Privacy Policy

Last updated: 16 April 2026

1. Scope

This Privacy Policy describes how personal data is collected, processed and protected when you visit the Infosec Tools website (infosectools.info) or use its contact form. It applies to all visitors and users of this website.

2. Data Controller

PFC Consulting, Lda.
NIPC: PT516223771
Avenida Natalia Correia, 6A, 2910-735 Setubal, Portugal
Contact: via the contact form on this website.

3. Personal Data Collected

When you use the contact form, we collect the information you provide: your name, company or organisation, email address, telephone number (if provided) and the content of your message.

When you browse this website, our infrastructure providers automatically collect limited technical data for security and performance purposes, such as your IP address, browser type, and the date and time of your visit.

We do not collect sensitive or special categories of personal data (as defined in GDPR Article 9).

4. Purposes and Legal Basis

We process personal data for the following purposes:

• Responding to your enquiry — when you submit the contact form, we use the information to reply to you. Legal basis: legitimate interest (GDPR Article 6(1)(f)) and, where applicable, steps taken at your request prior to entering into a contract (Article 6(1)(b)).
• Website security — technical data is processed to protect the website against abuse and unauthorised access. Legal basis: legitimate interest (Article 6(1)(f)).
• Legal compliance — where required by law. Legal basis: legal obligation (Article 6(1)(c)).

5. Consent

We do not rely on consent as the legal basis for processing personal data on this website. Contact form submissions are processed under legitimate interest and pre-contractual measures. You may request erasure of your data at any time — see section 11.

6. Cookies

This website does not use analytics, marketing or advertising cookies. Our security infrastructure may place strictly necessary cookies on your device for protection against automated threats. These cookies are essential for the website to function securely and do not require your consent under GDPR and the ePrivacy Directive.

7. Data Retention

Contact form submissions are retained for up to 12 months after the last interaction, unless a commercial relationship is established. Security logs are retained for up to 6 months, or longer if required to investigate an incident.

8. Data Storage and International Transfers

Your data may be processed by infrastructure providers located outside the European Economic Area. Where this occurs, transfers are protected by appropriate safeguards recognised under the GDPR, such as Standard Contractual Clauses or applicable adequacy frameworks.

Email delivery for the contact form is processed within the European Union.

9. Data Sharing

We do not sell, rent or trade personal data. Data is shared only with the categories of service providers strictly necessary to operate this website:

• Content delivery and security provider
• Email delivery provider
• Hosting infrastructure provider

These providers act as data processors under our instruction and are bound by appropriate contractual and legal safeguards. No personal data is shared with any other third party, unless required by law.

10. Your Rights

Under the GDPR, you have the right to:

• Access — request a copy of the data we hold about you (Article 15)
• Rectification — request correction of inaccurate data (Article 16)
• Erasure — request deletion of your data (Article 17)
• Restriction — request limited processing (Article 18)
• Portability — receive your data in a structured, machine-readable format (Article 20)
• Objection — object to processing based on legitimate interest (Article 21)

To exercise any of these rights, please use the contact form on this website. We will respond within 30 days.

11. Links to Third-Party Websites

This website may contain links to external websites. We are not responsible for the privacy practices or content of those websites and encourage you to review their own privacy policies.

12. Right to Lodge a Complaint

If you believe your personal data has been processed unlawfully, you have the right to lodge a complaint with the Portuguese supervisory authority:

Comissao Nacional de Protecao de Dados (CNPD) — cnpd.pt

13. Security

We apply appropriate technical and organisational measures to protect personal data, including encryption, access controls and regular security reviews.

14. Changes to This Policy

We may update this Policy to reflect changes in our practices or legal requirements. The date at the top of this page reflects the most recent revision.