Last updated: 2 July 2026
ITSecOps (“ITSecOps”, “we”, “us” or “our”) is committed to protecting your privacy and handling your personal data transparently and securely. This Privacy Policy explains what personal data we collect, how and why we use it, who we share it with, and the rights you have under the EU General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act (personopplysningsloven). It applies to visitors to itsecops.cloud, people who contact us or submit our forms, and to individuals whose data we process while delivering our services.
1. Who we are (Data Controller)
ITSecOps is a cloud infrastructure and cybersecurity consultancy providing managed IT, 24×7 SOC monitoring, and compliance services to MSPs and regulated organizations. For personal data processed through this website and our marketing activities, ITSecOps is the data controller.
- Norway (EU/EEA establishment): Nedre Holmegate, 4006 Stavanger, Norway
- India (Group HQ): Mahagun Mywoods, Gaur City 2, Greater Noida, UP 201009, India
- Email: info@itsecops.cloud
- Phone (Norway): +47 510 20 093
For any privacy-related questions or to exercise your rights, contact us at info@itsecops.cloud.
2. The personal data we collect
Depending on how you interact with us, we may collect the following categories of personal data:
- Contact and enquiry data — name, work email, phone number, company name, job title, and the content of messages you send us through our website contact form, lead-generation forms, or by email.
- Marketing and campaign data — information you provide when you respond to our advertising (for example, LinkedIn Lead Gen forms) or subscribe to updates, and your engagement with our communications.
- Service delivery data — information we process on behalf of our clients when providing managed IT, SOC, and compliance services (see Section 5).
- Technical and usage data — IP address, device and browser type, pages viewed, referring URLs, and similar information collected automatically through cookies and analytics tools.
- Recruitment data — if you apply for a role, the information contained in your application, CV, and correspondence.
We do not intentionally collect special categories of personal data (such as health, religion, or political opinions) through this website.
3. How and why we use your data (purposes and legal bases)
We process personal data only where we have a lawful basis to do so under Article 6 GDPR:
- To respond to your enquiries and provide requested information — on the basis of our legitimate interests and/or steps taken at your request prior to entering a contract.
- To provide and administer our services — for the performance of a contract with you or your organization.
- For marketing and business development — on the basis of your consent (where required) or our legitimate interest in promoting our services to businesses. You can opt out at any time.
- To operate, secure, and improve our website — on the basis of our legitimate interest in running a safe and effective online presence.
- To comply with legal, regulatory, and accounting obligations — on the basis of a legal obligation.
4. Cookies and analytics
Our website uses cookies and similar technologies to make the site work, understand how it is used, and measure the performance of our marketing. These include strictly necessary cookies as well as analytics and advertising cookies such as Google Analytics and the LinkedIn Insight Tag. Non-essential cookies are only set where permitted in accordance with applicable law and, where required, your consent. You can control cookies through your browser settings and any cookie banner presented on the site.
5. When we act as a data processor
When we deliver managed IT, SOC monitoring, or compliance services, we often process personal data on behalf of our clients. In those cases the client is the data controller and ITSecOps acts as a data processor. Such processing is governed by a written Data Processing Agreement (DPA) that sets out the scope, purpose, security measures, sub-processor arrangements, and data protection obligations in accordance with Article 28 GDPR. If your personal data is processed by us in the course of services provided to your employer or another organization, please refer to that organization’s privacy notice.
6. Sharing your data and sub-processors
We do not sell your personal data. We share it only where necessary and with appropriate safeguards, including:
- Trusted service providers and sub-processors who help us operate our business — for example hosting and infrastructure providers, Microsoft, security vendors such as Sophos, analytics and advertising platforms such as Google and LinkedIn, and communication tools. These parties act under contract and may only process data on our instructions.
- Professional advisers such as auditors, legal, and accounting advisers, where necessary.
- Authorities or third parties where required to comply with a legal obligation, enforce our agreements, or protect our rights, users, or the security of our systems.
7. International data transfers
We aim to store and process personal data within the EU/EEA wherever possible. As ITSecOps operates from both Norway and India, some data may be transferred to or accessed from countries outside the EU/EEA, including India. Where we transfer personal data outside the EU/EEA, we implement appropriate safeguards required by GDPR — such as the European Commission’s Standard Contractual Clauses (SCCs) and supplementary technical and organizational measures — to ensure your data receives an equivalent level of protection. You may request a copy of the relevant safeguards by contacting us.
8. How long we keep your data
We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. Enquiry and marketing data is typically retained for up to 24 months after our last meaningful interaction, unless you ask us to delete it sooner or a longer period is required by law. Data processed under a client contract is retained in accordance with that contract and the applicable DPA.
9. How we protect your data
As a cybersecurity company, protecting information is central to what we do. We maintain technical and organizational security measures aligned with recognized frameworks including ISO 27001 and SOC 2 Type II, such as encryption, access controls, monitoring, and staff awareness. While no method of transmission or storage is completely secure, we work continuously to safeguard personal data against unauthorized access, loss, or misuse.
10. Your rights under GDPR
Subject to applicable law, you have the right to:
- Access the personal data we hold about you;
- Request correction of inaccurate or incomplete data;
- Request erasure of your data (“right to be forgotten”);
- Restrict or object to our processing of your data;
- Request data portability;
- Withdraw consent at any time, where processing is based on consent;
- Lodge a complaint with a supervisory authority.
To exercise any of these rights, contact us at info@itsecops.cloud. We will respond within the timeframes required by law. If you are in Norway, you also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet, www.datatilsynet.no); if you are elsewhere in the EU/EEA, you may contact your local supervisory authority.
11. Children’s privacy
Our website and services are directed to businesses and professionals and are not intended for children. We do not knowingly collect personal data from children under the age of 16.
12. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The “Last updated” date at the top indicates when it was last revised. We encourage you to review this page periodically.
13. Contact us
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at info@itsecops.cloud or by post at Nedre Holmegate, 4006 Stavanger, Norway.