Privacy Policy

PRIVACY POLICY

Protecting your information with the same rigor we bring to every strategic mission

PRIVACY POLICY

B2S BLACK SEA STRATEGIES SRL
Last updated: 13.11.2025

This Privacy Policy explains how B2S BLACK SEA STRATEGIES SRL (“B2S”, “we”, “our”, “us”) collects, uses, protects, and manages personal data when individuals interact with our website, services, or communication channels. We are committed to safeguarding personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Romanian legislation.

Your privacy and the protection of your information are fundamental to our values of integrity, responsibility, and trust.

 

1. About Us

B2S BLACK SEA STRATEGIES SRL
Registered Office: Bucharest, Romania
Company Registration Number: J40/16595/2023
VAT / Unique Identification Code (CUI): 48740690
Phone: +40 740 105 916
Email: office@blackseastrategy.com

B2S provides professional consultancy services in the fields of defence, cybersecurity, energy, and critical infrastructure, including advisory support, strategic analysis, market entry services, and stakeholder engagement.

As a data controller, we determine the purposes and means of processing personal data collected through our website and business operations.

 

2. Scope of This Privacy Policy

This Policy applies to:

  • Visitors of our website

  • Potential clients and partners

  • Individuals who contact us via forms, email, or phone

  • Representatives of organisations we work with

  • Participants in meetings, consultations, or events

  • Individuals whose data may be collected through professional interactions

This Policy does not apply to employees or subcontractors, who are covered by internal privacy procedures.

 

3. What Personal Data We Collect

We collect personal data only when necessary for communication, service delivery, security, and legal compliance. Data is not collected excessively and never used for unrelated purposes.

3.1. Data You Provide Directly

When you contact us, request information, or engage with our consultancy services, we may collect:

  • Full name

  • Email address

  • Phone number

  • Job title and organisational affiliation

  • Country and location

  • Information related to your inquiry

  • Documents or messages you voluntarily submit

  • Preferences regarding collaboration or meetings

3.2. Data Collected Automatically

When you browse our website, we may automatically collect:

  • IP address and approximate geographic location

  • Browser type and device details

  • Referral source (how you reached our site)

  • Pages viewed, time spent on site, navigation paths

  • Cookies and similar technologies (analytics, security, preferences)

We do not use automated decision-making or profiling.

3.3. Sensitive Data

We do not intentionally collect sensitive information unless:

  • voluntarily shared during a consultancy process

  • required for due diligence or compliance

  • obtained under NDA or confidentiality agreement

Sensitive data includes political opinions, medical data, criminal records, or security clearance information. Such data is handled with strict confidentiality and additional safeguards.

 

4. Purposes of Processing

We process personal data only for legitimate, transparent, and specific purposes, including:

4.1. Communication & Relationship Management

  • Responding to contact requests

  • Scheduling meetings or consultations

  • Providing requested information about B2S services

  • Managing professional relationships and correspondence

4.2. Service Delivery

  • Assessing client needs

  • Preparing proposals, agreements, or NDAs

  • Conducting analyses relevant to consultancy engagements

  • Ensuring compliance with contractual obligations

4.3. Website Functionality & Security

  • Improving website performance

  • Monitoring security and preventing fraud

  • Ensuring proper functioning of online forms

  • Analyzing user behavior for usability improvements

4.4. Legal & Regulatory Obligations

  • Complying with financial reporting and tax requirements

  • Responding to lawful requests from authorities

  • Ensuring compliance with defence, security, and export control regulations

We do not sell or commercially share personal data with third parties.

 

5. Legal Basis for Processing

We process personal data in accordance with Article 6 of the GDPR under:

5.1. Legitimate Interests (Art. 6(1)(f))

For:

  • Managing communication

  • Ensuring network and information security

  • Improving website functionality

  • Developing business relationships

  • Preventing misuse or suspicious activity

5.2. Contractual Necessity (Art. 6(1)(b))

When entering pre-contractual discussions or fulfilling a consultancy agreement.

5.3. Legal Obligation (Art. 6(1)(c))

To comply with Romanian and EU laws regarding:

  • Accounting

  • Taxation

  • Corporate compliance

  • Defence and security regulatory requirements

5.4. Consent (Art. 6(1)(a))

For optional activities such as:

  • Website contact forms

  • Email communication initiated by you

  • Analytics cookies (when required)

Consent may be withdrawn at any time.

 

6. Data Sharing and Disclosure

We may share your personal data only when necessary and under strict confidentiality:

6.1. With Trusted Service Providers

Such as:

  • Website hosting services

  • Email and IT infrastructure providers

  • Security and analytics tools

These providers operate under agreements ensuring GDPR compliance.

6.2. With Authorities

Only when legally required (e.g., taxation, litigation, national security inquiries).

6.3. With Partners or Experts

In consultancy projects only with your consent, and typically under NDA.

We do not sell, trade, or distribute your personal data for marketing or commercial exploitation.

 

7. International Data Transfers

We generally store and process data within the European Union (EU).
If a transfer outside the EU is needed (e.g., international partners), it will occur only when:

  • Adequate safeguards exist (Standard Contractual Clauses), or

  • You have explicitly consented, or

  • It is necessary to deliver contracted services

We always ensure compliance with GDPR requirements for international transfers.

 

8. Data Retention

We keep personal data only as long as necessary for:

  • communication,

  • service delivery,

  • legal compliance,

  • or legitimate business needs.

Typical retention periods:

  • Contact inquiries: 12–24 months

  • Contractual documents: 5–10 years (legal requirement)

  • Analytics data: 26 months (Google Analytics default)

After the retention period, data is securely deleted or anonymized.

 

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

9.1. Right of Access

To request confirmation and a copy of the data we hold.

9.2. Right to Rectification

To correct inaccurate or incomplete data.

9.3. Right to Erasure (“Right to Be Forgotten”)

Under certain conditions.

9.4. Right to Restrict Processing

If you contest accuracy or object to processing.

9.5. Right to Data Portability

To receive your data in a structured and commonly used format.

9.6. Right to Object

You may object to processing carried out for legitimate interests.

9.7. Right to Withdraw Consent

At any time, when processing is based on consent.

9.8. Right to Lodge a Complaint

You may file a complaint with the Romanian Data Protection Authority (ANSPDCP).

For any GDPR request, contact:
📧 office@blackseastrategy.com

 

10. Cookies and Tracking Technologies

We use cookies to:

  • ensure website functionality,

  • protect the website from abusive access,

  • analyze traffic and performance,

  • improve usability.

You can set your browser to refuse or delete cookies.
Our Cookie Policy (separate page) provides full details.

 

11. Security Measures

We employ technical and organisational safeguards, including:

  • Server-side firewalls and encrypted communication

  • Secure hosting infrastructure

  • Access controls and authentication

  • Regular monitoring for suspicious activity

  • Data minimisation and restricted access

Despite best practices, no online transmission is entirely risk-free.
We maintain strict protocols to reduce such risks to a minimum.

 

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically.
Updates will be published on this page with a new “Last updated” date.
Continued use of our website implies acceptance of the updated Policy.

 

13. Contact Us

For questions regarding this Privacy Policy or the way we process your data:

B2S BLACK SEA STRATEGIES SRL
📧 Email: office@blackseastrategy.com
📞 Phone: +40 740 105 916

Scroll to Top