Privacy policy

Effective Date: 03.02.2023
Last Updated: 20.03.2026

3. Categories of Data Subjects

Depending on the way in which the website is used or the way in which contact is established with CYSCOE, data subjects may include:

  • website visitors;
  • representatives of organizations, institutions, partners, members, or collaborators;
  • individuals who submit inquiries, requests, or proposals;
  • participants in meetings, events, initiatives, calls, training activities, or professional interactions;
  • persons who communicate with CYSCOE through the website, email, or telephone.

4. Categories of Personal Data We May Collect

Depending on the context of interaction, CYSCOE may collect and process the following categories of personal data:

  • identification data, such as name and surname;
  • contact data, such as email address, telephone number, organization name, and professional title or function;
  • communication data, including the content of messages, requests, inquiries, and correspondence;
  • technical and navigation data, such as IP address, browser type, operating system, device information, date and time of access, pages visited, clickstream information, referrer URL, and similar server log data;
  • cookie and preference data, in accordance with the Cookie Policy;
  • any other personal data voluntarily provided by the user through forms, email messages, event registrations, or other communication channels.

5. How We Collect Personal Data

CYSCOE may collect personal data in the following ways:

  • automatically, when you navigate the website;
  • when you use the contact form available on the website;
  • when you send messages to the email addresses displayed on the website;
  • when you contact CYSCOE by telephone;
  • when you register for events, meetings, calls, or other institutional activities;
  • when you voluntarily provide information in the context of collaboration, communication, or professional engagement.

6. Personal Data Collected Automatically When You Use the Website

6.1 Server Log Data

When you access the website, certain data related to your interaction with the website is automatically recorded in server log files.

This may include:

  • IP address;
  • pages accessed;
  • date and time of access;
  • requested resources;
  • referrer URL;
  • browser type and version;
  • operating system;
  • device-related technical information;
  • duration and sequence of website navigation.

6.2 Purposes and Legal Basis

CYSCOE processes this data in order to:

  • ensure the security, integrity, availability, and resilience of the website and related digital infrastructure;
  • detect, analyze, prevent, and respond to unauthorized access attempts, malicious activity, service abuse, or suspicious behavior;
  • improve the structure, performance, accessibility, and content of the website;
  • support diagnostics, operational continuity, and technical administration.

The legal basis for this processing is CYSCOE’s legitimate interest in securing its digital environment, ensuring service continuity, and improving its online presence.

6.3 Storage Location and Retention

This data is stored on the infrastructure of the hosting provider used for the website. Where hosting or technical support providers are engaged, such providers act under appropriate legal and contractual safeguards.

Server log data is retained only for as long as necessary for the relevant operational, security, or evidentiary purposes, after which it is deleted or overwritten in accordance with internal retention practices.

7. Cookies and Similar Technologies

The website uses cookies and similar technologies in order to support functionality, preserve user preferences, improve navigation, and, where applicable, support analytics and service optimization.

Some cookies are strictly necessary for the operation of the website and do not require consent. Other cookies may only be used where valid consent has been obtained.

For detailed information regarding the categories of cookies used, their purpose, duration, and the available choices, please consult the Cookie Policy.

8. Personal Data Collected When You Contact Us

8.1 Contact Form

When you complete and submit a contact form through the website, CYSCOE may collect:

  • first name and last name;
  • email address;
  • organization or professional affiliation, where provided;
  • any additional personal data contained in your message.

This data is processed for the purpose of responding to your inquiry, assessing the request received, maintaining relevant professional communication, and, where applicable, following up on the matter raised.

The legal basis for this processing is CYSCOE’s legitimate interest in managing communications and institutional interactions appropriately.

8.2 Email Communications

When you contact CYSCOE by email, personal data may be collected through the message itself, including:

  • your email address;
  • your name;
  • your telephone number, where included;
  • your professional details or signature block;
  • any information voluntarily included in the body of the email or attachments.

This data is processed to respond to your request, continue the correspondence where necessary, maintain records of relevant communications, and protect CYSCOE’s legitimate institutional and operational interests.

The legal basis is legitimate interest, and where relevant, steps prior to entering into a contractual or collaborative relationship.

8.3 Telephone Communications

When you contact CYSCOE by telephone, personal data may include:

  • your telephone number;
  • date and time of the call;
  • the information you choose to provide during the conversation.

CYSCOE does not record telephone calls unless this is explicitly communicated and lawfully justified.

This data is processed for the purpose of responding to inquiries, handling requests, and managing communication in an efficient and professional manner, based on CYSCOE’s legitimate interest.

9. Purposes of Processing

CYSCOE may process personal data for the following purposes:

  • responding to contact requests, inquiries, and professional communications;
  • facilitating institutional dialogue, collaboration, partnerships, events, and related activities;
  • administering website operation, technical maintenance, and digital security;
  • improving website structure, content, and user experience;
  • maintaining records of communications and interactions where necessary;
  • complying with legal, regulatory, administrative, audit, or evidentiary obligations;
  • protecting CYSCOE’s rights, infrastructure, services, and digital environment.

10. Legal Bases for Processing

Depending on the context, personal data may be processed on one or more of the following legal bases:

  • consent;
  • performance of a contract or steps prior to entering into a contract or collaboration;
  • compliance with a legal obligation;
  • legitimate interests, including institutional administration, digital security, communication management, and website improvement.

Where consent is used, it may be withdrawn at any time without affecting the lawfulness of processing carried out before its withdrawal.

11. Disclosure and Transfer of Personal Data

CYSCOE does not sell personal data.

Personal data may be disclosed, where necessary and lawful, to the following categories of recipients:

  • hosting, email, IT, cybersecurity, maintenance, or technical support providers;
  • communications, analytics, administrative, legal, audit, or advisory service providers;
  • project partners, event partners, or institutional collaborators, where relevant to the purpose of the interaction;
  • competent public authorities, courts, regulators, or law enforcement bodies where disclosure is required by law or necessary for the protection of rights and legitimate interests.

Where third-party service providers process personal data on behalf of CYSCOE, they are engaged under appropriate contractual safeguards and are expected to implement suitable technical and organizational measures.

12. International Transfers

If personal data is transferred outside the European Economic Area, CYSCOE will ensure that the transfer is carried out only where an appropriate legal safeguard is in place, such as an adequacy decision or another lawful transfer mechanism recognized under EU data protection law.

13. Data Retention

CYSCOE retains personal data only for as long as necessary in light of the purposes for which it was collected, taking into account:

  • the nature of the interaction;
  • the operational need to maintain records;
  • legal, regulatory, tax, audit, or evidentiary obligations;
  • information security and fraud-prevention requirements;
  • the need to resolve disputes or enforce legal rights;
  • whether the data remains relevant, accurate, and necessary.

Where specific retention periods are not fixed by law, data is retained for a period that is proportionate to the original purpose and then deleted, anonymized, or otherwise securely disposed of.

14. Technical and Organizational Security Measures

CYSCOE implements appropriate technical and organizational measures designed to protect personal data against unauthorized or unlawful access, accidental loss, destruction, alteration, or disclosure.

Such measures may include:

  • restricted access on a need-to-know basis;
  • secure hosting and systems administration;
  • identity verification before granting access to personal data;
  • monitoring, logging, and technical review;
  • secure transfer methods, including encryption where appropriate;
  • confidentiality measures in relation to communications and stored records.

While CYSCOE takes reasonable steps to protect personal data, transmission of information over the internet can never be guaranteed as entirely secure. Any data transmitted electronically is transmitted at the sender’s own risk.

15. Your Rights

Subject to the conditions and limitations established by law, you may have the following rights in relation to your personal data:

  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restriction of processing;
  • the right to data portability;
  • the right to object;
  • the right to withdraw consent, where processing is based on consent;
  • the right not to be subject to a decision based solely on automated processing, including profiling, where applicable;
  • the right to lodge a complaint with a supervisory authority.

Requests concerning the exercise of your rights may be sent to:

CYSCOE may take reasonable steps to verify the identity of the person making the request before responding, in order to protect personal data and prevent unauthorized disclosure.

16. Complaints

If you believe that your personal data has been processed in a manner that does not comply with applicable law, you may contact CYSCOE first so that the matter can be reviewed.

You also have the right to submit a complaint to the Romanian supervisory authority:

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, cod poștal 010336, București, România
Email:
Website: www.dataprotection.ro

17. Special Categories of Personal Data

CYSCOE does not intentionally request or seek to collect special categories of personal data through the website or standard communication channels.

Users should avoid sending such data unless it is strictly necessary and there is a clear lawful basis for doing so. If such data is received inadvertently, CYSCOE will assess and handle it in accordance with applicable legal obligations and internal security and minimization principles.

18. Children’s Privacy

The CYSCOE website is not directed to children and is not intended to knowingly collect personal data from individuals under the age of 18.

If CYSCOE becomes aware that data relating to a minor has been collected without an appropriate legal basis, it will take reasonable steps to delete that information or otherwise handle it in accordance with applicable law.

19. Third-Party Links

The website may contain links to third-party websites, applications, or platforms. These external services operate under their own legal terms and privacy notices.

CYSCOE does not control and is not responsible for the content, availability, or privacy practices of third-party services. Users are encouraged to read the privacy information of each external website they access.

20. Changes to This Privacy Policy

CYSCOE may update this Privacy Policy from time to time to reflect legal, technical, organizational, or operational changes