Legal Information

Legal Notice · Privacy · Terms

Legal Notice

Note on jurisdiction This website is operated by an independent professional established in Paraguay. There is no registered place of business, branch, or permanent establishment in the European Union. EU Impressum obligations (TMG §5) are therefore not applicable. This legal notice is provided voluntarily for transparency and trust.

Service Provider

Natalia Riveros
Independent Consultant — Cybersecurity & Compliance
PC3C+VX4, Av. República Argentina
Asunción 001412
Asunción, Paraguay

Tax Registration

RUC (Registro Único del Contribuyente): 3865261-7
Tax authority: Subsecretaría de Estado de Tributación (SET), Paraguay
VAT: Not applicable — service provider established outside the European Union.

Contact

Email: n.riveros@natalia-riveros.com
Response time: within 2 business days

Professional Activity

Independent consulting services in cybersecurity, regulatory compliance (NIS2, ISO 27001, ISO 42001, DORA), and digital risk management. All engagements are subject to a signed Scope of Work. No testing activities commence without prior written authorisation.

Liability for Content

The content of this website has been prepared with due care. However, no guarantee is given as to the accuracy, completeness, or timeliness of the information provided. The content is intended for general informational purposes and does not constitute legal or compliance advice. For binding guidance, please engage directly.

Liability for Links

This website may contain links to external websites. No responsibility is assumed for the content of linked external sites. The respective operators are responsible for their own content.

Copyright

All content on this website — including text, graphics, and structure — is the intellectual property of Natalia Riveros unless otherwise indicated. Reproduction requires prior written consent.

Privacy Policy

Short version This website does not use tracking cookies, analytics tools, or advertising networks. Personal data is only processed when you actively contact us or book a consultation. No data is sold or shared with third parties for marketing purposes.

Controller

Natalia Riveros
PC3C+VX4, Av. República Argentina, Asunción, Paraguay
Email: n.riveros@natalia-riveros.com

Data Collected and Purpose

This website collects personal data only in the following circumstances:

  • Booking a consultation: Name, email address, and any information voluntarily provided. Used solely to confirm and conduct the booked session.
  • Contacting via email: Name and email address. Used to respond to your enquiry.
  • Server logs: IP address, browser type, and access time. Stored temporarily for security purposes by the hosting provider. Not processed for marketing.

Legal Basis

Processing is based on your consent (Art. 6(1)(a) GDPR) when you voluntarily contact us, and on the performance of a contract (Art. 6(1)(b) GDPR) when booking a consultation. Legitimate interests (Art. 6(1)(f) GDPR) apply to server security logs.

Booking Tool

Consultation bookings are processed via [BOOKING TOOL NAME]. By booking, you agree to that service's privacy policy. The booking tool may process your name, email address, and timezone. No payment data is stored on this website.

Hosting

This website is hosted on a dedicated server operated by Netcup GmbH, Daimlerstr. 25, 76185 Karlsruhe, Germany. Server access logs are retained for a maximum of 7 days for security purposes.

Data Retention

Consultation-related correspondence is retained for a maximum of 3 years after the last engagement. You may request deletion at any time by contacting us.

Your Rights

Under GDPR, you have the right to:

  • Access — request a copy of the personal data held about you
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data
  • Restriction — limit how your data is processed
  • Portability — receive your data in a machine-readable format
  • Object — opt out of processing based on legitimate interests

To exercise any of these rights, contact: n.riveros@natalia-riveros.com

No Cookies / No Tracking

This website does not use cookies, tracking pixels, or third-party analytics (no Google Analytics, Meta Pixel, or similar). The only external resource loaded is Google Fonts for typography, which may process your IP address according to Google's privacy policy.

Changes to this Policy

This privacy policy may be updated to reflect changes in services or legal requirements. The date of the last update appears below. Continued use of the website constitutes acceptance of the current policy.

Last updated: April 2026

Terms of Service

Important All consulting engagements are governed by a signed Scope of Work (SoW). These Terms of Service apply to use of this website and to initial contact enquiries. Binding contractual terms for specific engagements are set out in the SoW agreed between the parties.

Service Provider

Natalia Riveros, independent consultant, Asunción, Paraguay.
RUC: 3865264-7

Nature of Services

Services offered include cybersecurity consulting, NIS2 / ISO 27001 / ISO 42001 / DORA compliance advisory, audit review, and related training. Services are advisory in nature. They do not constitute legal advice and do not replace independent legal counsel.

Engagement Process

  • All engagements begin with a paid Erstkonsultation (first consultation fee: €250).
  • The fee is credited in full against any subsequent engagement.
  • Security testing engagements require a signed Scope of Work before any testing begins.
  • No testing activities are conducted without prior written authorisation from the client.

Payment Terms

  • First consultation: payment due before the session is confirmed.
  • Project engagements: 50% upfront on signature of SoW, 50% on delivery.
  • Retainer services: monthly in advance.
  • Payment by international bank transfer (IBAN). Invoice issued upon booking.
  • All prices are net. VAT is not applicable — service provider established outside the EU.

Confidentiality

All information shared during consultations and engagements is treated as strictly confidential. Findings, client data, and methodology are not disclosed to third parties. Confidentiality obligations survive termination of the engagement for a minimum of 3 years.

Limitation of Liability

Advisory services are provided in good faith based on information available at the time of engagement. No warranty is given that recommendations will prevent all security incidents or guarantee regulatory compliance. Maximum liability for any single engagement is limited to the fees paid for that engagement.

Intellectual Property

Deliverables produced during an engagement (reports, presentations, checklists) become the property of the client upon full payment. Methodologies, frameworks, and proprietary tools remain the intellectual property of Natalia Riveros.

Governing Law

These terms are governed by the laws of the Republic of Paraguay. For clients in the European Union, mandatory consumer protection provisions of the client's country of residence apply additionally where legally required.

Dispute Resolution

In the event of a dispute, the parties agree to first attempt resolution through direct negotiation. If unresolved within 30 days, disputes shall be referred to mediation before any legal proceedings are initiated.

Contact

For any questions regarding these terms:
Email: n.riveros@natalia-riveros.com

Last updated: April 2026