Privacy Policy

Last Updated: 02/26/2026

Effective Date: 1/1/2026

1. Introduction

Insite Risk Management, LLC/Insite Security, Inc./Insite Risk Management Limited ("Insite," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (www.insiteriskmanagement.com) and when you apply for employment with us.

This policy applies to individuals in the United States, United Kingdom, European Economic Area, and globally.

Controller Information:

Company: Insite Risk Management, LLC/Insite Security, Inc./Insite Risk Management Limited ("Insite”)
Address: 150 W 30th Street, 16th Fl, New York, New York 10001
Email: info@insitesecurity.com
Phone: 212-362-5700

2. Information We Collect

2.1 Information You Provide Directly

General Website Users:

Contact information (name, email, phone number, company)
Communication preferences
Information submitted through contact forms or inquiry requests
Correspondence you send to us

Job Applicants:

Personal identifiers (name, address, email, phone number)
Employment history and professional qualifications
Educational background
References and recommendation letters
Resume/CV and cover letter
Work authorization status
Information provided during interviews
Background check information (where legally permitted and with consent)
Any other information you choose to provide in your application

2.2 Information Collected Automatically

Device and browser information
IP address and geolocation data
Pages visited and time spent on pages
Referring website addresses
Cookies and similar tracking technologies

2.3 Information from Third Parties

Background check providers (with your consent)
Professional references
Recruitment agencies
Publicly available professional profiles (LinkedIn, etc.)

3. How We Use Your Information

3.1 General Website Visitors

We use your information to:

Respond to inquiries and provide information about our services
Send marketing communications (with your consent where required)
Improve our website and user experience
Analyze website traffic and usage patterns
Comply with legal obligations
Protect against fraud and security threats

Legal Bases (GDPR/UK GDPR):

Consent (where you have opted in)
Legitimate interests (business operations, security, analytics)
Legal obligation (compliance requirements)
Contract performance (responding to service inquiries)

3.2 Job Applicants

We use your information to:

Evaluate your qualifications for employment
Conduct interviews and assessments
Verify your employment history and references
Conduct background checks (where legally permitted and with consent)
Comply with employment law requirements
Maintain records for equal employment opportunity compliance
Contact you regarding your application status
Maintain a talent pool for future opportunities (with your consent)

Legal Bases (GDPR/UK GDPR):

Contract performance (taking steps to enter employment contract)
Legal obligation (employment law compliance, equal opportunity requirements)
Legitimate interests (recruitment and talent management)
Consent (where specifically obtained, such as for talent pool retention)

Retention Period for Applicant Data:

Successful candidates: Data becomes part of employee records
Unsuccessful candidates: Retained for 12 months after application closure, unless you consent to remain in our talent pool
You may request earlier deletion by contacting us

4. How We Share Your Information

We may share your information with:

Service Providers: Third-party vendors who perform services on our behalf (IT services, analytics, background check providers)
Professional Advisors: Lawyers, accountants, and other professional advisors
Legal Requirements: Government authorities when required by law or to protect our rights
Business Transfers: In connection with any merger, sale, or acquisition of our business
With Your Consent: When you have given explicit permission

International Transfers:

We operate globally and may transfer data outside the UK/EEA to countries that may not provide the same level of data protection. When we do, we implement appropriate safeguards including:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions by the European Commission
Other legally compliant transfer mechanisms

For job applicants, international transfers may occur when:

Positions involve work in multiple countries
Background checks require international verification
Interview processes involve global team members

5. Cookies and Tracking Technologies

Cookie Banner

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent

Manage Preferences

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Scope of this Policy
Insite Security, Inc., Insite Risk Management, LLC and Insite Risk Management Limited (hereinafter “Insite”) created this privacy policy in order to describe how we collect, use, maintain, share and protect your personal information when you use our website (hereinafter “Website” or “Site”). This privacy policy applies to information collected when you visit our Website. It does not apply to information collected in any other way, including information collected offline.

Changes to this Policy
We may revise this privacy policy and that would be reflected in a “Last Updated” section at the top of this page, stating when the policy was last revised. Any changes to this privacy policy will become effective when posted. If any change may materially affect the privacy of your personal information collected through our Site, we will use reasonable endeavors to notify you in advance and give you a reasonable period of time to object to any changes. We encourage you to periodically review this privacy policy to stay informed about how we collect, use and share personal information.

Information Collection on our Website
Insite strives to limit its collection of personal information to that necessary for the promotion, offering and administration of our services. Our Site collects the following types of information when you visit:

Personally identifiable information (PII); and,
Non-personally identifiable information (non-PII).

Personally Identifiable Information
We may collect your name, email address and telephone number through our Site.

Non-personally Identifiable Information
When you visit our website, we may collect and store general Internet data, including your internet protocol (IP) address, domain name, browser type, date and time of access, which of our web pages you visited, the referring Uniform Resource Locator (URL) and how long you spend on each page. This information may be collected to assist us in making improvements to our Website or to administer our Website. We do not link this information to any PII. Insite may employ third party companies and individuals to facilitate these services (e.g., maintenance, analysis, audit, development). These third parties have limited access to your information and only to perform these tasks on our behalf.

Information Use
The information collected through our Site may be used:

To respond to your inquiries or otherwise correspond with you if, for instance, you are contacting us or requesting information;
For purposes permitted by your organization’s agreement(s) with us (if any) for the provision of products and services;
To maintain the security and integrity of our Website, products and services; and
For the administration, review and/or the improvement of the content of our Website, products or services.

Cookie Policy
Any web site that you visit may store or retrieve personal information, mostly through the use of cookies. The stored or retrieved information might be about you, your preferences or your device and is used for the purposes specified per cookies category below. By accepting cookies, the functionalities described per cookies category will be activated and by not-accepting cookies, such functionalities will not be activated. Because we respect your right to privacy, you can choose not to allow some types of cookies and you have the right to withdraw your consent by adapting your preferences in our cookie consent manager. Click on the different category headings to find out more and change our default settings.

Strictly Necessary Cookies
These cookies are essential in order to enable you to move around the site and use its features, such as accessing secure areas of the site. Without these cookies, services you have asked for cannot be provided.

Marketing Cookies
These cookies allow us to employ data analytics so we can measure and improve the performance of our site and provide more relevant content to you. These cookies don’t collect information that identifies a visitor down to an individual level that is available to us. These cookies are not passing personally identifiable information to any external third party other than in limited cases when we engage a service provider to act on our behalf but who is then unable to use the data for their own purposes.

Performance Cookies and Functional Cookies
Performance cookies are generally third-party cookies from vendors we work with or who work on our behalf that collect information about your visit and use of the Insite website, for instance which pages you visit the most often, and if you get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is anonymous and is only used to improve how the website works. Third party vendors may have access to this data and may use it to improve their overall services and offerings.

Functionality cookies allow a site to remember choices you make and provide more enhanced, personal features. These cookies cannot track your browsing activity on other websites. They don’t gather any information about you that could be used for advertising or remembering where you’ve been on the Internet outside our site.

Analytics
Insite uses Google Analytics which collects some sort of identifiable information such as cookies and employs the usage of third-party tracking. The information collected is used to improve the Site and our services as well as provide an understanding of how you and other visitors engage the Site. To read more on how the Google Analytics service collects and processes data, please visit http://www.google.com/policies/privacy/partners/.

To prevent your information from being used by Google Analytics please refer to the current opt-out browser add-on at https://tools.google.com/dlpage/gaoptout/.

Third-Party Links and Websites
This policy applies to Insite’s Site. However, you are able to access third-party sites through our Site by, for example, clicking on hyperlinks to those third-party sites from within our Site, such as in the News section of our Site. We are not responsible for the privacy policies and/or practices of any third-party sites, and if you visit those websites, we encourage you to review their respective privacy policies.

6. Your Rights and Choices

6.1 Rights Under GDPR/UK GDPR

If you are in the UK or EEA, you have the right to:

Access: Request copies of your personal data
Rectification: Request correction of inaccurate data
Erasure: Request deletion of your data (subject to legal limitations)
Restriction: Request limitation of processing
Data Portability: Receive your data in a structured, machine-readable format
Object: Object to processing based on legitimate interests or direct marketing
Withdraw Consent: Where processing is based on consent
Lodge a Complaint: File a complaint with your supervisory authority

UK Supervisory Authority: Information Commissioner's Office (ICO) Website: https://ico.org.uk

EU Supervisory Authorities: Contact details available at https://edpb.europa.eu

6.2 Rights Under US State Laws

Depending on your state of residence, you may have additional rights including:

Right to know what personal information is collected
Right to delete personal information
Right to opt-out of sale/sharing of personal information
Right to correct inaccurate information
Right to non-discrimination for exercising your rights

We do not sell personal information.

6.3 Marketing Communications

You may opt out of marketing emails by:

Clicking the "unsubscribe" link in any marketing email
Contacting us at privacy@insitesecurity.com

6.4 Exercising Your Rights

To exercise any of these rights, contact us at:

Email: privacy@insitesecurity.com
Mail: 150 W 30th Street, 16th Fl, New York, New York 10001
Phone: 212-362-5700

We will respond to verified requests within:

30 days (GDPR/UK GDPR)
45 days (US state laws, with possible 45-day extension

7. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

Encryption of data in transit and at rest
Access controls and authentication
Regular security assessments
Employee training on data protection
Secure data storage facilities

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

8. Children's Privacy

Our website is not directed to individuals under 16 (or under 13 in the US). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

9. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.

10. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Categories of Personal Information Collected: See Section 2 above for detailed categories.

Business Purposes: See Section 3 above for how we use information.

Categories of Third Parties: See Section 4 above for sharing practices.

Sale of Personal Information: We do not sell personal information as defined by California law.

Shine the Light: You may request information about our disclosure of personal information to third parties for direct marketing purposes.

To exercise California rights, contact us using the information in Section 6.4.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

Posting the updated policy on our website
Updating the "Last Updated" date
Sending email notification for significant changes (where we have your email)

Your continued use of our website after changes constitutes acceptance of the updated policy.

12. Contact Us

For questions about this Privacy Policy or our data practices:

Privacy Inquiries:

Email: privacy@insitesecurity.com
Mail: 150 W 30th Street, 16th Floor, New York, New York 10001
Phone: 212-362-5700

Data Protection Officer (if applicable): NA

13. Legal Compliance

This Privacy Policy is designed to comply with:

EU General Data Protection Regulation (GDPR)
UK General Data Protection Regulation (UK GDPR)
California Consumer Privacy Act (CCPA) and CPRA
Virginia Consumer Data Protection Act (VCDPA)
Colorado Privacy Act (CPA)
Connecticut Data Privacy Act (CTDPA)
Utah Consumer Privacy Act (UCPA)
Other applicable US state and federal laws

Acknowledgment for Job Applicants:

By submitting your application, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal data as described herein for recruitment purposes. You understand that providing your information is voluntary, but failure to provide requested information may affect our ability to process your application.

For applicants in the UK/EEA: You have the right to withdraw your consent at any time, though this will not affect the lawfulness of processing based on consent before withdrawal.