Privacy Policy

Last updated: May 27, 2026

1. Who is the controller of your data?

The controller of the personal data collected on this website is:

• Company Name: Ibida Black Level S.L. (hereinafter, "OCIRIA")
• VAT ID (NIF): B93643807
• Registered Address: Calle Escritora Gertrudis Gómez de Avellaneda, 28 · 29196 Málaga, España
• Contact Email for privacy matters (DPO): [email protected]

In its commitment to data protection, OCIRIA has appointed a Data Protection Officer (DPO) whom you can contact at the indicated email address.

2. For what purpose do we process your personal data?

At OCIRIA, we process the information you provide us for the following purposes:

a. Commercial Contact Management: To respond to inquiries and requests for information received through the contact forms on the website, email, or any other means. The legal basis is the consent of the interested party (Art. 6.1.a GDPR).

b. Provision of Cybersecurity Services: To manage the contractual relationship with our clients, which may include conducting initial diagnostics, defensive OSINT analysis, vCISO services, ISO 42001 consulting, and other professional services under contract. The legal basis is the execution of a contract or pre-contract (Art. 6.1.b GDPR).

c. Use of Public Sandbox Tools: To allow the use of our free tools such as the "Email Scanner," "NIS2 Assessment," or the "Cybersecurity Calculator." The minimum technical data for the operation of the tool is processed based on our legitimate interest in offering these services and improving our technology (Art. 6.1.f GDPR). [LEGAL REVIEW REQUIRED] No registration is required, and volatile data is not associated with an identified user.

d. Commercial Communications (Newsletter): To send our newsletter, as well as commercial communications about our services, news from the cybersecurity sector, and events, provided that we have your explicit consent (opt-in). The legal basis is the consent of the interested party (Art. 6.1.a GDPR).

e. Website Analysis and Security: To process browsing data (such as anonymized IP address) to ensure the security of our website, prevent fraud, and analyze traffic in an aggregated manner. The legal basis is our legitimate interest in maintaining the security of our infrastructure (Art. 6.1.f GDPR).

3. What categories of data do we process?

The categories of personal data that we may process are:

• Identification data: Name, surname.
• Contact data: Email address, telephone (optional).
• Professional data: Company you work for, job title.
• Browsing data: IP address (anonymized or hashed), browser type, operating system, etc.

Under no circumstances will OCIRIA process special categories of personal data (health, religion, ideology, etc.).

4. Who are the recipients of your data?

Your data will not be transferred to third parties, except under legal obligation. However, to provide our services, we need to share data with the following data processors, who comply with GDPR regulations:

• Amazon Web Services (AWS): We use AWS SES for sending transactional and commercial emails. The servers are located in the `eu-west-1` region (Ireland), within the European Union.
• Cloudflare, Inc.: We use their CDN, DNS, and WAF services to protect and accelerate our website. Cloudflare acts as a data processor for traffic data. Their privacy policies ensure compliance with European regulations.

International data transfers to countries outside the European Economic Area are not foreseen by default. If it were necessary for the provision of a specific service, the client would be informed, and the use of appropriate mechanisms (Standard Contractual Clauses, etc.) would be guaranteed.

5. For how long will we keep your data?

Personal data will be kept for the following periods:

• Non-formalized commercial contacts: 1 year from the last contact.
• Clients: For the duration of the contractual relationship and, once it has ended, for the mandatory legal periods (generally, 6 years for commercial and tax purposes).
• Newsletter subscribers: Until the interested party revokes their consent (requests to unsubscribe).

6. What are your rights when you provide us with your data?

Anyone has the right to obtain confirmation as to whether or not OCIRIA is processing personal data concerning them.

Interested parties have the right to:

• Access their personal data.
• Request the rectification of inaccurate data.
• Request the erasure of their data when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
• Object to the processing of their data.
• Request the restriction of the processing of their data.
• Request the portability of their data in a structured, commonly used, and machine-readable format.

You can exercise your rights by sending an email to [email protected], attaching a copy of your ID card or equivalent identity document to prove your identity.

If you believe that your rights have not been duly addressed, you have the right to file a complaint with the Spanish Data Protection Agency (AEPD), through its website www.aepd.es.

7. Cookies Policy

This website uses cookies. For more information, please see our [Cookies Policy](/en/legal/cookies).

8. Changes to the privacy policy

OCIRIA reserves the right to modify this policy to adapt it to new legislation or jurisprudence. In such cases, the changes introduced will be announced on this page with reasonable advance notice of their implementation and, if applicable, users will be notified by email.