Privacy and Personal Data Policy

DATA CONTROLLER

Cyberawareness, Unipessoal, Lda. (hereinafter referred to as Cyberawareness) is responsible for the collection and processing of personal data and is headquartered at Rua da Junqueira 218-220 R/C, 1300-346 Lisbon.

CONTROLLER CONTACTS

For matters related to the protection of personal data, the Controller can be contacted by email (preferably) at the following address: privacy@cyberawareness.pt.

PURPOSE OF PROCESSING

The purpose of collecting and processing the personal data requested when filling in the forms is to manage contacts requested by the data subject within potential pre-commercial relationships.

LAWFULNESS CONDITION

Performance of a contract or pre-contractual measures carried out at the request of the data subject.

DURATION

The data collected and processed for contact purposes will be retained for a period of 1 (one) year from the last contact with the data subject.

SUBPROCESSORS

The processing of data collected by the website is subcontracted to GlobalMighty, which manages the website and the contact mechanism. The relationship with GlobalMighty is duly contractualized and they act under our authority, following prior written instructions regarding the processing.

DATA SUBJECTS OTHER THAN THE DATA OWNERS

It is always assumed that data collection is carried out directly from the data subject. If this is not the case, Cyberawareness disclaims all responsibility for the absence of a lawful basis for processing, with the sole and exclusive responsibility for non-compliance with legal requirements resting with whoever enters the data in the forms provided by the website. Cyberawareness also reserves the right to report any situations of unauthorized use of third-party data that it may detect.

MINORS

Cyberawareness does not collect personal data from minors for this purpose. Should any such situation occur, the minors' data will be immediately deleted.

DATA TRANSFER

Cyberawareness does not transfer personal data to countries outside the EEA (European Economic Area).

DATA SUBJECTS' RIGHTS

Data subjects may exercise their rights to access, rectification, objection to processing, and deletion or portability of their personal data, provided they are within the established legal and regulatory limits. The exercise of these rights must be done through the controller's contacts indicated above.

SUPERVISORY AUTHORITY

If a data subject considers their rights to be affected, they may also appeal to the competent supervisory authority of the Member State concerned; in this case, the complaint should be addressed to the National Data Protection Commission.

CHANGES TO THE PRIVACY POLICY

Cyberawareness may change this privacy policy whenever necessary and appropriate, even if not legally required. All changes and updates will take effect after their publication on the website. Therefore, data subjects should regularly access the privacy policy to check the most recent version.

Last updated: February 2026