CYBERFORT

Privacy Policy

Last updated: February 2026

The CYBERFORT project is committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679 — and applicable national data protection legislation. This policy explains what data we collect, how we use it, and your rights as a data subject.

1. Data Controller

The data controller for this website is the Romanian National Cybersecurity Directorate (DNSC), acting as the lead dissemination partner of the CYBERFORT consortium, co-funded by the European Union's DIGITAL Europe Programme under grant agreement No 101190281.

For data protection enquiries, you may contact us at: contact@cyber-fort.eu

2. What Data We Collect

This website collects only the minimum data necessary to operate. Depending on how you interact with the site, we may process:

  • Contact form submissions — name, email address, organisation, and the content of your message, when you choose to contact us.
  • Platform account data — if you access the CYBERFORT platform at access.cyber-fort.eu, that service maintains its own privacy notice governing authentication and usage data.
  • Server logs — standard web server logs (IP address, browser type, pages visited, timestamps) collected automatically for security and performance monitoring. These are not used to identify individuals and are retained for a maximum of 30 days.
  • Cookies — we use only strictly necessary cookies required for the website to function. We do not use advertising or tracking cookies. See Section 6 for details.

3. Legal Basis for Processing

We process your personal data on the following legal bases under Article 6 GDPR:

  • Legitimate interests (Art. 6(1)(f)) — for server log processing necessary to maintain the security and proper functioning of the website.
  • Consent (Art. 6(1)(a)) — when you voluntarily submit a contact form, you consent to us processing your data to respond to your enquiry.
  • Legal obligation (Art. 6(1)(c)) — where required by EU or national law.

4. How We Use Your Data

Your personal data is used exclusively for the following purposes:

  • Responding to enquiries submitted through the contact form.
  • Sending project-related communications if you have explicitly requested them.
  • Monitoring and securing the website infrastructure.
  • Fulfilling reporting obligations to the European Commission under the DIGITAL Europe Programme grant agreement.

We do not sell, rent, or share your personal data with third parties for commercial purposes.

5. Data Retention

We retain personal data only for as long as necessary for the purposes described above:

  • Contact form data is retained for up to 2 years after the last interaction, then securely deleted.
  • Server logs are retained for a maximum of 30 days.
  • Data required for EU grant reporting may be retained for up to 5 years following the end of the project, in accordance with European Commission requirements.

6. Cookies

This website uses strictly necessary cookies only — small text files placed on your device that are essential for the website to function. These cookies do not track you across other websites and do not require your consent under the ePrivacy Directive.

We do not use analytics, advertising, or social media tracking cookies.

7. Third-Party Services

This website may embed content or functionality from third-party providers. These include:

  • Agorify — used to display the conference agenda. Agorify's own privacy policy applies to any data processed through their embedded widget.
  • Microsoft Office Online — used to display presentation documents. Microsoft's privacy policy applies when this viewer is loaded.
  • Google Fonts — used for typography. Google may process your IP address when fonts are loaded from their servers.

We recommend reviewing the privacy policies of these third-party services directly.

8. Your Rights Under GDPR

As a data subject within the European Economic Area, you have the following rights:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate or incomplete data.
  • Right to erasure — request deletion of your personal data where there is no legitimate reason for us to continue processing it.
  • Right to restrict processing — request that we limit how we use your data in certain circumstances.
  • Right to data portability — receive your data in a structured, commonly used format where processing is based on consent or contract.
  • Right to object — object to processing based on legitimate interests.
  • Right to withdraw consent — withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at contact@cyber-fort.eu. We will respond within 30 days.

You also have the right to lodge a complaint with your national data protection supervisory authority. In Romania, this is the Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)www.dataprotection.ro.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include TLS encryption for data in transit, access controls, and regular security reviews consistent with the project's cybersecurity objectives.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Any material changes will be indicated by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

11. Contact

For any questions about this Privacy Policy or how we handle your personal data, please contact: