Privacy policy

• Controller: M. Ibrahim Saleem (sole trader / self-employed; trade name “NetTech Solutions” — NetTech Cyber service).
• Tax ID (NIF/CIF): 60606595P
• Address: Barcelona, Spain.
• Data protection contact: [email protected]

We process the data you provide when you register and complete the audit request form, as well as the data arising from the provision of the service:

• Company data: legal name, tax ID, registered address and business sector.
• Contact person data: first and last name, email address and telephone number.
• Audit scope data: domains, assets and other information you authorise for the execution of the service.
• Contractual relationship data: signed contracts and NDA, billing and payment details.

The reconnaissance carried out by NetTech Cyber is based on publicly available information (OSINT) and does not require internal credentials for your systems, except in the plans that expressly state otherwise and always with your authorisation.

• Manage your registration and access to the NetTech Cyber portal.
• Process, perform and deliver the requested security audit.
• Formalise the contractual relationship (service contract and NDA) and manage billing and collection.
• Respond to your enquiries and communicate with you regarding the service.

• Performance of a contract (art. 6.1.b GDPR): provision of the requested audit service.
• Compliance with legal obligations (art. 6.1.c GDPR): tax and accounting obligations.
• Consent (art. 6.1.a GDPR): commercial communications and analytics cookies, where applicable.
• Legitimate interest (art. 6.1.f GDPR): portal security and service improvement.

We retain your data for as long as the contractual relationship lasts and, once it has ended, for the periods legally required to address potential liabilities (generally, up to 6 years for commercial and tax obligations). Audit reports are kept for the period needed for their availability and support, after which they are securely deleted or anonymised.

We do not transfer your data to third parties except where legally required. To provide the service we rely on suppliers acting as data processors, with whom we maintain the corresponding contracts under art. 28 GDPR:

• Supabase — database hosting and authentication, on infrastructure located in the European Union (Frankfurt, Germany).
• Stripe — payment processing.
• Logalty — electronic signature and evidence of contracts and authorisations.

Data is hosted on servers located in the European Union. Should any supplier involve international transfers, the safeguards provided for in arts. 44 et seq. of the GDPR (standard contractual clauses or other appropriate safeguards) will be adopted.

You may exercise the following rights at any time by writing to [email protected], indicating the right you wish to exercise and proving your identity:

• Access to your personal data.
• Rectification of inaccurate data.
• Erasure of data (right to be forgotten).
• Objection to processing.
• Restriction of processing.
• Portability of your data to another controller.
• Withdrawal of consent given, where applicable.

If you believe that the processing does not comply with the regulations, you may lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).

The Website uses cookies. You can review the details and manage your preferences in our cookie policy.