At TheSecShield we take data protection seriously. This page summarizes how we handle the information you share with us and how the site uses cookies.
Last updated: 03/07/2026
[Fill in with the company name, tax ID, address and contact details of the data controller.]
This site does not have a web contact form: contact begins when the user writes to us directly at [email protected]. The data you share with us that way (name, email, and the content of your message) is used solely to respond to your audit or information request. If no service is ultimately formalized, this data is kept for [X months] after the last contact, after which it is securely deleted. It is not shared with third parties except where legally required.
Before starting any audit, we sign a non-disclosure agreement (NDA) with the client company. The information shared during the process — company data, access credentials, technical findings and evidence — is handled with the same rigor we require from the organizations we audit.
| What data we collect | Contact details of the company and of the people designated as points of contact, technical information about the audited systems, and the evidence and findings generated during the audit. |
|---|---|
| Legal basis | Performance of the service agreement (GDPR art. 6.1.b) and, where applicable, explicit consent for subsequent commercial communications. |
| Confidentiality and security | All information is protected under a non-disclosure agreement (NDA), with access restricted to the team assigned to each project, encrypted reports and evidence, and storage on systems with access controls. |
| Retention | Data and reports are kept based on the contractual needs of the service provided, with the client duly informed of the applicable retention period in each case. After that period, they are securely deleted, unless a longer legal retention obligation applies. |
| Third parties and data processors | We do not share your data with third parties except where legally required. If we use technology providers (hosting, project management tools, etc.) that process data on our behalf, a data processing agreement under GDPR art. 28 is in place. |
| International transfers | Our hosting provider (Hetzner) processes data exclusively within the European Economic Area. For email, we use Zoho Mail with its data center located in the EU; for occasional technical support tasks, Zoho staff outside the EU may access the data under Standard Contractual Clauses approved by the European Commission, without any physical transfer of the data outside the EU. |
The technical cookies used on this site (language preference) do not store identifying data such as name, email, or phone number: they only remember your language choice and your cookie decision. The server logs the IP address of visits for security and technical purposes, with a retention period limited to 7 days. See our cookie banner for more detail on the analytics and marketing categories.
You can exercise your rights of access, rectification, erasure, objection, restriction, and portability by writing to [email protected]. You also have the right to file a complaint with the Spanish Data Protection Agency (AEPD, www.aepd.es) if you believe your data is not being processed in accordance with applicable law.
We do not have a Data Protection Officer, as it is not required for our activity under GDPR art. 37. For any questions regarding your data, you can write to us at [email protected].
This site is not directed at minors and we do not knowingly collect data from minors. If you become aware that a minor has provided us with data without the consent of their legal guardian, please contact us so we can remove it.