TruSecure Logo
LEGAL

Privacy Policy

Last updated: 17 July 2026 · Version 2.0

1. Controllers

For the processing of personal data described in this Policy, the controllers are:

Controller 1 — Romania

TRUSECURE S.R.L.

Registered office: Sat Bobu, Com. Scoarţa, Judeţ Gorj, Romania

Trade register: Nr. Reg. Com. J2024046859004

CUI: 50991058

VAT: RO50991058

Email: privacy@trusecure.co

Controller 2 — United Kingdom

Trusecure Ltd

Registered office: 65 London Wall, London, EC2M 5TU, England

Company Number: 15164704

Email: privacy@trusecure.co

The two entities act as joint controllers in respect of processing carried out through trusecure.co for marketing and contact-form purposes under Art. 26 GDPR and Art. 26 UK GDPR, with a Joint Controller Arrangement available on request setting out their respective responsibilities. TRUSECURE S.R.L. is the sole controller in respect of processing carried out within Resilience Fabric.

2. Scope

This Policy describes how the controllers process personal data in connection with:

  • the operation of the website trusecure.co;
  • the marketing, sale and provision of Resilience Fabric;
  • the Resilience Sprint consulting engagement.

Where the controller processes personal data on behalf of a customer inside Resilience Fabric, the customer is the controller and TruSecure is the processor. That processing is governed by the Data Processing Addendum, not this Policy.

3. Data Protection Officer

Neither controller is required by GDPR Art. 37 or UK GDPR Art. 37 to appoint a Data Protection Officer, as no processing carried out as a core activity involves either (a) large-scale processing of special categories of data under GDPR Art. 9, or (b) large-scale regular and systematic monitoring of data subjects. The contact in section 1 acts as the responsible person for data protection enquiries.

4. Data categories, purposes and legal bases

PurposeCategories of personal dataLegal basis under GDPR / UK GDPR Art. 6
Responding to your inquiry via the contact formName, email address, message contentArt. 6(1)(f) — legitimate interest in responding to enquiries
Customer account and contractual relationshipName, email address, employer, roleArt. 6(1)(b) — performance of a contract
Provision of Resilience FabricAccount data, Customer ContentArt. 6(1)(b) — performance of a contract
Invoicing and taxInvoicing dataArt. 6(1)(c) — legal obligation (Romanian tax law, UK tax law)
Direct marketing of similar services to existing customersName, email, employerArt. 6(1)(f) — legitimate interest; opt-out at any time
Newsletter subscriptionEmail addressArt. 6(1)(a) — consent
Security, fraud prevention, defence of claimsLog dataArt. 6(1)(f) — legitimate interest

5. Recipients — sub-processors

Recipients are listed in the Sub-processor List. They act as processors on the controllers' instructions, except where law requires otherwise.

6. International transfers

  • Within EU/EEA: no transfer mechanism required.
  • EU ↔ UK: transfers between Romania and the UK are covered by the EU Commission's adequacy decision (Implementing Decision (EU) 2021/1772, as renewed).
  • Transfers outside EU/EEA to any third country where TruSecure considers a sub-processor to process data: covered by the Standard Contractual Clauses (Decision (EU) 2021/914) supplemented by a Transfer Impact Assessment, or by UK IDTA Addendum for outbound UK transfers. None of the currently listed sub-processors is established outside the EEA.

7. Retention

Personal data is retained for as long as necessary for the purpose, taking into account applicable legal retention periods (e.g. Romanian accounting law requires retention of invoicing data for 10 years). Detailed retention windows are documented in the controllers' internal register of processing activities under GDPR Art. 30.

8. Your rights

Subject to the conditions in GDPR Art. 12–22 (or UK GDPR Art. 12–22 for data of UK data subjects), you have the right to:

  • access your personal data (Art. 15);
  • rectify inaccurate personal data (Art. 16);
  • erase your personal data (Art. 17);
  • restrict processing (Art. 18);
  • receive your personal data in a portable format (Art. 20);
  • object to processing based on Art. 6(1)(e) or (f) (Art. 21).

You may withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.

To exercise these rights, contact privacy@trusecure.co. The controllers will respond within one month, extendable by two further months for complex requests under Art. 12(3).

9. Right to lodge a complaint

Without prejudice to any other remedy, you have the right to lodge a complaint with the supervisory authority for your habitual residence, place of work, or place of the alleged infringement. For Romania this is the Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP). For the United Kingdom this is the Information Commissioner's Office (ICO). The relevant supervisory authority depends on the data subject's location.

10. Cookies

Information on cookies is in the Cookie Policy.

11. Automated decision-making

The controllers do not make automated decisions producing legal effects on natural persons in the context of this Website. Service-level automated processing is described in the AI Transparency Statement.

12. Changes

Material changes are notified by email where you have an active customer relationship, and otherwise by an updated "Last updated" date and a changelog at the foot of this page.

13. Versioning

This Policy is at Version 2.0. Earlier versions are archived on request.