policy

FORTISEC may update this Policy from time to time due to:

The current version of the Policy is published on the FORTISEC website.

The date of the latest update is stated at the beginning of the document.

Where changes materially affect users’ rights or the way personal data is processed, FORTISEC may provide additional notice through the website or by email.

26. Complaints

If you believe that your personal data is being processed unlawfully, you may:

If you are located in the European Union or the European Economic Area, you may contact the relevant supervisory authority in the country of your habitual residence, place of work, or the place of the alleged infringement.

27. Contact Information

For questions regarding this Policy, the processing of personal data, withdrawal of consent, termination of email communications, or the exercise of your rights, please contact:

FORTISEC

Email: info@fortisec.com.ua

Telephone: +38 (044) 333-49-40

Address: Office 304–306, 11 Kurortna Street, Kyiv, 04075, Ukraine

Website: https://fortisec.com.ua/

28. Acknowledgement

By providing personal data through the FORTISEC website, you confirm that you have had the opportunity to review this Policy.

Where the processing of personal data requires separate consent, such consent will be requested before the relevant processing begins.

Subscription to marketing communications is voluntary and may be cancelled at any time.