Skip to main content
FORTISEU
Legal

Legal & Compliance

Transparency is the foundation of trust. Review our legal documents, data processing agreements, and compliance commitments.

Last Updated: February 15, 2026Privacy Policy

Summary

This Privacy Policy explains how FortisEU processes personal data when you visit our website, create an account, or use our services. It is written for transparency, not marketing.

1. Data We Collect

1.1 Account and Contact Data

  • Name, email address, and company details you provide
  • Role/title and contact preferences (optional)
  • Messages you submit via forms (e.g., Contact, Trust Center requests)

1.2 Service Data (Customer Content)

When you use FortisEU, you may upload or enter compliance-related content (evidence, policies, questionnaires, vendor information). This content is processed to provide the service to your organization.

1.3 Usage and Diagnostics

We may collect limited technical and usage data to operate, secure, and improve the service (for example: error reports, performance metrics, and feature usage events).

2. How We Use Data

  • Provide and operate the service
  • Authenticate users and prevent abuse
  • Respond to support, procurement, and security review requests
  • Send service communications and updates you request
  • Improve reliability and product experience

3. Legal Bases (GDPR)

Depending on context, we process personal data under one or more GDPR legal bases, including contract performance, legitimate interests (security and service operations), and consent (for optional marketing communications).

4. Sharing and Subprocessors

We may share personal data with service providers (subprocessors) strictly as needed to operate FortisEU (for example: email delivery). We do not sell personal data. For procurement reviews, we can provide an up-to-date subprocessor list through the Trust Center request process.

5. International Transfers

Data processing locations and transfer mechanisms depend on the selected deployment and subprocessors used. If transfers outside the EU/EEA occur, we use appropriate safeguards where required.

6. Retention

We retain personal data for as long as necessary to provide the service, meet legal obligations, resolve disputes, and enforce agreements. Retention details can vary by plan and deployment.

7. Your Rights

You may have rights under GDPR, including access, rectification, deletion, restriction, portability, and objection. You may also lodge a complaint with a supervisory authority.

8. Contact

For privacy inquiries, contact privacy@fortis.eu. For security reports, contact security@fortis.eu.