Privacy Statement

The Privacy Statement of the website is equivalent to the privacy policy of BSM Business Security Management B.V. This website, focusing on phishing test simulations, is an integral part of the services provided by BSM Business Security Management B.V., hereinafter referred to as BSM.

As of May 25, all EU countries protect your privacy under unified regulations. In our Privacy Statement, we outline the personal data we collect and the processing procedures. BSM does not conduct extensive processing of personal data and will never engage in data selling. Rest assured, your data is in safe hands with us.

General Information:

BSM Business Security Management B.V. (BSM), located in Amsterdam, is responsible for the processing of personal data as presented in this privacy statement.

Contact Information: BSM, Kingsfordweg 151, 1043 GR Amsterdam, +31 (0)20 8203693,,

Personal Data We Process:

BSM may process your personal data when you use our services and/or provide it voluntarily. Additionally, we may obtain your personal data as part of an investigation.

The data we may process includes:

  • First and last name
  • Address details
  • Occupation and job title
  • Phone number
  • Email address
  • OPT-in data for our newsletters and advertising
  • Action/tracking numbers and IP addresses of customer

Special and/or Sensitive Personal Data We Process:

Our website and services do not intend to collect data about website visitors under the age of 16, unless they have explicit permission from parents or guardians. However, verifying a visitor’s age is not always feasible. Thus, we encourage parents to actively participate in their children’s online activities to prevent data collection without parental consent. If you suspect that we have collected personal data about a minor without proper authorization, please contact us at

Purpose of Processing:

BSM Business Security Management B.V. processes your personal data for the following purposes:

  • Contacting you
  • Handling our financial agreements
  • Contacting you by phone or email, when necessary, to deliver our services (phishing test, awareness training and other security related services)
  • Handling security and phishing related matters
  • Offering consultation on Cybersecurity and phishing tests
  • Complying with legal obligations, such as data required for tax returns
  • Managing your service changes by BSM
  • Sending our newsletter and/or advertising brochure
  • Delivering goods and services to you

BSM is the data controller, a role that remained unchanged with the implementation of the GDPR.

Automated Decision Making:

BSM Business Security Management B.V. does not base decisions with (significant) consequences for individuals on automated processing. Such decisions are made without human intervention (e.g., by a BSM Business Security Management B.V. employee).

Retention of Personal Data:

BSM does not retain your personal data for longer than strictly necessary to fulfill the purposes for which we collect your data and as required by law. The exact duration varies, for example, invoice data is retained for seven years due to mandatory retention requirements for tax authorities, or when a contract between the client and BSM is terminated, customer data is cleared except when longer retention is legally mandated.

OPT-IN data is kept until canceled by the customer.

Cancellation can be done, among other methods, by sending an email with the following request in the title:

  • Request to unsubscribe from email, not unsubscribe from regular mailings/posts
  • Request to unsubscribe from regular mailings/posts, not unsubscribe from email
  • Request to unsubscribe from email and regular mailings/posts

Sharing of Personal Data with Third Parties:

BSM Business Security Management B.V. does not sell your data to third parties and only shares it when necessary for the execution of our agreement with you or to comply with legal obligations. We have data processing agreements with companies that process your data on our behalf to ensure the same level of security and confidentiality. BSM Business Security Management B.V. remains responsible for these processing activities. Data sharing is limited to our payment providers and companies we hire for consultancy or investigation assignments. For investigation inquiries, the guidelines established in the Private Security Organizations and Detective Agencies Act (Wpbr) and the associated privacy code apply.

Cookies or Similar Technologies We Use:

BSM Business Security Management B.V. only uses technical and functional cookies, as well as analytical cookies that do not infringe on your privacy. A cookie is a small text file stored on your computer, tablet, or smartphone when you first visit this website. The cookies we use are necessary for the technical operation of the website and your convenience. They ensure the proper functioning of the website and remember your preferences. They also help us optimize our website. You can opt-out of cookies by configuring your internet browser not to store cookies. Additionally, you can delete all previously stored information through your browser settings. Besides technical cookies, we use Google Analytics to measure and manage our marketing activities. The data from Google does not contain personal information such as name and address; it primarily involves the number of visitors to the BSM website on a given day and from which type of device it is accessed. The purpose is to optimize our website for visitors and measure the effectiveness of marketing campaigns.

Access, Modification, or Deletion of Personal Data:

You have the right to access, correct, or delete your personal data. You also have the right to withdraw your consent for data processing or object to the processing of your personal data by BSM Business Security Management B.V. You also have the right to data portability, which means you can request us to send the personal data we have about you to you or another organization you specify in a computer file. You can send a request for inspection, correction, deletion, data transfer, or the withdrawal of your consent or objection to the processing of your personal data to To ensure that the request for inspection is made by you, we ask you to include a copy of your identity document with the request. In this copy, black out your photo, MRZ (machine-readable zone, the strip with numbers at the bottom of the passport), passport number, and Citizen Service Number (BSN) to protect your privacy. We will respond as soon as possible, but within four weeks, to your request. BSM Business Security Management B.V. also wants to inform you that you have the right to file a complaint with the national supervisory authority, the Dutch Data Protection Authority. You can do so via the following link:

How We Secure Personal Data:

BSM Business Security Management B.V. takes the protection of your data seriously and implements appropriate measures to prevent abuse, loss, unauthorized access, unwanted disclosure, and unauthorized changes. This includes, among other things, installing a security certificate on our website. If you believe that your data is not adequately secured or if there are indications of misuse, please contact our customer service or reach out to us at