Privacy Policy

Last updated:

1. Data controller

Risk Resilience Security Group S.L.U. (RRSG) · Spanish VAT No. B-23985773 · Calle Costa Rica 18, 28691 Villanueva de la Cañada, Madrid (Spain) · Email: contact@rrsg.eu

2. Why do we process your data?

We process the data you provide through the contact form or by email in order to:

3. What is the legal basis?

The legal basis for processing is your consent (Art. 6.1.a GDPR), which you give by ticking the acceptance box and submitting the form. In the event of enrolment, the basis will be the performance of a contract (Art. 6.1.b GDPR).

4. What data do we process?

The identification and contact data you provide: name, email address and the information you choose to include in your message. We do not request special categories of data; please do not include any in the free-text message field. If you book an appointment via Calendly, we also process your name, email and the time slot you choose.

5. How long do we keep it?

We keep your data for as long as the relationship or interest in our services continues and, thereafter, for the periods legally required. When it is no longer necessary, it is securely deleted. In the form management system (Web3Forms), submissions are automatically deleted after 30 days; any subsequent retention takes place in our email and internal systems.

6. Who do we share your data with?

We do not transfer your data to third parties, except where legally required. To operate the site and the form, we use providers acting as data processors:

ProviderPurposeSafeguards and location
Web3FormsReceiving and forwarding the contact form to our emailData processor. Infrastructure on AWS, servers in the United States. Submissions are kept for a maximum of 30 days in its systems and then automatically deleted. For anti-spam protection, it may process the sender's IP and email. The transfer to the United States is covered by the European Commission's standard contractual clauses and, where applicable, by the provider's adherence to the EU-US Data Privacy Framework.
DonDominioWeb hostingServers in Spain / EU
CalendlyAppointment bookingData processor. Servers in the United States. The transfer is covered by the European Commission's standard contractual clauses and, where applicable, by the EU-US Data Privacy Framework.
RevolutOnline payment processingPayment service provider. Payment is made on a secure payment page hosted by Revolut; card data is processed directly by Revolut and never passes through RRSG. Revolut acts as an independent data controller for that data (servers within the EEA / United Kingdom).
PECB Group Inc.Issuing the exam voucher and the official certificationData recipient. Certification body established in Canada. International transfer covered by Chapter V of the GDPR.

Some of these providers process data outside the European Economic Area (United States). These transfers are carried out with the safeguards provided for in Chapter V of the GDPR. You can consult Web3Forms' privacy policy at web3forms.com/privacy.

7. What are your rights?

You can exercise at any time your rights of access, rectification, erasure, objection, restriction of processing and portability, by writing to contact@rrsg.eu and stating the right you wish to exercise. If you consider that the processing does not comply with the regulations, you may lodge a complaint with the supervisory authority of your Member State of residence or, as the controller is established in Spain, with the Spanish Data Protection Agency (Agencia Española de Protección de Datos, AEPD, www.aepd.es).

8. Cookies

This site does not use tracking or advertising cookies. If an audience measurement solution is added in the future, a consent banner and a specific cookie policy will be put in place beforehand.

9. Security

We apply appropriate technical and organisational measures to protect your data against unauthorised access, loss or alteration, in line with the state of the art.