Skip to main content

Privacy Notice

Last updated: 5 May 2026.

1. Who we are

SIA CyAdviso, registered in Latvia (reg. no. 40203253216, EU VAT LV40203253216), Riga, Latvia, EU (the “Controller”).

Contact: info@cyadviso.com.

2. What data we process and why

2.1. DORA self-assessment lead form

On the homepage we offer a free 3-minute DORA readiness self-assessment. The score itself runs entirely in your browser — no data leaves your device. If you choose to receive the detailed gap report by email, we collect your work email address and the score / answers you submitted.

  • Purpose: sending you the gap report you requested and a short follow-up about engagement options.
  • Legal basis: Art. 6(1)(f) GDPR — our legitimate interest in responding to a request for information you initiated. You can object at any time by replying “unsubscribe” to any email.
  • Retention: we keep the email and submission for up to 24 months, after which the record is deleted unless we’ve started a commercial engagement with you.
  • Sharing: the form data is processed by us only. We do not sell, rent, or share it with third-party marketing platforms.

2.2. Direct contact (email, Cal.com)

If you email us or book a discovery call, we process the data you provide for the purpose of replying. Cal.com, our booking provider, processes the booking on our behalf as a sub-processor; see their privacy notice for details.

2.3. Self-hosted analytics

We use a self-hosted analytics endpoint at /api/track to count page views and CTA clicks. This first-party layer sets no cookies and honours Do Not Track / Global Privacy Control. The separate third-party analytics and advertising cookies we load are described in section 2.4.

  • No cookies are set for analytics. No cross-site tracking.
  • IP addresses are truncated to /24 (IPv4) before storage, so individuals cannot be re-identified.
  • We honour browser-level Do Not Track (DNT) and Global Privacy Control (GPC) signals — when either is set, no analytics events are recorded for your visit.
  • Legal basis: Art. 6(1)(f) GDPR — legitimate interest in measuring how the site performs without identifying visitors.

2.4. Analytics and advertising cookies

On all visits this site loads Google Tag Manager (Google Ads conversion measurement and website traffic understanding), the Meta Pixel (Facebook / Instagram audience and conversion measurement), the LinkedIn Insight Tag (LinkedIn audience and conversion measurement) and Microsoft Clarity (aggregate session replay and heatmaps). These set third-party cookies and similar identifiers used to measure traffic and advertising campaigns.

  • Providers: Google Ireland Limited / Google LLC (Tag Manager, Ads); Meta Platforms Ireland Limited / Meta Platforms Inc. (Meta Pixel — Facebook and Instagram measurement); LinkedIn Ireland Unlimited Company / LinkedIn Corporation (Insight Tag — LinkedIn measurement); Microsoft Ireland Operations Limited / Microsoft Corporation (Clarity — aggregate session replay and heatmap analytics).
  • Purposes: measuring submitted lead forms, completed booking events, aggregate campaign performance and how pages are used.
  • Legal basis: our legitimate interest under Art. 6(1)(f) GDPR in measuring traffic and advertising effectiveness. You have the right to object under Art. 21 GDPR — you can block these by using your browser privacy settings, an ad/tracker blocker, or browser-level Do Not Track / Global Privacy Control.
  • Conversion events: the site may send non-sensitive event names such as lead_email_capture and cal_booking_complete to Google Tag Manager. We do not intentionally send your email address or DORA assessment answers to Google through these events.

To stop these cookies, use your browser’s privacy settings or an ad/tracker blocker, or enable Do Not Track / Global Privacy Control in your browser. Our self-hosted analytics already honours those signals.

3. Your rights under the GDPR

You have the right to:

  • access the personal data we hold about you;
  • have it corrected or deleted;
  • restrict or object to processing;
  • have your data transferred to another controller;
  • lodge a complaint with the Latvian Data State Inspectorate (www.dvi.gov.lv) or the supervisory authority in your EU Member State.

To exercise any of these rights, email info@cyadviso.com. We respond within 30 days.

4. International transfers

Personal data is processed within the European Economic Area. If a sub-processor (such as Cal.com) processes data outside the EEA, transfers are covered by the EU Standard Contractual Clauses or an equivalent transfer mechanism.

5. Changes to this notice

We may update this notice when we change how we handle data. The “Last updated” date at the top tracks the most recent material revision.

6. Related

See also our terms of use and imprint.