PRIVACY POLICY
Last updated April 23, 2026
Introduction
This Privacy Notice for Barbican SAS (doing business as Netsec) (“we”, “us”, or “our”), describes how and why we might access, collect, store, use, and/or share (“process”) your personal information when you use our services (“Services”), including when you:
- Visit our website at https://netsec.it or any website of ours that links to this Privacy Notice
- Contact us by email, book a discovery call, or engage with us in other related ways, including any sales, marketing, or events
Scope. This Privacy Notice covers the website netsec.it and the related business interactions described above. When we deliver professional services to a customer under contract (for example, managed security or incident response), we act as a data processoron that customer's behalf and the customer's own privacy notice and data processing agreement govern that activity — not this document.
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at privacy@netsec.it.
SUMMARY OF KEY POINTS
This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.
- What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us.
- Do we process any sensitive personal information? Some of the information may be considered “special” or “sensitive” in certain jurisdictions, for example your racial or ethnic origins, sexual orientation, and religious beliefs. We do not process sensitive personal information.
- Do we collect any information from third parties? We do not collect any information from third parties.
- How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your prior explicit consent.
- In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties. Learn more about when and with whom we share your personal information.
- How do we keep your information safe? We have adequate organisational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Learn more about how we keep your information safe.
- What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights.
- How do you exercise your rights? The easiest way to exercise your rights is by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.
Want to learn more about what we do with any information we collect? Review the Privacy Notice in full.
1. WHAT INFORMATION DO WE COLLECT?
Personal information you disclose to us
In Short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide to us when you express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.
Sensitive Information. We do not process sensitive information.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
Information automatically collected
In Short:Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.
We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is needed to maintain the security and operation of our Services, to generate request/error logs, and to diagnose abuse. We do not run website analytics or audience-measurement products today.
Like many businesses, we also collect information through cookies and similar technologies.
The information we collect includes:
- Log and Usage Data.Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called 'crash dumps'), and hardware settings).
- Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
2. HOW DO WE PROCESS YOUR INFORMATION?
In Short: We process your information to respond to enquiries and discovery-call requests, to operate and secure the Website, to honour your cookie consent choice, and to comply with our legal obligations. We may also process your information for other purposes only with your prior explicit consent.
We process your personal information for the following purposes, depending on how you interact with our Services:
- To respond to your enquiries and requests. If you email us, write to us, or book a discovery call via our scheduling link, we process the contact and message data you provide so we can reply and, where appropriate, scope and propose professional services.
- To operate and secure the Website. We process request metadata (IP address, user-agent, requested URL, timestamps) in server logs to serve pages, prevent abuse, rate limit, block malicious traffic at the edge, investigate security incidents, and keep the Website available.
- To manage cookie consent. We process the strictly-necessary record produced by our consent manager so that we can evidence your choice and avoid re-prompting you on every visit. See the Cookie Policy.
- To comply with legal obligations.We process personal information where we are required to do so by applicable law — for example, to keep accounting records, answer lawful requests from public authorities, or respond to rights requests under GDPR, UK GDPR, or US state privacy laws.
- To establish, exercise, or defend legal claims. We may retain and use correspondence and logs as necessary to protect our legitimate interests in legal proceedings.
- To save or protect an individual's vital interest. In rare circumstances, we may process information when necessary to prevent harm to a person.
3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?
In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e. legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfil our contractual obligations, to protect your rights, or to fulfil our legitimate business interests.
If you are located in the EU or UK, this section applies to you.
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:
- Consent (Art. 6(1)(a)). We rely on your consent to set any cookie that is not strictly necessary, and for any processing activity for which we specifically ask for your permission. You can withdraw your consent at any time by deleting the
CookieConsentcookie or by emailing us — this will not affect the lawfulness of processing carried out before withdrawal. - Performance of a contract or pre-contractual steps (Art. 6(1)(b)). When you email us, contact our sales team, or book a discovery call, we process the information you share in order to respond to your enquiry and, where applicable, to take steps at your request before entering into a contract or to perform a contract with you.
- Legitimate Interests (Art. 6(1)(f)).We rely on our legitimate interests — balanced against your rights and freedoms — to (i) keep the Website available and secure, including by processing request and error logs, (ii) prevent, detect, and investigate fraud and abuse, (iii) respond to unsolicited business enquiries sent to our general inboxes, and (iv) establish, exercise, or defend legal claims. You can object to processing based on legitimate interests at any time.
- Legal Obligations (Art. 6(1)(c)). We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or answer rights requests under applicable data protection laws.
- Vital Interests (Art. 6(1)(d)). In rare cases, we may process your information where necessary to protect your vital interests or those of another person, such as where there is a credible threat to safety.
We do not rely on Article 6(1)(e) (public task) and we do not process special-category data (Article 9) through this Website.
In legal terms, Barbican SAS is the data controller under the GDPR and UK GDPR for the personal information described in this Privacy Notice, since we determine the means and purposes of the processing. This Privacy Notice does not apply to the personal information we process as a data processoron behalf of our customers under a professional services engagement — in those situations, our customer is the data controller, the processing is governed by a data processing agreement between us, and our customer's own privacy notice applies. If you want to know more about our customers' privacy practices, please contact them directly.
If you are located in Canada, this section applies to you.
We may process your information if you have given us specific permission (i.e. express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e. implied consent). You can withdraw your consent at any time.
In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:
- If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way
- For investigations and fraud detection and prevention
- For business transactions provided certain conditions are met
- If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim
- For identifying injured, ill, or deceased persons and communicating with next of kin
- If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse
- If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province
- If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records
- If it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced
- If the collection is solely for journalistic, artistic, or literary purposes
- If the information is publicly available and is specified by the regulations
- We may disclose de-identified information for approved research or statistics projects, subject to ethics oversight and confidentiality commitments
4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
In Short: We do not sell or rent your personal information. We share it only with the service providers that help us operate the Website, when we are legally required to do so, or in connection with a corporate transaction.
Service providers (processors)
We rely on the following categories of service providers, each of which acts on our behalf under a written contract that includes GDPR Article 28 obligations:
| Provider | Role | Location |
|---|---|---|
| Cloudflare, Inc. | Hosting, CDN, DDoS protection, Workers runtime, image optimisation, and observability logs for netsec.it. | United States (global edge network) |
| Cybot A/S (Cookiebot, part of Usercentrics A/S) | Cookie consent management banner and consent record. | Denmark / Germany (European Union) |
Independent third parties
When you click the “Book a call” link, you are taken to Calendly (operated by Calendly LLC), which runs its own booking service and processes the information you submit there (name, email, chosen time, any notes) as an independent data controller under its own privacy policy. We receive the booking details only after you complete the form.
Similarly, our social-media profiles are hosted by LinkedIn and GitHub; any interaction on those platforms is governed by their own privacy policies.
Other situations
- Legal requirements.We may disclose information where we are legally obliged to do so — for example, in response to a lawful request from a public authority, a court order, or a regulatory investigation.
- Protection of rights. We may disclose information where necessary to protect our legal rights, the safety of our staff, or the security of our Services.
- Business transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business. You will be notified of any such change of control before your personal information becomes subject to a different privacy notice.
International data transfers
Barbican SAS is established in France. Some of our service providers listed above are located outside the European Economic Area (EEA) — in particular, Cloudflare, Inc. and Calendly LLC are headquartered in the United States. Where your personal information is transferred outside the EEA, the UK, or Switzerland to a country that the European Commission has not deemed to offer an adequate level of protection, we rely on appropriate safeguards under Article 46 of the GDPR, namely:
- The EU–US Data Privacy Framework where the recipient is certified under it (Cloudflare, Inc. and Calendly LLC are DPF-certified), and/or
- The European Commission's Standard Contractual Clauses (Module 2: controller-to-processor) as supplemented by a transfer impact assessment and, where necessary, additional technical measures such as TLS in transit and encryption at rest.
You may request a copy of the safeguards in place for a specific transfer by writing to privacy@netsec.it.
5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
In Short: We use a single strictly-necessary cookie to remember your cookie-consent choice, plus a local storage entry that remembers your light/dark theme. We do not run analytics, marketing, or advertising trackers on this Website.
Today, the only cookie set by this Website is the first-party CookieConsent cookie produced by our consent manager (Cookiebot) so that your choice persists across visits. We also store a themevalue in your browser's localStorage so that the site does not flash when it loads; this value never leaves your device.
We do not currently use web beacons, tracking pixels, session-replay, cross-site advertising trackers, or any other technology that would constitute a “sale” or “sharing” of personal information under US state privacy laws, and we do not allow third parties to serve targeted advertising on this Website. If that ever changes, we will update this Privacy Notice and the Cookie Policy and seek your consent before loading any such technology.
For the full, up-to-date list of cookies and similar technologies — including the provider, purpose, category, and duration of each — see our Cookie Policy. You can change or withdraw your consent at any time by deleting the CookieConsent cookie in your browser and reloading the page, which will re-display the banner.
6. HOW LONG DO WE KEEP YOUR INFORMATION?
In Short: We keep your information only for as long as necessary for the purpose it was collected, then delete or anonymise it. Specific retention periods are listed below.
The following retention periods apply to the personal information processed via this Website. Where a longer period is required or permitted by law (for example, French commercial record-keeping obligations), that longer period prevails.
| Category | Retention period |
|---|---|
| Server request / error logs at our hosting provider (IP, user-agent, URL, timestamp) | Up to 30 days, then deleted |
Email correspondence sent to privacy@netsec.it or info@netsec.it | Up to 3 years after the last substantive exchange, in line with the French commercial limitation period |
| Records required for accounting, tax, or other statutory purposes | 10 years from the end of the relevant financial year, as required by French law |
Cookie-consent record (CookieConsent) | 12 months, then the banner is shown again |
Theme preference (localStorage) | Until you clear site data in your browser |
When we have no ongoing legal or legitimate business need to process your personal information, we will either delete or anonymise it. Where deletion is not immediately possible (for example, because information has been committed to backup archives), we will securely store the information and isolate it from any further processing until deletion is possible.
7. HOW DO WE KEEP YOUR INFORMATION SAFE?
In Short: We apply industry-standard technical and organisational measures to protect the limited personal information processed through this Website.
Concretely, for the Website itself we:
- Serve all traffic over TLS 1.2 or higher and set HSTS with preload so browsers refuse to connect over unencrypted HTTP.
- Apply a strict Content Security Policy, including
frame-ancestors 'none'to prevent click-jacking, and additional security response headers (Referrer-Policy, X-Content-Type-Options, Permissions-Policy, Cross-Origin-Opener-Policy, Cross-Origin-Resource-Policy). - Ship a fully static, server-rendered site — there is no application database, no user accounts, and no authenticated session state on the website to compromise.
- Benefit from our hosting provider's edge protections (TLS termination, DDoS mitigation, WAF, bot management, and rate limiting) and enforce SSRF hardening on outbound traffic.
- Restrict deployment access to named administrators with hardware-backed multi-factor authentication and maintain an auditable CI/CD pipeline.
- Keep dependencies under strict supply-chain controls, including a lockfile-only install policy and a minimum release-age on new package versions.
Despite these safeguards, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security. Transmission of personal information to and from our Services is at your own risk, and you should only access the Services within a secure environment.
8. DO WE COLLECT INFORMATION FROM MINORS?
In Short: Netsec sells security services to businesses, not to consumers. We do not knowingly collect data from or market to children.
The Website is directed at business audiences and is not intended for children under 16 (or the equivalent age as specified by law in your jurisdiction). We do not knowingly collect personal information from children, and we do not knowingly sell such information. If we learn that we have inadvertently received personal information from a child, we will take reasonable measures to delete it promptly from our records. If you believe we may hold information about a child, please email us at privacy@netsec.it and we will act on your request.
9. WHAT ARE YOUR PRIVACY RIGHTS?
In Short: Depending on your state of residence in the US or in some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time, depending on your country, province, or state of residence.
In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure, (iii) to restrict the processing of your personal information, (iv) where applicable, to data portability, and (v) to object to processing based on legitimate interests. You can make such a request by contacting us using the contact details provided in the section HOW CAN YOU CONTACT US ABOUT THIS NOTICE? below.
Automated decision-making and profiling (GDPR Art. 22). Netsec does not make any decisions about you by solely automated means and does not perform profiling that produces legal or similarly significant effects concerning you.
We will consider and act upon any request in accordance with applicable data protection laws, and will respond within one month as required by GDPR Art. 12 (extendable by two further months for complex requests).
If you are located in the EEA and you believe we are unlawfully processing your personal information, you have the right to lodge a complaint with the supervisory authority in your Member State of residence, place of work, or the place of the alleged infringement. Because Barbican SAS is established in France, our lead supervisory authority is the Commission Nationale de l'Informatique et des Libertés (CNIL). If you are located in the United Kingdom, you may complain to the Information Commissioner's Office (ICO). If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner (FDPIC).
Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in the section HOW CAN YOU CONTACT US ABOUT THIS NOTICE? below.
However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services.
If you have questions or comments about your privacy rights, you may email us at privacy@netsec.it.
10. CONTROLS FOR DO-NOT-TRACK FEATURES
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice.
California law requires us to let you know how we respond to web browser DNT signals. Because there currently is not an industry or legal standard for recognising or honouring DNT signals, we do not respond to them at this time.
11. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
In Short: If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have the right to request access to and receive details about the personal information we maintain about you and how we have processed it, correct inaccuracies, get a copy of, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. More information is provided below.
Categories of Personal Information We Collect
The table below shows the categories of personal information we have collected in the past twelve (12) months, using the categories defined under California's CPRA and similar laws. For a comprehensive inventory of all personal information we process, please refer to the section 'WHAT INFORMATION DO WE COLLECT?'
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers | Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name | YES — IP address in server logs; name and email if you contact us |
| B. Personal information as defined in the California Customer Records statute | Name, contact information, education, employment, employment history, and financial information | NO |
| C. Protected classification characteristics under state or federal law | Gender, age, date of birth, race and ethnicity, national origin, marital status, and other demographic data | NO |
| D. Commercial information | Transaction information, purchase history, financial details, and payment information | NO |
| E. Biometric information | Fingerprints and voiceprints | NO |
| F. Internet or other similar network activity | Browsing history, search history, online behaviour, interest data, and interactions with our and other websites, applications, systems, and advertisements | YES — pages requested, timestamps, referrer, and user-agent in server logs only; no cross-site or behavioural tracking |
| G. Geolocation data | Device location | NO |
| H. Audio, electronic, sensory, or similar information | Images and audio, video or call recordings created in connection with our business activities | NO |
| I. Professional or employment-related information | Business contact details in order to provide you our Services at a business level or job title, work history, and professional qualifications if you apply for a job with us | NO |
| J. Education Information | Student records and directory information | NO |
| K. Inferences drawn from collected personal information | Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual's preferences and characteristics | NO |
| L. Sensitive personal Information | NO |
We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:
- Receiving help through our customer support channels;
- Participation in customer surveys or contests; and
- Facilitation in the delivery of our Services and to respond to your inquiries.
Sources of Personal Information
Learn more about the sources of personal information we collect in WHAT INFORMATION DO WE COLLECT?
How We Use and Share Personal Information
Learn more about how we use your personal information in the section HOW DO WE PROCESS YOUR INFORMATION?
Will your information be shared with anyone else?
We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Learn more about how we disclose personal information to in the section WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be 'selling' of your personal information.
We have not disclosed, sold, or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. We will not sell or share personal information in the future belonging to website visitors, users, and other consumers.
Your Rights
You have rights under certain US state data protection laws. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law. These rights include:
- Right to know whether or not we are processing your personal data
- Right to access your personal data
- Right to correct inaccuracies in your personal data
- Right to request the deletion of your personal data
- Right to obtain a copy of the personal data you previously shared with us
- Right to non-discrimination for exercising your rights
- Right to opt out of the processing of your personal data if it is used for targeted advertising (or sharing as defined under California's privacy law), the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects (“profiling”)
Depending upon the state where you live, you may also have the following rights:
- Right to access the categories of personal data being processed (as permitted by applicable law, including the privacy law in Minnesota)
- Right to obtain a list of the categories of third parties to which we have disclosed personal data (as permitted by applicable law, including the privacy law in California, Delaware, and Maryland)
- Right to obtain a list of specific third parties to which we have disclosed personal data (as permitted by applicable law, including the privacy law in Minnesota and Oregon)
- Right to review, understand, question, and correct how personal data has been profiled (as permitted by applicable law, including the privacy law in Minnesota)
- Right to limit use and disclosure of sensitive personal data (as permitted by applicable law, including the privacy law in California)
- Right to opt out of the collection of sensitive data and personal data collected through the operation of a voice or facial recognition feature (as permitted by applicable law, including the privacy law in Florida)
How to Exercise Your Rights
To exercise these rights, you can contact us by emailing us at privacy@netsec.it, or by referring to the contact details at the bottom of this document.
Under certain US state data protection laws, you can designate an authorised agent to make a request on your behalf. We may deny a request from an authorised agent that does not submit proof that they have been validly authorised to act on your behalf in accordance with applicable laws.
Request Verification
Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. We will only use personal information provided in your request to verify your identity or authority to make the request. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes.
If you submit the request through an authorised agent, we may need to collect additional information to verify your identity before processing your request and the agent will need to provide a written and signed permission from you to submit such request on your behalf.
Appeals
Under certain US state data protection laws, if we decline to take action regarding your request, you may appeal our decision by emailing us at privacy@netsec.it. We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may submit a complaint to your state attorney general.
California 'Shine The Light' Law
California Civil Code Section 1798.83, also known as the 'Shine The Light' law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us by using the contact details provided in the section HOW CAN YOU CONTACT US ABOUT THIS NOTICE?.
12. DO WE MAKE UPDATES TO THIS NOTICE?
In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.
We may update this Privacy Notice from time to time. The updated version will be indicated by an updated 'Revised' date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.
13. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
The data controller responsible for your personal information under this Privacy Notice is Barbican SAS(doing business as Netsec), a société par actions simplifiée established in France. For any privacy-related question, including to exercise your rights or to withdraw consent, please contact our Data Protection Officer, Gianluca Varisco:
- By email: privacy@netsec.it
- By post:Barbican SAS
Data Protection Officer
60 rue François Ier
75008 Paris
France
14. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
Based on the applicable laws of your country or state of residence in the US, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, please contact us.