1. Data Controller
CyberS3C — Cybersecurity Artisans, Lda., headquartered at Passeio das Ilhas, n.º3, Loja B, 2670-322 Loures, Portugal, is the entity responsible for the processing of personal data collected through the website viriatus.eu.
Contact: hello@cybersec.pt | +351 21 594 4726
2. Personal Data Collected
2.1 Data provided by the user
When you fill out any of the website forms (contact, partners, training, newsletter), we collect:
- Full name
- Professional email address
- Organization (optional)
- Role (optional)
- Phone number (optional)
- Country (on the partners form)
- Partner type / certification level (depending on the form)
- Message content
2.2 Data collected automatically
The website may automatically collect, subject to your prior consent:
- IP address (anonymized when Google Analytics is active)
- Browser type and operating system
- Pages visited and visit duration
- Referring page (source URL)
- Language preference
- Website interaction data (via HubSpot and Google Analytics)
3. Cookies and Similar Technologies
3.1 What are cookies
Cookies are small text files stored on your device when you visit a website. They are used to remember preferences and improve the browsing experience.
3.2 Cookies we use
| Cookie / Technology | Type | Provider | Purpose | Duration |
|---|---|---|---|---|
viriatus_cookie_consent | Necessary | Viriatus | Stores your cookie consent choice | Permanent (localStorage) |
viriatus_splash_seen | Necessary | Viriatus | Prevents the intro animation from repeating in the same session | Session (sessionStorage) |
__hssc, __hssrc, __hstc, hubspotutk | Functional | HubSpot | Visitor tracking, sessions, and form submissions. Identifies returning visitors and associates forms with contacts. | 30 min — 13 months |
_ga, _ga_KG8EVJSRNZ | Analytics | Google Analytics 4 | Traffic measurement, pages visited, session duration, and browsing behavior. IPs anonymized. Only loads if you accept analytics cookies. | 2 years |
| Google reCAPTCHA v3 | Security | Anti-spam and abuse protection on contact, partner, and training forms. Evaluates user behavior to distinguish humans from bots. | Session |
3.3 Consent and cookie management
On your first visit, we display a cookie banner where you can:
- Accept all — enables necessary, HubSpot, and Google Analytics cookies
- Reject — only strictly necessary cookies remain active
- Settings — individually choose which analytics cookies to enable
You can change your preferences at any time by clicking the "Cookies" link in the website footer. Google Analytics only loads if you explicitly accept analytics cookies.
4. Sub-processors and Third Parties
Your personal data may be processed by the following service providers:
| Provider | Service | Data Processed | Location | Legal Basis |
|---|---|---|---|---|
| HubSpot | CRM, forms, visitor tracking | Name, email, organization, role, phone, message, pages visited | EU (eu1 region) | Consent + Contract |
| Google Analytics 4 | Web analytics | Anonymized IP, pages visited, session duration, device | EU/EEA | Consent |
| Google reCAPTCHA v3 | Anti-spam protection | Website interaction data (mouse movements, clicks, time on page) | Global (Google LLC) | Legitimate interest |
| Hosting provider | Web hosting (cPanel) | Access logs (IP, user-agent, URLs) | EU | Legitimate interest |
Your personal data is never sold, rented, or shared with third parties for direct marketing purposes.
5. Purpose of Processing
Your personal data is processed for the following purposes:
- Responding to inquiries — replying to messages, demo requests, partner applications, or training enrollments
- CRM management — organizing and tracking leads and contacts via HubSpot
- Web analytics — understanding how visitors use the website to improve the experience (only with consent)
- Security — protecting forms against spam and abuse via reCAPTCHA
- Newsletter — sending product updates and articles (only with explicit consent, with unsubscribe option in every email)
- Legal obligations — fulfilling applicable tax, regulatory, or judicial obligations
6. Legal Basis for Processing
The processing of your personal data is based on the following legal bases under Article 6 of the GDPR:
- Consent (Art. 6(1)(a)) — provided when submitting forms, accepting analytics cookies, or subscribing to the newsletter
- Legitimate interest (Art. 6(1)(f)) — website security (reCAPTCHA), service improvement, and fraud prevention
- Performance of a contract (Art. 6(1)(b)) — when processing is necessary for delivering requested services
7. International Transfers
The website is hosted on infrastructure located within the European Union.
HubSpot data is processed in the EU1 region (European Union). Google Analytics and reCAPTCHA may process data on Google LLC servers (USA), under the EU-US Data Privacy Framework and the European Commission's Standard Contractual Clauses.
The Viriatus platform operates entirely on controlled European infrastructure — either on CyberS3C's infrastructure or on the client's own infrastructure.
8. Data Retention
Your personal data is retained for the following periods:
- Contact data (HubSpot) — 24 months after last contact, unless an active contractual relationship exists
- Browsing data (Google Analytics) — 14 months (GA4 default setting)
- Browsing data (HubSpot) — per HubSpot's retention policy (up to 7 years)
- Cookie consent — permanent until the user revokes it
- Newsletter — until subscription cancellation
After these periods, data is automatically deleted or anonymized.
9. Data Subject Rights
Under the General Data Protection Regulation (GDPR), you have the following rights:
- Right of access — request confirmation and a copy of your personal data
- Right to rectification — correct inaccurate or incomplete data
- Right to erasure — request deletion of your data ("right to be forgotten")
- Right to restriction — restrict processing under certain circumstances
- Right to data portability — receive your data in a structured, interoperable format
- Right to object — object to processing based on legitimate interest
- Right to withdraw consent — at any time, without affecting the lawfulness of prior processing
To exercise any of these rights, contact us at hello@cybersec.pt. We will respond within 30 days.
10. Data Security
We implement technical and organizational measures to protect your personal data, including:
- Encrypted transmission via HTTPS/TLS across the entire website
- Security headers (CSP, HSTS, X-Frame-Options, Permissions-Policy)
- Anti-spam protection via Google reCAPTCHA v3
- Restricted access controls to personal data
- Regular vulnerability monitoring
11. Minors
The website and the Viriatus platform are intended for professionals and organizations. We do not intentionally collect personal data from individuals under 16 years of age.
12. Complaints
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the Portuguese Data Protection Authority (CNPD):
- Website: www.cnpd.pt
- Email: geral@cnpd.pt
13. Changes to this Policy
This privacy policy may be updated periodically. The date of the last update is indicated at the top of this page. We recommend checking this page regularly.
14. Contact
For questions related to privacy and data protection:
- Email: hello@cybersec.pt
- Phone: +351 21 594 4726
- Address: Passeio das Ilhas, n.º3, Loja B, 2670-322 Loures, Portugal