AI and LLM Penetration Testing Services
Web Penetration Testing Services
Mobile Penetration Testing Services
API Penetration Testing Services
Internal Network Penetration Testing Services
External Network Penetration Testing Services
PCI DSS Penetration Testing Services
Red Teaming Services & Operations
Threat-Led Penetration Testing Services (TLPT)
loT Penetration Testing Services
Embedded Systems Penetration Testing Services
Cloud Penetration Testing Services
Container Penetration Testing Services
Threat modeling for agile teams
Managed application security
DevSecOps consultingPrivacy Policy
Effective date: 06 April, 2026.
1. Controller and Contact Details
This Privacy Policy explains how ITERASEC Sp. z o.o. (“we”, “us”, “our”) processes your personal data when you use our website https://iterasec.com (the “Website”).
Controller:
ITERASEC Sp. z o.o.
Tadeusza Rejtana 53a / 203
35-326 Rzeszów, Poland
Email: [email protected]
Representative: Ihor Kantor, Chairman of the Board
You can contact us directly using the details above for any data protection matters.
2. Categories of Data We Process
When you use our Website, we may process the following categories of data:
- Contact information: name, surname, email address (when you submit forms or communicate with us).
- Usage data: IP address, browser type and version, pages visited, time and date of visit, time spent on pages, referral URLs, and similar technical data.
- Cookies and similar technologies: identifiers stored on your device (see Section 6).
3. Purposes and Legal Bases of Processing
We process your personal data for the following purposes and based on the following legal grounds under the General Data Protection Regulation (GDPR):
| Purpose | Legal basis (GDPR) |
| To provide and maintain the Website | Art. 6(1)(b) – performance of a contract or steps prior to entering into a contract |
| To respond to your inquiries submitted via forms or email | Art. 6(1)(f) – legitimate interest in communicating with website visitors |
| To analyse and improve Website performance (with consent) | Art. 6(1)(a) – your consent |
| To ensure Website security and prevent misuse | Art. 6(1)(f) – legitimate interest in ensuring security |
| To comply with legal obligations | Art. 6(1)(c) – compliance with legal obligations |
You may withdraw your consent at any time (see Section 9).
4. Data Recipients and Third-Party Services
We share your personal data only when necessary for the purposes described above.
Third-party services used on this Website:
- Google Analytics (Google Ireland Ltd., Ireland)
- Purpose: website usage analysis
- Data: usage data, truncated IP address
- Legal basis: consent (Art. 6(1)(a) GDPR)
- Data may be transferred to the USA under Standard Contractual Clauses (SCC).
- Privacy policy: https://policies.google.com/privacy
- HubSpot (HubSpot, Inc., USA)
- Purpose: contact forms, chat, CRM, analytics
- Data: contact information, usage data
- Legal basis: consent (Art. 6(1)(a) GDPR) for tracking; legitimate interest (Art. 6(1)(f) GDPR) for processing inquiries
- Data may be transferred to the USA under Standard Contractual Clauses (SCC).
- Privacy policy: https://legal.hubspot.com/privacy-policy
We do not sell your personal data.
5. Data Transfers to Third Countries
If your personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
Currently, such transfers may occur when using Google Analytics and HubSpot, which may process data in the USA.
6. Cookies and Similar Technologies
We use cookies and similar technologies to ensure the proper functioning of our Website and, with your consent, for analytics purposes.
- Necessary cookies – required for the website to function and cannot be switched off.
- Analytics cookies – help us improve the Website by collecting anonymous usage data (only with your consent).
You can manage your cookie preferences through the cookie banner displayed when you first visit our Website, and change them at any time via the “Cookie Settings” link in the footer.
7. Data Retention
We retain your personal data only as long as necessary for the purposes described in this Policy:
- Contact form data: up to 12 months after the last communication.
- Analytics data: retention periods set by Google Analytics (up to 26 months).
- Cookie data: duration depends on the cookie type.
We may retain data longer if required by law.
8. Your Rights Under GDPR
You have the following rights regarding your personal data:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object to processing (Art. 21 GDPR)
- Right to withdraw consent (Art. 7(3) GDPR)
You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence or place of work. In Poland, this is the President of the Personal Data Protection Office (UODO).
9. Withdrawal of Consent
If we process your personal data based on consent, you can withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can adjust your cookie preferences at any time via the “Cookie Settings” link.
10. Security of Data
We take appropriate technical and organisational measures to protect your personal data. However, no transmission over the Internet can be guaranteed to be 100% secure.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Updates will be posted on this page with a new effective date. Significant changes may also be communicated via email if applicable.
Contact: