Privacy Policy

1. Introduction

ForgeWork ("we", "us", "our") is a cybersecurity consultancy based in Belgium. We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect personal data when you visit our website at forge-work.com and its associated subdomains, interact with our content, or contact us through our online forms.

This policy applies to all visitors, users, and others who access our website. By using our website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please refrain from using our website.

We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Belgian Data Protection Act of 30 July 2018, and any other applicable data protection legislation. We regularly review this policy to ensure it remains compliant with evolving legal requirements and industry best practices.

2. Data Controller

The data controller responsible for the processing of your personal data is:

If you have any questions or concerns about how we process your personal data, or if you wish to exercise any of your rights under applicable data protection law, please contact us at the email address above. We aim to respond to all legitimate requests within thirty (30) days.

3. What Data We Collect

We collect and process the following categories of personal data:

3.1 Contact Form Data

When you submit an inquiry through our contact form, we collect the information you voluntarily provide, which may include:

• Name — your full name or a preferred name for correspondence.
• Email address — so we can respond to your inquiry.
• Company name — to understand the organisational context of your request.
• Message content — the details of your inquiry or request.

3.2 Analytics and Technical Data

When you visit our website, we may automatically collect certain technical information, including:

• IP address — which may be truncated or anonymised depending on the analytics configuration.
• Browser type and version — such as Chrome, Firefox, or Safari.
• Device information — including operating system, screen resolution, and device type.
• Pages visited — which pages you view, how long you spend on each page, and your navigation path through the site.
• Referring URL — the website or search engine that directed you to our site.
• Date and time of access — timestamps associated with your visits.

3.3 Cookie Data

Our website uses cookies and similar tracking technologies. Cookies are small text files placed on your device that help us understand how visitors use our site and enable certain functionality. Further detail is provided in Section 8 below.

4. How We Use Your Data

We use the personal data we collect for the following purposes:

• Responding to inquiries — we use your contact form data to reply to your questions, provide information about our services, and manage ongoing communications with you.
• Improving our website — analytics data helps us understand how visitors interact with our content, identify areas for improvement, and optimise the user experience.
• Website analytics — we analyse aggregated usage patterns to make informed decisions about site structure, content strategy, and technical performance.
• Displaying advertisements — we use Google AdSense to display advertisements on our website. Advertising data may be used to show you relevant ads based on your browsing behaviour, subject to your cookie preferences.
• Security and fraud prevention — we may use technical data to detect, prevent, and address security incidents, abuse, or fraudulent activity directed at our website.

5. Legal Basis for Processing (GDPR Article 6)

Under the GDPR, we must have a valid legal basis for each processing activity. We rely on the following legal grounds:

• Consent (Article 6(1)(a)) — we rely on your explicit consent for the placement of non-essential cookies (analytics and advertising cookies) and for processing the personal data you submit through our contact form. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
• Legitimate interests (Article 6(1)(f)) — we rely on our legitimate interests in understanding how our website is used (analytics), maintaining the security and integrity of our website, and improving our services. We have assessed that these interests are not overridden by your rights and freedoms.
• Contractual necessity (Article 6(1)(b)) — where you engage us for cybersecurity consulting services, we process your data as necessary for the performance of the contract or to take steps at your request prior to entering into a contract.

6. Google AdSense

Our website displays advertisements served by Google AdSense, a third-party advertising service provided by Google LLC. Our AdSense publisher ID is pub-4026170531839046.

Google AdSense uses cookies to serve ads based on your prior visits to our website and other sites on the internet. Google's use of advertising cookies enables it and its partners to serve ads to you based on your browsing patterns. Depending on your consent preferences, you may be shown:

• Personalised ads — tailored to your interests based on your browsing history and online behaviour across websites that use Google advertising services.
• Non-personalised ads — not based on your personal browsing history but rather on contextual factors such as the content of the page you are viewing and your general geographic location.

You may opt out of personalised advertising by visiting Google's Ads Settings. For more information about how Google collects and uses data, please review Google's Privacy Policy.

7. Google Fonts

Our website uses Google Fonts, a web font service provided by Google LLC, to ensure consistent and visually appropriate typography. When you load a page on our website, your browser establishes a connection to Google's servers to retrieve the required font files. In doing so, Google may receive your IP address and certain browser metadata. This data transmission is necessary for the technical delivery of the fonts and is processed by Google in accordance with its privacy policy. We use Google Fonts to maintain a professional and accessible design throughout our website.

8. Cookies

Our website uses the following categories of cookies:

8.1 Essential Cookies

These cookies are strictly necessary for the website to function properly. They enable core functionality such as page navigation, security features, and remembering your cookie consent preferences. Essential cookies do not require your consent under the GDPR as they are necessary for the provision of the service you have requested.

8.2 Analytics Cookies

We may use analytics cookies to collect anonymised data about how visitors interact with our website. This information helps us understand usage patterns, identify popular content, and improve site performance. Analytics cookies are only placed with your explicit consent.

8.3 Advertising Cookies

Google AdSense and its partners may set cookies on your device to serve advertisements and measure their effectiveness. These cookies may track your browsing activity across multiple websites. Advertising cookies are only placed with your explicit consent.

8.4 Managing Cookies

You can manage or disable cookies through your browser settings. Most browsers allow you to block or delete cookies, set preferences for specific websites, or receive notifications when a cookie is being placed. Please note that disabling certain cookies may affect the functionality of our website. You can find instructions for managing cookies in the help documentation for your specific browser.

9. Data Sharing

We do not sell, rent, or trade your personal data to third parties. We may share your data only in the following limited circumstances:

• Google — data is shared with Google through the use of Google AdSense (advertising), Google Analytics (website analytics), and Google Fonts (font delivery), as described in this policy.
• Email service provider — we use a third-party email service provider to manage and respond to communications received through our contact form. This provider processes your data solely on our behalf and in accordance with our instructions.
• Legal obligations — we may disclose your personal data where required by law, regulation, legal process, or enforceable governmental request. We may also share data where necessary to detect, prevent, or address fraud, security issues, or technical problems.
• Business transfers — in the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity, provided that the successor entity is bound by equivalent privacy obligations.

10. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our specific retention periods are as follows:

• Contact form data — retained until your inquiry has been fully resolved, plus an additional twelve (12) months thereafter to allow for follow-up correspondence. After this period, the data is securely deleted.
• Analytics data — retained for a maximum of twenty-six (26) months from the date of collection, after which it is automatically deleted or anonymised.
• Cookies — retention periods vary by cookie type. Essential cookies typically expire at the end of your browser session or within twelve months. Analytics and advertising cookies may persist for up to twenty-four (24) months, depending on the cookie and the third-party provider.

11. Your Rights Under the GDPR

As a data subject under the GDPR, you have the following rights with respect to your personal data:

• Right of access (Article 15) — you have the right to request a copy of the personal data we hold about you, along with information about how it is processed.
• Right to rectification (Article 16) — you have the right to request correction of any inaccurate or incomplete personal data we hold about you.
• Right to erasure (Article 17) — you have the right to request the deletion of your personal data where there is no compelling reason for its continued processing, subject to applicable legal exceptions.
• Right to restriction of processing (Article 18) — you have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest its accuracy or object to its processing.
• Right to data portability (Article 20) — you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
• Right to object (Article 21) — you have the right to object to the processing of your personal data where we rely on legitimate interests as the legal basis, including processing for direct marketing purposes.
• Right to withdraw consent — where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within thirty (30) days. In certain cases, we may ask you to verify your identity before processing your request.

Complaints

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. In Belgium, the competent authority is:

12. International Transfers

Some of the third-party services we use, notably Google (AdSense, Analytics, and Fonts), are operated by entities based in the United States and other countries outside the European Economic Area (EEA). When your personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place to protect your data in accordance with the GDPR.

These safeguards may include the European Commission's Standard Contractual Clauses (SCCs), adequacy decisions by the European Commission for the receiving country, or the service provider's participation in an approved certification mechanism. Google has committed to compliance with applicable data transfer frameworks, including the EU-U.S. Data Privacy Framework where applicable. You may request further information about the specific safeguards applied to international transfers by contacting us.

13. Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption in transit — all data transmitted between your browser and our website is encrypted using Transport Layer Security (TLS/HTTPS).
• Access controls — access to personal data is restricted to authorised personnel who require it for legitimate business purposes.
• Regular review — we periodically review our security practices and update them as necessary to address emerging threats and vulnerabilities.

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining industry-appropriate standards of protection.

14. Children's Privacy

Our website and services are not directed at individuals under the age of sixteen (16). We do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take prompt steps to delete that data. If you believe that a child under 16 has provided us with personal data, please contact us at [email protected] so that we can take appropriate action.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or industry standards. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically to stay informed about how we protect your personal data. Your continued use of our website after any changes to this policy constitutes your acknowledgement of the updated terms.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

We are committed to working with you to resolve any concerns about your privacy. We will endeavour to respond to all inquiries within thirty (30) days of receipt.