Privacy Policy

**Privacy Policy**
This Privacy Policy was last updated on 8 October 2023.

**Who we are**
The purpose of this Privacy Policy is to describe how Serpent IT Solutions SRL (“Serpent IT Solutions,” “we,” “us,” or “our”) collects, uses, and shares information about you through our online interfaces (e.g., websites and mobile applications) owned and controlled by us, including www.serpentcybersec.com (collectively referred to herein as the “Site”). Please read this notice carefully to understand what we do. If you do not understand any aspects of our Privacy Policy, please feel free to contact us at contact@serpentcybersec.com.

Serpent IT Solutions SRL is a Romanian limited liability company headquartered in Râmnicu Vâlcea.

**What categories of personal data we collect and why we collect them**
The personal data that we process may include:

– **Contact information** (including when you fill in the Site contact form): This includes your name, position/role/job title, company or organization, email address, and postal address.
– **Business information**: Data identifying you in relation to matters on which you instruct us or in which you are involved.
– **Recruitment data**: In the context of the recruitment process, you may send us your contact details and other information contained in your job application, curriculum vitae, and cover letter, as well as any references provided or obtained, for processing your application and for general recruitment and selection purposes.
– **Office visit details**: Information related to your visits to our offices for security purposes or other details on how you interact with us.
– **Event data**: Attendance at and provision of feedback forms related to our events.
– **Supplier data**: Contact details and other information about you or your company or organization where you provide services to us.
– **Social Media data**: Posts, likes, tweets, and other interactions with our social media presence.
– **Website browsing data**: Data resulting from your browsing on our Site, collected via cookies according to our Cookies Policy and technology services, including IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system, etc.
– **Online data**: When you access this Site and our technology services, information about your visit, including URL clickstream to, through, and from our website (including date and time), information about your network such as information about devices, nodes, configurations, connection speeds, and network application performance; pages viewed or searched for, page response times, download errors, length of visits, interaction information (such as scrolling, clicks, mouse-overs), and whether you click on particular links or open our emails.
– **Embedded content from other websites**: Articles on this site may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.
– **Analytics**: We may use analytics to better understand how users interact with our website to improve their experience.

**Purposes for processing your personal data**
We may use your personal data for the following purposes:

– **Providing professional services**: Including penetration testing services, code review, start-up security essentials, social engineering, blockchain security, incident response & CSIRT, managed security services, cybersecurity consultancy, trainings & cybersecurity awareness, and responsible disclosure programs.
– **Business and contractual relationship**: Managing our relationship with you, your company, or organization, including keeping records about business contacts and the work we have carried out for you (or the company on behalf of which you instruct us), services, and payments so we can customize our offering for you, develop our relationship, and target our marketing and promotional campaigns.
– **Communication**: Sending emails, newsletters, and other electronic marketing materials related to cybersecurity news, market insights, and our services; inviting you to training sessions or other events hosted by us or in cooperation with us.
– **Client surveys and feedback**: Including events feedback and client listening exercises, as well as addressing issues and concerns that may arise.
– **Complying with our legal obligations**: Client due diligence (such as anti-money laundering and anti-terrorism financing obligations), obligations of reporting to the tax authorities, sanctions screening, and other crime prevention and detection laws and regulatory requirements. This may include automated checks of personal data you provide about your identity against relevant databases and contacting you to confirm your identity or making records of our communications with you for compliance purposes.
– **Website monitoring**: Ensuring the website and our other technology services are used appropriately and optimizing their functionality.
– **Online security**: Protecting our information assets and technology platforms from unauthorized access or usage and monitoring for malware and other security threats.
– **Site security**: Providing security to our offices (normally collecting your name and contact details upon entry to our buildings).
– **Legitimate interest**: Pursuing legitimate business interests such as monitoring the CCTV system in our offices.

**Legal basis for data processing**
Your personal data may be processed using the following legal grounds:

– The personal data you voluntarily provide to us via this Website (newsletter, careers, contact sections, testimonials) are processed based on explicit consent.
– The data is necessary for us to perform an agreement with you or your organization to provide our services.
– Compliance with our legal obligations as well as to keep records of our compliance processes or tax records.
– Processing is necessary for our legitimate interests or those of a third party, provided that those interests are not overridden by your interests or fundamental rights and freedoms.
– We have your explicit consent for the particular processing.
– It is necessary to protect your vital interests or those of another person (for example, in medical emergencies).
– You have made the data public (e.g., where you have published it on social media).
– It is necessary for substantial public interest (e.g., to prevent or detect unlawful acts).
– As permitted by applicable law, outside the EU and other jurisdictions where these restrictions apply.

We have legitimate business interests in:

– Providing our services.
– Managing our business and relationship with you or your company or organization.
– Understanding and responding to inquiries, client stories, feedback, and testimonials.
– Understanding how our clients use our services and website.
– Identifying what our clients want and developing our relationship with you, your company, or organization.
– Improving our services and offerings.
– Enforcing our terms of engagement, website, and other terms and conditions.
– Ensuring our systems and premises are secure.
– Managing our supply chain.
– Developing relationships with business partners.
– Operating suppressors to exclude you from direct marketing if you unsubscribe.
– Sharing data in connection with acquisitions and transfers of our business.

**Who we share your data with**

Ready to secure your business?

Contact us today for a cybersecurity assessment and consultation.