Privacy Policy

Scope: this website (vigilant37.com) and professional services

Last updated: 03/11/2025 (DD/MM/YYYY)

1) Who We Are

VIGILANT FRONT, S.L., operating under the trade name VIGILANT37 (“we,” “us,” or “our”), is the data controller for any personal information processed through this website and during the delivery of our services.

Our company registration details are available in our Legal Notice.

2) What This Policy Covers

This Privacy Policy explains how we collect, use, and protect personal information in connection with:

  • Visits to our website (vigilant37.com)

  • Client communications and onboarding

  • Payments made via Stripe Payment Links

  • Delivery of professional cyber defense services

  • Use of cookies and similar technologies for analytics and personalized advertising, in accordance with our Cookie Policy (section 8)

It does not apply to third-party sites we link to or to client systems we assess as part of our work.

This privacy policy also describes how we comply with Spain's Ley Orgánica 3/2018 and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

3) What Information We Collect

We collect only what’s necessary to operate our business effectively.

a) Information you provide

  • Name, email, phone, and company details when contacting us or purchasing a service.

  • Billing and tax information for invoicing.

  • Any optional data you share during scoping or communication.

b) Information collected automatically

  • Basic analytics (IP address, browser type, and visit duration) to improve site performance.

  • Stripe payment data, handled under Stripe’s Privacy Policy

c) Cookies and online identifiers

With your consent, we and our advertising partners may collect device identifiers, browsing behavior, and interaction data on this website for analytics and marketing purposes.

This includes technologies such as cookies, pixels, and local storage that help us measure performance and personalize content.

We use built-in Squarespace Analytics to monitor site traffic and performance.

d) Newsletter subscriptions

If you subscribe to our newsletter, we collect your email address and name to send updates or announcements you explicitly requested, handled under Squarespace’s and Kit’s Privacy Policies.

You can unsubscribe at any time through the link in every email.

4) How We Use the Information

We use personal data to:

  • Respond to inquiries and deliver contracted services

  • Issue invoices and manage payments

  • Maintain legal, tax, and accounting records

  • Ensure platform security and compliance

  • Operate our website and email communications through trusted providers such as Squarespace and Kit

We never sell or rent your personal information.

5) Legal Basis for Processing

Our processing relies on one or more of the following grounds:

  • Performance of a contract (providing agreed services)

  • Legitimate interest (security, business continuity, communication)

  • Legal obligation (invoicing, tax reporting)

  • Consent, when you voluntarily provide information outside a contract (e.g., newsletter signup)

For advertising and profiling cookies, the legal basis is your explicit consent, which you can withdraw at any time via the cookie settings banner or by clearing your browser's cookies.

6) Data Retention

We retain client and financial data only as long as necessary for legal, tax, or operational reasons.

If deletion is requested, the data is securely archived for legal compliance, then deleted.

7) Data Sharing

We only share personal data with trusted service providers that act on our behalf, including:

  • Stripe, Inc. (USA) for secure payment processing

  • Squarespace, Inc. (USA): website hosting, analytics, and email communications (automations, newsletter, and mailing list management)

  • Kit, Inc. (USA): email communications (automations, newsletter, and mailing list management)

  • Email and cloud providers within the EU or under EU-approved safeguards

  • Professional advisors (e.g., accounting, legal) bound by confidentiality

No data is sold, rented, or transferred for marketing purposes.

All providers operate under Standard Contractual Clauses approved by the European Commission to ensure GDPR compliance for international data transfers.

8) Cookie Policy

We use cookies and similar technologies to operate this site securely and efficiently, to understand traffic patterns, and (if you consent) to personalize content and measure the effectiveness of our communications and campaigns.

Types of cookies we use:

  • Necessary cookies: enable core site functionality and remember user preferences and choices. These cannot be disabled.

  • Performance and analytics cookies: help us understand how visitors interact with our site to improve performance through quantitative measures. These are disabled by default, used only with your explicit consent.

  • Advertising cookies: help us personalize communication and measure reach. These are disabled by default, used only with your explicit consent.

Our website uses Squarespace cookies to understand general site traffic and performance.

Our newsletter providers, Squarespace and Kit, may use tracking pixels in emails to measure engagement.

You can change or withdraw your consent at any time through the Cookie Settings banner or by clearing your browser's cookies.

For details on specific cookies and retention periods, contact us at red@vigilant37.com

9) International Transfers

When we work with partners or clients outside the EU, we ensure that any personal data shared complies with GDPR Chapter V, using Standard Contractual Clauses or equivalent protections.

10) Your Rights

Under the General Data Protection Regulation (GDPR), you have the right to:

  • Access and obtain a copy of your data

  • Request correction or deletion

  • Object to processing or request restriction

  • Data portability (where applicable)

  • Withdraw consent at any time

To exercise these rights, contact us at red@vigilant37.com

You may also file a complaint with the Spanish Data Protection Agency (AEPD) if you believe your rights have been violated.

11) Data Security

We apply strict administrative, technical, and physical controls to protect personal data.

All processing takes place within secure EU-based systems or equivalent jurisdictions.

12) Updates to This Policy

We may update this Privacy Policy from time to time to reflect legal or operational changes.
The latest version will always be available at https://vigilant37.com/privacy-policy

BY THE WAY

If you’ve read this far, you’re already vigilant.

Imagine what we could achieve by turning that vigilance into action.

PRIORITIZE REAL RISKS