top of page

Privacy Policy

Effective Date: August 4, 2025

At Beskar IT, we are committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our cybersecurity consulting services, including Vulnerability Assessment & Penetration Testing (VAPT), Secure Code Reviews, and other offerings. We adhere to the principles of the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable data protection laws.

​

1. Who We Are (Data Controller)

Beskar IT, located at [Your Company Address], is the data controller responsible for your personal data collected and processed under this Privacy Policy.

​

2. Types of Data We Collect

We may collect and process the following categories of personal data:

  • Contact Information: Name, job title, company name, email address, phone number, and postal address.

  • Professional Information: Details related to your role, company size, industry, and business needs.

  • Technical Data (during service delivery):

    • For VAPT: IP addresses, system configurations, network diagrams, application logs, and potentially sensitive data discovered during vulnerability assessments (which will be handled under strict confidentiality agreements and immediately remediated or securely deleted upon completion of the assessment).

    • For Secure Code Reviews: Source code (which may contain developer names, comments, or other potentially identifiable information), application architecture details, and development environment configurations.

    • General Security Assessments: Information about your IT infrastructure, security policies, and incident response procedures.

  • Communication Data: Records of our communications with you, including emails, meeting notes, and support inquiries.

  • Website Usage Data: Information about your interaction with our website (e.g., IP address, browser type, pages visited, time spent), collected via cookies and similar technologies (please refer to our Cookie Policy for more details).

​

3. How We Collect Your Data

We collect personal data through various methods:

  • Directly from You: When you contact us for inquiries, request a quote, sign up for our services, attend our seminars, or provide information during service delivery (e.g., during VAPT or Secure Code Reviews).

  • From Your Organization: Your employer or organization may provide us with your contact and professional information to facilitate our services.

  • From Publicly Available Sources: We may collect information from public business directories or professional networking sites.

  • Through Our Website: Via contact forms, subscription forms, and website analytics tools.

​

4. Legal Basis for Processing

We process your personal data based on the following legal bases under GDPR:

  • Performance of a Contract: To fulfill our contractual obligations with you or your organization, such as delivering VAPT, Secure Code Reviews, or other consulting services.

  • Legitimate Interests: To pursue our legitimate business interests, provided these do not override your fundamental rights and freedoms. This includes:

    • Communicating with you about our services.

    • Improving our services and developing new offerings.

    • Marketing our services to you (where consent is not required).

    • Ensuring the security of our systems and services.

    • Complying with legal obligations.

  • Legal Obligation: To comply with applicable laws, regulations, or legal processes (e.g., tax, accounting, or audit requirements).

  • Consent: Where required by law, we will obtain your explicit consent for specific processing activities (e.g., for certain marketing communications or processing of sensitive data). You have the right to withdraw your consent at any time.

​

5. How We Use Your Data

We use your personal data for the following purposes:

  • Service Delivery: To provide, manage, and deliver our cybersecurity consulting services, including VAPT, Secure Code Reviews, strategic advisory, incident response, and educational programs.

  • Communication: To respond to your inquiries, provide customer support, and send you service-related updates.

  • Business Operations: For internal record-keeping, billing, and administrative purposes.

  • Marketing & Business Development: To send you information about our services, events, and insights that may be of interest to you (you can opt-out at any time).

  • Service Improvement: To analyze and improve the quality, effectiveness, and security of our services and website.

  • Compliance & Legal: To comply with legal obligations, enforce our terms and conditions, and protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.

  • ​

6. Data Sharing and Disclosure

We may share your personal data with:

  • Service Providers: Third-party vendors and service providers who assist us in delivering our services (e.g., IT support, cloud hosting, payment processing). These providers are contractually bound to protect your data and only process it according to our instructions.

  • Affiliates: Other entities within the Beskar IT group, where necessary for internal administration and service delivery.

  • Legal & Regulatory Authorities: When required by law or legal process, or to protect our rights or the safety of others.

  • Business Transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets, your data may be transferred to the acquiring entity.

We do not sell your personal data to third parties.

​

7. International Data Transfers

As a global company, Beskar IT may transfer your personal data to countries outside of the European Economic Area (EEA) where data protection laws may differ. When we do so, we ensure appropriate safeguards are in place to protect your data, such as:

  • Transferring data to countries deemed to provide an adequate level of protection by the European Commission.

  • Using Standard Contractual Clauses (SCCs) approved by the European Commission.

  • Implementing other legally approved mechanisms.

​

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements.

​

9. Data Security

We implement robust technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. These measures include encryption, access controls, regular security assessments, and employee training. While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure.

​

10. Your Data Protection Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we hold about you.

  • Right to Rectification: Request correction of inaccurate or incomplete personal data.

  • Right to Erasure ("Right to be Forgotten"): Request the deletion of your personal data under certain circumstances.

  • Right to Restriction of Processing: Request that we limit the way we use your personal data.

  • Right to Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format, and have the right to transmit that data to another controller.

  • Right to Object: Object to the processing of your personal data, particularly where we are relying on legitimate interests or for direct marketing purposes.

  • Rights in Relation to Automated Decision-Making and Profiling: Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

  • ​

11. How to Exercise Your Rights

To exercise any of your rights, please contact us using the details provided below. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

​

12. Complaints

If you have concerns about our data processing practices, you have the right to lodge a complaint with a supervisory authority, particularly in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

​

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on our website with a new effective date. 

​

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Beskar IT One Tidal Basin Road, London UK

Email: support@beskarit.com 

bottom of page